The SentinelOne Endpoint Protection Platform unifies prevention, detection and response to cyber attacks into a single agent powered by machine learning and automation. It provides prevention and detection of attacks across all major vectors, rapid elimination of threats with fully automated, policy-driven response capabilities and complete visibility into the endpoint environment with full-context, real-time forensics.

The traditional concept of antivirus software which arose with the first antivirus products released in 1987 entered obsolescence sometime earlier this past decade. Cybersecurity experts first began noticing the decline around 2012 when the volume of new malware samples began to outstrip the ability of antivirus vendors to write new signatures. Both the volume and sophistication of malware has continued to increase exponentially.

By 2014, an executive at a prominent endpoint protection firm famously declared that antivirus was “dead.” At the time, his contemporaries scoffed at the remark. After all, signature-based antivirus products are still on the market, but a look at the trend in malware as late as 2016 show that things have gotten dramatically worse.

By early 2017, nearly 600,000,000 unique malware strains had been registered and increase of 300,000,000 since 2014, the year antivirus was proclaimed as “dead.” This increase in malware has outstripped the industry’s ability to write individual antivirus signatures. What’s more, nation-state hackers and malware authors have spun off their own unique solutions to get around endpoint protection. The volume and sophistication of malware has decisively smothered traditional endpoint protection methods. In response, new methodologies such as Endpoint Protection and Response (EDR), Next-Gen Antivirus (NGAV) and Next-Gen Endpoint Protection (NGEP).


So What Can Be Done to Mitigate the Ever Changing Cyber Attack Landscape?

The key is to prevent any malware prior to execution and to deal with the behavior of processes executing on the endpoint. This is effective because, despite the large and increasing number of malware variants, they operate in very similar ways. The number of malware behaviors is considerably smaller than the number of ways a malicious file might look, making this a much more suitable approach for prevention and detection.

An effective solution needs to cover malware of every variety and description. To be threat agnostic, with multiple layers of prevention and detection, backed with the ability to rollback and to provide visibility into any activity on the agent – and to do it between Windows, MacOS, and Linux operating systems.


Static Artificial Intelligence (AI) on the endpoint prevents cyber attacks inline in real time. Consistently ranked for highest efficacy and lowest false-positives, SentinelOne replaces legacy antivirus.


Patented behavioral Artificial Intelligence (AI) recognizes malicious actions regardless of vector. SentinelOne is the only endpoint security vendor to detect fileless, zero-day and nation-state attacks in real time.


SentinelOne’s patented behavioral Artificial Intelligence (AI) fuels ActiveEDR, surgically reversing and removing any malicious activity. Now, every device heals itself in realtime. You’ll never have to reimage a computer or server again.

Threat Hunting

Patented behavioral Artificial Intelligence (AI) recognizes malicious actions regardless of vector. SentinelOne is the only endpoint security vendor to detect fileless, zero-day and nation-state attacks in real time.

SentinelOne – How it Works

An effective, streamlined security solution offered by SentinelOne combines the tenets of defense-in-depth in a single product, incorporating mechanisms that deal with malware before it executes, while it’s executing and after it has executed. It also lowers costs and improves efficiency, allowing your business to flourish without interruption.


SentinelOne’s single agent technology uses a static Artificial Intelligence (AI) engine to provide pre-execution protection. The static Artificial Intelligence (AI) engine replaces traditional antivirus signatures and eliminates the need for recurring antivirus scans that kill end user productivity.

SentinelOne - Preexecution


SentinelOne’s Behavioral Artificial Intelligence (AI) engines track all processes and their inter-relationships regardless of how long they are active. When malicious activities are detected, the SentinalOne agent responds automatically at machine speed. Their Behavioral Artificial Intelligence (AI) is vector-agnostic. It doesn’t care whether the threat is file-based malware, scripts, weaponized documents, lateral movement, file-less malware or even zero-day malware.



SentinelOne’s Automated Endpoint Detection and Response [EDR] provides rich forensic data and can mitigate threats automatically, perform network isolation and automatically immunize endpoints against newly discovered cyber threats. As a final safety measure, SentinelOne can even rollback an endpoint to its pre-infected state.


No one can predict what will happen next, and the only thing known with certainty is that cyber threats will continue to develop as the economics of cyber attacks are in favor of the attackers. This was vividly demonstrated in March 2018, when cyber criminals demanded $52,000 after a crippling ransomware attack on Atlanta City. The city did the right thing, refusing to pay the ransom, but at a cost to taxpayers estimated at over $2.5 million. Few businesses can afford to take that kind of loss, as the criminals well know.

It is not only new and emerging threats that we must be on guard for, but also creative uses of known ways to bypass traditional defenses such as using IOT and other devices connected to the network to gain access and to run malicious code. In short, threat actors will continue improving their techniques and their ability to evade traditional cyber security defenses.

On top of this, with businesses and users transitioning to the cloud to improve connectivity and ensure maximum productivity, the modern network is built on principles which shifts access control away from vulnerable firewalls onto endpoint devices. This, however, also allows opportunities to utilize endpoint vulnerabilities in order to gain access.

This means businesses and organizations need to be proactive and not just wait for the next security breach to happen. It also means investing in a security layer that exists at the last mile. Such protection should include the following:

  • Support all your existing Operating Systems including Windows, MacOS, and Linux, cloud and VDI because modern cyber attacks are always looking at your weakest link.
  • Include several types of technologies which can detect in parallel, to achieve separate security layers.
  • Not rely on a person to run it effectively, including preventing threats.
  • Integrate with other security solutions on your network.
  • Allow visibility to all your assets, because a single view of a device is always weaker than a historical view across your network.
  • Backup your assets, and test that it’s working.
SentinelOne - Solving the AV Problem graphic

Download the SentinelOne
Solving the Antivirus Problem eBook

Built to stop cutting-edge malware, SentinelOne will remain
a relevant security tool – no matter what the future may hold.