Reflections on the New S1 Console: Advanced, Extensible, and Scalable

By Jay Ryerse, CARVIR CEO

It’s been almost two years since CARVIR partnered with SentinelOne. We evaluated, including lab testing, more than thirty endpoint security products. We liked SentinelOne’s simplicity and protection against multiple threat vectors, but most importantly, we agreed with SentinelOne’s philosophy of providing solutions before, during, and after a threat has been detected. Cyber security continues to be a zero-sum game. SentinelOne’s level of protection allows us to protect our almost 600 MSPs and IT service providers across the U.S. and nine other countries.

CARVIR works with regional MSPs to deliver our service.  Each MSP typically services 25-100 customers in their geographic region.  We train the MSPs on the solution stack and they are responsible for level one support.  In this context, a product that is easy to configure and train was of critical importance for us.

We also leveraged the SentinelOne APIs to build into our own ticketing/alert management system.  The original SentinelOne console did not have multi-tenancy features, so we couldn’t give console access to our MSPs or their end customers.  Instead, we built a system that exposed the relevant information to each MSP using the SentinelOne APIs. And we built a
24 x 7 SOC to provide managed endpoint detection and response for our partners.

While this was not an ideal situation, we respected and understood SentinelOne’s challenge in catering to multiple market segments.  They were focused on large enterprise deals and the MSSP console was not a priority.  But, the demand was very strong and CARVIR built a strong business, protecting over 50,000 endpoints leveraging SentinelOne’s technology.

We were very excited to contribute to the MSSP design discussions when SentinelOne finally started exploring multi-tenant ideas in 2017.  With the right designs, we knew we could easily help our partners quadruple their security business in the SMB space.  We received access to the beta version of the new console several months ago and started onboarding MSPs and their customers in the last two weeks.  What has taken many peer vendors years to finish, SentinelOne has accomplished in a few months.  Here are some of my favorite features in the new console:

  1. Multi-Site Capability

SentinelOne lets you create separate customer sites.  All objects – Policies, Blacklists, Exclusions, etc –  are completely isolated from other sites and can be managed by the MSP.

  1. Policy Inheritance

Policies can be inherited from the global node which is extremely useful for managing at scale.  We start with the strongest, most locked-down policy and let every site just inherit this setting.

Exclusions and Blacklists can also be setup at each level of the hierarchy.  For example, if there is an application that must be blacklisted globally, we can do that once and it is immediately pushed to all sites.  If a site or a group has a specific exclusion, it can be done at the most appropriate level, without impacting all the other customers.

  1. Filtering and Grouping

The network page has been enhanced significantly.  In the original console, this page supported grouping of devices.  In the new design, this page provides all related information like policies, exclusions in a more intuitive way that also reduces the number of clicks.  In a near-term release, filtering on AD attributes will also be supported.  This lets us mirror the assets/groups from multiple AD forests and trees.

  1. Access Control

We are finally able to give our MSPs and their end customers access to the same console that we use.  We can easily change the scope to view the information related to a specific site.  While CARVIR has visibility into all the sites, MSP partners only see the sites they sell and manage.

  1. API Support

SentinelOne is a company that gets APIs.  Not only have they built APIs for every action in the console, but they also went to the trouble of supporting their older APIs on top of the new platform.  This lets us continue using our existing systems with little or no modifications to our code.

The user interface and ease of integration is unparalleled.  For the longest time, McAfee’s ePO was considered to be the golden standard for security consoles.  The new SentinelOne console can now make a claim to the throne!

To learn more about CARVIR and how we provide enterprise class security to MSPs worldwide, please visit www.carvir.net.

About CARVIR

CARVIR, a global cyber security company, has become the leader in monitored and managed security for the MSP and IT Services channel. CARVIR’s threat team and 24 x 7 SOC provide advanced endpoint security, SIEM, DNS, email, and web gateway security for their partners. CARVIR has created a way to protect IT companies and their clients from today’s ransomware threats, viruses, hackers, and zero-day attacks by leveraging enterprise-level tools that were formerly unavailable to most MSPs.

CARVIR is proud to provide security solutions that have been rapidly adopted by MSPs around the globe!

For more information visit www.carvir.net.