23 March 2023

Automation of doubt removal and immediate characterization of threats thanks to the GLIMPS & Sentinel One connector

Articles

GLIMPS x Sentinel One connector

Cyber attacks are constantly evolving, becoming more targeted and more sophisticated. Today, cybercriminals operate like real businesses, with organized attack chains and increasingly sophisticated tools. Their aim: to bypass existing defenses, infiltrate systems and exploit unknown internal vulnerabilities.

In this context, EDRs, although powerful, are sometimes put to the test in the face of these threats. Weak signals, false positives or alerts without precise qualification complicate the work of analysts, already overloaded by massive volumes of incidents to process.

To meet these challenges, automation and the addition of advanced analysis layers with GLIMPS Malware become indispensable allies. By combining relevant detection and fine-grained contextualization, it is possible not only to gain in efficiency, but also to transform the way incidents are prioritized and handled.

What added value?

The Sentinel One x GLIMPS Malware connector automates the qualification of Sentinel One results and provides a detailed threat analysis:

• Reduction of false positives
• Improvement of remediation with clear and accurate threat information
• Rapid threat characterization
• Detection of APTs and variants (thanks to the deep investigation of the GLIMPS Malware Deep Engine)

The concept-code analysis offered by GLIMPS Malware brings many advantages to the traditional EDR detection. It saves time and precision in the analysis and helps the analyst make decisions. This technological complementarity can be adapted to all types of server and workstation environments.

How does it work?

GLIMPS Malware receives new alerts generated by the SentinelOne EDR, extracts the files and automatically sends them to the platform for in-depth analysis. The latter combines more than twenty modules, offering advanced detection capabilities thanks to static and/or dynamic methods, depending on the customer’s choice.
After this analysis, GLIMPS Malware transmits the results directly to the EDR console in the form of a detailed report. The analysis report includes:

  • A cumulative global score: each detection engine awards up to 1,000 points when a malware payload is identified
  • The malware family detected, providing a clear and exploitable context.

In addition, GLIMPS Malware can now automatically modify the “Analyst Verdict” field of alerts in SentinelOne, adjusting the results to True Positive or False Negative, depending on the consolidated analysis verdict. This feature significantly reduces the need for manual intervention, improves alert accuracy and optimizes incident management by SOC/CERT teams.

All analysis results are stored and available on the GLIMPS Malware Expert interface. The file can therefore be analyzed again if the analyst wishes to add new options.

Do not hesitate to contact us for more information: contact@glimps.re