Aug 9, 2022

Integration spotlight: Take XDR to the next level with Armis and SentinelOne

Blog Header – Blog – SentinelOne

From cloud solutions down to the myriad IT, IoT, OT, IoMT, and mobile assets spread across and beyond organizational boundaries, today’s enterprise attack surfaces are expansive. And for security teams with limited time and resources that means unprecedented operational challenges and risks. 

Given the circumstances, visibility into organizational assets and their security posture is more critical than ever. As is the ability to automate repetitive and cumbersome tasks, such as device inventory, that impact response times and lead to frustration and burnout. The problem is that enterprises have already made huge investments into IT security and management tools, and they are still struggling with visibility, intelligence, and timely responses to threats. 

Extended detection and response (XDR) solutions have emerged as an answer to evolving asset visibility and security related challenges, but different vendors have different takes on what the “X” in XDR really means. At Armis, we believe “extended” should mean having unified visibility and deep intelligence into every last connected assetmanaged or unmanagedalong with the ability to accelerate triage and quickly reduce the attack surface. As you can imagine, that is much easier said than done. But it’s exactly what the Armis integration for SentinelOne is capable of. Before we get into the how of it, let’s quickly revisit current challenges and why these unified capabilities are so important.

Greater visibility and faster reactions with XDR

Best-in-class point tools only collect and analyze security data in isolation and they can’t connect dots across the technology stack or add context or correlation, which means security teams must do that work themselves. And given the risks that everything from cloud to IP-enabled assets can introduce to the network, they simply don’t have the bandwidth to continually uncover and address ever-growing security gaps. For example, cloud assets may go undetected and are often misconfigured or not configured according to enterprise security protocols when set up by business-oriented users. Moreover, endpoint detection and response (EDR) solutions can’t support vulnerability management and patching on proliferating IoT, OT, or IoMT assets due to operating system limitations. All the while, attackers are focused on the least-managed and least-protected assets. 

To streamline discovery and responses to threats across the enterprise, CISOs are increasingly turning to extended detection and response (XDR) solutions. The power of XDR solutions is that they combine the features of solutions for protecting endpoints, networks, the cloud, and other attack vectors into a comprehensive approach. One that pools multiple data types and sources into a single dashboard that enables security analysts to monitor and automate protections for the entire enterprise attack surface. A full-featured XDR solution should be able to deliver unified real-time visibility—with context—of every managed and unmanaged asset within an environment along with prioritized workflows and automated responses across the entire technology stack.

Adding clear, real-time context for more effective XDR

Today, ongoing operations depend on the ability of a myriad of devices to constantly communicate with one another. And when it comes to protecting operations, understanding how those devices are—and should be—communicating is invaluable. After all, without context, all the security team can do is chase down and mitigate critical vulnerabilities and threats as quickly as possible. But if they understand not only the function of a device, but also its specific use and whether it’s behaving normally, they can prioritize efforts based on risk to the business. The problem is that few XDR solutions can deliver real-time contextual intelligence for every enterprise asset. 

The Armis integration for SentinelOne Singularity XDR is the exception. Armis learns and tags the specific use of every asset, including like devices used for different purposes. It also continuously maps connections and communications between assets and services, learning the relationships and dependencies between, and the importance of, assets across your environment. Through the Armis Collective Asset Intelligence Engine, the industry’s first collective engine that tracks and analyzes attributes of over 2 billion assets worldwide, Armis even detects behavioral anomalies. 

SentinelOne’s patented Storyline observes all concurrent processes within all major operating systems and cloud workloads to connect dots between related events and activities to build further context. Distributed intelligence watches each Storyline to drive instantaneous protection against advanced attacks.

Overall, the integration enables unified, real-time visibility of every IT, OT, IoT, IoMT, and cloud asset in the environment along with orchestrations that help accelerate threat response times and automations that reduce burdens on the security team so they can focus on complex security issues and proactive maintenance. The Armis integration for SentinelOne supports three main use cases. 

  • Unified visibility of assets and asset risk—Gain unparalleled visibility into every SentinelOne-managed endpoint as well as unmanaged assets. 
  • XDR threat enrichment—Streamline security analyst tasks during threat response with clear, enriched, and easy-to-access context on what is happening. 

Network visibility and control—Get enriched visibility into unmanaged and potentially malicious assets and build policies to better protect SentinelOne managed endpoints (for example, design a policy to prevent a SentinelOne managed asset from communicating directly with OT devices).

Take your XDR approach to the next level

The Armis integration for SentinelOne combines best-in-breed asset visibility and security, and XDR solutions into a powerful, unified workflow that enables security teams to accelerate incident investigation and triage while reducing and better controlling the attack surface.

Learn more about the integration with SentinelOne.

Get Updates!

Sign up to receive the latest news

path-12-path-12-path-12-mask