SentinelOne is an autonomous cybersecurity platform that uses AI to provide endpoint protection, detection, and response across enterprise environments. Founded in 2013 by Tomer Weingarten and Almog Cohen and headquartered in Mountain View, California, SentinelOne delivers what it terms autonomous endpoint protection, where AI models running directly on each endpoint can detect and respond to threats without requiring cloud connectivity or human intervention. The platform's Singularity platform unifies endpoint protection (EPP), endpoint detection and response (EDR), and extended detection and response (XDR) into a single agent and console. SentinelOne's AI engine uses multiple detection mechanisms including static AI for pre-execution file analysis, behavioral AI for runtime threat detection, and machine learning models that identify malicious patterns across process trees, file operations, network activity, and registry changes. A distinguishing capability is its Storyline technology, which automatically correlates related events into structured attack narratives, providing security analysts with a complete timeline and context for each detected threat without manual investigation. The platform also features automated remediation and rollback capabilities that can reverse malicious changes, including ransomware encryption, restoring affected systems to their pre-attack state. Purple AI is SentinelOne's generative AI security analyst that enables natural language threat hunting, investigation, and response across the platform's data lake. SentinelOne supports Windows, macOS, Linux, Kubernetes, and cloud workloads. The platform integrates with a broad ecosystem of security tools through its Singularity Marketplace. Pricing is structured in tiers, with Singularity Core, Singularity Control, and Singularity Complete offering progressively more features, with enterprise pricing available on request.

AI 分析工具

SentinelOne 通过其 Storyline 技术提供高级安全分析，该技术自动将事件关联为结构化攻击叙述，以及其数据湖存储并支持安全遥测数据的查询。Purple AI 允许分析师进行自然语言威胁搜寻和调查，跨越历史和实时安全数据。

AI自动化工具

SentinelOne 自动化整个威胁生命周期，从检测到响应和补救。其自主响应功能可以隔离威胁、杀死恶意进程和回滚勒索软件加密，无需人工干预。Purple AI 进一步通过跨安全遥测的自然语言查询自动化威胁搜寻和调查。

AI网络安全

SentinelOne 提供自主 AI 驱动的端点保护，可以检测和应对威胁，无需云连接或人工干预。其多层 AI 引擎结合了静态分析、行为检测和机器学习，以识别已知和新型威胁，而 Storyline 技术自动重建完整的攻击叙述以供快速调查。