ITHQ Blog

SentinelOne Scores 100% Total Accuracy Rating in SE Labs Testing

Written by Sally Nursten | 09-Oct-2020 10:16:37

When XDR works extraordinarily well. SentinelOne - we unpick the exceptional results scored in SE Labs testing

- No attack could progress far enough to the point at which the testers could start hacking through the targets

- Zero false positive results

SentinelOne was tested against a range of hacking attacks designed to compromise systems and penetrate target networks, including its ability to:

  • Detect highly targeted attacks
  • Protect against the actions of highly targeted attacks
  • Provide remediation to damage and other risks posed by the threats
  • Handle legitimate applications and other objects

The report summarises: "SentinelOne performed admirably, providing complete detection and protection coverage against all attacks, while allowing all legitimate applications to operate. This is an exceptional result in a challenging test"

 

In all cases, SentinelOne prevented the attacks from moving beyond the earliest stages of the attack chain.

 

Simon Edwards, CEO, SE Labs, commented:

"No test is more revealing in how vendor solutions respond to the sophistication of attacks seen in the wild today ... The fact that we were not able to find a single hole in SentinelOne is an incredible testament to the breadth of coverage and efficacy of its Extended Detection and Response (XDR) platform."

 

The product detected and protected fully against all of the threats

 

SentinelOne was assessed at handling each logical stage of an attack:

  1. Detection

  2. Delivery

  3. Execution

  4. Action

  5. Escalation

  6. Post-escalation action

  7. Lateral movement

  8. Lateral action

 

Results summary

 

In conclusion, this SE Labs test exposed SentinelOne to a diverse set of exploits, file-less attacks and malware attachments, comprising the widest range of threats in any currently available public test.

 

Unprecedented results show future performance potential

 

All of these attack types have been witnessed in recent real-world attacks but for this test, new files were used. This demonstrates that SentinelOne's results are indiciative of potential future performance, rather than just a compliance check that the product can detect old attacks.

 

Watch SentinelOne in action here, defeating Maze ransomware in less than two minutes

 

 

SentinelOne detected and protected fully against all of the threats. In every case the threats were unable to move beyond the earliest stages of the attach chain, meaning that as soon as the target systems were exposed to the threats, the attacks were detected immediately and blocked.

 

"... not one attack could progress far enough to the point at which the testers could start hacking through the targets. Sometimes products are overly aggressive and detect everything, including threats and legitimate objects. In this test SentinelOne generated no such false positive results, which is as hoped. SentinelOne wins a AAA award for its excellent performance."