Turn Every Mac Into an Impenetrable Target

Alright. Let’s get going just to be punctual. Hello, everybody. Thank you for joining us today. I know many of us have heard that Apple devices are secure by default. They don’t really need any security software, and it’s it’s a pretty common myth. It’s it’s something I used to believe myself. And it’s not to say that Apple devices are not secure. They do come with Vault. They have gatekeeper. They have SIP protection, and they have all these things out of the box. But over the last few years, we have seen a few different vulnerabilities come out and exploits that, you know, kinda make you question that. Right? We saw a vulnerability where people could basically, execute malicious code on your device by sending you an image. So imagine you get a picture of a cat or you get a meme on your phone, and suddenly you’re you’re compromised. Right? We’ve seen notar notarization loopholes that when abused can make malicious apps, look legitimate. We’ve also seen some, CV show that you could use software installers to basically bypass and exploit SIP. And, really, what we’re seeing is that as Apple devices continue to grow and explode in in in the enterprise space, this also creates more surface area and a a bigger economic incentive for attackers to attack these devices. And so I don’t think this is gonna slow down anytime soon. I also think with, you know, generative AI, it becomes a little bit easier to script and attack these known vulnerabilities. And so that’s why today, we’re gonna be going over how you could start securing your devices and really keep these attackers at bay. My name is Joel Silano. I’m a senior product manager here at Atigee. I’m joined by Drew Sanford from sales Salesforce I mean, from SentinelOne. He’s a man of many talents. Drew is currently the director of solutions engineering at SentinelOne, and he has over two decades, in managing and securing endpoints. I think, you know, his dad gave him a keyboard from the moment he was able to type, and he’s basically been working in in IT ever since. So today, we’re gonna cover how Atigee and SentinelOne have partnered to bring you world class endpoint security to your Apple devices without the hassle. We’ll go over the core value of some seven zero one’s EDR and MDR solutions and some unique advantages you’ll unlock when you deploy it with Adity. So alright, Drew. Let’s, start from the top. Why do we need to do the EDR? What is it? Take us through that. Well, I one, I thank you for for having me here. I’m excited for this conversation and and where we go. So when we talk about EDR, right, I mean, inter endpoint detection and response when we really start looking at what’s there. If I look at the evolution of security that’s happened around the endpoint device, right, it started with all of us, you know, having AV companies that had AV software that was sitting there looking for things that we knew that were bad and basically saying, oh, this hopped up on a device. I need to stop it and giving you an alert that it was there and it was stopped by the tool. Well, the attacks have evolved so immensely, some of which, Joel, you were just talking about a second ago when we start really talking about what’s going on there. In changing what the information is that you need to know to identify an attacker and see what they’re doing, it’s not often always just an executable that gets downloaded through somebody’s email or something anymore that somebody may know that’s bad. I mean, when when a a file gets seen on a system nowadays, an attacker, by running one command, can change the what’s called the hash of the file. And all of a sudden, everything you thought you knew about that from a from a static detection standpoint, which is what a lot of AVs look at and what those pieces are, can change in seconds. And then no longer does it even look like what they think they’re seeing today. So the world’s changed. There’s a lot going on. When we really start talking about what’s happening, you know, you mentioned AI just a second ago, and what that has done to the threat space, it it is insane. Right? When we really start looking at it, no longer is it just built on, oh, a threat actor gets access to an environment. They do a bunch research. They look around inside the environment, and then they go, oh, I might be able to do something bad, and I have all this time to try to identify what they’re doing and what’s going on. Because AI is now involved, once it gets in there like, you can look at attacks like black matter or different things that have been going on during the space. Right? That once it gets access to an environment, all of a sudden, this AI engine is looking at everything that’s going on inside the environment, what’s happening within moments, able to determine where the weak spots are, what it is, and shift how it attacks based on what it finds. So it’s no longer just a static type of attack that happens. It’s evolving to see what’s going on inside the environment and what it finds. So we have to be able to respond at that same space. Then as we look at it, not only are we dealing with endpoints, we’re dealing with people. I mean, how many of you know that, you know, our biggest risk is people. Right? Every day. We do I’m sure