Virtual Patching and Exploit Shield is immediately available to current SentinelOne customers.

Edward Gately, Senior News Editor

November 15, 2017

3 Min Read
Security Patch

**Editor’s Note: Click here for our recently compiled list of new products and services.**

Endpoint security provider SentinelOne has introduced Virtual Patching and Exploit Shield to its Endpoint Protection Platform (EPP).

Instead of relying on the traditional patching process to prevent attacks, SentinelOne says security teams can use Virtual Patching to reduce their vulnerabilities by identifying out-of-date applications and deploying an Exploit Shield policy to “wrap” a vulnerable application. Virtual Patching and Exploit Shield is immediately available to SentinelOne customers.


SentinelOne’s Raj Rajamani

Raj Rajamani, SentinelOne’s vice president of product management, tells Channel Partners that partners, especially MSSPs, struggle to test and keep pace with the security patches for operating systems (OS) and various applications.

“With the SentinelOne functionality, partners have deep visibility into not just which applications and OSes are in use, but their specific versions,” he said. “Also, SentinelOne provides the ability to protect vulnerable versions from exploitation via the artificial intelligence (AI)-powered Deep Behavioral Tracking engine while patching happens without impacting SLAs. So, we easily show you what you do need to patch in your environment; and we’ll protect the vulnerable versions until they are successfully patched.”

Exploit Shield can be applied in real time to any machine or group on the network, and is effective immediately, according to SentinelOne. Additionally, organizations benefit from these features residing on a single SentinelOne agent, which uses behavioral AI to identify anomalies in application execution profiles, it said.

“Partners can combine the application and OS version information provided by the SentinelOne agent with CVEs (a catalog of known security threats) to identify the systems that need immediate patching and stay protected in the meantime,” Rajamani said. “There’s no need to perform vulnerability scans anymore.”

Memory protection and exploit mitigation are critical functionalities of any endpoint protection platform, he said.

Eric Parizo, senior analyst focusing on enterprise security with analysis firm GlobalData, says virtual patching has been around for some time. It is an effective way to implement a short-term mitigation against specific vulnerabilities or attack techniques.

“Conceptually it works a lot like a firewall or antivirus in that it identifies network traffic with known-bad indicators and drops it before it can reach its intended destination,” he said. “It is also especially useful for preventing zero-day attacks for which a patch has yet to be made available. Normally the concept has been most frequently deployed on the network via IPS (including NGFW) or web application firewalls. That makes sense because organizations want to identify and block as many attacks as possible outside the network perimeter.”

The SentinelOne approach, taking virtual patching directly to the endpoints, is sensible on one hand because …

… many endpoints exist outside the network perimeter, hence perimeter-based defenses aren’t effective, Parizo said. Plus, new virtual patches can be deployed more easily and transparently without disrupting user activities or business processes, he said.

“My concern is that whenever a new security mechanism is added directly to the endpoint, there’s usually a trade-off in terms of additional resource consumption on endpoint devices, issues related to compatibility with the many different (and constantly changing) endpoint computing platforms in use in the enterprise, and overall adding complexity to enterprise security management in a time when most organizations are actively working to reduce complexity,” he said.

Carvir, a SentinelOne partner, provides network and data security.

“SentinelOne’s Virtual Patching capabilities help us get an application inventory without having to run recurring vulnerability scans,” said Jay Ryerse, Carvir’s CEO. “This helps us prioritize the applications/systems that need attention. The memory protection capability also protects customers from zero-day exploits. We have successfully helped hundreds of customers get this functionality from SentinelOne and they are getting traction because of the simplicity and elegance of their solution. SentinelOne’s rollback functionality is another great example of true innovation that saves time for our customers.”

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like