Integration of CyberArk Endpoint Privilege Manager and Singularity Endpoint component of SentinelOne should give identity and endpoint security a powerful boost.
Identity is one of the most important parts of an organization to protect. However, it is also a pretty tricky component. The stories of CEO fraud within organizations will be familiar to many of our readers.
A solution that focuses specifically on identity security is already of great help to organizations. This makes it possible to counter abuse of privileged access, among other things. In the case of employee identities, identity is also linked to the endpoints of those employees. Those endpoints often also run the necessary security software to secure them.
CyberArk and SentinelOne reinforce each other
CyberArk and SentinelOne announced today that they are bringing the above two components closer together. In fact, the companies are offering a new integration for joint customers. CyberArk Endpoint Privilege Manager and the Singularity Endpoint component of SentinelOne’s platform will act jointly to counter abuse of privileged access.
With the integration, the two vendors are bringing together the benefits of the two security solutions. This should naturally ensure that they reinforce each other. The data from the Endpoint Privilege Manager provides valuable insights for SentinelOne’s EDR. This enables the EDR to be even faster in terms of detection and ultimately response. With this, issues such as ransomware, the theft of credentials that come about via privileged access can be caught faster.
Conversely, the two solutions also reinforce each other. SentinelOne’s EDR adds a solid security, monitoring and analysis component to CyberArk’s Endpoint Privilege Manager. Based on the security insights from the EDR, organizations can now manage privileges more effectively, is the idea. At least more justification for certain choices is possible.
Ely Kahn, the VP of Product Management at SentinelOne, in response to some questions from us, also underscores the two-way traffic between the two parties: “It’s bi-directional. PAM data from CyberArk lives in Singularity and can be used in combination with native Singularity data (endpoint, cloud, etc.) for threat hunting and detections (e.g. XDR or AI SIEM). Singularity endpoint telemetry can be used in CyberArk to better identify behavior related to privilege escalation misuse. So it’s sharing contextual data for better correlations.”
What does the collaboration mean for SentinelOne’s own Identity module?
The collaboration and integration between CyberArk and SentinelOne does raise a question for us. What about the Singularity Platform’s own Singularity Identity component? Does this new integration compete with it, or can the two co-exist? Kahn sees no bumps in the road here: “There’s little overlap on the identity threat detection and response side. Given our respective heritages in endpoint and privileged access management (PAM), it’s really focused on mutual customers, of which there are many, while also opening up the doors for joint go-to-market motions, both directly and via the channel.”
Faster and easier, but most importantly, better
In addition to providing additional insights and thus closing some gaps that were still there on endpoints, the integration between CyberArk’s solution and SentinelOne’s should certainly bring more simplicity. Two integrated solutions can now be deployed at the push of a button, so to speak, according to a SaaS model. This is more convenient and faster than deploying two separate solutions wherever they are running.
Furthermore, an integration like the one between CyberArk Endpoint Privilege Manager and SentinelOne’s Singularity Endpoint solution is also a necessary step for security platforms in general and, in this case, EDR in particular. Identity must play an increasingly important role. That’s one of the main targets of attackers, so that’s where defenses must be optimally built.
Today’s announcement comes shortly after the announcement from SentinelOne that it has made Purple AI compatible with data coming from a variety of sources: Zscaler Zero Trust Exchange platform, Palo Alto Networks Firewall, Okta, Proofpoint TAP, Fortinet FortiGate and Microsoft Office 365.
Today’s integration cannot be seen apart from SentinelOne’s ambitions for its own Singularity Platform. In fact, the CyberArk identity data also goes into SentinelOne’s data lake. There it can add even more value when it comes to providing context and correlation in terms of detection, response, threat hunting and automating cybersecurity in general.
Announcements such as the one made today and a few weeks ago show that SentinelOne is steadily building on the vision it stated last year. It is always nice when companies deliver and live up to their promises and big words.