I have been working in technology sales for over 25 years, starting out as a sales rep carrying a bag and a quota. The industry landscape looks radically different today than it did early in my career, but one thing will forever remain unchanged. The organization you choose to work for is paramount to your happiness and long-term success.

SentinelOne is a global leader in AI-powered security. Our Singularity Platform detects, prevents, and responds to cyberattacks at machine speed, empowering organizations to secure endpoints, cloud workloads, containers, identities, and mobile and network-connected devices with speed, accuracy, and simplicity. Leading enterprises, including Fortune 10, Fortune 500, Global 2000 companies, and prominent governments trust us to Secure Tomorrow.

There’s never been a better time to join SentinelOne. We are looking for talented, experienced sales people to join our team who are hungry for a life-changing career opportunity. I am incredibly fired up about where we are going, and I’d like to share more about what makes SentinelOne so special. For me, it’s the PEOPLE, PLATFORM, PERFORMANCE, AND POTENTIAL at our company that makes this a great place to work.

The PEOPLE Are Behind the Magic at SentinelOne

It starts at the top. Our CEO, Tomer Weingarten, is a true visionary. We enjoy the full support of his strategic engagement as a customer-first leader. Since founding SentinelOne 11 years ago, Tomer has not slowed his relentless pursuit of what’s next in a competitive landscape that changes by the second.

I joined SentinelOne eight months ago and reinforced our strong sales leadership team by hiring proven leaders with growth at scale to guide our teams to their full potential. These industry-leading experts have the experience we need during this next stage of hypergrowth as we continue to enhance our GTM prowess – this includes expanding our partner ecosystem, rapidly evolving our speed to market and ongoing investment in sales specialists and support functions. Their fresh perspectives blended with the excellence, effort, and experience of our tenured Sentinels are the perfect recipe for sustained growth.

Autonomous vehicles have captured the imagination of humans for decades. There are few examples of fully autonomous vehicles available today, designed for limited commercial use, but there is international consensus on what fully autonomous vehicles are and the standards by which they are measured. Autonomous flight is also quickly becoming one of the most popular, and controversial topics in aviation, known as “continuous autopilot engagement”, where machine learning-based algorithms are handling all necessary flight tasks from engine start through full navigation, landing, and shutdown.

In every case, security and safety are paramount due to the potential of harm to life and limb; therefore, we see that automation in transportation usually starts with features that increase security and enhance safety. The goal, however, is to make travel inexpensive and accessible to everyone while increasing efficiency and lowering cost. Whether referring to it as autonomy or automation, the truth is that artificial intelligence (AI) is progressively making these seemingly science fiction-based notions a reality.

There are many parallels that can be drawn between autonomous driving cars and what can be referred to as the Autonomous Security Operations Center (ASOC). Although it is still quite far off, this blog takes a deep dive into the key characteristics that would make the ASOC a reality and what this could mean in accelerating autonomous security operations based on well-defined levels of autonomous driving (Level 0-5).

From Autonomous Vehicles to Autonomous SOC

In traditional travel, it is typical to see one driver for one vehicle and one pilot for one aircraft. The same goes for cybersecurity – there is typically one analyst for one investigation or incident. Nowadays, one driver can monitor many highly automated vehicles with no steering wheels and no brake pedals. A single pilot can control and monitor many aircrafts. Soon, the information security community will see one security analyst handling many concurrent investigations or incidents through the use of AI-powered tools and agents.

Here are the key characteristics apparent within each level of the SAE international standards of driving automation:

Apple and MLB today announced the August schedule for “Friday Night Baseball,” a weekly doubleheader available to Apple TV+ subscribers.

Three new games join Apple Arcade in August, including Temple Run: Legends and Vampire Survivors+.

SentinelOne recently launched Singularity Operations Center, the new unified console, to centralize workflows and accelerate detection, triage, and investigation for an efficient and seamless analyst experience. This pivotal update includes integrated navigation to improve workflows and new and enhanced capabilities such as unified alerts management. Providing a deeper look into the Operations Center, this blog post focuses on how unified alert management enables faster and more comprehensive investigations for today’s security teams.

Accelerate Investigation with Centralized Alerts

Traditionally, security analysts must deploy multiple security tools to protect their organizations. Each individual tool manages alerts differently in addition to disconnected workflows among the tools themselves. With this approach, analysts are unable to correlate alerts across disparate solutions. This fragmented approach complicates the triage process, leading to an increased mean time to respond (MTTR) and potential oversight during an investigation.

