Blog

SentinelOne – Endpoint Detection and Response (Video)

Roger Walton of PCG talks about Endpoint Detection and Response (EDR) and the Sentinel One tool, which detects hacks on your network.

Of all the tools we have available in the security toolbox, one of my favorites is End Point Detect and Response. What this does, an EDR tool, is kind of like the antivirus that we have sitting on our PCs and servers, except that instead of looking out for pieces of malicious software, what it’s doing is looking out for actions. It’s looking for what would happen when a bad guy hijacks the PC and starts doing things like installing software or downloading large numbers of files that would be exactly the type of thing that a hacker might be trying to do. The EDR tool and PCG currently uses a tool called SentinelOne. It will, first of all, be vigilant for those kinds of activities.

Secondly, it’s connected with what we call a SOC, a security operations center, and the SOC operates on a seven by 24 basis so that whatever time someone tries to hack your systems, there’ll be an analyst that is immediately notified and can take action. The type of action they will take is if that they determine that it is indeed a serious threat, there are various steps in terms of quarantining your system, or even taking it completely off the network so that it can’t do any harm. So just as in medicine, that the first principle here is to do no harm. So, as a way of keeping your network, your servers, and your workstations safe on a seven by 24 basis, the End Point Detect and Respond with a SOC in support is one of the best tools in the toolbox.