many of you with your customers do anti phishing training, do security awareness training, all of that stuff to try to help evolve and level up your your users. Well, all those users are attached electronically into identities, whether that be their username, whether that be things they use out on the web for their email, for different pieces. But we have all this additional information that’s attached to that user. And when we look at attack types now, we don’t just need to know what is physically happening on the endpoint, but how is it interacting with that user’s identity and what’s happening because that now becomes part of the threat surface, part of the attack that can happen. And then lastly, as always happens, is we’re looking all this. Right? Just because there’s these new attacks, just because there’s all these new things, you don’t get to go to your to your leadership and to different people and go, hey. These new things are happening. I need fifty new people to help me do this. Right? We we you have to be able to scale and grow your ability and capabilities, but without necessarily doubling, tripling, quadrupling the number of people that you have inside it or that your customers have inside it. So it’s so key that we’re able to understand what’s really going on and what’s happening. So on the next slide, when we really kinda talk about what’s going on from a detection standpoint and what SentinelOne is. SentinelOne, we really start talking about the Apple ecosystem. Right? A lot of providers out there, they do a little bit with the Apple ecosystem. They’ve got the Windows ecosystem that they’re strong piece and and where all that fits. That’s not true for SentinelOne. One. SentinelOne has been engaged and working inside of the Apple ecosystem for well over ten years. Right? It it’s part of the core of what’s been part of our agent and what that is for years as we go through it. And and, really, as we kinda dig into some of the key elements of what we’re able to do inside that environment is, first of all, protect against malware. It’s really basic. It’s what’s been going on for years, but, you know, we can’t stop it because malware is still prolific. It’s still out there. It’s still the things that are that are driving a lot of, like, these basic attacks that are driving out to different pieces, and we have to just clear that noise off the table. Secondly, as I mentioned, we have to be able to see alerting from both the identities of the users as well as the endpoint. And SentinelOne is able to bring that down into one place where you’re able to see all that inside of a single alert, inside of a single incident as you’re looking at it and understand how the two are interacting with each other. The third piece is making sure that as we look at ransomware, we have to understand that it’s not static anymore. Like I mentioned, it’s also evolving through AI. So we have to look for types of attacks, model the attacks, have our own AI engine that’s inside of our agent that’s watching a lot of the activity that’s happening and allowing us to evolve with the attack so that the agent can see what’s happening, how it maybe move shifts right when it’s, instead of going right where we would always think it would go. Right? As it’s trying to get around the fences and look for what’s happening. The fourth thing is making sure that we arm with the ability both to hunt for additional data. Because when an incident happens, right, it’s not just what the first alert sees. It’s what else is going on. What else could have been compromised? What are the other pieces? But then also to really get deep visibility into what’s happening. If you think back to many of the tools, if I go back five, six, seven years in kind of the endpoint space of protection, one of the real gaps that had is you would get an alert saying, hey. We saw this, and we stopped it. But if I was to ask you, okay. Well, how did that get up there? How did it get on the machine? Or what happened? You couldn’t really answer that question. All you knew was this specific file or this specific attack was launched, and it was stopped by your AV tool or whatever, and you should trust and be happy that you’re good. Well, the truth is that doesn’t work anymore. Right? When an attacker gets inside of an environment, it it’s gonna look for a place to hide. It’s gonna look for a place to launch its attacks that you maybe won’t attribute back to where it came from. You’ve got to be able to get a lot more telemetry, a lot more understanding to what’s happening inside your environment. Are there machines that are exposed? And maybe the attack is coming from one of those, but you’re seeing the attack on another machine. Right? How’s it laterally moving across the network and what’s happening? All of that is so critical. You can’t just get one piece of information and think you’re done. And then lastly, you have to be able to get real time updates on what’s happening in the world. We call it you know, whether that’s OSINT, which is open source data about the different types of new attacks that are happening inside the environment, whether that’s from SentinelOne as we look across the millions and millions of endpoints that we globally support. What are the new attacks that we’re