DEVOPSdigest

SentinelOne announced the general availability of its next generation container and cloud-native workload protection (CWPP) offering.

The solution offers fully featured autonomous Runtime Protection, Detection, and Response for cloud workloads. Purpose built for containers, SentinelOne’s CWPP offering provides the richest set of capabilities on the market, including advanced runtime protection, full remote shell to any pod, container kill, and full remediation to empower security and DevOps teams - all seamlessly within SentinelOne’s Singularity platform.

With this release, SentinelOne extends its XDR platform to introduce full visibility, detection, response and threat hunting for containerized workloads using the same console which is used for endpoints and IoT devices. Deployed seamlessly through popular DevOps tools such as Helm, the solution delivers SentinelOne’s patented Behavioral AI, Static AI, and autonomous response capabilities across all major Linux platforms, physical and virtual, cloud-native workloads, and containers – providing prevention, detection, response, and threat hunting for tomorrow’s cyber threats.

“As organizations embrace the operational efficiency of Kubernetes, they need a security solution that protects their containerized applications from unknown malware, zero days and in-memory attacks in real time, while automatically pinpointing which image and pod was the target,” said Guy Gertner, VP of Product Management, SentinelOne. “Furthermore, enterprises need an easy-to-deploy solution that won’t slow or interfere with business processes. We’re proud that our container protection solution, powered by our unmatched behavioral AI models, meets this critical and growing business imperative.”

- Fully-Featured Prevention, Detection, & Response: SentinelOne’s ActiveEDR allows security teams to quickly understand the story and root cause behind threat actors in containerized environments and autonomously respond. SentinelOne uses Static AI and Behavioral AI models that do not require baselining for providing runtime security, protecting organizations from both known vulnerabilities and zero-days.

- Full Remote Shell to Pods & Containers: Full Remote Shell capabilities arm security teams with a rapid way to investigate threats, collect forensic data, and remediate breaches no matter where the compromised containers are, eliminating uncertainty and greatly reducing any downtime that results from an attack.

- Complete Container Telemetry for XDR: SentinelOne extracts complete container attributes for granular awareness and rapid response. Container details include cluster name, node name, deployment type, pod name, container image name, and container ID for unprecedented visibility and aggregated Singularity XDR context. These attributes are all additive to SentinelOne’s existing EDR data categories.

SentinelOne’s container and cloud-native workload protection can be deployed either in cloud service provider managed Kubernetes clusters or on self-managed clusters.