Review: SentinelOne blocks and dissects threats

SentinelOne EPP brings good malware detection, excellent forensics and flexible remediation to business networks

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.
At a Glance
  • SentinelOne Endpoint Protection 1.7.0

    InfoWorld Rating

    SentinelOne EPP is an agent-based solution that provides all the information obtainable from an operating system for discovery, analysis, audit, and remediation activities on endpoints.

SentinelOne Endpoint Protection Platform (EPP) is an antimalware solution that protects against targeted attacks, malware, and zero-day threats through behavioral analysis and process whitelisting and blacklisting. The client agent, which analyzes the behavior of processes on Windows, OS X, Linux, and Android endpoints, can replace or run alongside other signature-based antimalware solutions. SentinelOne EPP stands out not only for its protection capabilities but also for its excellent forensics and threat analysis.

SentinelOne evaluates process behavior based on "dynamic execution patterns." The agent scans endpoints, indexes application files and processes, and sends information about them to the cloud where they are assigned reputation scores. When scores surpass policy thresholds, processes can be killed, files quarantined, and endpoints rolled back to the last known-good state. Metadata about processes and files are pooled among SentinelOne's customers, building an anonymous threat intelligence network that benefits everyone.

To continue reading this article register now

Join the discussion
Be the first to comment on this article. Our Commenting Policies