To combat these challenges, SentinelOne developed the unified console to provide broader visibility and management across the security ecosystem. The Operations Center empowers teams to consolidate and centralize all security alerts into a single cohesive queue, including those from SentinelOne native solutions and industry-leading partners. This approach eliminates the need to pivot among disconnected consoles and work within disjointed workflows, providing seamless SOC workflows and facilitating rapid response to threats.

Use Case | Investigating a Lockbit Ransomware Infection

Engineered for speed and efficiency, LockBit is an advanced and pervasive ransomware strain. It leverages sophisticated encryption algorithms to rapidly lock down critical data within targeted networks. LockBit employs double extortion techniques, where attackers exfiltrate sensitive data before encryption and threaten to publish it on dedicated leak sites if their demands are unmet. It operates under a Ransomware-as-a-Service (RaaS) model, enabling affiliates to deploy the malware in exchange for a portion of ransom proceeds. Its attack vectors often include exploitation of vulnerabilities, phishing, and lateral movement within compromised networks, making it a versatile and potent threat. Continuous updates and modular capabilities allow LockBit to bypass traditional security measures, emphasizing the need for advanced detection and response strategies in defending against this threat.

Let’s explore how to investigate a LockBit infection in the Singularity Operations Center. After logging into the console, the Overview Dashboard provides a broad view of security alerts and related assets. There are multiple open alerts, ten of which are of high or critical severity. From the numerous open alerts, this example will focus on the critical alerts.

The Good | International Joint Operation Takes Down Over 600 IP Addresses Abusing Cobalt Strike Tool

Hundreds of IP addresses abusing Cobalt Strike have been shut down in a joint effort involving law enforcement across several nations. Codenamed “Morpheus”, the joint operation resulted in flagging 690 IP addresses and domains used to infiltrate victim networks. So far, 593 of them have been taken offline.

The servers flagged in Operation Morpheus used old, unlicensed versions of Cobalt Strike – a popular penetration testing tool used by red teams to simulate cyberattacks in order to evaluate the security posture of a network. Over the years, cracked, stolen, or reverse-engineered versions of the tool have made their way into the hands of malicious actors, enabling them to carry out a host of complex and damaging attacks.

Although the tool is legitimate and designed for threat emulation exercises and supporting offensive security operations, Cobalt Strike continues to be a double-edged sword being widely exploited and gaining a reputation on the dark web as a ‘go-to’ network intrusion tool. Illicit versions of Cobalt Strike, often accompanied by free training guides and tutorial videos, have lowered the barrier for entry into cybercrime, allowing criminals with limited funds or technical expertise to launch sophisticated attacks.

The success of Operation Morpheus is the result of collaboration between the United Kingdom’s National Crime Agency, authorities from Australia, Canada, Germany, the Netherlands, Poland, the United States, and various industry partners providing analytical and forensic support.

While acting as a virtual command post for the three-year-long operation, Europol confirmed that over 730 pieces of cyber threat intelligence and close to 1.2 million IoCs were shared between all participating parties. International disruptions like Operation Morpheus are critically effective in removing the tools and services that underpin cybercriminal infrastructure online.

When combined with the €1.5 billion investment from AustralianSuper in September 2023, Vantage has raked in a whopping $11 billion in new investment over the past nine months.

Beyond simply allowing for effective cooling of next-generation computing chips, this technology comes with a host of other benefits.

Traditional markets have to shift. Since primary markets are arguably at full capacity, the industry is pushing toward secondary and tertiary markets.

Network-attached storage devices like NetApp contain volumes of data which are vital to business operations. With broad access available to so many users, protecting NetApp storage from malware is critical to operational stability and integrity. Organizations worldwide face increasingly sophisticated threat actors. AI-powered threat detection can level the playing field, protect business data, and stop attacks before they begin. With Threat Detection for NetApp, SentinelOne brings proven AI-powered malware protection to NetApp storage.

The Challenge

Legacy AV solutions have long dominated storage security for NetApp. However, security innovation has not kept pace with other sectors like EDR and cloud security, even as threat actors have rapidly evolved. Modern threats from hackers for hire or state-sponsored threat actors easily evade signature-based legacy antivirus. Yes, signatures are useful for identifying known or commodity malware, but they are incapable of detecting novel malware.

Beyond ease of evasion, signatures can create administrative nightmares. Storage security admins can become bogged down in a relentless spiral, making sure their blocklists are always updated with the latest signatures.

