What’s Included
SentinelOne endpoint security licenses and agents with anti tamper protection are deployed for all in scope workstations and servers.
Continuous monitoring for security threats is provided using artificial intelligence and behavioral analysis to detect and prevent both file based and fileless attacks in real time.
Upon detection of a threat or suspicious activity on an endpoint by the SentinelOne platform, services include:
- Review of alert details and endpoint telemetry to determine the nature, severity, and scope of the threat, such as malware infection, ransomware attempt, or unauthorized intrusion, including assessment of affected systems, files, and potential business impact
- Use of SentinelOne built in tools, external threat intelligence, and industry standard frameworks such as MITRE ATT and CK to analyze malicious files, processes, and behaviors associated with the incident in order to understand the threat’s operation, targets, and method of containment
- Prompt action through the EDR platform to contain the threat, including isolating the affected endpoint from the network, terminating malicious processes, stopping suspicious services, and quarantining or deleting malicious files
- Where automatic remediation features have been authorized, the EDR may also roll back certain malicious changes, including restoration of encrypted or modified files to a prior state
- Follow up remediation to support full eradication of the threat and restoration of systems to a secure operational state, including additional scans, security patching, and configuration adjustments to address exploited vulnerabilities
- Documentation of findings, actions taken, and outcomes in an incident report or ticket, with notification of significant incidents provided in a timely manner, including a description of the threat encountered, containment and remediation actions performed, and any recommended further actions