Cybersecurity leader unveils AI and automation breakthroughs at OneCon 2024, powered by data to transform security operations
SentinelOne has unveiled a suite of innovations designed to deliver on the vision of the Autonomous Security Operations Centre (SOC). Built on SentinelOne’s market-leading Singularity cybersecurity platform, these innovations empower security leaders to reimagine and revolutionise how they respond to emerging threats in ways that significantly reduce risk, speed decision making and free up their teams to focus on high-impact initiatives.
Introduced at OneCon 2024, SentinelOne’s premier customer and cybersecurity conference, these new innovations set a new bar for AI, automation and data to make the promise of the Autonomous SOC a reality today:
- Singularity Hyperautomation – No-code automation of security workflows
- Singularity AI SIEM – Ingestion and synthesis of all data from across the security ecosystem
- Purple AI – Automating alert triage, hunting, and investigations
- SentinelOne’s Ultraviolet family of security models – Large language models (LLMs) and multimodal models designed for cybersecurity AI use cases
“The future of threat detection and response must keep up with the speed and sophistication of adversaries and the realities facing today’s already overstretched SOC teams,” said Ric Smith, President, Product, Technology, and Operations at SentinelOne. “From our founding, SentinelOne has pioneered the use of AI to automate response and remediation of threats for our customers. Today, we’re making the promise of the autonomous SOC a reality by unleashing the full power of AI and data to give customers the speed, intelligence, and scale needed to fend off tomorrow’s threats.”
Singularity Hyperautomation – No-code automation of security workflows
Singularity Hyperautomation is a new intelligent automation solution built to solve for customers’ unique SOC requirements. It empowers customers by offering over 100 integrations and dozens of out-of-the-box workflows designed to address common cyber threats, such as ransomware mitigation, asset compliance monitoring, and response to suspicious user activity and insider threats. Singularity Hyperautomation features a simple, no-code, drag-and-drop canvas for building custom workflows and automating tasks, along with no-code access to any API to leverage data from any security or IT source.
Built directly into the SentinelOne platform, Singularity Hyperautomation integrates seamlessly into analyst workflows, where automations are intelligently suggested during investigations. It also benefits from the platform and Purple AI to automatically generate playbooks based on peer-driven insights, empowering teams to respond faster and more efficiently. Native integration with Singularity’s endpoint, cloud, identity and AI SIEM capabilities means that not only can security teams automate the remediation of threats across multiple attack surfaces, but all first-party and third-party data in Singularity can be leveraged to respond to incidents with more context and less complexity rapidly.
Singularity AI SIEM – Ingestion and synthesis of all data from across the security ecosystem
Formally introduced to SentinelOne customers and partners at OneCon 2024, Singularity AI SIEM (Security Information and Event Management) is a cloud-native, no-index SIEM that uses AI and automation capabilities to help reimagine how SOC analysts work. Powered by the highly scalable Singularity Data Lake with always-on hot storage, AI SIEM provides real-time detection on streaming data while dramatically speeding up investigation and response.
Singularity AI SIEM has been built upon an open ecosystem, capable of ingesting structured and unstructured data from not only SentinelOne’s endpoint, cloud and identity security offerings but also third-party security and IT tools by leveraging the Open Cybersecurity Schema Framework (OCSF) and out-of-the-box integrations. As a result, customers can gain instant, expanded visibility across the entire enterprise environment and automate workflows across multiple tools.
And with AI SIEM and Purple AI, security analysts can harness SentinelOne’s renowned AI-powered autonomous capabilities for real-time detections, generative AI-assisted hunting and investigations, and machine-speed protection against emerging threats.
SentinelOne Purple AI – Automating alert triage, hunting, and investigations
SentinelOne’s Purple AI security analyst has set the standard for generative AI in cybersecurity since its introduction. Integrated with all aspects of the Singularity Platform, Purple AI translates natural language security questions into structured queries, summarises event logs and indicators, guides analysts of all levels through complex investigations and scales collaboration with shared investigation notebooks. At OneCon 2024, SentinelOne is raising the bar for generative AI even further through the introduction of new Purple AI capabilities designed to rapidly automate investigations, reduce alert fatigue and stay ahead of attacks.
New Purple AI Auto-Alert Triage prioritises top alerts and helps to quickly prioritise which alerts need further investigation. Auto-Alert Triage harnesses new Global Alert Analysis to assess thousands of anonymised similar alerts to better determine true positives, and surfaces prioritised ‘Alerts to Investigate’ to reduce alert fatigue and give security teams time back to focus on the most critical tasks that reduce risk.
Purple AI can now also be used to kick off and run autonomous investigations to fast-track investigation and response. With the new Purple AI Auto-Investigations capability, Purple AI will take prioritised alerts, automatically compile a list of investigation steps based on the alert in question, independently run the steps and generate a recommended verdict. Evidence collected in the investigation is saved in an auditable and collaborative Purple AI investigation notebook to significantly shrink investigation and reporting times while giving SOC teams and incident responders the advantage of speed and scale when addressing critical threats.
Introducing SentinelOne’s Ultraviolet family of security models
Over the past three years, the costs of large general-purpose multi-modal models have been driven down substantially, while the capability of these models has significantly increased. For cybersecurity-related generative AI applications, these models, coupled with extensive domain knowledge, have proven to be the best approach to building genuinely useful assistant experiences in the security domain. However, there remain areas of cybersecurity-related AI where proprietary models will have decisive advantages.
At OneCon 2024, SentinelOne is unveiling Ultraviolet, SentinelOne’s family of security LLMs and multimodal models that solve for specific security use cases and better support the agentic workflows needed to significantly reduce operational burden.
Ultraviolet will complement the best general-purpose models, focusing specifically on unique areas like improving detection efficacy by enabling more context to be considered in real time and improving the efficiency of reasoning about security problems to enable greater autonomy where better tuned models stay on task and require substantially fewer tokens to arrive at useful conclusions.