The Endpoint Threat Detection is a service designed to identify threats bypassing the preventive security controls. The service detects malware and toolkits used by advaned threat actors, that has not been removed by the existing anti-virus, investigates how it has entered the systems and how long it has been active. Secu relies on Netwitness Endpoint from RSA for this service. Our service will reduce the time it takes to detect and remediate compromised machines.
We do not recommend delivering this purely as a product, as very few organizations have the necessary focus to keep getting value from the solution following the initial deployment.
We offer the following deliverables within this service:
When things get complicated, we will support you and provide direct access to the vendor support.
Hotline is available via email, phone and the customer portal.
Response time is defined by the SLA you attach to the agreement:
Analysis & Design
Years of experiences reviewing existing infrastructures and providing an optimized network design.
Implement & Configure
If you buy the solution, we can do more than a simple Rack & Stack. We will support throughout the deployment and deliver a detailed set of system documentation.
Deployments are always performed by combining best practices from the vendor with our own experiences. Typically we can estimate deployments beforehand and are delivered using fixed pricing.
We have the following deployment options available:
Managed Threat Detection
No hardware or software needed. Simply deploy the agent and obtain immediate threat detection capabilities. We deliver managed services either on-presmises or deliveres as a cloud service.
On-Prem RSA Netwitness Endpoint:
Same as above.
RSA NetWitness Endpoint is an endpoint detection and response solution that employs a combination of live memory analysis, continuous behavioral monitoring, and advanced machine learning to detect known, new, unknown, and non-malware threats that other solutions miss entirely.
RSA NetWitness Endpoint helps focus investigations amid thousands of alerts and offers 3X the impact for security teams by considerably reducing attacker dwelltime and accelerating threat response.
SentinelOne is the only platform that defends every endpoint against every type of attack, at every stage in the threat lifecycle. Cloud based with low TCO, restore your endpoint within seconds if infected by ransomware.
SentinelOne Deep Visibility extends the SentinelOne Endpoint Protection Platform (EPP) to provide full visibility into endpoint data. It’s patented kernel-based monitoring allows a near real-time search across endpoints for all indicators of compromise (IOC) to empower security teams to augment real-time threat detection capabilities with a powerful tool that enables threat hunting.
SentinelOne Ransomware Protection – Guaranteed. SentinelOne believes that your next-generation endpoint protection solution should give you complete confidence that your sensitive data is protected against ransomware and other sophisticated attacks.
Watch a demo showing Fortinet integration with SentinelOne and how to share threat information here.
Gain more knowledge about SentinelOne in their datasheets here.