Some complained about the Attivo acquisition being too expensive saying Sentinel only talked about Identity which was a fairly new product for Attivo and ignored Deception, which had been their mainstay.
Here’s a an excerpt from a press release from today:
…announced its results from the inaugural MITRE Engenuity ATT&CK® Deception Evaluation. As the first and only XDR vendor to participate, SentinelOne has the most comprehensive MITRE ATT&CK® analytic coverage, helping enterprises reduce risk across device, cloud, and identity attack surfaces. SentinelOne was recognized for its ability to defend against sophisticated identity-based attacks and insider threats.
The inaugural MITRE ATT&CK Deception Evaluation tested vendors’ ability to protect against the APT29 threat group. SentinelOne’s Singularity XDR platform - and specifically its Hologram deception solution - was recognized for its ability to:
Provide Real-Time Protection Against Active Directory Compromise. Every time adversaries tried to gain access to Active Directory (AD), SentinelOne protected against theft with evasion techniques and decoy credentials.
Secure Critical Assets. SentinelOne uses data cloaking to mislead adversaries, keeping file and account information across identity, data, endpoint, cloud and IoT secure to prevent data theft and destruction.
Stop Lateral Movement and Privilege Escalation. SentinelOne blocked the use of Golden Ticket and Silver Ticket attack techniques, stopping adversaries from gaining access to endpoints on the network.
Optimize Insight into Adversary Behavior. Taking a step beyond detection and response, SentinelOne provided detailed insight across adversary behavior, including ingestible, actionable TTP information and high-confidence, substantiated attack forensics.
“As attackers continue to evade security controls, enterprises need modern XDR solutions that protect against threats at every stage of the attack lifecycle,” said Raj Rajamani, Chief Product Officer, SentinelOne. “SentinelOne is the first XDR provider to natively include identity and deception. Our results in the inaugural MITRE ATT&CK Deception Evaluation confirm SentinelOne’s commitment to push the boundaries of autonomous technology as we help enterprises protect against identity-based attacks.”