Thanks Tom for the review! For any technical questions from the audience, feel free to add your comments down here so we can answer. 💜
@hiddeninthewires2308
2 жыл бұрын
does sentialone support ICAP for storage devices?
@TO.ThinggaardIT
2 жыл бұрын
Tom didn't touch on the Uninstall process. Is it possible to uninstall SentinelOne from another portal that we dont have access to? We have issues where we onboard customers with existing SentinelOne installation that requires uninstalling from the vendors portal that installed it.
@swachchhandapoudel3930
Жыл бұрын
18:37 What happens if the ransomware somehow manage to delete volume shadow copy, which is common thing done by any ransomware nowadays. Can I still rollback my machine state?
@cspell
2 жыл бұрын
nice demo, we just deployed this through the SonicWall capture client, The rollback feature is nice but we couldn't test it but good to know it works!
@DM-vt4vt
2 жыл бұрын
Didn't know SonicWall also used this option.. excellent info
@James-xg4jr
2 жыл бұрын
honestly.....i got the chills when those files went white on the desktop.....
@LAWRENCESYSTEMS
2 жыл бұрын
Same here!
@seanricks7986
2 жыл бұрын
I recently became an Admin for S1. Great tutorial. I'm a subscriber & will share 🙂
@LAWRENCESYSTEMS
2 жыл бұрын
Awesome, thanks!
@BillyBork
2 жыл бұрын
Thanks Tom! As always, great content!
@LAWRENCESYSTEMS
2 жыл бұрын
Glad you enjoyed it!
@DM-vt4vt
2 жыл бұрын
Tom, you are awesome. Keep up the fantastic real world knowledge sharing!
@agriv8r851
Жыл бұрын
nice overview ..thank you… as this replaces a traditional av, would you still need to purchase a firewall or do you think it using windows firewall is good enough??
@LAWRENCESYSTEMS
Жыл бұрын
I would not purchase an additional firewall for windows
@kendallarmand7192
Жыл бұрын
Thanks for this reviewing this SIEM you might have gotten me a job lol.
@EbenezerYiadom
Жыл бұрын
Great Demo, thank you for the hands on!
@jasond1500
2 жыл бұрын
I use this for my clients as well. I'm curious if you do anything special for false positives now in light of the solarwinds supply chain attack. We are at the point where we can't afford to just assume something's a false positive because the file is signed by trusted source.
@CrashLoopBackOff-K8s
2 жыл бұрын
Thank you for the review, Tom. Do you have any thoughts or insights on rolling S1 out to multiple linux servers? I'm primarily concerned with trying to balance impact overhead to system resources with the protection provided. Just curious if you have any thoughts there or experience with the linux agent. Thanks again.
@alfredmiller9812
2 жыл бұрын
Awesome demo. Thanks
@andrew8061
Жыл бұрын
Thanks Tom!
@LAWRENCESYSTEMS
Жыл бұрын
Thank you!
@dupinboulette
2 жыл бұрын
Nice product … rocking Right now the EDR market … i think Forcepoint is good as well
@Cisco8484
2 жыл бұрын
Am I correct that if you didn't have volume shadow copies enabled, you wouldn't be able to do a rollback?
@allisonroberts8430
Жыл бұрын
Can you do a video on the why and how of sentinel one running powersploit in the background of every device the agent is installed? Where is the output file going?
@krzysztoffraczyk3830
2 жыл бұрын
5:13 - it's kinda the same as Trend Micro got in their solution called Office Scan, I remember a customer that, by mistake, enabled it on PRD network to each endpoint connected (server and workstation) - It was a rough time fixing it ;)
@Azrof
2 жыл бұрын
Great video.
@binnihh
2 жыл бұрын
Do they offer special prices for Schools ?
@LAWRENCESYSTEMS
2 жыл бұрын
I think so
@DangoNetwork
2 жыл бұрын
S1 log is crazy good. Poor man SEIM
@bobbykalifonya57
Жыл бұрын
Are you still currently using it? Also, what is the process for whitelisting?
@LAWRENCESYSTEMS
Жыл бұрын
Yes and allow listing is done via their web interface.
@PokerMunkEEE
2 жыл бұрын
Tom, are you using Control or Complete?
