Computer Network Support for Midsize Companies

SentinelOne's Singularity product family is a subscription-based, cloud-centered cyberthreat defense stack that features AI algorithms and expert services to deliver enterprise-class endpoint detection and response (Singularity Control and Complete) and managed detection and response (Singularity Complete with Vigilance MDR). SentinelOne's small-footprint software agents can be installed in minutes to defend endpoints against modern cyberthreats including ransomware, known and new malware, trojan viruses, hacking tools, memory exploits, script misuse, harmful macros, and living-off-the-land abuse. Singularity agents are available for Microsoft Windows, Apple macOS, Linux distributions, and Kubernetes endpoints. Compatible deployment models include physical, virtual, VDI desktops, customer and hybrid data centers, and cloud providers. Because SentinelOne agents are autonomous, they can deliver cutting-edge behavior-based security in real time even when endpoints are not interfaced to the cloud.

Progent is a SentinelOne Partner and reseller and oversees thousands of endpoints protected by SentinelOne technology. SentinelOne Singularity is always the initial incident response tool activated by Progent to provide control and visibility of a client's network in the first stages of a ransomware emergency. SentinelOne is in addition the root EDR software behind Progent's Active Security Monitoring managed services. SentinelOne has been ranked as a leading visionary in Gartner's 2022 Magic Quadrant for Endpoint Protection Platforms and scored the most analytic detections in real-time with zero delays during the 2022 MITRE ATT&CK Phase 4 Evaluation. Gartner concludes, "This reaffirms its (SentinelOne's) ability to detect all attacks and provide full details of the techniques and tactics used." SentinelOne also outscored all competitors for each use scenario in Gartner's evaluation of Critical Capabilities for Endpoint Protection Platforms.

Singularity Packages for SentinelOne Endpoint Detection and Response
SentinelOne's Singularity family offers several tiers of endpoint security product packages provided as a global cloud-based platform that features high availability, hierarchical policy management, AI powered threat intelligence, fast restoration, and an information-driven console for cyberthreat analytics. Bundles consist of Control for enhanced management, Complete for smart root cause analysis, and Complete with Vigilance MDR for 24/7 advanced monitoring and response. The tiers are additive. Control and Complete each include all the features of the tier beneath it. Subscription rates starts at $10 for each endpoint per month for smaller customers with appropriate discounts for larger deployments. Progent has no minimum endpoint count.

The SentinelOne Control Package
The SentinelOne Control Package is the base software and is 100% maintained by the client. For some examples: Endpoint agents need to be updated in the SentinelOne portal, allow rules need to be set, exclusions need to be made, blacklists should be created, threats must be responded to, and many other day-to-day activities that someone in your organization needs to manage and maintain. SentinelOne is just like any other security product in that it has frequent updates to keep its defenses current. Progent can assist with or directly handle these items, but there is additional time and materials billing for all services performed.

With the Control Package you manage your own portal and while Progent and SentinelOne personnel are monitoring and or receiving alerts of serious threats in your environment, we have no authorization to do any work in your environment and will only do best efforts to alert you in case of a serious threat.

Major Features of the SentinelOne Control Package include:

• Endpoint Prevention (EPP) to block a broad range of malware, Trojans, hacking tools, and ransomware before they start
• ActiveEDR Basic for Endpoint Detection and Response works in real-time with or without cloud connectivity. ActiveEDR detects highly sophisticated malware, script misuse and other fileless assaults as they try to do damage.
• ActiveEDR Recovery gets users up and running quickly and includes 100% repair as well as rollback for all non-legacy releases of MS Windows.
• Endpoint Control for Policy-based management of all USB and Bluetooth devices (Win, Mac)
• Firewall Control for Policy-based control of network connectivity to and from assets, including location awareness (Win, Mac, Linux)
• Vulnerability Management, along with Application Inventory, for insight into third party applications with recognized vulnerabilities mapped to the MITRE CVE cybersecurity dictionary
• Secure Remote Shell capability for direct endpoint access by event responders and forensics personnel
• Autonomous SentinelOne agent Storyline Engine
• Combined Static AI and SentinelOne Cloud Intelligence file-based attack defense
• Behavioral AI fileless incursion detection
• Autonomous Threat, Remediation, and Rollback
• Quarantine endpoint from system, Incident Analysis, Agent Anti-tamper, App inventory
• Rogue endpoint discovery

• Co-Managed environment with Progent receiving alarms and notifications of all threats and activities in your environment. Customers are responsible for reacting to threats in their system and optional help time and material is offered from Progent
• ActiveEDR Advanced provides visibility of all non-threatening data.
• ActiveEDR Advanced adds enterprise threat hunting. SentinelOne stands out with the ease-of-use characterized by the active nature of the solution in autonomously reacting to threats.
• Storyline feature for Automated Forensics and fast root cause analysis. All OS storylines are automatically contextualized with SentinelOne’s proprietary TrueContext technology, simplifying analysts' tedious task of event correlation so they can get to the root cause with reduced MTTR.
• Storyline Active Response (STAR) mitigates zero-day attacks with custom detection and hunting rules.
• Deep visibility Storyline Pivot and Hunt by MITRE ATT&CK technique
• EDR Hunting Data storage ranging from 14 days standard to one year optional
• Timelines, file fetch, file integrity monitoring, sandbox integrations
• Additional response alternatives are available and personalized to your needs. Includes one hour of training in key features and day-to-day management of the SentinelOne portal. During this time, Progent will train in the creation of Exclusions, Blocklists, Mitigation, Agent Updates, Notifications, Client Reports, Application Features, Activity Logs and UI configuration Alerts.

