7 Reasons to Move Away from Legacy AV (Anti Virus)

Legacy AV Comparisons:
SentinelOne vs McAfee
SentinelOne vs Symantec
2022 MITRE Enginuity ATT&CK Evaluation
(the most trusted 3rd party performance test)

Cybersecurity professionals already know it: Legacy AV would not help them out on a rainy day. Legacy AV was born to solve a problem of few viruses every now and then, not the flood we see today, which risks the way we live.

  1. Reduce Operational Costs

    It is hard to measure the overall cost of running outdated technology that may make you vulnerable to cyberthreats. NSS Labs conduct a comparative test with all endpoint security players. NSS Labs identified SentinelOne as having the best overall TCO over a three-year period.

  2. Boost Protection

    Over time, adversaries have improved their malicious techniques, easily bypassing traditional security products with techniques like fileless malware and PowerShell exploits. Get ahead of the attackers and prevent advanced attacks with next-generation technology.

  3. Save Time

    Time is a major factor when it comes to your security. The entire concept of dwell time – the time from adversary penetration to detection or mitigation is on average at least 90 days. Meanwhile, your security experts are wasting valuable time collecting evidence of a breach. You want your security team to focus on what matters, not looking for a needle in a haystack.

  4. Improve ROI

    In the beginning there was just AV. Then, another agent to cover advanced threats. Then an additional agent that can provide visibility. On top of that, another one to report applications from a vulnerability scan. And so it goes on. More agents running in parallel on your endpoint means more performance impact.

  5. Make the Software Work For You

    A characteristic of legacy AV is that it requires highly-trained staff to operate and interpret. Where are all those alerts coming from and are they connected? Which ones are false positives, and why are people in Marketing complaining they can’t access their computers?

  6. Integrate your Security Solutions

    With the security industry as a whole experiencing a sharp cyberskills shortage, an endpoint security solution should integrate with your existing software stack and not create more work for your SOC team or IT administrators.

  7. Reduce Post-Breach Costs

    An easy-to-use management console that presents the entire attack storyline can help you to quickly close out vulnerabilities and even track down the individuals responsible. The faster you can put things to rights, the lower the financial impact on the enterprise.

    (By SentinelOne™)

Deep Visibility
Regain Visibility Over Your Network and Assets

Executive Summary

You cannot stop what you cannot see. SentinelOne™ extends its Endpoint Protection Platform (EPP) to offer the ability to search for attack indicators, investigate existing incidents, perform file integrity monitoring and root out hidden threats. Deep Visibility supports the needs of Enterprise IT and provides visibility into encrypted traffic. This unique solution helps security teams gain comprehensive insight into all endpoints so that responses can be prioritized and efficient without highly trained personnel or outsourcing EDR needs. This is accomplished through a streamlined interface that allows you to automate and connect it to other products on your portfolio. Deep Visibility does not require additional installation and is already integrated into SentinelOne’s™ single agent architecture.

Enterprise Need

Enterprise networks are more complicated than ever before. The explosion of cloud applications, coupled with the ability of users being able to access these cloud / SaaS applications from anywhere and any device, means the traditional network perimeter has disappeared. Keeping your business safe in today’s world means protecting your corporate data, and this means protecting your endpoint devices. A data breach happens in milliseconds, but it may take months to recognize that a breach has even occurred. To make matters worse, most web traffic today is encrypted, providing a simple trick for attackers to hide their threats and communications channels. The endpoint is the most vulnerable and exposed attack surface in the network today. In order to keep your endpoint devices safe, you need to have deep visibility into their environment and activities.
SentinelOne’s Automated EDR™ provides rich forensic data and can mitigate threats automatically, perform network isolation, and auto-immunize the endpoints against newly discovered threats. As a final safety measure, SentinelOne™ can even rollback an endpoint to its pre-infected state.

What is Deep Visibility

Deep Visibility offers full, real-time and historic retrospective search capabilities, even for offline endpoints, to improve proactive security. The telemetry data from endpoints and servers can help security teams correlate activity, such as lateral movement and callbacks, with other threat indicators to gain deeper insights. Deep Visibility extends to devices like laptops that may exist outside your network perimeter.
Compared to other offerings, SentinelOne’s Deep Visibility™ is unique because it is simple. There is no need for a highly-trained security team tasked with full-time threat hunting. SentinelOne™ offers a comprehensive view of your endpoints using a search interface that allows you to see the entire context in a straightforward way.

Simplified Endpoint Protection and Response
Visibility and EDR Made Manageable

EDR is now widely recognized as an essential requirement for Enterprise networks, with an increasing number of security solutions offering visibility on corporate assets. However, many of these solutions are seen as difficult and complicated to manage by Enterprise customers. With only a few minutes per security incident, the growing number of alerts and the lack of highly-trained personnel, the modern enterprise needs a solution that can be managed and automated into existing security flows. An effective, streamlined security solution such as offered by SentinelOne™ lowers costs and improves efficiency, allowing the business to grow without interruption.

