Building Resilient Security | Why Fundamentals Matter More Than Ever

As a security leader, safeguarding your organization against evolving threats means not only supporting distributed workforces and expanding cloud environments, but also choosing a security partner who strengthens your operational stability.

Modern cybersecurity requires a truly unified platform that provides comprehensive visibility, scalable protections, and fully integrated processes. However, this is only possible if the platform is built-by-design to reinforce operational resilience and support rapid innovation without introducing new risks. Recent incidents in the sector  have shown just how devastating a failure can be, causing system crashes, prolonged downtime, and significant financial losses.

In evaluating the path forward, today’s security leaders must ensure they are asking the right questions:

What level of access do my vendor’s systems require?
How rigorous are my vendor’s testing and release management processes?
Can updates be deferred or opted out of?
How can we prevent a vendor platform failure from disrupting our business operations?

As highlighted in a Blueprint for Resilience, it’s easy to wonder if the recent 2024 outage could have happened to anyone. Like every other vendor in this industry, SentinelOne is not immune from software or operational issues, and we must work together as a community to stay ahead of attacks. However, it’s critical to note that intentional architectural and operational choices, testing processes, and release procedures can and should be established from the beginning to mitigate the potential impacts of a bug or a mistake. At SentinelOne, we recognize that these choices can have massive impacts on our customers’ ability to operate their businesses.

Making Critical Choices that Prioritize Security and Stability

At SentinelOne, our customers are our top priority. This focus has informed our decisions from day one to ensure our industry-leading AI-powered Singularity Platform is secure by design. Our architecture and approach focus on seamlessly delivering new capabilities and updates without compromising business continuity, so our customers never have to choose between security, innovation, and stability.

Secure-by-Design Agent Architecture

Given the interfaces and access provided in modern OS versions, some vendors over-rely on kernel-level operations, which increases the risk of fatal errors. SentinelOne’s agent architecture minimizes kernel interactions, focusing on user mode operations and operating in the kernel only when required, such as for specialized eventing, anti-tampering, and comprehensive mitigation actions. Our cloud-delivered content updates can only be introduced in user mode, reducing the risk of a fatal system error. This design reduces the likelihood of catastrophic failures and prioritizes your business continuity as we deliver new innovations.

In addition, our embedded, on-device detection technologies are designed to be resistant to adversary evolution. Therefore, effective protection is delivered without requiring daily updates or cloud connectivity, in contrast to some vendors who ship updates many times a day.

Live Security Updates | Quality Assurance & Responsible Release Management

Frequent updates that affect kernel components can pose significant risks. SentinelOne’s updates undergo rigorous testing, including an internal deployment and canary testing, before being gradually rolled out. For frequent updates,we focus on user mode updates to reduce risk, ensuring that each update is stable and that any anomalies are promptly addressed.

SentinelOne’s Live Security Updates (LSU) are helpful to ensure agents have the latest detection mechanisms to prevent attacks between major agent updates. These updates are confined to detection-related logic and models that operate in an isolated user-mode space and do not affect the kernel or core components of the SentinelOne agent. To ensure the stability of these updates, we have strict, responsible engineering processes and controlled, gradual deployments. This goes beyond basic unit testing of configuration files and involves rigorous testing of every update, including end-to-end testing on real agents, gradual roll-out across customers, and much more. At each release stage, we monitor for issues, collecting data on key performance indicators for the agent and looking for significant deviations from baseline performance telemetry. By the time these updates make it to your devices, they have already been monitored and validated across a variety of device types and scenarios.

Customer Controls to Maintain Operational Autonomy

Automated updates can strip you of control, leading to potential system compromises. SentinelOne’s customers retain complete control of updates so you can deploy where you want, when you want, and if you want – allowing you to test and validate new builds prior to deployment within your environment according to your risk tolerance. We provide detailed release notes for every update, so you’re always informed about what’s being changed and why.

Resilience Is a Strategic Imperative

“Even the best software companies can inadvertently produce defects or bugs, regardless of how robust their validation engineering practices are. We have all used technology long enough to appreciate this reality. However, how you deploy changes or updates into your environment — or your customer’s environment in the case of endpoints — is crucial to properly mitigate the risks introduced by potentially faulty updates. The most fundamental practice is to introduce changes incrementally, and through these phased increments, you can limit who gets exposed to updates.” Ric Smith, Chief Product and Technology Officer at SentinelOne

What’s Next

At SentinelOne, the impacts of recent events has prompted us to look even more critically at our own process. We will continue to do so, understanding how important it is for all organizations to remain vigilant against such risks.

Capitalize on These New Security Platform Enhancements

Our commitment to secure-by-design architecture and disciplined processes has enabled us to accelerate innovation, bringing new capabilities to enhance your security operations. SentinelOne now offers new capabilities that enhance your security operations, including:

Generative AI for Security Analysis – Purple AI, embedded within our Singularity Operations Center, provides AI-driven alert summaries and rapid responses, improving your team’s efficiency.
Cloud Infrastructure Entitlement Management (CIEM) – Detect and manage overprivileged identities with prebuilt, advanced detections, reducing risks from privilege escalations.
Expanded Endpoint and Identity Protection – Built-in deception capabilities and compromised credential protection reduce the risk of credential-based attacks, safeguarding your organization.
Extended Security Posture Management (xSPM) – Real-time insights into vulnerabilities and misconfigurations allow your teams to prioritize risks effectively and enhance your security posture.
AI-Powered Security Incident and Event Management (SIEM) – Replace legacy SIEM solutions with our scalable, AI-powered platform, streamlining your data and workflows.

When you ask, ‘Could this happen to SentinelOne?’ We stand firm in our answer: Our design choices and commitment to rigorous testing make sure it doesn’t. We’ve built our platform differently to ensure that what’s happening elsewhere is not possible with SentinelOne.

SentinelOne understands the gravity of trusting a security platform with your business. That’s why we’ve built our solution with resilience at its core, earning the trust of enterprises globally to keep their operations running smoothly.

Gain Operational Stability and the Best Protection with SentinelOne

Security platforms must evolve to keep up with new threats, but they must also ensure customer stability. SentinelOne’s balanced approach ensures your business stays agile, protected, and resilient in a continuously changing threat landscape. Learn more about the SentinelOne Singularity Platform.

Purple AI Is Now Generally Available
Save time and resources by up-leveling every analyst with natural language query translation and patent-pending threat hunting technology.

Leave a Comment

Your email address will not be published. Required fields are marked *