Complete with Vigilance Respond Managed Detection and Response (MDR) Services
Vigilance Respond and Vigilance Respond Pro are optional MDR services for subscribers to the Singularity Complete package. These bundles include digital forensics and full 24x7 incident response delivered by Tier-1, Tier-2, and Tier-3 IT security professionals. Vigilance Respond subscriptions include validation of cyberthreats, event prioritization, false positive handling and dashboard updating, proactive threat deactivation, thorough reporting, service level agreements, and escalation to the customer's cybersecurity organization.

Vigilance MDR analysts rank threat notifications based on a threat-handling hierarchy ranging from Benign to Malicious Urgent. This classification determines how the analyst responds to the detected threat. There are five classes of threats and associated responses. Most alerts require no action by the client.

Benign Alert - False Positive
Vigilance takes care of the issue and annotates the SentinelOne console. For single False Positive alerts, no additional actions or alerts are required. For repeated False Positive alerts, Vigilance will escalate the issue to the customer to submit or agree to an appropriate exclusion or agent update as required.

Malicious Alert - True Positive Non-Urgent, Potentially unwanted Program
Vigilance responds to make sure the threat is blocklisted, resolved, and documented. Usually, no alert will be sent to the client unless the threat requires additional work.

Malicious Alert - True Positive / No Action Needed
Vigilance performs proper actions including remediation to ensure the threat is quarantined. Once the analyst confirms the threat is deleted, the analyst will send a confirmation notice to the customer.

Malicious Alert - True Positive Non-Urgent / Action Needed
Vigilance performs appropriate actions including remediation to make sure the threat is quarantined. After the analyst confirms the threat is deleted, the analyst will transmit a verification notice to the client. Subsequent procedures such as re-imaging may be called for in certain cases.

Malicious Alert - True Positive Urgent / Action Needed
Vigilance may respond aggressively in serious breach incidents including taking agent remediation actions and disconnecting affected network endpoints to stall the attack and block further lateral progress. The analyst will transmit a proactive notification apprising the customer of the issue and ask for immediate response.

In addition to including all the functions of SentinelOne Control and SentinelOne Complete, SentinelOne Complete with Vigilance MDR adds round-the-clock Monitoring with Near Real Time Threat Response, Remote Script Orchestration, and Ranger:

• Fully Co-Managed Solution with Progent seeing warnings and notifications of all threats and activities in your system and combined SOC response, delivering 3 levels of 24x7x365 Detection and Response. All threats are mitigated and responded to in close to real-time. Additional remediation options following threat mitigation are offered and customized to meet your individual requirements.
• Remote Script Orchestration empowers enterprises to send scripts to a single machine, a few hundred machines, or even millions of machines, to respond to current and future cyberattacks at machine speed. Security Teams can send tailored scripts or pick from a broad selection of jobs – ranging from incident response to forensics artifact collection and even network administration. In combination with SentinelOne Storyline Active Response, analysts benefit from automated workflows that take incident response to the next level.
• Ranger provides unmatched visibility into your environment. Ranger is network-efficient by intelligently designating a few SentinelOne agents for each subnet to undertake network mapping missions. Selected "Rangers" passively track network broadcast data including ARP, DHCP, and other network observances. Admins can tailor current scan policies and specify multiple IP Protocols for machine learning including ICMP, SNMP, UDP, TCP, SMB, and others. Rangers correlate all collected information within the backend to fingerprint familiar and unknown devices. Ranger device inventories reveal what is attached to your system, where they are connected, and which protocols the devices listen on. Ranger enables you to discover and eliminate SentinelOne Agent deployment gaps using Ranger Deploy, a peer-to-peer deployment (Windows, Mac, Linux). Ranger permits you to determine how unfamiliar devices communicate with managed hosts and isolate suspicious devices from managed devices with a single click.

Download Progent's SentinelOne Singularity Packages Datasheets
Download datasheets about Progent's SentinelOne Singularity packages:

• Overview of Progent's SentinelOne Singularity Packages (PDF - 214 KB)
  

• Progent's SentinelOne Singularity Control Package (PDF - 210 KB)
  

• Progent's SentinelOne Singularity Complete Package (PDF - 214 KB)
  

• Progent's SentinelOne Singularity Complete with MDR Package (PDF - 223 KB)
  

The Progent Advantage
Progent's team of over 150 consultants includes experts in every facet of information technology associated with small and mid-size businesses. With this scope of knowledge, Progent can be your one-stop source for integrating a cohesive security environment that delivers immediate business value. In addition to the endpoint security available from SentinelOne products, Progent offers a variety of managed services and affordably-priced support packages created to assist SMBs to plan, implement, validate, and administer networks that feature enterprise-class cybersecurity and low total cost of ownership.

Progent offers in-depth experience with all the endpoints, servers and VMs that can be protected by SentinelOne technologies and services. Progent offers services that include Windows 11 migration consulting, Windows 10 management, Linux integration, Mac consulting, iPhone and iPad support, Android consulting, Windows Server 2022 migration expertise, Windows Server 2019 integration consulting, Hyper-V virtualization support, and VMware vSphere support experts.

For fast rollback, Progent's Windows Server consultants can help you to set up Windows Volume Shadow Copy Service (VSS). Progent also offers remote and on premises support from certified Cisco CCIE consultants to assist you to design, defend or troubleshoot your network infrastructure. If your network relies on cloud resources, Progent can provide the support of Microsoft Azure experts, Amazon AWS experts, and Google Cloud solutions experts.

Contact Progent about SentinelOne Sales and Configuration Services
To find out more about how Progent can assist you to purchase or configure SentinelOne products, call 1-800-993-9400 or visit Contact Progent.