Computer Network Outsourcing for Midsize Businesses

SentinelOne's Singularity product line is a subscription-based, cloud-centric cyberthreat management stack that includes computer learning software and professional services to provide enterprise-class endpoint detection and response (Singularity EDR) and extended detection and response (Singularity XDR). SentinelOne's low-profile agents can be installed in a few minutes to defend popular endpoints against modern cyberthreats including ransomware, known and new malware, trojan viruses, hacking tool sets, memory exploits, malicious scripts, destructive macros, and living-off-the-land (LotL) attacks. SentinelOne agents are offered for Windows, Apple macOS, Linux distributions, and Kubernetes powered endpoints. Supported deployment models include physical, virtual, VDI, customer and hybrid data centers, and cloud service providers. Since SentinelOne software agents are autonomous, they can deliver advanced behavior-based security in real time even during periods when endpoints are not cloud connected.

Progent is a SentinelOne Partner and reseller and manages thousands of endpoints protected by SentinelOne Singularity technology. SentinelOne is always the first endpoint response tool activated by Progent to provide control and visibility of a customer's network in the first stages of a ransomware emergency. SentinelOne is in addition the key technology powering Progent's Active Security Monitoring (ASM) managed services. SentinelOne was recognized as a leading visionary in Gartner's 2022 Magic Quadrant for Endpoint Protection Platforms and attained the most high-quality detections in real-time during the 2022 MITRE ATT&CK Phase 4 Evaluation. Gartner concludes, "This reaffirms its (SentinelOne's) ability to detect all attacks and provide full details of the techniques and tactics used." SentinelOne also surpassed all competition for each use scenario in Gartner's assessment of Critical Capabilities for Endpoint Protection Platforms.

Singularity Bundles for SentinelOne Endpoint Detection and Response
SentinelOne's Singularity product line offers three levels of endpoint security product bundles delivered as a global SaaS solution that delivers high availability, centralized policy management, AI driven threat intelligence, fast restoration, and an information-driven dashboard for cyberthreat analytics. Bundles consist of Core for basic protection, Control for enhanced management, and Complete for smart forensics. The feature sets are additive. Control and Complete each have all the features and options of the tier beneath it. Subscription rates starts at $5 for each endpoint per month for smaller clients with appropriate discounts for bigger accounts. There is no minimum device requirement.

Singularity Core offers traditional AV and next-generation anti-virus support and features fundamental Endpoint Detection and Response (EDR). Standard capabilities of Core include:

• Autonomous agent Storyline technology
• Built-in static AI and SentinelOne Cloud Intelligence file-based attack defense
• Behavioral analysis to identify fileless attacks
• Autonomous Threat Response / Kill, Quarantine (Win, Mac, Linux)
• Autonomous Remediation Response / 1-Click, no scripting (Win, Mac)
• Autonomous Rollback / 1-Click, no scripting (Win)
• Isolate device from network
• Incident Analysis (MITRE ATT&CK, timeline, explorer)
• Agent tamper prevention
• App inventory

Singularity Control includes all the basic features and supports all the options of the Core bundle and adds capabilities for enhancing endpoint management such as secure remote shell, OS firewall control with location awareness (Win, Mac, Linux), device control for USB and Bluetooth/Bluetooth Low Energy peripherals (Win, Mac), and app vulnerability.

Add-ons available for the Singularity Control package include the ability to isolate potentially dangerous devices using SentinelOne's Singularity RANGER package plus automated app management for Kubernetes through SentinelOne's Singularity Cloud package.

Singularity Complete includes all the standard features and allows all the options of the Control package and adds single-agent enterprise-grade prevention, detection, reaction and hunting across endpoints, cloud, and IoT. The bundle saves significant work for security administrators, SOC analysts, threat hunters, and attack responders by automatically correlating telemetry and using it with the MITRE ATT&CK database to expose root causes. Complete offers an advanced EDR feature set that includes:

• SentinelOne's Storyline technology with auto correlation of alerts for rapid forensic analysis (RCA)
• SentinelOne's Storyline Active Response (STAR) to mitigate emerging zero-day cyberthreats with custom, automated rules for threat detection and hunting
• Built-in ActiveEDR visibility to benign as well as harmful data
• Storyline hunt and pivot utilizing MITRE ATT&CK technique
• EDR Hunting Data retention options from two weeks (standard) to 365 days (special option)
• File integrity monitoring
• Timelines, file fetch, sandbox integrations

Vigilance Respond Managed Detection and Response (MDR) Services
Vigilance Respond and Vigilance Respond Pro are add-on MDR services for subscribers to SentinelOne's Singularity Complete package. These packages include digital forensics and full 24x7x365 incident response provided by Tier-1, Tier-2, and Tier-3 IT security experts. Vigilance Respond subscriptions include confirmation of cyberthreats, event prioritization and triage, false positive handling and console updating, threat containment, thorough reporting, service level agreements, and escalation back to the client's cybersecurity team. Pricing averages around $17 per device per month and there is no minimum device requirement.

