Available in two tiers, from basic Monitoring to the more aggressive Active Response, SentinelOne also plans to expand the service to allow partners to provide the basic support, while SentinelOne does the Tier Two.
Mountain View CA-based next-gen endpoint security vendor SentinelOne has had a big week. A week ago, they launched a new Deep Visibility module for their flagship SentinelOne Endpoint Protection Platform [EPP]. On Wednesday, they announced a strategic partnership with SonicWall, which integrates their endpoint technology with SonicWall’s complementary firewall technology, providing real-time automated breach detection and prevention on multiple layers. Now they have announced a new service, Vigilance, which adds a human dimension to their automated EPP. Vigilance provides 24/7 support to review alerts, taking over much of the effort that would otherwise be done by customers’ security teams.
SentinelOne’s core customer base is in the enterprise. In the lower part of the enterprise though, many customers still have relatively limited response capabilities.
“Many customers in the lower enterprise are less experienced in their SOC with these newer technologies,” said Eran Ashkenazi, VP of services and field operations at SentinelOne. “We had customers and MSSPs coming to us, asking us to provide something on top of EPP. So we developed this internally to take advantage of the richness of information that we have.”
Unlike the automated EPP platform, which relies on behavior-based threat detection, Vigilance relies on humans. Cybersecurity analysts assess suspicious alerts, review raw data on threats and network connections, identify and prioritize events. They also alert security personnel, help orchestrate security operations, and execute applicable policy-driven actions to limit threat impacts.
“Vigilance adds human insight to our existing machine learning capabilities,” Ashkenazi said. “All of the endpoint security vendors are catching up on missing aspects that they have, because at the end of the day you want to offer a complete solution. This completes the offering we have today, by adding those human insights.”
While the core market for this is the existing customer base, some of whom are already working with SentinelOne on Vigilance, Ashkenazi also sees a market for the service among prospects who don’t have the EPP platform.
“The extra service is a sigh of relief, providing others to do the background investigation, for some existing customers. But there are others who think that EPP is too complicated, and that the service alone has some appeal for them.”
SentinelOne Vigilance is available at two levels of support. Active Monitoring provides full 24/7 coverage to classify and prioritize incoming threats and alerts. Executive Reports are provided quarterly.
Active Response includes the Monitoring, and also provides Expert Consultation, Threat Response and On-Demand Deep Sample Forensics services, along with monthly Executive Reports.
“The Response element includes hunting capabilities, for deepened security measures,” Ashkenazi said.
Ashkenazi also said Vigilance has plenty of room to grow.
“This is very much Version 1.0,” he said. “Going forward we see abilities to make this a two-tier type of a service, where partners deliver the basic service, and where we are the Tier Two support. This is not available at launch day, but thus is part of our 2018 plans for Vigilance.”
SentinelOne goes to market through a 100 per cent channel strategy, including MSSPs, and they are the route to market for this as well.
“The actual selling of this will be done by the channel, who get the margin from it, and can bundle other services on top of it,” Ashkenazi said.
The company is also very much in the process of building out its channel.
“We have a few dozen partners, some of whom are larger, but some of whom are also small,” Askenazi indicated. “We basically almost never say no. If it’s not too crowded in that region, we tend to accept.”