seeing, and what’s happening, and how are we enriching our agent and our partners to know about the new things and what’s happening. All of that is key and so critical to who we at SentinelOne are as we work on that. Now when we look at what the capabilities are and what happens, just to bring it down, a few things, and I’m gonna work from bottom right to top left. The first one is to be able to respond from an automatic standpoint here. How do I use the tool to be able to identify threats and be able to then kick off response actions right there? Maybe that response action is disconnecting a machine that we know that is at risk. Excuse me. Maybe it’s, going in and remediating a threat. So we’ve seen that an attack has gotten on a machine. Maybe it’s written things into the system to be able to cause an attack to restart every time a machine is rebooted or something like that. But being able to automatically remediate, pull those things back out through what’s there, in many cases, with a single click right through the tooling to be able to correlate multiple attacks. If I look at telemetry inside of an environment when it’s being attacked, it’s thousands and thousands of different things that are shooting off all the time that could be related to it. How do you know that these things are related and are similar attacks and caused by the same thing? Well, our tooling from a set of one standpoint allows us to pull all of those different pieces, all those different detections that we see back into one story, into one story line that helps you see from the beginning when an attacker got into an environment all the way through to today when we’re stopping it or taking action or what that is to be able to understand the full scope of that activity. This is one of the reasons that we have so many incident response providers that also use our tooling because they get that same visibility that we’re looking to give you also in their environment that becomes so critical to them discovering what’s happening on a network, how is the threat actor attacking it. And then lastly, being able to fully remediate in one environment. This takes a couple of different forms. On all of our platforms, on all of our endpoints, you can click and remediate all those things. So if a piece of if an attack puts a specific piece of code into your system that could cause damage later, it’s gonna be able to identify that and pull that code back out and replace it. And then if any of you are supporting Windows devices beyond the Apple devices, we also have what we call the rollback feature that actually takes a snapshot of files and actually brings any replaced or damaged files in a ransomware attack back to normality without having to go to your backup tools. That doesn’t mean don’t that doesn’t mean don’t have your backup tools. I’m a say that right now. Never get rid of your backup tools, but it’s an excellent tool, especially in a Windows environment, to quickly, with a single click, if you have a user that’s remote or something like that, to get them back and working, get their files back in their hand based on what that is. So there’s a lot to this environment of EDR that goes so much beyond what the traditional thought is on endpoint detection, and where those pieces are. Thank you, Drew. Yeah. I you know, I was so impressed by how fast it actually works too. You know, I we did a few tests on our side where we deployed, like, you know, fake threads to the device, and within the same millisecond, it’s able to pick these up, and you get the full audit trail back in the dashboard. Very cool stuff. As part of the offering here, we saw that you guys also, provide MDR. We’d like to maybe talk about the benefits of MDR as well. Yeah. So when you talk about MDR, let me first talk about what it is. Right? So manage detection and response. EDR is tooling. Right? It’s a product. It’s the it’s the software that we put on to detect, to see what’s going on. MDR is about a team. It’s about our team that’s able to work with you to actually help manage the tool. Right? So that as you’re looking at it you know, we see a lot of problems all the time when we’re talking to managed service providers who are supporting your customers, who are working through that day in and day out. Many of you are very focused on a critical thing, which is uptime of your customers. Right? How do you keep your endpoints patched? How do you keep them running? How do you make sure that that executive who use who’s using the system is able to keep using that system day in and day out with no impact to their operation. Right? And then you now layer on this thing called security. Right? You don’t necessarily get additional people again to help you do that, but you now have to deal with all these attacks and what they look like. So we built this MDR offering. And it’s basic we we call our team the vigilance team that actually works with that to to support the environment and see it. And we really are about solving a few problems for you. The first one is the skills and knowledge gap. Right? So not only do you have all this additional work that has to be done to really be able see it, but, also, there’s all this learning. When we look at the thousands of different types of attacks that are happening every