The solution is the first to offer fully featured autonomous Runtime Protection, Detection, and Response for cloud workloads. Purpose built for containers, SentinelOne’s CWPP offering provides the richest set of capabilities on the market, including advanced runtime protection, full remote shell to any pod, container kill, and full remediation to empower security and DevOps teams - all seamlessly within SentinelOne’s Singularity platform.
With this release, SentinelOne extends its XDR platform to introduce full visibility, detection, response and threat hunting for containerised workloads using the same console which is used for endpoints and IoT devices. Deployed seamlessly through popular DevOps tools such as Helm, the solution delivers SentinelOne’s patented Behavioral AI, Static AI, and autonomous response capabilities across all major Linux platforms, physical and virtual, cloud-native workloads, and containers - providing prevention, detection, response, and threat hunting for tomorrow’s cyber threats.
“As organisations embrace the operational efficiency of Kubernetes, they need a security solution that protects their containerized applications from unknown malware, zero days and in-memory attacks in real time while automatically pinpointing which image and pod was the target,” said Guy Gertner, VP of Product Management, SentinelOne. “Furthermore, enterprises need an easy-to-deploy solution that won’t slow or interfere with business processes. We’re proud that our container protection solution, powered by our unmatched behavioural AI models, meets this critical and growing business imperative.”
Fully-Featured Prevention, Detection, & Response
SentinelOne’s ActiveEDR allows security teams to quickly understand the story and root cause behind threat actors in containerized environments and autonomously respond. SentinelOne uses Static AI and Behavioral AI models that do not require baselining for providing runtime security, protecting organizations from both known vulnerabilities and zero-days.
Full Remote Shell to Pods & Containers
Full Remote Shell capabilities arm security teams with a rapid way to investigate threats, collect forensic data, and remediate breaches no matter where the compromised containers are, eliminating uncertainty and greatly reducing any downtime that results from an attack.
Complete Container Telemetry for XDR
SentinelOne is the only vendor to extract complete container attributes for granular awareness and rapid response. Container details include cluster name, node name, deployment type, pod name, container image name, and container ID for unprecedented visibility and aggregated Singularity XDR context. These attributes are all additive to SentinelOne’s existing EDR data categories.
“SentinelOne’s Behavioural AI technology has significantly improved how our customers are able to protect their endpoints. With this new release, they are bringing the Behavioural AI technology to containerised workloads,” said Dan Thormodsgaard, CTO and Co-Founder, Fishtech Group. “Run-time protection of workloads is very important as not all app-level vulnerabilities might be fixed in production systems. SentinelOne’s approach to this problem is unique and very consistent with how they protect laptops, servers, and virtualised workloads. The autonomous prevention and remediation provides huge value to our customers.”