Another challenging factor is broad access to the data stored on NetApp arrays. Businesses rely upon ready access to this data to function. Considering the wide access, and the ease with which malicious files can evade signature-based detection, one can readily appreciate how securing the NetApp storage is vital to business continuity.

In addition to business continuity and brand reputation, an additional concern is regulatory compliance. While exact compliance details vary by framework, organizations in various industries are often required to regularly scan their network attached storage for malware. Although regulatory frameworks generally do not specify how this is accomplished, more forward thinking frameworks such as GDPR do stipulate that organizations follow the principle of “data protection by design and by default,” and that data protection measures take into account the technological “state of the art.”

Today, Apple Vision Pro arrived in Apple Store locations across China mainland, Hong Kong, Japan, and Singapore.

Stream Data Centers recently announced its ground breaking of a new 135-acre hyperscale campus in San Antonio, Texas. 

At the PROPEL Center Arts & Entertainment Industry Accelerator, HBCU students prepped for careers with hands-on experiences and mentorship.

Apple Diagnostics for Self Service Repair is now available in 32 European countries, including the U.K., France, Germany, and the Netherlands.

Last week, PinnacleOne revealed three emerging threats to the “deep tech” venture ecosystem underpinning western technological and strategic advantage.

This week, we draw executive attention to the flashpoint risk of war between Israel and Hezbollah, which would change the security environment for most civilians in Israel, disrupt trade in the eastern Mediterranean and potentially pull larger powers into a regional conflict.

Please subscribe to read future issues — and forward this newsletter to interested colleagues.

Contact us directly with any comments or questions: This email address is being protected from spambots. You need JavaScript enabled to view it.

Insight Focus | Flashpoint in Focus: Israel-Hezbollah

The simmering standoff between Hezbollah and Israel is close to boiling over as each side escalates political rhetoric, increases cross-border strikes, and moves military forces into battle positions.

Protecting mission-critical operations means having the right tools in place. Visitor management systems offer an enhanced solution for organizations to leverage when trying to achieve that goal.

As data centers see increasing demand, organizations must navigate a new set of issues when planning new buildouts and expansions.

Apple’s first retail location in Malaysia opened today in the heart of Kuala Lumpur’s new Tun Razak Exchange (TRX) central business district.

The Good | Dark Marketplace Operators Face Life Sentences for $430 Million in Illicit Transactions

Two operators of Empire Market, a dark marketplace worth over $430 million in illicit profit, were officially charged this week. Running the marketplace from February 2018 to August 2020, Thomas Pavey (aka “Dopenugget”) and Raheim Hamilton (aka “Sydney” and “Zero Angel”) allegedly facilitated over 4 million transactions involving malware, stolen data, hard drugs, and counterfeit money, using cryptocurrencies like Monero, Litecoin, and Bitcoin.

Before going offline in 2020, thousands of users filtered through Empire Market, their illegal transactions obfuscated through a combination of cryptocurrency and tumbling services in order to evade law enforcement. Pavey and Hamilton profited by retaining portions of the cryptocurrency transactions to compensate themselves and their team of moderators. The DoJ indictment revealed that Pavey and Hamilton had been involved in selling counterfeit currency on another dark marketplace called AlphaBay prior to operating Empire Market.

Now, the men face five charges: conspiracy to sell counterfeit currency on AlphaBay, conspiracy to distribute controlled substances via Empire Market, conspiracy to possess unauthorized access devices, conspiracy to sell counterfeit currency on Empire Market, and conspiracy to launder money to conceal proceeds from illegal activities. Conviction on all counts could result in life imprisonment for the two operators, especially due to the severe penalties linked with drug trafficking.

Stolen data that ends up on dark marketplaces can provide unauthorized access leading to cyberattacks, fraudulent activity, data breaches, and more. Having a comprehensive security solution focused on machine-speed threat detection and advanced analytics can help protect digital identities and sensitive user information from being exfiltrated and sold online.

The Bad | Network Security Zero-Day Flaws Targeted by China-Nexus APT for Cyber Espionage Campaigns

A Chinese-linked threat actor tracked as UNC3886 has been exploiting a combination of zero-day vulnerabilities in Fortinet, Ivanti, and VMware devices to gain and maintain access to compromised systems. Latest findings from cyber researchers detail how this espionage-focused actor employs multiple persistence mechanisms across network devices, hypervisors, and virtual machines (VMs) to ensure continuous access even if initial compromises are detected and removed.

Today, Apple released Final Cut Pro for iPad 2, transforming iPad into an even more powerful production studio, and Final Cut Pro for Mac 10.8.