Clicking on the top-level management tab will bring up the active duty roster. This will show you general status of PEM, and where you can set up audit trails, schedule overall network inspections, show which sentries are operating and how you can deploy new sentries on additional network segments. You can set up a series of duty rosters that cover different portions of your network if you have different staff people assigned that way.
PEM has three roles: administrators who have full access to setup policies can make changes, users who can view system status, policies and reports, and viewers who can only see the reports.
At the heart of PEM is its security policies, which cover a lot of ground. They include both applications that should and shouldn’t be present on endpoints, and what should happen if PEM finds anything amiss. These unauthorized items include peer-to-peer software, remote control applications, hacking tools, particular files or network management tools. Each of these items has extensive lists of programs that you can toggle on or off the list of prohibited apps. There is a lot of power in this part of the product, and while it could get tedious, it shows the depth of PEM.
For example, you can specify which Service Pack level is considered acceptable for each version of Windows to pass your compliance policy. There are numerous other options here, including the ability for PEM to detect if an anti-virus program is installed but stopped from running: PEM can attempt to restart the service and set it up to automatically be started in future reboots.
In addition to all of these features, there is also lots of extensibility built-in to the product where you add your own actions to be carried out if something doesn’t fit into its existing categories, such as do a DNS lookup on a network segment to see if some piece of malware has tampered with it. The only trouble is that isn’t really proactive: generally you don’t know what you don’t know until you have been hacked in some odd way.
We tested PEM on a Windows 2012 Server. You have to open Port 445 for it to communicate with your endpoints.
SentinelOne’s Endpoint Protection Platform comes in either SaaS or on-premises versions, we tested the SaaS product. There is a web-based management console -- like so many of the other products in this review. It also has a clean collection of tools with primary menus listed down the left side and sub-menus across the top.
The main menu categories include a summary dashboard that shows a live news feed from the company’s blog along with a world map showing where threats originate. There are other menus for network activity, a series of analysis routines, and black and whitelist of events. Like other products in this review, it offers near real-time event information.
Sign up for CIO Asia eNewsletters.