SentinelOne Endpoint Detection & Response

Owned by Robert Fricke
Last updated: Mar 11, 2024

What is Endpoint Detection & Response (EDR)?

EDR, simply, is a next-generation antivirus for computing devices.

Why is this happening at Whitman?

Having EDR is a requirement for the college to retain cybersecurity liability insurance, and in addition, we believe that SentinelOne will significantly strengthen our overall cybersecurity posture, ensuring a safer and more secure digital environment for all members of our campus community. This is particularly true in light of the malicious cyber attacks that have been occurring at other higher ed institutions right here in the northwest. 

Key features of SentinelOne include:

  • Timely Response to Potential Threats: Allows WCTS to more easily and quickly be alerted to potential threats and be able to act on them when necessary.

  • Behavioral AI Detection: SentinelOne utilizes advanced artificial intelligence to analyze and identify malicious behavior based on well-established cyberattack patterns, allowing for the proactive detection of threats before they can cause harm. 

  • Autonomous Response: The platform is equipped with automated response capabilities, enabling swift and precise actions to neutralize threats without manual intervention, reducing the risk of potential damage.

  • Threat Intelligence Integration: SentinelOne integrates with leading threat intelligence feeds, providing the latest information on emerging threats and ensuring that our campus remains ahead of potential risks.

Installation, timing, and what will I see?

To ensure that the deployment and installation goes smoothly, please make sure that your computer is on and connected to the Whitman network during your designated deployment day.

WCTS will begin deploying the program starting March 25, 2024 and will continue weekly through mid-July. Installations will happen on the Monday of each week and will be targeted to specific departments each time. An email notice will be sent out the week prior to remind the departments that will have the install the following week.

During the installation, you should not see anything as it should install silently in the background. There might be a slight degradation of computing performance during the installation but it should be negligible. WCTS staff may contact you directly if we notice that there is any issue with the installation.

When the installation is complete, you should see the following:

 

image (3).png
SentinelOne icon in Windows taskbar

 

image (4).png
SentinelOne console screen when opened from taskbar icon - PC

 

 

 

 

What happens if something is detected on my computer?

A notification will pop up on your computer’s screen notifying you of an incident being detected. WCTS will also be notified. With the assistance of SentinelOne, we will look into the incident and determine remediation. WCTS will contact you if any additional questions arise about the incident. The status of the incident will appear in the SentinelOne console screen (see above screenshots).

Questions or concerns?

Contact the Information Security Officer at iso@whitman.edu

Contact the WCTS Help Desk at helpdesk@whitman.edu