day, all the changes, the attackers who are out there and this is one of the things I always like to point out is when you look at the attack community, the threat community that’s out there, you know, you kinda get this old picture in your head of the kid sitting in his garage who’s doing the attack. Right? And we’ve all we’ve all thought that through. Well, that’s not the case anymore. Right? Threat attacks and that whole process is very much big business today. It’s worth billions and billions of dollars. The teams that are doing the attacks, whether they be located in the US, whether they be located in Russia, whether they be located other places around the world on where that is, are well resourced, well funded teams that build operational playbooks just like you would for your business. So you may have an operational playbook that tells you that, well, when this thing happens bad on this computer and I need to go through it, here’s what my team does to resolve the problem of where it looks like. Well, guess what? The threat actors have those same things. When they get into a into a Mac or into some other device that they’re going to attack and walk through it, they have playbooks that walk them through. Do you see this on the machine? Do you see that on the machine? If not, then do this. Do that. And they’re able to do that. And then you add AI on that, and they’re able to do that at machine speeds. Right? So the pace of change is just moving quickly, but it’s professional. It’s not just a a fly by night joke. It’s it’s professional teams that are doing that. So the knowledge gap becomes so important, and what we’re able to do is partner with you to bring professional teams. The average analyst on our team has over five and a half years of security experience on what they’re doing, really being able to drive in and look at alerts and analyze that. So we’re able to work through those alerts and really see what’s happened. We’re able to help you solve your time and resource gap. We’re working twenty four hours a day, seven days a week. You may not be. But guess what the threat actors are. Right? So they’re always looking for when your downtime is to do the attack so you’re not watching. Right? Well, we don’t have a downtime. We’re working twenty four hours, seven days a week, making sure we’re eyes on to see what’s happening, watching all of those alerts that are coming in, and then doing a few things, making decisions on how bad they are, taking action on your devices to help stop those attacks or or put blocks in place to buy time while we reach out to you if we need your assistance. Whatever those things are, we’re there to be that resource. We don’t and you don’t have to worry about, well, hey. Joe, who was my engineer, left, and now I’ve gotta bring somebody else in and train him. We’re handling all that on the back end for you and then working with you to educate you and understand what’s happening. And then lastly, we’re there to also help the fatigue. You know this from ticket management, from things like that that you do from your customers. Fatigue is a real thing, and you add security alerting on top of that, and it’s just another layer of noise that comes in. We’re able inside of our environment to build automation, build all sorts of things to take all the alerting and help our teams be able to handle that without the fatigue and be able to be able to bring back to you just those things that are so critical. So if we really talk about on the next slide, right, what how this really works. What does this really look like? Right? So when a threat is detected, if I start on the left hand side, our team gets notification of that. So the tool goes through the EDR tool, like we talked about earlier, does all those things that I talked about in the first part. You know, it’s able to see what’s happening. It’s able to stop a lot of the attacks. It’s able to bring, bring all of that down to an alert that some action was taken on maybe further is needed. Right? Well, our team jumps in. We look at those alerts. We deep dive into them. We do all that hunting. We look at the additional data that’s available to us. We try to understand exactly what’s happening inside your environment. Now we’re gonna do a few things out of that. If we determine, for instance, that it’s a false positive, we actually have one of the lowest noise environments according to MITRE that’s out there on all the testing and where that is. But that doesn’t mean that false positives don’t happen. Well, guess what? Our team is, again, able to take a lot of that noise off your plate. So we’re able to determine, in many cases, that it is and help tune the environment better so that maybe that doesn’t trigger a false positive again in the future. If it’s a real attack, we’re able to look at that. We’re able to take further action beyond just what the tool does and then drive awareness into you. So maybe we see, we block things, we take action, but now you need to communicate to your end customer what’s happened. Or maybe we need some more information about your end customer’s environment. We’re gonna raise through an email, through a phone call, depending on the severity and what’s happening to your team, letting you know what’s happening, letting you know