App Review SentinelOne Endpoint Security (with SonicWall)

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Shadowra
Shadowra

Shadowra

Level 36
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,586
Content source
https://odysee.com/@Shadowra:f/SentinelOne-Endpoint-Security-(with-SonicWall):e
SentinelOne is an American IT security company for businesses.
They offer their AI-based NGAV (NextGen Antivirus) software to protect against malware.
It is also equipped with SonicWall, a company specializing in firewalls and IDS.
Settings are default.



SentinelOne is difficult to rate, so I'll just summarize.

The administration console is very light. You can perform a few actions, but it's impossible to modify specific rules... You really have to trust the editor's choices.

Web protection is good. SentinelOne catches downloaded files by blocking them directly from Edge. However, I was very surprised to see NO alerts from SentinelOne!
I had to check the SonicWall list...

On the pack, SentinelOne put up a good fight, but like all NGAVs, it has major weaknesses when it comes to script attacks. A njRAT managed to install itself, and SentinelOne asked for a reboot to perform its remediation, which I accepted. The trojan was gone.
Although SentinelOne defended itself well, it occasionally takes a while to detect a suspicious action. This can leave the computer in danger.
At the end of the test, the machine was compromised by a bloated Trojan that was active, as well as a CMD script entry at startup.

Not convinced, I expected better.

@ShenguiTurmi , @Correlate and @likeastar20 request
 
  • Like
  • +Reputation
  • Thanks
Reactions: ZeroDay, piquiteco, Sunshine-boy and 23 others
L

likeastar20

Level 9
Verified
Mar 24, 2016
421
I'm currently trying it on my main machine and I like it, it's much lighter compared to Harmony but the protection is obviously worse. The portal-client connection is also fast, compared to the slow and clunky one I experienced with Harmony. Also, the behavior AI tends to produce some FPs (for example, whenever I scan with HitmanPro, but it's easy to unqurantine files).For those who have DeepInstict, the experience will be similar.Overall, the product feels overpriced for a home user.

yes.PNG
 
Last edited:
  • Like
  • Applause
  • +Reputation
Reactions: piquiteco, SeriousHoax, brambedkar59 and 10 others
ShenguiTurmi

ShenguiTurmi

Level 3
Well-known
Feb 28, 2023
126
It should be noted that SentinelOne does not OEM the technology from Sonicwall. It is the Sonicwall Capture Client that comes with a copy of SentinelOne to enhance Sonicwall ATP protection.
If you buy SentinelOne outright, you won't get anything from Sonicwall.
Btw amazing test! Thanks a lot!
 
  • Like
  • Thanks
Reactions: piquiteco, brambedkar59, Trident and 7 others
L

likeastar20

Level 9
Verified
Mar 24, 2016
421
Last edited:
  • Like
Reactions: piquiteco, brambedkar59, Trident and 6 others
ShenguiTurmi

ShenguiTurmi

Level 3
Well-known
Feb 28, 2023
126
likeastar20 said:
@Shadowra I confirm that the script protection is not impressive. This tricky stealer was not caught by S1 where Avast caught it.

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

strela | 80c7906a7e228cb7612cb94ef9f25de02c8520a5c7ec983cc117fe5f75c11f1f | Triage

Check this strela report malware sample 80c7906a7e228cb7612cb94ef9f25de02c8520a5c7ec983cc117fe5f75c11f1f, with a score of 10 out of 10.
tria.ge tria.ge
Click to expand...
I sensed it too. Although I didn't publicise the results against Enterprise level, in Discussion Thread - Turtle‘s Enhanced Realworld Test EP4 (2023.06)
I actually tested S1 in this test, and they are oblivious to scripts generated by publicly available attack suites like PSEmpire.
Also, my previous testing of native CobaltStrike (without the extra loader) found that they didn't even intercept Powershell IEX...... This is a very dangerous command, commonly used in fileless attacks and rarely used in normal software.
They have a strong EDR (second only to Cybereason in MITRE 2022), but clearly have too much lacking in NGAV.
 
  • Like
  • +Reputation
Reactions: piquiteco, SeriousHoax, brambedkar59 and 7 others
L

likeastar20

Level 9
Verified
Mar 24, 2016
421
Im disappointed, why is S1's reputation so good? Everyone on reddit is talking about how good they are as a business AV, I dont see any such evidence. it seems to miss things frequently.

