Blog
Get a Demo
Contact Us
Get a Demo
Menu
Contact Us
Blog
Get a Demo
medium K

SentinelOne + Remediant

SecureONE Integrations

Zero Trust Privilege Security + XDR

Today's cyberattacks utilize privilege escalation and lateral movement as a core technique. Privilege credentials provide elevated access and therefore are highly sought by attackers: often by stealing them through reconnaissance or using helper malware to simply scrape in-memory hashes left behind from an admin session. Remediant SecureONE with its agentless Zero Standing Privilege and Just In Time Administration squarely address these security challenges and stops lateral movement from such attacks.

SentinelOne XDR provides broad protection from the endpoint with unfettered visibility, proven protection, and unparalleled response. The ability to provide rapid, granular insights into process, file, network and other OS level activities, analyze them in real-time and then protect organizations from intended or ongoing cyberattacks is the forte of the SentinelOne XDR platform. 

We have stitched together Remediant SecureONE's Privilege Security with SentinelOne's XDR to help our customers gain comprehensive, actionable insights into privilege session activities, known as Intelligent Session Capture (ISC). Additional details of our partnership can be viewed on the SentinelOne site.

SentinelOne_product
SecureONE

The Challenge

Traditional PAM vendor (CyberArk, ThycoticCentrify and BeyondTrust) session monitoring and recordings are:

  •  Only available as large media files, that are difficult to search and not amenable to
    data analysis
  • A burden on auditors, compliance officers, and security admins to review and analyze video screen recordings for suspicious activity
  • Lacking comprehensive visibility into all threat activity (privileged and non-privileged users) on endpoints: for example, a background download is not recorded
  • Available at an additional cost of infrastructure (storage)
  • Complex to deploy, use and manage with security blind spots

The Solution

Remediant’s Intelligent Session Capture (ISC) leverages your existing investment in SentinelOne XDR to:

1

Provide context to what time a privileged session started and ended. This correlated with SentinelOne's continuous detection helps better identify, confirm and respond to a nefarious incident in near-real time

2

Give you better, more actionable session monitoring and automatic intervention of endpoint threat activity

3

Track everything that happened before, during and after the privileged session to fully understand the attack. This includes network connection, downloaded files, processes and other activities

secureone console sentinelone

Figure 1. Remediant SecureONE Console

Intelligent Session Capture with SentinelOne

sentinelone-graphic

This video demonstrates Remediant's Intelligent Session Capture capability through its integration with SentinelOne XDR platform.  With this integration, you can pivot from the SecureONE console through an embedded “Investigate” link to the XDR console to proactively explore for any suspicious threat activity during the JIT privileged session at the endpoints and mitigate it through a combination of Remediant and the SentinelOne solution and all elements fit together perfectly for a great aesthetic sense and feeling.

Use Case

The combined solution helps Incident Response teams quickly determine root cause and stop lateral movement attacks at endpoints.

For example:

  • A user signed into a Windows endpoint browses a website and accidentally downloads malware
  • The IR team detects this event from SentinelOne
  • To investigate, the IR team leverages Remediant’s Intelligent Session Capture (ISC) to identify that during a privileged session (JIT) the malware activates on the Windows endpoint to send sensitive information to a C&C site (provides context during the privileged session)
  • ISC helps the IR team pivot to the SentinelOne console from Remediant to view all other systems the user has admin rights to during this JIT session and also easily search and find all other systems the malware has moved laterally to infect.
  • At this stage, the IR team may either isolate or quarantine the malware infected endpoints from SentinelOne
  • The IR team can realize the Principle of Least Privilege by implementing JIT and enabling ZSP on all the malware infected endpoints to eliminate lateral movement

Benefits of the Remediant ISC + SentinelOne XDR

1

Obtain contextual data into privileged account activity while eliminating the need for additional infrastructure for recording and PAM agents

2

Correlate privileged account activity by accessing the recordings of all endpoint activity from SentinelOne platform to expedite incident response and remediation in real time 

3

SentinelOne data recordings are easy to access, search and analyze for auditing, forensics and compliance purposes

4

Prevent lateral movement attacks by removing excess standing privilege and replacing with JIT access

Get a demonstration of Remediant SecureONE today!

Remediant reinvents privileged access management with SecureONE, the first solution that brings Zero Standing Privilege (ZSP) to the enterprise to prevent lateral movement and shrink the attack surface caused by the invisible sprawl of administrative accounts.