the questions we have so we can take further action and assist you. And if we need you to take any action on behalf of your customer, to be able to do that as well. But we’re gonna help guide that flow so that you know what’s going on at all times. You’re able to take action where in assistance of our team, but be able to do that in a guided and understanding manner. So that really helps drive it. Our average response time when we start looking at it, right, is is around thirty minutes when we start looking at many of these attacks and what’s happening. Now the tool’s acting immediately. This is humans actually coming out before we then respond to you and bring you what’s there and more deeper understanding of where they are. So let me give you a real kind of life example of this just to help you visualize the value and what it looks like. So on the next slide, when we really dig in and understand what’s here, this is an example of a large end customer that had an attack, right, and what the MDR team, our vigilance team, was able to do. So everything from storyline to preventative, if we move from left to right, is the tooling. So you can see on the storyline the amount of telemetry that was collected around this specific attack, and this is a real life example in what happened. It generated one point one million suspicious types events that were sitting out there. The tool was able to bring that down to twenty one thousand real alert type things to know and then was able to take fifteen thousand different actions across this big environment to be able to help protect and do it. You can see down the, down there some of the specifics of this where it was able to actually mitigate thirty four specific types of attacks. It was able to deal with eleven hundred and eighty four Trojans that it uninstalled across this big environment where we see it. So that was where the tool went. Well, now after that was done, vigilance. So our MDR team looked at the remainder of what was there, the rest of those alerts, and really dug in and understand understood that there were, in this case, sixty two hundred additional actions that they needed to trigger and and walk through. It took them an average of seven point two minutes to do all this. So amazing when you start seeing it, but they were able to take these further actions to protect the environment. If you didn’t have the MDR team, right, that stuff that your team would have needed to know how to do to understand, to walk through, to make the decisions. Our team was able to do this for this specific customer and help protect that. And, ultimately, out of all that, across all these billions of piece of information, all of that, only thirty two specific alerts were were escalated to our partner to say, hey. We need some more information to take these additional steps. So you look at the amount of information, which is amazing because you have to have that to understand what’s happening. The amount of pieces then that were necessary. Right? So you’re not blind to the attack. You know what’s going on. But now what the MDR team was able to do to take the remainder of that piece and bring it down to a very small number of specific questions and actions that they needed the the partner to take on behalf of their customer to really do that. And you could really see then the value of what this means. So this is a large customer. If was a small customer, these numbers might be, you know, might be divide by ten. Right? It might be, you know, smaller numbers when you see that. But the truth in the scale is still real when you start looking at the work and the items that really have to be done, and where they are. Beautiful. Thanks, Drew. I I feel like this is gonna help a lot of admins sleep at night once they have that, fully rolled out. I’m a I’m a throw a little bit of a hardball question at you. There’s a lot of security tools out there. Right? So why should, we be using SentinelOne? Yeah. So I’ll I’ll say this. First of all, my first experience with SentinelOne, actually started in two thousand fifteen. I I’ve only been working directly for the cup company for a little over a year and a half now. But I’ve been engaged with SentinelOne as tool and a product for over ten years when you really start seeing it. So I’ve seen it from its early days to where it is today. And I would say the same thing today I would have said ten years ago, which is SentinelOne is all about being able to broaden the understanding of the attacks that are happening, give you the right tooling to take the right steps to protect your customer in as easy and as simple a manner as possible that also supports your multitenant business. There’s a lot of tools out there that do a lot of great things. And first of all, one of the main places in the MSP space that they fall down is that the multitenancy is very lacking. And that adds step, time, and process overhead to any MSP who’s trying to use it across multiple customers. SentinelOne was built, you know, has been a multitenant for over ten years now when we really start looking at it. It’s a core piece of what the product is. Then when you build forward into the product, we’re on the cutting edge of how to use AI and build that. And we’re all about, first of all, augmenting