SBN

Better Together: Banyan Security and SentinelOne

What are we announcing?

Today (15 Sep 2022), Banyan Security is happy to announce our integration with SentinelOne, making adoption of Zero Trust Network Access that much easier. We’ve introduced a new framework for collecting device posture signals from EDRs like SentinelOne, using Banyan Trust Integrations. This integration makes API calls to determine if the device is facing any active threats identified by SentinelOne. Banyan assesses the device posture using the active threat response and enforces real-time access control to corporate resources.

Better Together - Banyan + SentinelOne

How does it work?

As shown in the diagram above, Banyan provides Zero Trust Network Access (ZTNA) to corporate applications and resources either in a private or cloud data center or SaaS applications. Here’s a quick rundown of how it works:

  • The user requests access to a resource either in the browser or via a client (e.g., SSH/RDP).
  • Banyan’s Flexible Edge (Private or Global) ensures that the user is authenticated to their Identity Provider using SAML or OIDC.
  • Once user trust is established, device trust is checked by the Banyan app. Banyan checks various signals from the device (e.g., Is Firewall turned on?) and verifies the device trust by making an API call to SentinelOne.
  • Banyan calculates a trust score based on different signals. If SentinelOne indicates an active threat, then the Banyan TrustScore drops and the request is denied.
  • Banyan performs continuous authorization, preventing active threats on the device from attacking the corporate services.

More information can be found in our SentinelOne Integration doc:

https://docs.banyansecurity.io/docs/feature-guides/administer-security-policies/trust-integrations/sentinel-one/

What problems does this solve?

Together, Banyan and SentinelOne provide in-depth defense for endpoints accessing corporate resources. Here are some of the top problem solved:

  • Continuous authorization ensures access always meets policy requirements
    Banyan continuously validates user and device trust. SentinelOne is continuously checked to ensure that there are no active threats to the device before access is granted to corporate resources like SaaS, private or public websites, and infrastructure service (e.g., SSH, RDP, Kubernetes).
  • Prevent attackers from using compromised credentials
    Banyan Trust Factors ensure that the device is actively running SentinelOne. This prevents attackers who have compromised user credentials and MFA. Since the check is an out-of-band request to SentinelOne, the attackers’ device will not pass the device trust check and will be blocked.
  • Stop malware from attacking corporate resources
    SentinelOne ensures that devices are continuously monitored for any malware. Banyan and SentinelOne ensure that active threats do not propagate beyond the infected endpoint. Since access is instantly blocked, the infection can’t spread to other corporate resources.

Banyan and SentinelOne customers can immediately leverage this tight integration to ensure their corporate endpoints are secure and least privilege access is granted to all their corporate resources.

The post Better Together: Banyan Security and SentinelOne first appeared on Banyan Security.

*** This is a Security Bloggers Network syndicated blog from Banyan Security authored by Vijay Pawar. Read the original post at: https://www.banyansecurity.io/blog/better-together-banyan-security-and-sentinelone/