Advanced cyber threats are highly sophisticated, and expertly engineered to appear benign and evade static defenses and sandboxes through a variety of techniques.
The key to staying steps ahead of any advanced threat—known or unknown— lies in the ability to identify a threat not by what it is, but by how it behaves.
SentinelOne’s behavior-based detection combines machine-learning with advanced proprietary threat research that deconstructs attacks of all types down to their core behaviors.
These behaviors are comprised of system activity and processes which are observed by the SentinelOne agent.
The endpoint agent feeds SentinelOne’s Dynamic Behavior Tracking (DBT) engine, which maps suspicious processes into malicious patterns against a full context view of normal system and application behavior.
As a suspicious process executes, its behavioral patterns are tracked and scored by the DBT engine. Once a certain threshold is reached, the process is flagged as a threat.