SentinelOne today made generally available an expansion of the managed threat hunting service that is now capable of continually identifying issues in real-time.

The latest editions of the WatchTower and WatchTower Pro managed threat hunting services make greater use of machine learning algorithms to augment the SentinelOne cybersecurity teams that provide this service.

Brian Hussey, vice president for threat hunting, digital forensics and incident response for SentinelOne, said that capability makes it possible to extend the scope of the managed threat hunting service beyond the previous point-in-time services provided to identify threats.

In addition, SentinelOne is now also providing access to its in-house threat intelligence library, including behavioral hunting queries and indicators of compromise, to help organizations improve their overall cybersecurity posture.

As cyberattacks increase in both volume and sophistication, it’s now only a matter of time before organizations rely more on managed security services, said Hussey. Most organizations are not going to be able to collect enough telemetry data required to train artificial intelligence (AI) models that are needed to identify anomalous and suspicious behaviors. SentinelOne is also working toward integrating a generative Purple AI capability, currently in beta, across its entire portfolio, including managed security services.

Cybercriminals, meanwhile, are similarly embracing AI to launch more attacks faster. Many of those attacks will be based on zero-day vulnerabilities that have just been disclosed. As a result, the frequency at which those attacks are now being launched will require cybersecurity teams to rely more on AI to discover known and emergent threats to enable them to respond in real-time, noted Hussey. In effect, the amount of time defenders now have to discover threats before a breach ensues has been exponentially reduced, he added.

The update to the managed WatchTower services comes on the heels of plans to acquire PingSafe, a provider of a cloud-native application protection platform (CNAPP) that SentinelOne plans to add to enable it to address everything from penetration testing and cloud security posture management (CSPM) to vulnerability and secrets scanning. The ultimate goal is to provide a combination of platforms and services that organizations can use to holistically address cybersecurity.

Each organization will need to determine to what degree they will prefer to rely on managed security services and platforms they deploy and manage, but the one thing that is clear is the way cybersecurity is achieved and maintained is evolving. Instead of relying on a collection of disparate tools that organizations then have to integrate, organizations are finding cybersecurity generally improves when employing an integrated platform that can be easily extended by a provider of a managed cybersecurity service.

At the same time, the total cost of cybersecurity tends to decline as the number of tools currently being licensed is increasingly rationalized.

One way or another, the need to rely more on AI to ensure cybersecurity is going to force the platform and services conversation. The only thing that remains to be seen now is whether that discussion occurs before and after a major breach.