SentinelOne today unveiled a suite of innovations designed to deliver on the vision of the Autonomous Security Operations Center (SOC). Built on SentinelOne’s Singularity cybersecurity platform, these solutions are designed to reduce risk, speed decision-making, and free up teams to focus on high-impact initiatives.
Introduced at OneCon 2024, SentinelOne’s premier customer and cybersecurity conference, these new innovations include:
- Singularity Hyperautomation: No-code automation of security workflows.
- Singularity AI SIEM: Ingestion and synthesis of all data from across the security ecosystem.
- Purple AI: Automating alert triage, hunting, and investigations.
- SentinelOne’s Ultraviolet Family of Security Models: Large language models (LLMs) and multimodal models designed for cybersecurity AI use cases.
“The future of threat detection and response must keep up with the speed and sophistication of adversaries and the realities facing today’s already overstretched SOC teams,” said Ric Smith, President, Product, Technology, and Operations at SentinelOne. “From our founding, SentinelOne has pioneered the use of AI to automate response and remediation of threats for our customers. Today we’re making the promise of the autonomous SOC a reality by unleashing the full power of AI and data to give customers the speed, intelligence, and scale needed to fend off tomorrow’s threats.”
Singularity Hyperautomation: No-Code Automation of Security Workflows
Singularity Hyperautomation is a new intelligent automation solution built to solve for customers’ unique SOC requirements. It empowers customers by offering over 100 integrations and dozens of out-of-the-box workflows designed to address common cyber threats, such as ransomware mitigation, asset compliance monitoring, and response to suspicious user activity and insider threats. Singularity Hyperautomation features a simple, no-code, drag-and-drop canvas for building custom workflows and automating tasks, along with no-code access to any API to leverage data from any security or IT source.
Built directly into the SentinelOne platform, Singularity Hyperautomation integrates seamlessly into analyst workflows, where automations are intelligently suggested during investigations. It also benefits from the platform and Purple AI to automatically generate playbooks based on peer-driven insights, empowering teams to respond faster and more efficiently. Native integration with Singularity’s endpoint, cloud, identity, and AI SIEM capabilities means that not only can security teams automate the remediation of threats across multiple attack surfaces, but all first-party and third-party data in Singularity can be leveraged to respond to incidents with more context and less complexity rapidly.
Singularity AI SIEM: Ingestion and Synthesis of All Data from Across the Security Ecosystem
Formally introduced to SentinelOne customers and partners at OneCon 2024, Singularity AI SIEM (Security Information and Event Management) is a cloud-native, no-index SIEM that uses AI and automation capabilities to help reimagine how SOC analysts work. Powered by the highly scalable Singularity Data Lake with always-on hot storage, AI SIEM provides real-time detection on streaming data while dramatically speeding investigation and response.
Singularity AI SIEM has been built upon an open ecosystem, capable of ingesting structured and unstructured data from not only SentinelOne’s endpoint, cloud, and identity security offerings but also third-party security and IT tools by leveraging the Open Cybersecurity Schema Framework (OCSF) and out-of-the-box integrations. As a result, customers can gain instant, expanded visibility across the entire enterprise environment and automate workflows across multiple tools.
And with AI SIEM and Purple AI, security analysts can harness SentinelOne’s renowned AI-powered autonomous capabilities for real-time detections, generative AI-assisted hunting and investigations, and machine-speed protection against emerging threats.
SentinelOne Purple AI: Automating Alert Triage, Hunting, and Investigations
Integrated with all aspects of the Singularity Platform, Purple AI translates natural language security questions into structured queries, summarizes event logs and indicators, guides analysts of all levels through complex investigations and scales collaboration with shared investigation notebooks. At OneCon 2024, SentinelOne introduced new Purple AI capabilities designed to rapidly automate investigations, reduce alert fatigue, and stay ahead of attacks.
The new Purple AI Auto-Alert Triage prioritizes top alerts and helps to quickly prioritize which alerts need further investigation. Auto-Alert Triage harnesses new Global Alert Analysis to assess thousands of anonymized similar alerts to better determine true positives and surfaces prioritized ‘Alerts to Investigate’ to reduce alert fatigue and give security teams time back to focus on the most critical tasks that reduce risk.
Purple AI can now also be used to kick off and run autonomous investigations to fast-track investigations and response. With the new Purple AI Auto-Investigations capability, Purple AI will take prioritized alerts, automatically compile a list of investigation steps based on the alert in question, independently run the steps, and generate a recommended verdict. Evidence collected in the investigation is saved in an auditable and collaborative Purple AI investigation notebook to significantly shrink investigation and reporting times, while giving SOC teams and incident responders the advantage of speed and scale when addressing critical threats.
Introducing SentinelOne’s Ultraviolet Family of Security Models
Over the past three years, the costs of large general-purpose multi-modal models have been driven down substantially, while the capability of these models has significantly increased. For cybersecurity-related generative AI applications, these models, coupled with extensive domain knowledge, have proven to be the best approach to building genuinely useful assistant experiences in the security domain. However, there remain areas of cybersecurity-related AI where proprietary models will have decisive advantages.
At OneCon 2024, SentinelOne is unveiling Ultraviolet, SentinelOne’s family of security LLMs and multimodal models that solve for specific security use cases and better support the agentic workflows needed to significantly reduce operational burden.
Ultraviolet will complement the best general purpose models, focusing specifically on unique areas like improving detection efficacy by enabling more context to be considered in real time and improving efficiency of reasoning about security problems to enable greater autonomy where better tuned models stay on task and require substantially fewer tokens to arrive at useful conclusions.