- Automate threat discovery and remediation
- Critical threat information landing page
- Optional scalable storage backend uses the Cloudera/Hadoop infrastructure for enhanced data
Various inconsistencies happen within the computing environment that are often difficult to identify as potential or real threats to investigate. Anomaly detection in Sentinel® enables you to automate identification and alert on anomalous activity without the need to know exactly what you are looking for. With alerts and evidence of unknown threat in hand, you can speed remediation and better mitigate risk.
With Sentinel anomaly detection, you can automatically identify inconsistencies in your organization's environment without having to build correlation rules that expect you to know exactly what you are looking for. When you implement Sentinel, you establish baselines for your organization's specific environment, enabling you to immediately deliver better intelligence and faster anomalous-activity detection. Comparing trends with a baseline allows you to view historical activity patterns, enabling you to rapidly develop models of typical IT activities—or states of "normalcy"—that make it easy to spot new, potentially harmful trends. To enhance these capabilities, you can further tune your environment's baselines and corresponding anomalous event detection. Sentinel also shows you how your security and compliance posture changes over time.
The latest Sentinel release offers an optional scalable storage backend (at no extra charge) built on the Cloudera distribution of the Hadoop Big Data infrastructure. This provides security teams with data mining capabilities using industry-standard analytic tool sets for data exploration, visualization, and analysis.