Solve the Blindspot of Encrypted Traffic
Regain Visibility Over Network Traffic

Most network traffic is now encrypted, improving privacy but eliminating the option for network products to see the traffic, a trend that has important consequences for Enterprise. According to Gartner, by 2019 more than 80% of all enterprise web traffic will be encrypted. Moreover, Gartner expects that during 2019, more than 50% of new malware campaigns will use some form of encryption and obfuscation to conceal delivery and ongoing communications, including data exfiltration.

Meanwhile, cyber attackers rely on social engineering and take advantage of increasing noise and decreasing attention to detail. Users are increasingly being manipulated to download and execute malicious code on Enterprise endpoints, while adversaries become more adept at avoiding detection.
SentinelOne™ and Deep Visibility provide an effective, easily manageable solution to these changing circumstances. Deep Visibility is unique in its ability to look inside encrypted traffic and to reveal the chain of events leading up to compromise attempts. With Deep Visibility, SentinelOne™ is able to protect against data breaches, monitor phishing attempts, identify data leakage and ensure cross asset visibility while automatically mitigating these attempts, incident by incident.

Integrated with other Security Solutions
Seamless Integration

Deep Visibility is part of the “API anywhere” approach of SentinelOne™, so all capabilities are available via API, allowing you to integrate it with other security solutions on the network and reduce your IT burden.

Performance – No Additional Install
Same Agent, Cross Platform

Other endpoint security vendors typically require the client to install several agents in parallel on the same device, even sometimes managed by separate consoles. Endpoints may already have too many agents serving specific needs, taxing local resources and resulting in a poor end-user experience. When these kinds of solutions digest needed endpoint resources, they can degrade performance and impact productivity.

Unlike such solutions, SentinelOne™ offers a single lightweight agent that does it all with negligible impact on endpoint resources.
SentinelOne™ offers cross-platform protection. Linux and macOS devices may be less numerous than Windows devices across the typical Enterprise network, but they are no less important from a security perspective. A network is only as strong as its weakest link.


The Best EDR Capability, Delivered with EPP as a Single Agent

Deep Visibility monitors traffic at the end of the tunnel, which allows an unprecedented tap into all traffic without the need to decrypt or interfere with the data transport. This allows the engine to stay hidden from attacker evasions while also minimizing the impact on the user-experience.

Deep Visibility allows for full IOC search on all endpoint and network activities, and provides a rich environment for threat hunting that includes powerful filters as well as the ability to take containment actions.

Since Deep Visibility does not require an additional agent, and is a holistic part of the SentinelOne™ EPP platform, it is also fully integrated into the investigation, mitigation and response capabilities. Security teams can thus quickly dispose threats discovered via Deep Visibility such as gaining process forensics, file and machine quarantine, and full dynamic remediation and rollback capabilities.

(By SentinelOne™)

Here are some of the most notable security incidents, cyberattacks, and data breaches over 2021.

Livecoin: Following an alleged hack in December, cryptocurrency exchange Livecoin slammed its doors shut and exited the market in January. The Russian trading post claimed that threat actors were able to break in and tamper with cryptocurrency exchange rate values, leading to irreparable financial damage.

Microsoft Exchange Server: One of the most damaging cybersecurity incidents this year was the widespread compromise of Microsoft Exchange servers caused by a set of zero-day vulnerabilities known collectively as ProxyLogon. The Redmond giant became aware of the flaws in January and released emergency patches in March; however, the Hafnium state-sponsored threat group was joined by others for months after in attacks against unpatched systems. Tens of thousands of organizations are believed to have been compromised.

MeetMindful: The data of over two million users of the dating app was reportedly stolen and leaked by a hacking group. The information leaked included everything from full names to Facebook account tokens.

SITA: An IT supplier for aviation services around the world, SITA, said a security incident involving SITA Passenger Service System servers led to the exposure of personal, identifiable information belonging to airline passengers. Airlines involved in the data breach were then required to reach out to their customers.

ATFS: A ransomware attack against payment processor ATFS forced multiple US cities to send out data breach notifications. The cybercriminal group which claimed responsibility, Cuba, claimed to have stolen a wide range of financial information on their leak site.

Mimecast: Due to the Solarwinds supply chain attack disclosed in December 2020, Mimecast found itself as a recipient of a malicious software update that compromised the firm’s systems. Mimecast said that its production grid environment had been compromised, leading to the exposure and theft of source code repositories. In addition, Mimecast-issued certificates and some customer server connection datasets were also caught in the breach.

Tether: Tether faced an extortion demand from cyberattackers who threatened to leak documents online that would “harm the Bitcoin ecosystem.” The demand, of approximately $24 million or 500 Bitcoin (BTC), was met with deaf ears as the blockchain organization refused to pay.

CNA Financial: CNA Financial employees were left unable to access corporate resources and were locked out following a ransomware attack which also involved the theft of company data. The company reportedly paid a $40 million ransom.

