TrueFort, the lateral movement protection company, today announced it now ingests telemetry from SentinelOne (NYSE: S) to map application behavior across cloud and on-premises workloads, enforce Zero Trust segmentation policies and prevent lateral attacks.
The TrueFort integration enables customers to expand their SentinelOne use cases with a positive security model. By absorbing SentinelOne real-time telemetry and applying behavior analytics to visualize and baseline application flow dependencies, the TrueFort platform creates a trusted behavioral profile for each application. Using this profile, TrueFort automatically generates microsegmentation policies from observed behavior, alerts on anomalies, and automates policy enforcement through the firewall rules capability of the SentinelOne agent.
“Using telemetry from SentinelOne agents, the TrueFort Platform combines visualization and analysis of complex security relationships to understand, define, and enforce accepted application behavior policies.”
“Understanding the context of what, who, when, and how unusual activity occurred, enables customers to implement smart Zero Trust policies for microsegmentation and service accounts.”
Sameer Malhotra, CEO of TrueFort.
“By leveraging telemetry from SentinelOne’s agent and firewall capabilities, TrueFort can automatically create and deploy microsegmentation rules into customers’ cloud workloads to reduce their attack surface and help contain security incidents.”
“We are excited about this integration and the value it will create.”
Ely Kahn VP Product for Cloud Security at SentinelOne.
TrueFort takes advantage of SentinelOne’s endpoint security telemetry to create a trusted profile for each application that includes:
Dependency discovery and mapping: that serves as the foundation for the trust profile and application behavioral policies.
Automated policy generation: the trusted application profile is used to model behavioral policies that are enforced by security controls such as microsegmentation, and update them when application behavior changes. Since TrueFort uses SentinelOne’s firewall rules capability for policy enforcement, no additional agents are required for microsegmentation.
Application control allow-listing: TrueFort identifies normal behavior and automates policy controls for application execution to the individual process-level, and governs allow-lists of known running processes and their behaviors. Any executables outside of the allow-list are terminated.
Multi-dimensional microsegmentation – based on the behavioral understanding of application activity, TrueFort automates segmentation policies without trial and error guesswork. This includes automatically updating blocking rules when hostnames and IP addresses change.
Anomaly detection – identifies application behaviors that are outside of the normal activity baseline. In addition, DVR-like playback capabilities expose the underlying cause of anomalies in incident investigations.
The integration of TrueFort with SentinelOne is available immediately worldwide.