SentinelOne brings Purple AI to Zscaler, Okta, Palo Alto Networks, Proofpoint, Fortinet, and Microsoft Data
SentinelOne today announced that its Purple AI security analyst can now be used with data from a growing list of the most popular third-party security offerings. Initial products supported include the Zscaler Zero Trust Exchange platform, Palo Alto Networks Firewall, Okta, Proofpoint TAP, Fortinet FortGate, and Microsoft Office 365.
The company also introduced multilingual support for Purple AI, complementing its English-language version with new support for natural language queries and summaries in Spanish, French, German, Italian, Dutch, Arabic, Japanese, Korean, Thai, Malay, Indonesian, and more.
“Purple AI has rapidly become SentinelOne’s fastest-growing product, and customer uptake and feedback have been incredible. Far beyond just a great natural language querying mechanism, Purple AI is automating investigations, prioritizing threats, and slashing response times from hours to mere minutes,” said Ely Kahn, Vice President, Product Management, Cloud Security, AI/ML, and Core Platform, SentinelOne. “By extending Purple AI’s capabilities across both native and third-party data in Singularity, customers can rapidly stop even the most sophisticated attacks in their tracks while gaining more value from the full security stack and their collective security data.”
Overwhelming alert volumes, multiple data sources, increasingly sophisticated threat actors, and expanding attack surfaces result in missed incidents and complex investigations. Disparate data schemas lead to limited visibility and threats falling through the cracks. And increasingly fast breakout times too often put defenders at a disadvantage of stopping lateral movement before the damage is done.
Purple AI simplifies the data problem for security teams to empower simpler and more complete threat hunting while speeding investigations and response. It leverages the Open Cybersecurity Schema Framework (OCSF) to query data that has been normalized on ingestion. As a result, customers benefit from instant querying of native and third-party data, correlations and context across their security stack, and scalability across ever-expanding data sources for faster and more complete investigations.
For example, take joint customers of SentinelOne and Zscaler, who can easily pull Zscaler Security Service Edge (SSE) logs into the Singularity platform via an out-of-the-box integration available on the Singularity Marketplace. Using this integration, which is configurable, these customers can use Purple AI to hunt across user or threat activity logs and data protection or zero trust policy violation logs and optimize investigations of security events that span network, endpoint, cloud, and identity data, using simple, natural language queries like:
- “Using Zscaler logs, how many users have accessed cloud applications?”
- “Show me Zscaler logs where users have downloaded malware.”
- “Have any DLP violations been detected in Zscaler logs?”
- “Are any users performing FTP file transfers in Zscaler logs?”
“Enriched by the extensive telemetry from Zscaler, the integration with SentinelOne significantly enhances the ability for SOC teams to leverage AI for threat hunting and complex investigations,” said Amit Raikar, Vice President, Technology Alliances and Business Development, Zscaler. “Together, we’re focused on helping customers strengthen their zero trust security in an increasingly complex risk environment, where closing gaps in hunting coverage with unprecedented speed and ease is more crucial than ever.”
Availability:
The expansion of SentinelOne’s Purple AI to third-party data sources is available immediately for all Purple AI customers. Multilingual support is now open for early access to existing SentinelOne customers with Purple AI.
Related Content:
