New enhancements should give security teams more insight into the threat landscape. Not only that, they should also make it possible to proactively neutralize more threats. “The threat hunting delivered as part of WatchTower two to three years ago, was like a sniper rifle targeting major threats. With these new capabilities, we are able to bomb the entire threat landscape, protecting our clients from a very wide range of threats and risks,” according to Brian Hussey, VP Threat Hunting and DFIR at SentinelOne.
WatchTower and WatchTower Pro have been around for some time. They were first launched in 2021. They are both tools for threat hunting, or cyber threat detection. WatchTower is the general version, while WatchTower Pro offers a personalized version, customized for a single organization.
Moving quickly through as much data as possible
Threat hunting is fundamentally a tricky exercise because it involves the most proactive component of cybersecurity. It involves looking for things you haven’t seen or found before. So going through available data quickly is very important here.
In WatchTower’s early days, the capabilities for this were relatively limited. However, after the acquisition of Scalyr, which now goes by the name DataSet, many more possibilities opened up. It became possible to go through petabytes of data quickly and at low cost to detect threats.
You can see the enhancements SentinelOne is adding to WatchTower and WatchTower Pro today in part as a result of the additional capabilities added by the Scalyr acquisition. According to SentinelOne, the enhancements should provide the following:
- 24-hour real-time threat hunting
- Detection of anomalous and suspicious behavior
- Additional protection against known and emerging cyber threats
- Access to WatchTower’s threat intelligence library, including hunting queries, and Indicators of Compromise (IOCs).
Connection to SentinelOne platform
The purpose of the enhancements, as we mentioned in the introduction, is to be more proactive when it comes to hunting threats. In order to achieve this, SentinelOne’s platform as a whole can also play an important role. SentinelOne’s Security Data Lake receives many data feeds, both from its own environment and from third-party security solutions. All this data can, of course, be used to effectively hunt for threats. WatchTower will absolutely include those data feeds in their hunting operations, Hussey says. More input can only help WatchTower, especially considering that there is basically no restriction on how much data it can process.
The additions to SentinelOne WatchTower and WatchTower Pro are available to customers and MSSPs starting today.
Also read: SentinelOne XDR platform and Security Datalake get Gen AI boost
22 hours ago
