In the coming year, SentinelOne Endpoint Protection will be rolled out to Milnsbridge customers. As a part of re-evaluating our standard operating environment (SOE), it is time to make the migration to SentinelOne Next-Generation AV (NGAV) from legacy antivirus software, which has effectively become redundant.
What is Legacy Antivirus and why is it failing?
Traditional Antivirus software is designed to detect and prevent malicious attacks on your device. However, this type of antivirus has become ineffective as attacks continue to sophisticate. Traditional antivirus relies on three types of detection:
- Generic-based detection – Looking for malware or variants of known ‘families’.
- Heuristic-based detection – Scanning for unknown viruses on the basis of suspicious behaviour or file structures.
- Signature-based detection, which means the software is looking for signature updates with specific patterns in order to detect and prevent attacks. However, as these attacks have evolved, hackers began to develop ways to sidestep signature-based detection. For example, encrypting files that could not easily be read by a binary scanner.
Because Traditional Antivirus relies on a set of ‘rules’ or ‘characteristics’, it is not constantly evolving to consider new types of attacks. Cyber-attacks are sophisticating every day and traditional AV can no longer keep up.
How does Next Gen Antivirus differ?
NGAV is the natural evolution of Traditional Antivirus, it is designed to protect devices from the full spectrum of modern cyber-attacks. NGAV uses algorithms, artificial intelligence (AI), threat intelligence and data science to detect and lock the malicious tools, tactics and techniques that attackers generally rely on.
- NGAV software can prevent unknown or sophisticated attacks by evaluating the contexts of the attacks. Traditional antivirus does not do this.
- NGAV software also provides more visibility and context to find the cause of an attack quicker and more efficiently which allows for better insight. Traditional antivirus does not provide this level of depth and analysis.
What is SentinelOne?
SentinelOne provides real-time Endpoint Protection (EPP) for your device. Whilst most traditional antivirus solutions also provide EPP, SentinelOne has combined EPP with Endpoint Detection and Response (EDR) for more visibility into potential threats.
SentinelOne describes EDR as a ‘black box’ endpoint security team for your device. This means that in the unlikely event that your device has been affected by some type of malware, the EDR solution gives a succinct breakdown of what has happened on said device.
Traditionally, EDR was very data-centric and would provide enormous amounts of data and alerts which would have to be analysed by a human. Whereas SentinelOne has created an EDR solution that autonomously correlates the data using AI in order to present logical findings in context. Removing the need for costly and time-consuming data analysts.
Other benefits of SentinelOne
- Protection – Machine learning technology which does not rely on signatures. SentinelOne also doesn’t require recurring updates or scans.
- Simplicity – SentinelOne provides Endpoint Protection, Endpoint Detection and Recovery, Host-Based Intrusion Prevention System and File Integrity Monitoring all on one platform.
- Automation – SentinelOne will also automatically isolate infected devices and also immunise other devices within the network.
- Recovery – The ability to automatically recover files in the unlikely case of a ransomware attack.
Managed IT Security is an integral part of an integral part of Managed IT Services. If you’re concerned about your current antivirus, give us a call on 1300 300 293 to discuss SentinelOne and Next Gen Antivirus.