SentinelOne Announces Integration with AWS Security Hub

SentinelOne Announces Integration with AWS Security Hub

June 6, 2022 Off By David
Object Storage

SentinelOne announced a new integration with AWS Security Hub. Available via the SentinelOne Singularity Marketplace, the new integration filters high-fidelity threat information from SentinelOne agents running on Amazon Web Services (AWS) through AWS Security Hub. This allows organizations to effectively defend cloud workloads with centralized insights from SentinelOne, AWS services, and additional security tools.

“Specializing in continuous compliance and auto-remediation in AWS, 6pillars understands the need for security to extend to all reaches of the cloud,” said Lorenzo Modesto, CEO, 6pillars.io. “As part of our end-to-end anti-ransomware automation, we use Singularity XDR and SentinelOne for AWS Security Hub to centralize visibility and protection of endpoints as well as workloads in AWS.”

To defend against today’s threats, an effective cloud security solution must include runtime protection, detection, and response capabilities. SentinelOne’s Singularity Cloud Workload Protection includes enterprise-grade protection, Endpoint Detection and Response, and Application Control to secure cloud apps wherever they are running. Furthermore, SentinelOne’s Linux Sentinel and Windows Server Sentinel deliver runtime security for virtual machines (VMs) while Kubernetes Sentinel delivers runtime security for managed and self-managed Kubernetes clusters. SentinelOne’s agents have full visibility into the security posture of any cloud workload regardless of its state.

The SentinelOne integration for AWS Security Hub delivers high-fidelity threat information from SentinelOne agents running on AWS workloads to AWS Security Hub. AWS Security Hub then aggregates, organizes, and prioritizes security alerts, enabling security teams to prioritize and respond effectively to any threat in progress. The integration retrieves findings, including metadata, from the SentinelOne console and pushes them to AWS Security Hub, enabling incident investigation directly from AWS Security Hub. SentinelOne incidents are normalized to AWS Security Finding Format (ASFF), eliminating the need to convert or parse security data.

“SentinelOne delivers full transparency for everything happening across an organization’s network at machine speed,” said David Baldwin, Director of Product Management, SentinelOne. “By making our unmatched cloud capabilities available to AWS Security Hub users via this joint solution, we are enabling organizations to protect their cloud estates using the tools of their choice, responding to threats in progress in the manner that best fits with their workflow.”

Other key benefits of the joint solution include:

  • Improved Defense-InDepth: joint customers can combine industry-leading protection with AWS-native posture management capabilities.
  • Centralized Visibility: Users can monitor abnormal behavior within the workload and detect anomalies.
  • Enriched Investigation: Security teams can easily investigate threats in progress with one-click deep dives on incident metadata.
  • Ease of Use: The integration’s simple API configuration deploys in seconds at no additional cost.