Driving Advancement in Cybersecurity | Top 5 Takeaways from OneCon24


Since its founding, SentinelOne has been a global leader in how AI and machine learning can detect and protect against known and novel threats through autonomous response. This foundational DNA was a driver in the company’s early, market-defining use of generative AI to, not only simplify querying, but to analyze security data to speed response more rapidly.

At OneCon24, SentinelOne’s annual cybersecurity conference, we took this a step further – introducing new products and outlining our roadmap to deliver on the promise of the Autonomous SOC and empower security teams to rethink how they respond to threats. As Ric Smith, SentinelOne’s Chief Product, Technology, and Operations Officer, said,

From leading advancements in AI, data, and automation, SentinelOne is driving the future of security through solutions that revolutionize threat detection and response, streamline security operations and deliver long-term value. So whether you were at OneCon 2024 or are simply following the event from afar, here are this year’s top 5 takeaways.

1 – Singularity AI SIEM Delivers Cloud-Native Detection & Response Across All Data

Security teams are increasingly overwhelmed by the growing volume of data and data sources. This includes everything from network logs and application telemetry to user behavior analytics and external threat intelligence feeds. This increase in data is a double-edged sword: while it provides more insight into potential security risks, it also creates significant challenges for security teams, making it harder to detect real risks amid the noise and manage the sheer volume of information effectively. SentinelOne is reimagining the processes that are foundational to how the security operations center (SOC) work, starting with Singularity AI SIEM.

Powered by the highly-scalable Singularity Data Lake (SDL) with always-on storage, Singularity AI SIEM enables security teams with real-time detection on ingestion, and response capabilities across vast amounts of data, all without the hassle of indexing or managing data storage. SDL leverages the Open Cybersecurity Schema Framework (OCSF) to seamlessly integrate with the vast ecosystem of tools required by today’s security teams, providing comprehensive visibility.

AI SIEM accelerates detection, investigation, and response and uses a single platform and console to manage data health, triage threats, and conduct investigations at scale across all data. With the addition of Purple AI, Singularity AI SIEM empowers SOC teams to rapidly automate investigations, reduce alert fatigue, and stay ahead of attacks.

2 – Singularity Hyperautomation Accelerates the SOC for Rapid Response

We’re making response easier than ever with Singularity Hyperautomation. This no-code automation solution will enable SOCs to reduce response times and streamline workflows. Designed to handle the most complex security challenges, Hyperautomation brings out-of-the-box workflows that accelerate detection and response to threats like ransomware. It’s built into the Singularity Platform, not bolted-on, improvising analyst productivity without the complexity.

What sets SentinelOne apart is our seamless integration into the analyst workflow, where automations are intelligently recommended during the investigation process. Coupled with Purple AI, analysts won’t need to manually create playbooks — our platform automatically generates them based on peer-driven insights across our customer community, empowering teams to respond faster and more efficiently.

3 – Focus on the Alerts that Matter with Purple AI Auto-Triage

Alert fatigue is real. The ability to sift through hundreds of alerts to find the few that represent true positives – and equally, the ability to rapidly dismiss false positives and less critical alerts – can mean the difference between risk and a breach. As the attack surface expands and attackers become faster and more sophisticated, this immense pressure facing security teams to prioritize their time is only going to grow.

At OneCon, SentinelOne announced new Alert Auto-Triage capabilities in Purple AI. Designed to automatically assess, triage, and prioritize alerts to help security teams focus on those requiring immediate investigation. Auto-Triage will harness new AI-powered Global Alert Analysis, amplifying the wisdom of our expert security community to assess thousands of anonymized similar alerts and help SOC teams more accurately determine alert verdicts. The Alerts to Investigate dashboard view and alert table filter help analysts focus on the most relevant alerts.

Another key capability powering Auto-Alert Triage is Community Verdict, which displays the proportion of similar alerts flagged as true positives by Known Expert Votes that carry more weight. Similarly, Verdicts to Review notifies users when their recent verdicts contradicts the latest Community Verdict consensus, prompting an opportunity to re-review their assumptions with additional information. Altogether, Purple AI Auto-Triage aims to empower security teams to minimize their rate of false positives, reduce alert fatigue, and quickly surface real threats that require immediate attention.

4 – Purple AI Auto-Investigations Reduce Hours to Minutes

Investigations are hours-long arduous tasks for SOC analysts, but with Purple AI Auto-Investigations, the entire process  will be streamlined up to even minutes. At OneCon, SentinelOne announced Purple AI Auto-Investigations, a powerful new feature designed to automate the complex and time-consuming process of security investigations. This will not only save time, but also level up efficiency by automating investigation steps, gathering evidence, and documenting everything in an auditable, human-readable notebook for review.

With Auto-Investigations, Purple AI will automatically create a detailed investigation plan broken down into specific, concrete steps. Security analysts will have the flexibility to either execute these investigative steps themselves or have Purple AI automatically run on their behalf. As the investigation progresses, all evidence gathered during these steps is systematically collected and summarized in an auditable notebook, creating a clear record of the investigation process giving security teams the efficiency they need to address critical threats quickly.

One of the most innovative aspects of the feature is how it executes investigation steps during off-hours. While analysts are asleep, Purple AI is automating the work by identifying next steps in real-time, gathering evidence, and analyzing information so that investigations continue around the clock.

5 – Introducing Ultraviolet, SentinelOne’s Family of Security Models

The generative AI landscape has evolved, making general LLMs more affordable and capable for cybersecurity tasks when paired with human expertise, while specialized models remain essential for handling security-specific needs. Combining both types of models provides a comprehensive, “better-together” approach to creating effective AI security assistants.

This is exactly what the introduction of SentinelOne’s Ultraviolet family of security models is built to achieve. Introduced at OneCon – and powering SentinelOne’s Purple AI security analyst – these new models are designed to address scenarios that fall outside of what’s possible with general purpose models alone, such as improving detection efficacy by considering more context in real-time to enable more efficient reasoning behind security issues. Ultraviolet’s family of security LLMs and multimodal models are designed to address specific use cases, significantly cutting down operation burdens on security teams. This focus on specialized use cases results in a greater amount of autonomy since these models are fine-tuned to stay on task and require substantially fewer tokens to reach actionable conclusions.

Looking ahead, we believe that cybersecurity teams will likely adopt a hybrid approach of general-purpose AI assistants for broader applications alongside specialized AI tools like Ultraviolet for more complex, mission-critical security tasks. Keeping up with these developments will be important for organizations aiming to stay ahead in innovative uses of AI within the cybersecurity realm.

Comments