Since its founding, SentinelOne has been a global leader in how AI and machine learning can detect and protect against known and novel threats through autonomous response. This foundational DNA was a driver in the company’s early, market-defining use of generative AI to, not only simplify querying, but to analyze security data to speed response more rapidly.
At OneCon24, SentinelOne’s annual cybersecurity conference, we took this a step further – introducing new products and outlining our roadmap to deliver on the promise of the Autonomous SOC and empower security teams to rethink how they respond to threats. As Ric Smith, SentinelOne’s Chief Product, Technology, and Operations Officer, said,
“It’s rare to find technology that simultaneously makes your teams faster, better, and more cost-effective all at once. But that’s exactly what we’re doing by autonomizing security operations and driving the future of response in our industry.”
From leading advancements in AI, data, and automation, SentinelOne is driving the future of security through solutions that revolutionize threat detection and response, streamline security operations and deliver long-term value. So whether you were at OneCon 2024 or are simply following the event from afar, here are this year’s top 5 takeaways.
Security teams are increasingly overwhelmed by the growing volume of data and data sources. This includes everything from network logs and application telemetry to user behavior analytics and external threat intelligence feeds. This increase in data is a double-edged sword: while it provides more insight into potential security risks, it also creates significant challenges for security teams, making it harder to detect real risks amid the noise and manage the sheer volume of information effectively. SentinelOne is reimagining the processes that are foundational to how the security operations center (SOC) work, starting with Singularity AI SIEM.
Powered by the highly-scalable Singularity Data Lake (SDL) with always-on storage, Singularity AI SIEM enables security teams with real-time detection on ingestion, and response capabilities across vast amounts of data, all without the hassle of indexing or managing data storage. SDL leverages the Open Cybersecurity Schema Framework (OCSF) to seamlessly integrate with the vast ecosystem of tools required by today’s security teams, providing comprehensive visibility.
AI SIEM accelerates detection, investigation, and response and uses a single platform and console to manage data health, triage threats, and conduct investigations at scale across all data. With the addition of Purple AI, Singularity AI SIEM empowers SOC teams to rapidly automate investigations, reduce alert fatigue, and stay ahead of attacks.
“By consolidating security tools into one platform, SentinelOne has made it very easy for you. Once you have that identification and the detection right away with using AI SIEM and Purple AI, you get an extremely fast investigation all the way up to a remediation.” John McLeod, CISO, NOV
We’re making response easier than ever with Singularity Hyperautomation. This no-code automation solution will enable SOCs to reduce response times and streamline workflows. Designed to handle the most complex security challenges, Hyperautomation brings out-of-the-box workflows that accelerate detection and response to threats like ransomware. It’s built into the Singularity Platform, not bolted-on, improvising analyst productivity without the complexity.
What sets SentinelOne apart is our seamless integration into the analyst workflow, where automations are intelligently recommended during the investigation process. Coupled with Purple AI, analysts won’t need to manually create playbooks — our platform automatically generates them based on peer-driven insights across our customer community, empowering teams to respond faster and more efficiently.
Alert fatigue is real. The ability to sift through hundreds of alerts to find the few that represent true positives – and equally, the ability to rapidly dismiss false positives and less critical alerts – can mean the difference between risk and a breach. As the attack surface expands and attackers become faster and more sophisticated, this immense pressure facing security teams to prioritize their time is only going to grow.
At OneCon, SentinelOne announced new Alert Auto-Triage capabilities in Purple AI. Designed to automatically assess, triage, and prioritize alerts to help security teams focus on those requiring immediate investigation. Auto-Triage will harness new AI-powered Global Alert Analysis, amplifying the wisdom of our expert security community to assess thousands of anonymized similar alerts and help SOC teams more accurately determine alert verdicts. The Alerts to Investigate dashboard view and alert table filter help analysts focus on the most relevant alerts.
Another key capability powering Auto-Alert Triage is Community Verdict, which displays the proportion of similar alerts flagged as true positives by Known Expert Votes that carry more weight. Similarly, Verdicts to Review notifies users when their recent verdicts contradicts the latest Community Verdict consensus, prompting an opportunity to re-review their assumptions with additional information. Altogether, Purple AI Auto-Triage aims to empower security teams to minimize their rate of false positives, reduce alert fatigue, and quickly surface real threats that require immediate attention.