For example, no reaction from S1:

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

redline | 594c356abf2b649f2df38a25ca6f3d43b43e842644ce90e3417ee0233a1d8a0c | Triage

Check this redline report malware sample 594c356abf2b649f2df38a25ca6f3d43b43e842644ce90e3417ee0233a1d8a0c, with a score of 10 out of 10.
tria.ge tria.ge
 
Last edited:
  • Like
  • Wow
Reactions: Nevi, piquiteco, simmerskool and 6 others
ShenguiTurmi

ShenguiTurmi

Level 3
Well-known
Feb 28, 2023
126
Trident said:
The feature set is not impressive either. Obviously it is lighter than many competitors, it offers almost nothing, apart from an average NGAV and EDR. I personally would stay away.
Click to expand...
The only feature of the S1 I'm impressed with is the STAR custom rules. Most other EDRs can only do simple auto-responses such as isolating devices. With STAR rules a lot of EDR based autoresponders can be implemented, including but not limited to killing processes after dumping memory. It is even possible to do direct interception of behaviour.
Of course, these are all EDR features, nothing shiny for S1 NGAV.
When you consider the price, the S1 is still very good value for money.
As a comparison S1 Complete is $65/device/year while CrowdStrike Enterprise is $195/device/year.
I still prefer DeepInstinct. i bought SentinelOne just for the EDR, and their NGAV has almost nothing to offer over DeepInstinct. As a machine learning solution, you can't even set the sensitivity. The ease of use of the console is also quite ordinary.
 
  • Like
  • +Reputation
  • Thanks
Reactions: Nevi, piquiteco, simmerskool and 7 others
L

likeastar20

Level 9
Verified
Mar 24, 2016
421
ShenguiTurmi said:
The only feature of the S1 I'm impressed with is the STAR custom rules. Most other EDRs can only do simple auto-responses such as isolating devices. With STAR rules a lot of EDR based autoresponders can be implemented, including but not limited to killing processes after dumping memory. It is even possible to do direct interception of behaviour.
Of course, these are all EDR features, nothing shiny for S1 NGAV.
When you consider the price, the S1 is still very good value for money.
As a comparison S1 Complete is $65/device/year while CrowdStrike Enterprise is $195/device/year.
I still prefer DeepInstinct. i bought SentinelOne just for the EDR, and their NGAV has almost nothing to offer over DeepInstinct. As a machine learning solution, you can't even set the sensitivity. The ease of use of the console is also quite ordinary.
Click to expand...
Good points, you are right
 
  • Like
Reactions: simmerskool, Kongo, [correlate] and 3 others
Trident

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
ShenguiTurmi said:
Of course, these are all EDR features, nothing shiny for S1 NGAV.
When you consider the price, the S1 is still very good value for money.
Click to expand...
There is nothing shiny to any of the NGAVs, they normally scan and support only executables. CrowdStrike layers the NGAV with the Falcon emulation and that can stop attacks where non-executables are used. In addition, system hardening can be used to provide script resistance. Others layer NGAV with standard antivirus engines and documents security (Cybereason, Check Point). SentinelOne is too much EDR-focused. If you run a business, you will spend less on EDR/XDR but due to lack of automation, you will spend more on SOCs.
 
  • Like
Reactions: Nevi, piquiteco, simmerskool and 5 others
Shadowra

Shadowra

Level 36
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,586
  • Like
  • Wow
Reactions: Nevi, piquiteco, simmerskool and 3 others

Similar threads

Shadowra
    • Like
    • +Reputation
    • Thanks
App Review SentinelOne Endpoint 2024
Replies
10
Views
1,134
Video Reviews - Security and Privacy
Kongo
Kongo
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review CheckPoint Harmony Endpoint Security 2024
Replies
40
Views
3,425
Video Reviews - Security and Privacy
Vitali Ortzi
Vitali Ortzi
Shadowra
    • +Reputation
    • Like
    • Thanks
App Review Trend Micro Worry-Free XDR Endpoint Security 2024
Replies
14
Views
1,080
Video Reviews - Security and Privacy
Khushal
Khushal

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top