SentinelOne Storyline Active Response empowers SOC teams to be proactive and effective
SentinelOne Storyline Active Response (STAR) is a cloud-based automated search, detection, and response engine. Integrated with SentinelOne’s ActiveEDR, STAR enables security teams to create custom detection and response rules and deploy them in real time across the network or a desired subset, to detect and respond to proactively to threats.
STAR also allows security teams to turn these queries into hunting rules that trigger alerts and automated responses when the rules detect matches. STAR replaces the need for manual, one-time, and labor-intensive legacy EDR activities with automated and personalized responses, enabling SOC teams to stay ahead of the rapidly changing threat landscape.
Unlike existing EDR watchlists, SentinelOne Storyline Active Response can protect against new threats without software updates, write custom MITER-compatible detection logic, and add rules for industry-specific threats at machine speed. .
The SentinelOne Singularity XDR platform is built on Storyline technology. Storyline leverages patented behavioral AI to monitor, track, and contextualize all event data across endpoints, cloud workloads, and IoT devices. The output is a dynamic model that assesses risk and automatically connects disparate event data into an understandable story at machine speed. Storyline Active Response adds a capability to the output of Storyline technology to customize detection and automate responses.
“Despite the progress made in recent years, EDR products are still human-powered and depend on manual labor to respond to attacks. The result is an increasing time frame that benefits the adversary by compromising businesses, ”said Yonni Shelmerdine, XDR Product and Strategy Manager, SentinelOne. “We built STAR to enable SOC teams to be proactive and efficient. The “R” of EDR (response) has always been too resource intensive and is the weak point where today’s products, people and processes fall short. STAR is a natural evolution of our best advanced visibility and detection capabilities, enabling businesses to benefit from the automation, scalability and speed we bring to the XDR era.
Nation states and cybercrime groups continually automate their tactics, techniques and procedures (TTPs) to avoid detection in networks. EDR products produce data at the scale of billions of events per day, creating a challenge of analysis and response beyond the limits of human capacity. SentinelOne STAR alleviates this burden by leveraging technology to automatically respond to threats.
“In the face of ever-changing attacks, time and automation are essential to neutralize them,” said Ben Auch, senior director of cybersecurity at Gannett. “SentinelOne STAR gives our security team the ability to write custom TTP and IOC detection rules to target threats specific to our environment and to kill threats automatically. Plus, unlike legacy watchlists, STAR allows us to easily switch from threat hunting to creating real-time threat detection rules without the need for configuration changes. SentinelOne has been a great partner for us every step of the way and continues to innovate and bring new solutions to market.