IT Network Outsourcing for Small and Mid-size Businesses

SentinelOne's Singularity portfolio is a subscription-based, cloud-centric threat defense platform that includes computer learning software and advanced services to provide enterprise-class endpoint detection and response (Singularity Control and Complete) and managed detection and response (Singularity Complete with Vigilance MDR). SentinelOne's low-profile software agents can be installed in minutes to defend popular endpoints against increasingly sophisticated threats including ransomware, known and new malware, trojan viruses, hacking toolkits, RAM exploits, script misuse, invasive macros, and living-off-the-land (LotL) attacks. SentinelOne agents are offered for Microsoft Windows, Apple macOS, Linux, and Kubernetes powered endpoints. Supported form factors include physical, virtual, VDI desktops, customer and hybrid data centers, and cloud service providers. Since SentinelOne software agents operate autonomously, they can provide advanced behavior-based protection in real time even during periods when endpoints are not cloud connected.

Progent is a SentinelOne Partner and dealer and oversees thousands of endpoints protected by SentinelOne Singularity technology. SentinelOne is always the first endpoint response tool activated by Progent to gain control and visibility of a client's network in the first stages of a ransomware recovery. SentinelOne Singularity is also the key EDR software powering Progent's Active Security Monitoring (ASM) managed services. SentinelOne was ranked as a top visionary in Gartner's 2022 Magic Quadrant for Endpoint Protection Platforms and scored the highest number of high-quality detections in real-time with zero delays during the 2022 MITRE ATT&CK Phase 4 Evaluation. Gartner concludes, "This reaffirms its (SentinelOne's) ability to detect all attacks and provide full details of the techniques and tactics used." SentinelOne also outscored all competition for every use case in Gartner's assessment of Critical Capabilities for Endpoint Protection Platforms (EPPs).

Singularity Bundles for SentinelOne Endpoint Detection and Response
SentinelOne's Singularity family has several levels of endpoint protection product bundles provided as a worldwide SaaS platform that delivers high availability, centralized policy management by site and group, AI powered threat intelligence, fast recovery, and an information-driven dashboard for cyberthreat analytics. Bundles include Control for advanced management, Complete for smart root cause analysis, and Complete with Vigilance MDR for 24/7 advanced monitoring and response. The feature sets are incremental. Control and Complete each have all the features of the level beneath it. Pricing starts at $10 for each endpoint per month for smaller customers with appropriate discounts for bigger accounts. There is no minimum device count.

The SentinelOne Control Package
The SentinelOne Control Package is the base software and is 100% maintained by the client. For some examples: Endpoint agents need to be updated in the SentinelOne portal, allow rules need to be set, exclusions need to be made, blacklists should be created, threats must be responded to, and many other day-to-day activities that someone in your organization needs to manage and maintain. SentinelOne is just like any other security product in that it has frequent updates to keep its defenses current. Progent can assist with or directly handle these items, but there is additional time and materials billing for all services performed.

With the Control Package you manage your own portal and while Progent and SentinelOne personnel are monitoring and or receiving alerts of serious threats in your environment, we have no authorization to do any work in your environment and will only do best efforts to alert you in case of a serious threat.

Features of the SentinelOne Control Package include:

• Endpoint Prevention (EPP) to stop a broad range of malware, Trojans, hacking tools, and ransomware before they can get a foothold
• ActiveEDR Basic for Endpoint Detection and Response (EDR) operates in real-time even without cloud access. ActiveEDR identifies highly sophisticated malware, script misuse and other fileless attacks as they try to do compromise your network.
• ActiveEDR Recovery gets users up and running quickly and includes full remediation as well as rollback for all non-legacy versions of Microsoft Windows.
• Device Control for Policy-based control of all USB and Bluetooth devices (Windows, Mac)
• Firewall Control for Policy-based control of network connectivity to and from assets, including location awareness (Win, Mac, Linux)
• Security Vulnerability Management, along with Application Inventory, for insight into third party apps with recognized security gaps mapped to the MITRE Common Vulnerabilities and Exposures (CVE) cybersecurity dictionary
• Secure Remote Shell support for direct endpoint access by event responders and forensics personnel
• Autonomous SentinelOne agent Storyline Engine
• Integrated Static AI and SentinelOne Cloud Intelligence file-based assault prevention
• Behavior-based AI fileless incursion detection
• Autonomous Threat, Remediation, and Rollback
• Quarantine device from network, Incident Analysis, Agent Anti-tamper, Application inventory
• Rogue endpoint discovery

• Co-Managed solution with Progent receiving alerts and notices of all activities in your system. Clients are responsible for resolving issues in their system and optional help time and material is offered from Progent's security experts
• ActiveEDR Advanced provides visibility of all benign data.
• ActiveEDR Advanced provides enterprise threat hunting. SentinelOne is differentiated with the ease-of-use personified by the active nature of the solution in autonomously responding to threats.
• Storyline feature for Automated Forensics and quick root cause analysis. All OS storylines are automatically contextualized with SentinelOne’s proprietary TrueContext technology, streamlining analysts' laborious job of event correlation before they can determine the root cause with reduced MTTR.
• Storyline Active Response combats zero-day attacks with custom detection and hunting rules.
• Deep visibility Storyline Pivot and Hunt by MITRE ATT&CK technique
• EDR Hunting Data storage from 14 days standard to one year optional
• Timelines, file fetch, file integrity monitoring, sandbox integrations
• Additional response alternatives are available and personalized to your needs. Includes one hour of training in advanced features and day-to-day management of the SentinelOne portal. During this time, Progent will demonstrate the creation of Exclusions, Blocklists, Mitigation, Agent Updates, Notifications, Client Reports, Application Features, Activity Logs and UI configuration Alerts.