Investigations are hours-long arduous tasks for SOC analysts, but with Purple AI Auto-Investigations, the entire process will be streamlined up to even minutes. At OneCon, SentinelOne announced Purple AI Auto-Investigations, a powerful new feature designed to automate the complex and time-consuming process of security investigations. This will not only save time, but also level up efficiency by automating investigation steps, gathering evidence, and documenting everything in an auditable, human-readable notebook for review.
With Auto-Investigations, Purple AI will automatically create a detailed investigation plan broken down into specific, concrete steps. Security analysts will have the flexibility to either execute these investigative steps themselves or have Purple AI automatically run on their behalf. As the investigation progresses, all evidence gathered during these steps is systematically collected and summarized in an auditable notebook, creating a clear record of the investigation process giving security teams the efficiency they need to address critical threats quickly.
One of the most innovative aspects of the feature is how it executes investigation steps during off-hours. While analysts are asleep, Purple AI is automating the work by identifying next steps in real-time, gathering evidence, and analyzing information so that investigations continue around the clock.
The generative AI landscape has evolved, making general LLMs more affordable and capable for cybersecurity tasks when paired with human expertise, while specialized models remain essential for handling security-specific needs. Combining both types of models provides a comprehensive, “better-together” approach to creating effective AI security assistants.
This is exactly what the introduction of SentinelOne’s Ultraviolet family of security models is built to achieve. Introduced at OneCon – and powering SentinelOne’s Purple AI security analyst – these new models are designed to address scenarios that fall outside of what’s possible with general purpose models alone, such as improving detection efficacy by considering more context in real-time to enable more efficient reasoning behind security issues. Ultraviolet’s family of security LLMs and multimodal models are designed to address specific use cases, significantly cutting down operation burdens on security teams. This focus on specialized use cases results in a greater amount of autonomy since these models are fine-tuned to stay on task and require substantially fewer tokens to reach actionable conclusions.
Looking ahead, we believe that cybersecurity teams will likely adopt a hybrid approach of general-purpose AI assistants for broader applications alongside specialized AI tools like Ultraviolet for more complex, mission-critical security tasks. Keeping up with these developments will be important for organizations aiming to stay ahead in innovative uses of AI within the cybersecurity realm.
OneCon is a space for cybersecurity professionals to gain knowledge, exchange ideas, and arm themselves with the necessary tools they need to meet modern security challenges. As we adapt to an ever-changing threat landscape, we are grateful to be surrounded by leading cybersecurity professionals who are ready to innovate alongside us.
Whether you attended OneCon in person or if you missed it this year, these highlights showcase the vibrant community and cutting-edge advancements that make our industry so exciting. We extend our heartfelt gratitude to all our sponsors, guest speakers, partner presenters, support teams, event organizers, and especially our attendees for being here with us at OneCon24.
Reach out to us to discover how we can help your team gain confidence in detection and be ready to respond, or schedule a demo to explore our latest integrations and solutions in detail.
Please note that this blog post includes forward-looking statements including, but not limited to, statements concerning the expected timing of product and feature availability, the benefits and capabilities of our current and future products and services, competition and our competitive position, our strategic plans and objectives, and general market trends. Such statements are subject to numerous risks and uncertainties and actual results could differ from those statements. Any future products, functionality and services may be abandoned or delayed, and customers should make decisions to purchase products and services based on features that are currently available.
Forward-looking statements are subject to risks and uncertainties, including factors beyond our control, that could cause actual performance or results to differ materially from those expressed in or suggested by the forward looking statements. These and other risk factors are described in the “Risk Factors” section of our most recent Annual Report on Form 10-K, subsequently quarterly reports filed on Form 10-Q, and other filings made with the Securities and Exchange Commission (SEC), which are available free of charge on our website at http://investors.SentinelOne.com and on the SEC’s website at www.sec.gov.
Any forward-looking statements made in this document are based on our beliefs and assumptions that we believe to be reasonable as of the date of the presentation. You should not rely upon forward-looking statements as predictions of future events. Except to the extent required by law, we undertake no obligation to update these forward-looking statements to reflect new information or future events.