Solution overview

This on-demand integration lab is a capability of WWT's Advanced Technology Center (ATC) designed to provide you with hands-on experience with SentinelOne Endpoint and AI SIEM solutions. This lab is built around a demonstration that shows how quickly an attacker can compromise a network by using internal tools like Domain Admin to spread malware. SentinelOne will detect it, quickly allow for an investigation, and even restore the damage that we will allow the ransomware to do. Within this lab, you will see SentinelOne endpoint solutions detect the compromise quickly and then analyze this data leverage SentinelOne AI SIEM solutions.

We will run this demonstration in DETECT ONLY mode. If SentinelOne were in prevention mode, nothing would happen, and you would only see the prevention facet of SentinelOne. By running in detect mode, we can show how well their behavioral engine can detect malicious actors and how many places SentinelOne could stop them if they were in prevention mode.

The goal of SentinelOne Singularity is to increase operational efficiency in the security operations center, which it accomplishes through the following:

  • Accurate classification of malware leading to fewer incidents needing to be investigated
  • Console built around fast investigations for SOC teams
  • An autonomous SOC powered by SentinelOne AI SIEM
  • Enhancing your SecOps workflows with PurpleAI
  • Centralize and transform data into actionable intelligence with Singularity DataLake
  • Ability to look back at data over long stretches of time (Up to 365 days)
  • Rollback technology, leading to less re-imaging of machines
  • Full OS support over Windows, Mac, and Linux.

Lab diagram

Loading

Technologies