Facebook: A data dump of information belonging to over 550 million Facebook users was published online. Facebook IDs, names, dates of birth, genders, locations, and relationship statuses were included in the logs, of which Facebook — now known as Meta — said was collected via scraping in 2019.

Colonial Pipeline: If there was ever an example of how a cyberattack can impact the physical world, the cyberattack experienced by Colonial Pipeline is it. The fuel pipeline operator was struck by ransomware, courtesy of DarkSide, leading to fuel delivery disruption and panic buying across the United States. The company paid a ransom, but the damage was already done.

Omiai: The Japanese dating app said unauthorized entry may have led to the exposure of data belonging to 1.7 million users.

Volkswagen, Audi: The automakers disclosed a data breach impacting over 3.3 million customers and some prospective buyers, the majority of which were based in the United States. A finger was pointed at an associated vendor as the cause of the breach, believed to be responsible for exposing this data in an unsecured manner at “some point” between August 2019 and May 2021.

JBS USA: The international meatpacking giant suffered a ransomware attack, attributed to the REvil ransomware group, which had such a disastrous impact on operations that the company chose to pay an $11 million ransom in return for a decryption key to restore access to its systems.

UC San Diego Health: UC San Diego Health said employee email accounts were compromised by threat actors, leading to a wider incident in which patient, student, and employee data potentially including medical records, claims information, prescriptions, treatments, Social Security numbers, and more were exposed.

Guntrader.uk: The UK trading website for shotguns, rifles, and shooting equipment said that records belonging to roughly 100,000 gun owners, including their names and addresses, had been published online. As gun ownership and supply are strictly controlled in the UK, this leak has caused serious privacy and personal safety concerns.

Kaseya: A vulnerability in a platform developed by IT services provider Kaseya was exploited in order to hit an estimated 800 – 1500 customers, including MSPs.

T-Mobile: T-Mobile experienced a yet-another data breach in August. According to reports, the names, addresses, Social Security numbers, driver’s licenses, IMEI and IMSI numbers, and ID information of customers were compromised. It is possible that approximately 50 million existing and prospective customers were impacted. A 21-year-old took responsibility for the hack and claimed to have stolen roughly 106GB of data from the telecoms giant.

Poly Network: Blockchain organization Poly Network disclosed an Ethereum smart contract hack used to steal in excess of $600 million in various cryptocurrencies.

Liquid: Over $97 million in cryptocurrency was stolen from the Japanese cryptocurrency exchange.

Cream Finance: Decentralized finance (DeFi) organization Cream Finance reported a loss of $34 million after a vulnerability was exploited in the project’s market system.

AP-HP: Paris’ public hospital system, AP-HP, was targeted by cyberattackers who managed to swipe the PII of individuals who took COVID-19 tests in 2020.

Debt-IN Consultants: The South African debt recovery firm said a cyberattack had resulted in a “significant” incident impacting client and employee information. PII, including names, contact details, salary and employment records, and debts owed, are suspected of being involved.

Coinbase: Coinbase sent out a letter to roughly 6,000 users after detecting a “third-party campaign to gain unauthorized access to the accounts of Coinbase customers and move customer funds off the Coinbase platform.” Cryptocurrency was taken without permission from some user accounts.

Neiman Marcus: In October, Neiman Marcus made a data breach that occurred in May 2020 public. The intrusion was only detected in September 2021 and included the exposure and potential theft of over 3.1 million payment cards belonging to customers, although most are believed to be invalid or expired.

Argentina: A hacker claimed to have compromised the Argentinian government’s National Registry of Persons, thereby stealing the data of 45 million residents. The government has denied the report.

Panasonic: The Japanese tech giant revealed a cyberattack had taken place — a data breach occurring from June 22 to November 3, with discovery on November 11 — and admitted that information had been accessed on a file server.

Squid Game: The operators of a cryptocurrency jumping on the popularity of the Netflix show Squid Game (although not officially associated) crashed the value of the SQUID token in what appears to be an exit scam. The value plummeted from a peak of $2,850 to $0.003028 overnight, losing investors millions of dollars. An anti-dumping mechanism ensured that investors could not sell their tokens — and could only watch in horror as the value of the coin was destroyed.

Robinhood: Robinhood disclosed a data breach impacting roughly five million users of the trading app. Email addresses, names, phone numbers, and more were accessed via a customer support system.

Bitmart: In December, Bitmart said a security breach permitted cyberattackers to steal roughly $150 million in cryptocurrency and has caused total losses, including damages, to reach $200 million.

Log4j: A zero-day vulnerability in the Log4j Java library, a remote code execution (RCE) flaw, is now being actively exploited in the wild. The bug is known as Log4Shell and is now being weaponized by botnets, including Mirai.

Kronos: Kronos, an HR platform, became a victim of a ransomware attack. Some users of Kronos Private Cloud are now facing an outage that may last weeks — and just ahead of Christmas, too.

(By ZDNet)