SentinelOne,†the†autonomous endpoint protection company, released the†S1 Mobile Admin†app, its first-ever mobile application enabling management of the SentinelOne platform directly from the convenience of iOS and Android devices. SentinelOne’s S1 Mobile Admin app allows authorized administrators to view active endpoint threats detected via SentinelOne’s agent, disconnect compromised endpoints and gather advanced threat information directly from their mobile device to be reported back to enterprise SOC teams.
“Response time to understanding a network threat often makes the difference between problem solved and disaster,” said Chris Goodman, Director of Technical Integrations & Alliances, SentinelOne. “With the release of the S1 Mobile Admin app, we are providing an EPP and EDR platform capable of autonomously containing malicious threats and reporting critical threat information with the ease and mobility of a handheld device, enabling security teams and system administrators to further eliminate the time and cost constraints of workstation-bound threat management.”
With S1 Mobile Admin, call numbers of compromised endpoints correspond with the app’s dashboard so administrators can pinpoint exactly which network devices are experiencing malicious activity. Administrators can then pivot to the app’s Recorded Future integration to view the risk score of the identified threat, along with detailed threat information including machine details, IP address, user login, domain and whether the machine has disk encryption or not. Upon gathering this critical information, administrators can easily transfer back to the app itself, click on the compromised device and disconnect the machine from the environment, containing the threat.
Along with the entirety of threat information gathered, administrators can easily pass content hash, file path, and information on whether the device was disconnected or not back to SOC teams via a Slack channel directly from their mobile device for further action.
In order to alleviate security concerns throughout S1 Mobile Admin use, the app has been equipped with a timeout feature with cache and credentials being cleared upon timeout. In addition, a password matching the authorized administrator’s password to access the SentinelOne console is required, and if authorized users close their mobile device the app automatically closes and again requires a password to re-open.