your team and making sure that we’re taking load off of you, whether that be in how the tool is built to make things as easy to understand as possible and whether our MDR, our vigilance team then, being able to really augment that and take it a step beyond to really, again, take that noise off and do that. And I would say in the MSP space, my experience has been, I used to own an MSP. I didn’t mention that earlier. I owned an MSP for over twenty five years early on in my career. And when you really start going through it, right, this is something I I would have had in my MSP, from the beginning. Because anytime I can take load off my team, add expertise to my team, and focus my team on customer relationship and the other things that are so important and are so critical, I’m gonna find a way to do that. So, really, being able to do that, being able to bring our experts in to support you, being able to bring the noise down. Like I mentioned, in in all of the external testing that’s done, things that we’ve done with Gartner, things that we’ve done with MITRE, we’re one of the lowest noise platforms out there, which what that means is when we’re seeing attacks, we make you know, ten thousand different things happen inside of an environment. We’re gonna generate less alerts that are directed to specifically what you need to do than, than any other platform out there as we really start digging into it. From a, we have twenty four by seven coverage for you, which, again, is a gap for many small MSPs that are starting to work. You know, how do you staff the gap? Because, again, you can’t say I shut down at nine o’clock at night, and we’ll get back to it in the morning if the attacker is working from nine o’clock at night till six o’clock in the morning. Right? So you have to have eyes on or doing that and really about providing that peace of mind. And then lastly, our teams have been working with MSPs just like many of you for for over a decade. We understand your business, understand what it means to have to support an end customer, whether that be a small, medium business or a larger business, and we know how to speak your language. And that, again, is a it is a real time savings when you get into a conversation around a real threat. Wonderful. Thank you very much for that. Actually, the the multi tenants and multi tenant piece is a great segue into what I’m gonna talk about here, which is really how, Adigee and SentinelOne work together. Right? Or, you know, Atigi is built, you know, for multitenancy. It’s why MSPs, love using Atigi. But I’m gonna talk on three specific points, which I think are the core values of the Atigi and SentinelOne integration. The first being how easy it is to deploy SentinelOne. You really do save ninety percent of the time it would take if you were deploying it standalone. We’re gonna go into details on that. CV remediation. S one does a great job at doing the vulnerability scanning. And when you combine that with Adity’s prebuilt apps, you get a lot of value. And then the third thing is really just the combined value of SensorOne within the security suite and the different tools that you have in there. So jumping into that ease of deployment, I’m sure a lot of the people on this call know the pain of deploying security software on Apple devices. You have to get those MDM profiles out there, whether it’s a system extension, it’s a full disk access for PPPC or web content filters. You need to do this because if you don’t, what’s gonna happen is that you’re gonna push out the software. Your end user’s gonna get all these pop ups. Right? They might be in the middle of a call or a meeting. Now they’re annoyed. They’re gonna submit a ticket, or they might get scared. You know? Some of these pop ups do look pretty scary. They’re asking for access to, pieces of your device. And if you don’t know what it is, you’re probably gonna go ahead and close that pop up because you don’t wanna approve something that you’re not really sure of. And so when you don’t properly deploy those MDM profiles, the software just doesn’t work. It doesn’t have access to what it needs to do its job. And so that’s really just the first piece. The second part is the scripting components that come with pushing out something like SentinelOne. You do have to map it to these sites that requires a site token. If you’re an MSP and you have a lot of clients, that means managing and juggling a lot of different tokens. If you’re internal IT, you might have multiple departments, and you wanna put them in a different site to give them different policies. Right? And so the more site tokens you have, the more complex that script get, gets because you don’t want to, mix those up. So needless to say, the process could be cumbersome. It’s a prompt to errors. And if you don’t do it right and you don’t orchestrate it right, it leads to some upset users, and, ultimately, it leads to some upset admins alike. And so what we’ve been able to do with the Adigee and SentinelOne integration is basically automate that whole process for you. You don’t have to worry about building the software packages and juggling tokens. We’ll make sure that it gets assigned to the right site. You don’t have to worry about building those MDM profiles. All you really need to do is pick