23 March 2023

Automation of doubt removal and immediate characterization of threats thanks to the GLIMPS & Sentinel One connector

Articles

GLIMPS x Sentinel One connector

Cyber-attacks are becoming more and more frequent and are now responding to new trends. They are also experiencing a structuring of the cyber attackers, with logics of division of tasks that make the attacks more dangerous.

The shortage of cybersecurity engineers, combined with the professionalization of attacker groups, means that analysts are faced with an increasing number of tasks. The automation of the qualification of results becomes necessary in order to focus on the most critical incidents.

The integration between Sentinel One EDR and GLIMPS Malware addresses these issues by adding a qualification and contextualization layer to alerts. GLIMPS Extended Malware Analysis Platform (XMAP), accelerates doubt removal activities by up to 90% on files identified as suspicious or malicious by Sentinel One.  This additional intelligence allows the analyst to refine his decision making, as he is often faced with weak signals.

What added value?

The Sentinel One x GLIMPS Malware connector automates the qualification of Sentinel One results and provides a detailed threat analysis:

• Reduction of false positives
• Improvement of remediation with clear and accurate threat information
• Rapid threat characterization
• Detection of APTs and variants (thanks to the deep investigation of the GLIMPS Malware Deep Engine)

The concept-code analysis offered by GLIMPS Malware brings many advantages to the traditional EDR detection. It saves time and precision in the analysis and helps the analyst make decisions. This technological complementarity can be adapted to all types of server and workstation environments.

How does it work?

GLIMPS Malware automatically scans files detected as suspicious or malicious by the Sentinel One EDR. Thanks to the unique GLIMPS technology and a combination of more than 20 analysis modules, GLIMPS provides a result in less than 5 seconds. It is immediately clear whether the file is really a threat or not. After the analysis, you will find information associated with the threat in your SentinelOne interface: The analysis report includes:

Detection score indicating the criticality level of the threat
 Identified malware family
 Link to the GLIMPS Malware Expert interface to take advantage of the full power of the Extended Malware Analysis Platform

Do not hesitate to contact us for more information: contact@glimps.re