Security solutions should not operate within their own silo. To combat against today’s threat landscape, it takes a village. Security solutions should enrich the environments security ecosystem by integrating with one another. Being an API-first company, SentinelOne product was built from the ground up with API and integration in mind. In fact, our API supports over 250 API calls. One example of leveraging this capability is our integration with Fortinet.
We have developed the following 3 integrations with Fortinet
When a threat is discovered within the SentinelOne solution, that intelligence is then sent to the FortiGate and that workstation is then assigned to an “infected endpoints” group and an appropriate policy is then enforced. Or in other words; with this integration, a threat discovered on the endpoint can now also be shared with and blocked at the perimeter.
Imagine a scenario where only endpoints that are free of threats are allowed to authenticate to the network. Or in contrast, any endpoints that currently contains a threat is not permitted to authenticate to the network. Not only this, but once an endpoint has been remediated of threats, the account is automatically re-enabled to authenticate to the network. This is exactly what our SentinelOne integration with FortiAuthenicatior provides.
Our Behavioral-AI engine provides dynamic analysis in real time on the endpoint. Almost in a similar fashion to sandboxing via network appliances, however at the crime scene (which in most cases is the endpoint itself). With that said, I do still see value in network-based sandboxes (such as FortiSandbox). Seeing that both of these solutions are providing dynamic analysis, it only makes sense for us to share threat intelligence between the two. We accomplish this by contributing to the blacklist of the FortiSandbox from intelligence discovered by SentinelOne on the endpoint.
In summary, through our APIs and automation, we become stronger together. Us here at SentinelOne could not be more excited about our integration and partnership with Fortinet. This is just another example of how we not only offer best in class endpoint protection, but we also can enrich our customers security ecosystem.
Below is a video demonstrating the capabilities outlined above.
*** This is a Security Bloggers Network syndicated blog from SentinelOne authored by Gary Mello. Read the original post at: https://www.sentinelone.com/blog/sentinelone-integration-focus-fortinet/