Computer Network Outsourcing for Midsize Companies

SentinelOne's Singularity portfolio is a subscription-based, cloud-centered cyberthreat defense stack that includes computer learning software and advanced services to deliver comprehensive endpoint detection and response (Singularity Control and Complete) and managed detection and response (Singularity Complete with Vigilance MDR). SentinelOne's small-footprint software agents can be installed in a few minutes to defend endpoints against increasingly sophisticated threats such as ransomware, familiar and new malware, trojans, hacking tool sets, RAM exploits, malicious scripts, invasive macros, and living-off-the-land (LotL) abuse. Singularity software agents are offered for Microsoft Windows, Apple macOS, Linux, and Kubernetes endpoints. Supported form factors include physical, virtual, VDI, hybrid data centers, and cloud providers. Since SentinelOne agents are autonomous, they can deliver cutting-edge behavior-based security in real time even when endpoints are disconnected from the cloud.

Progent is a SentinelOne Partner and reseller and manages thousands of endpoints protected by SentinelOne technology. SentinelOne Singularity is always the initial endpoint response tool deployed by Progent to gain control and visibility of a customer's system at the outset of a ransomware breach. SentinelOne Singularity is in addition the key EDR software powering Progent's Active Security Monitoring managed services. SentinelOne has been recognized as a leading visionary in Gartner's 2022 Magic Quadrant for Endpoint Protection Platforms and scored the most correlated tactics and techniques in real-time during the gold-standard MITRE ATT&CK Phase 4 Evaluation. Gartner concludes, "This reaffirms its (SentinelOne's) ability to detect all attacks and provide full details of the techniques and tactics used." SentinelOne also surpassed all competitors for every use case in Gartner's assessment of Critical Capabilities for Endpoint Protection Platforms (EPPs).

Singularity Packages for SentinelOne Endpoint Security
SentinelOne's Singularity family offers several levels of endpoint protection product packages provided as a worldwide SaaS solution that delivers high availability, centralized policy management by site and group, AI powered threat intelligence, rapid restoration, and an information-driven console for security analytics. Bundles include Control for enhanced management, Complete for automated forensics, and Complete with Vigilance MDR for 24/7 advanced monitoring and response. The feature sets are additive. Control and Complete each have all the features of the tier beneath it. Pricing starts at $10 per endpoint per month for smaller clients with appropriate discounts for larger accounts. Progent has no minimum endpoint count.

The SentinelOne Control Package
The SentinelOne Control Package is the base software and is 100% maintained by the client. For some examples: Endpoint agents need to be updated in the SentinelOne portal, allow rules need to be set, exclusions need to be made, blacklists should be created, threats must be responded to, and many other day-to-day activities that someone in your organization needs to manage and maintain. SentinelOne is just like any other security product in that it has frequent updates to keep its defenses current. Progent can assist with or directly handle these items, but there is additional time and materials billing for all services performed.

With the Control Package you manage your own portal and while Progent and SentinelOne personnel are monitoring and or receiving alerts of serious threats in your environment, we have no authorization to do any work in your environment and will only do best efforts to alert you in case of a serious threat.

Major Features of the SentinelOne Control Package include:

• Endpoint Prevention (EPP) to block a wide variety of malware, Trojans, hacking tools, and ransomware before they start
• ActiveEDR Basic for Endpoint Detection and Response operates in real-time with or without cloud connectivity. ActiveEDR detects the latest malware, memory exploits and other fileless attacks as they try to do compromise your network.
• ActiveEDR Recovery gets users up and running quickly and includes 100% repair as well as rollback for all non-legacy releases of Microsoft Windows.
• Device Control for Policy-based management of all USB and Bluetooth devices (Windows, Mac)
• Firewall Control for Policy-based control of network connectivity to and from assets, including location awareness (Win, Mac, Linux)
• Security Vulnerability Management, in addition to Application Inventory, for insight into third party apps that have known vulnerabilities mapped to the MITRE CVE cybersecurity database
• Secure Remote Shell capability for direct endpoint access by incident responders and forensics personnel
• Autonomous SentinelOne agent Storyline Engine
• Combined Static AI and SentinelOne Cloud Intelligence file-based assault prevention
• Behavior-based AI fileless incursion detection
• Autonomous Threat, Remediation, and Rollback
• Quarantine endpoint from system, Incident Analysis, Agent Anti-tamper, App inventory
• Rogue device discovery

• Co-Managed solution with Progent being sent alarms and notifications of all threats and activities in your system. Customers are responsible for resolving threats in their system and extra-cost assistance time and material is available from Progent's security experts
• ActiveEDR Advanced provides visibility of all non-threatening data.
• ActiveEDR Advanced provides enterprise threat hunting. SentinelOne stands out with the ease-of-use personified by the active nature of the solution in autonomously responding to threats.
• Storyline feature for Automated Forensics and fast root cause analysis (RCA). All OS stories are automatically contextualized with SentinelOne’s proprietary TrueContext technology, streamlining analysts' laborious task of event correlation so they can get to the root cause with reduced MTTR.
• Storyline Active Response mitigates zero-day threats with custom detection and hunting rules.
• Deep visibility Storyline Pivot and Hunt technology by MITRE ATT&CK technique
• EDR Hunting Data retention ranging from 14 days standard to 365 days optional
• Timelines, file fetch, file integrity monitoring, sandbox integrations
• Other response alternatives are available and personalized to your requirements. Includes an hour of training in advanced features and routine management of the SentinelOne portal. During this training, Progent will train in the specification of Exclusions, Blocklists, Mitigation, Agent Updates, Notifications, Client Reports, Application Features, Activity Logs and UI configuration Alerts.

