SentinelOne® and Netskope team to secure modern workforce
August 2023 by Marc Jacob
Employees today want the freedom to work where and how they perform best. SentinelOne and Netskope are joining forces to help customers deliver it in a secure way. The technology partners today announced the launch of the SentinelOne Singularity™ App for Netskope, a powerful, joint solution that provides the comprehensive, context-rich visibility needed to detect, respond to, and mitigate threats across the ever-expanding attack surface opened by distributed work.
A dynamic duo
Through its Singularity platform, SentinelOne delivers leading protection for enterprise attack surfaces, including user endpoints, cloud workloads and identity infrastructure. As a critical set of capabilities for a successful SASE architecture, Netskope Intelligent Security Service Edge (SSE) secures access to the web, SaaS, public cloud, private application, and data centre infrastructure through a converged SWG, CASB and ZTNA suite. The two together enable a dynamic, integrated solution that security teams can use to defend networks and systems against threats and stop adversaries in their tracks with greater speed and efficiency.
“Netskope provides invaluable insights into user and cloud activity and risk, and with Sentinel One, XDR customers are able to correlate this information with other systems and act upon it in an automated, intelligent, and scalable manner,” said Andy Horwitz, Vice President of Business Development, Netskope.
How it works
With the SentinelOne Singularity App for Netskope, organisations can consolidate visibility into Netskope’s Intelligent Secure Service Edge for threat investigation and hunting and accelerate triage by automatically enriching Singularity threats with contextually related Netskope alerts. Using the solution, security teams can:
Enhance visibility - SentinelOne Singularity App for Netskope gives full visibility into the attack lifecycle by providing a consolidated view of endpoint, cloud, DLP and SASE alerts for threat hunting and investigation. Netskope’s User Behavior Analytics (UBA), Data Loss Protection (DLP), malware and additional alert logs are automatically ingested into the Singularity platform, where security analysts can search, pivot and hunt for threats across their environment.
Enrich threats - SentinelOne threats are autonomously enriched with additional user context from Netskope’s behavioural analytics. When an incident occurs, the app automatically adds correlated Netskope alerts and user confidence index (UCI) scores for a given user, enabling analysts to accelerate triage and escalation.
Speed response and mitigate risk - Through the integration with Netskope, SentinelOne can alert when an indicator from Netskope matches a file hash, URL, or domain within its hunting interface and take automated actions such as killing and quarantining a malicious file, or network quarantining the endpoint, reducing the speed of detecting and responding to known-malicious threats and risk to the enterprise.