Complete with Vigilance Respond Managed Detection and Response (MDR) Services
Vigilance Respond and Vigilance Respond Pro are optional Managed Detection and Response programs for subscribers to SentinelOne's Singularity Complete bundle. These bundles include full 24x7 incident response provided by Tier-1, Tier-2, and Tier-3 IT security professionals. Vigilance Respond subscriptions include confirmation of cyberthreats, event prioritization, false positive management and console cleanup, accelerated threat resolution, management reporting, service level agreements, and escalation to the customer's security team.

Vigilance MDR analysts rank threat alerts according to a threat-handling hierarchy ranging from Benign False Positive to Urgent True Positive. This ranking determines how the Vigilance analyst responds to the detected threat. There are five categories of threats and associated responses. The majority of alerts require no action by the client.

Benign Alert - False Positive
Vigilance takes care of the issue and annotates the SentinelOne console. For isolated False Positive alerts, no additional actions or alerts are needed. For persistent False Positive alerts, Vigilance will escalate the issue to the client to submit or approve an appropriate exclusion or agent upgrade as needed.

Malicious Alert - True Positive Non-Urgent, Potentially unwanted Program (PuP)
Vigilance responds to make sure the threat is blocklisted, resolved, and annotated. Typically, no alert will be sent to the customer unless the issue requires follow up work.

Malicious Alert - True Positive / No Action Necessary
Vigilance performs appropriate actions including remediation to ensure the threat is quarantined. Once the SentinelOne analyst confirms the threat is eliminated, the analyst will transmit a verification notice to the client.

Malicious Alert - True Positive Non-Urgent / Action Needed
Vigilance performs proper actions including remediation to make sure the threat is quarantined. After the SentinelOne analyst verifies the threat is eliminated, the analyst will transmit a verification alert to the customer. Follow-up procedures like re-imaging may be called for in some circumstances.

Malicious Alert - True Positive Urgent / Action Needed
Vigilance may respond strongly in serious breach cases including taking agent remediation actions and isolating compromised network devices to isolate the attack and prevent additional lateral progress. The analyst will send an urgent notification informing the customer of the situation and request immediate response.

In addition to providing all the features of SentinelOne Control and SentinelOne Complete, SentinelOne Complete with Vigilance MDR adds round-the-clock Monitoring with Near Real Time Threat Response, Remote Script Orchestration, and Ranger:

• Co-Managed Solution with Progent receiving warnings and notifications of all threats and activities in your environment and combined SOC response, delivering 3 levels of 24x7x365 Detection and Response. Threats are neutralized and responded to in near real-time. Additional remediation options following threat mitigation are offered and customized to your individual needs.
• Remote Script Orchestration empowers enterprises to send scripts to one machine, a few hundred machines, or even millions of machines, to respond to present and future cyberattacks instantly. Security Teams can dispatch tailored scripts or pick from a wide selection of jobs – ranging from incident response to forensics artifact collection and even IT administration. In combination with SentinelOne Storyline Active Response (STAR), analysts can save time with automated workflows that take incident response to the next level.
• Ranger provides unmatched visibility into your environment. Ranger is network-efficient by intelligently electing a small number of SentinelOne agents per subnet to undertake network mapping missions. Elected "Rangers" passively listen for network broadcast data including ARP, DHCP, and other network observances. Admins can customize active scan policies and select multiple IP Protocols for machine learning including ICMP, SNMP, UDP, TCP, SMB, and others. Rangers correlate all collected information in the backend to characterize known and unknown devices. Ranger device inventories reveal what is attached to your environment, where they are connected, and which protocols the devices listen on. Ranger permits you to discover and eliminate SentinelOne Agent deployment gaps using Ranger Deploy, a peer-to-peer deployment (Windows, Mac, Linux). Ranger permits you to determine how unfamiliar devices communicate with managed hosts and quarantine suspicious devices from managed devices with a click.

Download Progent's SentinelOne Singularity Packages Datasheets
See datasheets about Progent's SentinelOne Singularity packages:

• Overview of Progent's SentinelOne Singularity Packages (PDF - 214 KB)
  

• Progent's SentinelOne Singularity Control Package (PDF - 210 KB)
  

• Progent's SentinelOne Singularity Complete Package (PDF - 214 KB)
  

• Progent's SentinelOne Singularity Complete with MDR Package (PDF - 223 KB)
  

The Progent Advantage
Progent's roster of over 150 consultants includes experts in every facet of information technology related to small and mid-size businesses. With this scope of knowledge, Progent can be your single point of contact for building and managing a cohesive cybersecurity solution that delivers immediate business value. In addition to the endpoint protection available from SentinelOne products, Progent offers a catalog of managed services and specially-priced IT support packages created to assist small and mid-size businesses to plan, implement, test, and administer networks that deliver enterprise-class security and low TCO.

Progent has in-depth experience with all the endpoints, servers and virtual machines that can be protected by SentinelOne products. Progent offers services that include Windows 11 migration consulting, Windows 10 management, Linux support, Mac OS X and macOS support, iPhone and iPad integration, Android consulting, Windows Server 2022 migration consulting, Windows Server 2019 integration consulting, Hyper-V virtualization expertise, and VMware vSphere support experts.

For single-click or manual rollback, Progent's Windows Server consultants can help you to set up Windows Volume Shadow Copy Service (VSS). Progent also offers remote and onsite support from certified Cisco CCIE experts to help you to design, protect or troubleshoot your network infrastructure. If your network incorporates cloud resources, Progent can provide the support of Microsoft Azure consultants, Amazon AWS consultants, and Google Cloud solutions experts.

Contact Progent about SentinelOne Sales and Configuration Services
To learn more about how Progent can assist you to buy or configure SentinelOne products, call 1-800-993-9400 or visit Contact Progent.