@LAWRENCESYSTEMS
2 жыл бұрын
Complete
@PokerMunkEEE
2 жыл бұрын
@@LAWRENCESYSTEMS Thanx. Looking at going with Control, but looks like I lose the Explore (Storyline) tab. Complete seems to be about 2x more expensive for us (200 endpoints).
@LAWRENCESYSTEMS
2 жыл бұрын
@@PokerMunkEEE I think it's worth it.
@PokerMunkEEE
2 жыл бұрын
@@LAWRENCESYSTEMS Sounds like it. $30/yr for Control and $60/yr for Complete. Seem reasonable? Can you sell it for cheaper? This is from Connection.
@LAWRENCESYSTEMS
2 жыл бұрын
@@PokerMunkEEE depends on how many systems
@breakb
2 жыл бұрын
Is the S1 product available for retail or general public?
@LAWRENCESYSTEMS
2 жыл бұрын
Nope, it's not
@DD1072
Жыл бұрын
a little late to the game here but does anyone know what EXACTLY Sentinelone does when it isolates a machine?
@LAWRENCESYSTEMS
Жыл бұрын
Blocks all network access except to their servers
@DD1072
Жыл бұрын
@@LAWRENCESYSTEMS thanks for the reply!, but I was wondering more about how it exactly does that. i.e. in windows does it change the network adapter profile from Private/Domain to Public and make other windows firewall changes? Can't seem to find any documentation on that detail. Was hoping you might have experience from this demo 😀
@LAWRENCESYSTEMS
Жыл бұрын
Their software controls it, it's not using the built in Windows firewall.
@DD1072
Жыл бұрын
@@LAWRENCESYSTEMS thank you again for taking the time to respond and thank you for everything you guys/gals do!
@fbifido2
2 жыл бұрын
Is there an open source project that does this kind of stuff ???
@LAWRENCESYSTEMS
2 жыл бұрын
Not that I know of
@AlupMare
2 жыл бұрын
Any opinions on CrowdStrike ?
@LAWRENCESYSTEMS
2 жыл бұрын
Never used it.
@lennyaltamura2009
2 жыл бұрын
It's good but expensive. It integrates with Splunk. Thus having that will enhance its performance.
@tomgore1959
2 жыл бұрын
@@lennyaltamura2009 S1 actually works better with Splunk. They have a component that will actually enable the Splunk front end as used in environment today but will redirect the data to be stored in the S1 backend. This will not only cut the Splunk storage costs by more than half but also enable the customer to get dramatically improved performance on query results as it is stored/processed in a cloud native scalable environment. It's a win-win!
@lennyaltamura2009
2 жыл бұрын
@@tomgore1959 I know. I use S1 for threat hunting. I also use Splunk for outlier and zero day IOC inspection. I'm curious what I said that spurred your reply. Thank you for pointing this out to the rest of the community. I find people making unsubstaciated claims of what S1 doesn't have. When I find these outrageous falsehoods, I always come to S1's defense. I also test EPP suites, SIEMs and the like.
@joeuser7384
2 жыл бұрын
Can you do a real test? Double clicking malware is in no way indicative of a real world threat. There are dozens of free AV that can stop commodity malware so this test tells me nothing. What TTPs are you using?
@LAWRENCESYSTEMS
2 жыл бұрын
Can you be more specific what you consider a "Real Test?"
@joeuser7384
2 жыл бұрын
@@LAWRENCESYSTEMS A test that shows some real trade craft. Threat actors don't just double click malware that is sitting on someone's desktop. How was initial access gained to the system (phishing email, unpatched vulnerability, stolen credentials)? How do the malware get onto the machine? What was done to gain persistence after the access had been gained? MITRE does a good job at replicating real trade craft, which at the end of the day is what these solutions are supposed to be preventing. Just about any free AV can stop someone double clicking malware.
@LAWRENCESYSTEMS
2 жыл бұрын
@@joeuser7384 I get what you are asking but that would be a COMPLETELY different video on how attacks occur and very out of scope for a video titled "SentinelOne Review and Malware Rollback Demo"
@joeuser7384
2 жыл бұрын
@@LAWRENCESYSTEMS Fair. Would still like to see a real test if you could. 🙏
Пікірлер: 61