Complementary Solutions: A Real-World Example of Huntress and SentinelOne
Huntress and SentinelOne (S1) represent two robust cybersecurity tools that are used by many organizations. They are complementary solutions that can each provide a holistic view of your network and promote early threat detection, containment and mitigation.
Below, we will delve into what each of these tools is capable of while also taking the time to explore a real-world instance where Huntress uncovered a threat that SentinelOne missed.
What Is SentinelOne?
S1 is an advanced endpoint protection platform designed to detect, present and respond to various cyber threats. It offers real-time monitoring and automated response to security incidents. A few of its key features include:
- Real-time threat detection
- Automated response
- Comprehensive visibility
S1 also offers add-on tools, including Deep Visibility, a threat-hunting system. Altogether, S1 is widely considered to be a top threat detection solution, and it is trusted by countless businesses.
What Is Huntress?
Huntress complements solutions like S1 by focusing on hidden threats that may evade traditional security measures. It provides an additional layer of defense that includes things such as:
- Persistent threat detection
- Incident response
- Human-powered analysis
Whereas S1 uses the power of artificial intelligence (AI) and robust algorithms, Huntress uses endpoint detection and response (EDR), which is managed by its 24/7 security operations center (SOC).
The Incident: How Huntress Spotted a Threat S1 Missed
A Reddit user recently shared their experience using S1 and Huntress to tackle a security network. The poster provides services for a co-managed client that splits its cybersecurity responsibilities between the user’s organization and an internal IT support team. It runs both S1 and Huntress on its servers.
Where Huntress triggered in response to a reverse proxy running on one of the client’s servers, the Vigilance version of S1 did not trigger. The user leveraged S1’s “Deep Visibility” tool to verify that the reverse proxy was visible within the system, then proceeded to report the incident and discrepancy to S1 itself.
SentinelOne replied as follows: “It is considered riskware and was not deemed fully malicious based on reputation.” The company blacklisted the hash in the global S1 cloud to ensure the algorithm triggers in response to future incidents involving the same reverse proxy.
As noted above, Huntress is a human-managed threat detection solution and may be capable of providing subjective analysis. In other words, the platform was triggered after identifying a “riskware” level threat, whereas S1’s AI algorithm deemed the threat as not “fully malicious.”
The Need for a Holistic Cybersecurity Plan
The Reddit incident goes to show that while AI represents a valuable tool for strengthening your cybersecurity posture, managed services and human-governed EDR solutions still play a valuable role in finding and addressing digital threats.
As for what this all means for your business, solutions like SentinelOne can significantly enhance your cybersecurity posture, but they are not the end-all-be-all answer to threat protection. You should put your trust in human experts to build a robust strategy that keeps your data safe and promotes business continuity.
If you’d like to learn more about the implications for your business, connect with an IT consulting firm that specializes in cybersecurity and threat mitigation.