Vigilance Respond Pro includes a two-times faster SLA, appointed IR case managers, root cause analysis (RCA), incident-driven threat hunting, digital forensics with malware reversing, expert containment and eradication, comprehensive security assessment including security architecture, plus post-mortem analysis. In most cases, Vigilance Respond Pro interprets and resolves threats in minutes and only gets in touch with subscribers for urgent issues. Since these services rarely call for the participation of the Vigilance Respond client, customers are able to focus on strategic tasks rather than routine cybersecurity issues.

Vigilance MDR consultants classify detected threat notifications according to a threat-handling hierarchy ranging from Benign False Positive to Urgent True Positive. This classification dictates how the Vigilance analyst handles the threat. There are five categories of threats and associated responses. The majority of alerts require no a response by the customer.

Benign Alert - False Positive
Vigilance takes care of the issue and updates the SentinelOne dashboard. For single False Positive alerts, no additional actions or notifications are necessary. For repeated False Positive alerts, Vigilance will escalate the issue to the customer to offer or approve a proper exclusion or agent upgrade as needed.

Malicious Alert - True Positive Non-Urgent, Potentially unwanted Program (PuP)
Vigilance takes action to make sure the threat is blacklisted, resolved, and documented. Typically, no notification will be transmitted to the client unless the issue calls for additional work.

Malicious Alert - True Positive / No Action Necessary
Vigilance takes proper actions including remediation to make sure the threat is isolated. Once the analyst confirms the threat is deleted, the analyst will send a confirmation notice to the client.

Malicious Alert - True Positive Non-Urgent / Action Necessary
Vigilance performs proper actions including remediation to ensure the threat is quarantined. Once the SentinelOne analyst confirms the threat is deleted, the analyst will transmit a confirmation alert to the client. Subsequent activity such as re-imaging may be required in some cases.

Malicious Alert - True Positive Urgent / Action Necessary
Vigilance may react aggressively in serious breach incidents including pursuing agent remediation actions and disconnecting compromised network devices to stall the attack and prevent further lateral movement and spread. The analyst will transmit a proactive alert informing the customer of the situation and request immediate response.

Download Progent's Singularity Control and Complete Comparison Datasheet
To see a one-page printable datasheet in PDF format describing SentinelOne's Singularity Control and Singularity Complete endpoint detection and response bundles, click:
Progent's Singularity Control and Singularity Complete EDR Datasheet. (PDF - 340 KB)

Why Progent?
Progent's team of more than 150 consultants includes experts in every facet of information technology related to small and mid-size organizations. With this breadth of expertise, Progent can be your one-stop source for integrating a comprehensive cybersecurity environment that delivers significant business value. In addition to the endpoint security available from SentinelOne products and services, Progent offers a variety of managed services and specially-priced IT support packages designed to help small and mid-size businesses to plan, deploy, validate, and manage networks that feature enterprise-level cybersecurity and low total cost of ownership.

Progent has expertise in all the endpoints, servers and virtual machines that can be protected by SentinelOne products. Progent can provide services that include Windows 11 migration expertise, Windows 10 integration, Linux support, Mac support, iPhone and iPad integration, Android consulting, Windows Server 2022 migration expertise, Windows Server 2019 integration consulting, Hyper-V virtualization support, and VMware vSphere integration consulting.

For single-click or manual rollback, Progent's Windows Server consultants can assist you to configure Windows Volume Shadow Copy Service (VSS). Progent also offers remote and on premises access to certified Cisco CCIE experts to assist you to plan, protect or troubleshoot your infrastructure. If your network relies on cloud resources, Progent can provide the support of Microsoft Azure consultants, Amazon AWS consultants, and Google Cloud integration experts.

Contact Progent about SentinelOne Sales and Configuration Services
To learn more about how Progent can assist you to purchase or configure SentinelOne products, call 1-800-993-9400 or see Contact Progent.