**Editor’s Note: Click here for our recently compiled list of new products and services.**
Instead of relying on the traditional patching process to prevent attacks, SentinelOne says security teams can use Virtual Patching to reduce their vulnerabilities by identifying out-of-date applications and deploying an Exploit Shield policy to “wrap” a vulnerable application. Virtual Patching and Exploit Shield is immediately available to SentinelOne customers.
Raj Rajamani, SentinelOne’s vice president of product management, tells Channel Partners that partners, especially MSSPs, struggle to test and keep pace with the security patches for operating systems (OS) and various applications.
“With the SentinelOne functionality, partners have deep visibility into not just which applications and OSes are in use, but their specific versions,” he said. “Also, SentinelOne provides the ability to protect vulnerable versions from exploitation via the artificial intelligence (AI)-powered Deep Behavioral Tracking engine while patching happens without impacting SLAs. So, we easily show you what you do need to patch in your environment; and we’ll protect the vulnerable versions until they are successfully patched.”
Exploit Shield can be applied in real time to any machine or group on the network, and is effective immediately, according to SentinelOne. Additionally, organizations benefit from these features residing on a single SentinelOne agent, which uses behavioral AI to identify anomalies in application execution profiles, it said.
“Partners can combine the application and OS version information provided by the SentinelOne agent with CVEs (a catalog of known security threats) to identify the systems that need immediate patching and stay protected in the meantime,” Rajamani said. “There’s no need to perform vulnerability scans anymore.”
Memory protection and exploit mitigation are critical functionalities of any endpoint protection platform, he said.
Eric Parizo, senior analyst focusing on enterprise security with analysis firm GlobalData, says virtual patching has been around for some time. It is an effective way to implement a short-term mitigation against specific vulnerabilities or attack techniques.
“Conceptually it works a lot like a firewall or antivirus in that it identifies network traffic with known-bad indicators and drops it before it can reach its intended destination,” he said. “It is also especially useful for preventing zero-day attacks for which a patch has yet to be made available. Normally the concept has been most frequently deployed on the network via IPS (including NGFW) or web application firewalls. That makes sense because organizations want to identify and block as many attacks as possible outside the network perimeter.”
The SentinelOne approach, taking virtual patching directly to the endpoints, is sensible on one hand because …