Complete with Vigilance Respond MDR Services
Vigilance Respond and Vigilance Respond Pro are optional Managed Detection and Response (MDR) programs for subscribers to the Singularity Complete package. These subscriptions include digital forensics and full 24x7 incident response delivered by Tier-1, Tier-2, and Tier-3 cybersecurity experts. Vigilance Respond subscriptions include confirmation of cyberthreats, event prioritization, false positive management and dashboard updating, threat containment, management reporting, service level agreements, and escalation to the client's security organization.

Vigilance MDR consultants rank threat alerts according to a threat-handling hierarchy going from Benign False Positive to Urgent True Positive. This classification determines how the Vigilance analyst responds to the detected threat. There are five categories of threats and consequent responses. The majority of alerts require no action by the client.

Benign Alert - False Positive
Vigilance takes care of the issue and updates the SentinelOne dashboard. For isolated False Positive alerts, no additional actions or notifications are required. For repeated False Positive alerts, Vigilance will escalate the issue to the client to submit or agree to a proper exclusion or agent upgrade as required.

Malicious Alert - True Positive Non-Urgent, Potentially unwanted Program (PuP)
Vigilance takes action to make sure the threat is blocklisted, resolved, and annotated. Usually, no alert will be transmitted to the client unless the issue requires additional work.

Malicious Alert - True Positive / No Action Necessary
Vigilance performs proper actions including remediation to ensure the threat is isolated. After the analyst confirms the threat is deleted, the analyst will transmit a verification alert to the customer.

Malicious Alert - True Positive Non-Urgent / Action Needed
Vigilance takes appropriate actions including remediation to make sure the threat is isolated. After the analyst verifies the threat is eliminated, the analyst will send a confirmation alert to the client. Follow-up activity such as re-imaging may be required in some circumstances.

Malicious Alert - True Positive Urgent / Action Needed
Vigilance may respond strongly in high priority breach cases including pursuing agent remediation actions and isolating affected network endpoints to isolate the attack and block additional lateral movement and spread. The analyst will send an urgent alert apprising the customer of the issue and request immediate response.

In addition to including all the features of SentinelOne Control and SentinelOne Complete, SentinelOne Complete with Vigilance MDR adds round-the-clock Monitoring with Near Real Time Threat Response, Remote Script Orchestration, and Ranger:

• Co-Managed Environment with Progent seeing warnings and notifications of all threats and activities in your environment and combined SOC response, delivering 3 levels of 24x7x365 Detection and Response. Threats are neutralized and responded to in close to real-time. Additional remediation options after threat mitigation are available and tailored to your individual needs.
• Remote Script Orchestration enables enterprises to send scripts to a single machine, several machines, or even millions of machines, to respond to present and future cyberattacks instantly. Security Teams can dispatch tailored scripts or pick from a broad selection of tasks – ranging from incident response to forensics artifact collection and even IT administration. In combination with SentinelOne Storyline Active Response, analysts can save time with automated workflows that promote incident response to a higher level.
• Ranger allows unmatched visibility into your system. Ranger is network-efficient by intelligently electing a few SentinelOne agents for each subnet to participate in network mapping missions. Elected "Rangers" passively track network broadcast data including ARP, DHCP, and other network observances. Administrators can modify current scan policies and specify multiple IP Protocols for learning including ICMP, SNMP, UDP, TCP, SMB, and others. Rangers correlate all learned information within the backend to characterize familiar and unfamiliar devices. Ranger device inventories reveal what is connected to your system, where they are attached, and what protocols the devices listen on. Ranger enables you to find and eliminate SentinelOne Agent deployment gaps with Ranger Deploy, a peer-to-peer deployment (Windows, Mac, Linux). Ranger enables you to monitor how unfamiliar devices communicate with managed hosts and isolate suspect devices from managed devices with a click.

Download Progent's SentinelOne Singularity Packages Datasheets
Download datasheets describing Progent's SentinelOne Singularity products and services:

• Overview of Progent's SentinelOne Singularity Packages (PDF - 214 KB)
  

• Progent's SentinelOne Singularity Control Package (PDF - 210 KB)
  

• Progent's SentinelOne Singularity Complete Package (PDF - 214 KB)
  

• Progent's SentinelOne Singularity Complete with MDR Package (PDF - 223 KB)
  

The Progent Advantage
Progent's roster of over 150 consultants includes experts in every aspect of information technology related to small and mid-size businesses. With this scope of knowledge, Progent can be your single point of contact for integrating a comprehensive cybersecurity solution that delivers significant business value. In addition to the endpoint security provided by SentinelOne products and services, Progent offers a catalog of managed services and affordably-priced IT support packages designed to assist small and mid-size businesses to design, implement, test, and administer networks that deliver enterprise-class security and low TCO.

Progent has expertise in all the endpoints, servers and virtual machines that can be protected by SentinelOne technologies and services. Progent can provide services that include Windows 11 planning and migration consulting, Windows 10 management, Linux integration, Mac consulting, iPhone and iPad configuration, Android consulting, Windows Server 2022 integration consulting, Windows Server 2019 migration consulting, Hyper-V virtualization support, and VMware vSphere integration experts.

For single-click or manual rollback capability, Progent's Windows Server consultants can assist you to configure Windows Volume Shadow Copy Service (VSS). Progent also offers online and onsite support from certified Cisco CCIE experts to assist you to design, defend or debug your infrastructure. If your network relies on cloud resources, Progent offers the support of Microsoft Azure experts, Amazon AWS consultants, and Google Cloud integration consultants.

Contact Progent about SentinelOne Sales and Integration Services
To find out more about how Progent can help you to purchase or configure SentinelOne endpoint security products, call 1-800-993-9400 or visit Contact Progent.