the policy or pick the device groups that you wanna push, SentinelOne out to, and then we’ll take care of the rest. We’ll make sure that the profiles are installed first so that the pop ups are mitigated, then we’ll install, SentinelOne silently for you so it has full access to everything it needs to really secure those Apple devices. And so what used to take potentially a few hours and it was very prone to issues, it can now already be done in a few seconds. Now the second thing I wanna talk about here is CV detection or mediation. Like you’ve seen and like you probably already know, SentinelOne does a fantastic job at detecting threats and scanning CVEs on third party software that you have deployed to your macOS devices. Like I mentioned earlier, like, we did a test. Within milliseconds, it was able to pick up the threat and mitigate it. And then within the Adity dashboard, you’re actually able to see that full audit trail and the threats that are being, remediated in real time. So you don’t you don’t even have to jump in between platforms. Now one of my favorite synergies between, SentinelOne and Atigee is how SentinelOne can, detect the CVEs, and then Atigee could automatically remediate those with Prebo apps. And so if you’re not familiar with Prebo apps, I think it went officially GA about three or four months ago, but it’s a catalog of third party software completely maintained by Atigee. And what it does is that it makes it easier for you to deploy and keep third party software up to date, at scale without you having to do any scripting or setting up any MDM profiles. It’s also really nice for when, you have those pieces of software that are constantly releasing new versions. You don’t have to go back and constantly rebuild that package, whenever there’s a new version. The one that comes to mind is, like, Google Chrome because it feels like they’re releasing a new version every week, and that one’s always a pretty tedious one. So, also, one of the other nice things about Prebo apps, just to throw it in there, is that it’ll also keep software up to date that you’re not explicitly deploying. And so if you’re allowing your end users to deploy, various browsers, but you’re not explicitly determining which one that is for them, you could set those to auto update. And so if a CVE is detected on those browsers, Atigee will keep it up to date for you as well. And so when you put this all together, you know, SentinelOne is gonna be constantly scanning that device. It’s gonna be reporting back the CVEs to you. And then Atigee, through its Prebo apps, is gonna be able to go ahead and remediate those CVEs, for you on the other side. And we actually have some historical dashboards in the platform that are gonna let you visualize that story. So at the end of the month or the end of the quarter, you’re gonna be able to go into that dashboard. You’ll see, hey. We had a hundred and sixty seven severe CVEs at the beginning of the month, and then you’re gonna just see that drop by eighty or a hundred percent because they got automatically remediated by Prebo apps. So that that makes it really easy for you to go back to your team and say, look. Here’s the value, they were providing. Or if you have clients, you know, when you do that quarterly review, you’re able to show them the value that you’re driving for their business. And lastly, because SentinelOne is a part of the security suite, you not only get access to all those amazing features that we’ve talked about today, but you also get access to the compliance benchmarks that we have in the platform for NIST, CIS, CMMC, DISA, both for macOS and iOS, and these benchmarks are fully customizable. So, I mean, if you look at I believe, like, NIST High has, like, two hundred plus controls that you could push out. If you push out every single one of those controls, you will turn your device into a paperweight. I know this because I’ve tried it. It’ll it’ll it’ll lock you out of your device. So you you probably don’t wanna do that, but what we let you do is that you could clone these benchmarks. You could pick the controls that you wanna use, almost using them like Lego pieces, and you could build a compliance benchmark that makes sense for your organization. You don’t have to write all the monitoring items. You don’t have to write all the remediation. You get all that stuff out of the box and super easy to use. Then once you’re deploying that compliance benchmark to those devices, you’re gonna get back that status. Are they passing yes or no? If you’re using intraconditional access, you also, can integrate with that. And so you’re gonna be able to send that status over and then determine if that user has access to various corporate, data depending on the compliance status of their device. And so another nice little tidbit there is that we do show that compliance status inside of the self-service component so the end user can see if they’re passing or failing. And if they’re failing, they’ll ask they’ll they’ll also be able to see why they’re failing, which is really nice because sometimes they could kinda go in there and remediate it themselves. And lastly, we also have the compliance dashboards as part of this. So this is just gonna give you a high level overview on how you’re doing in compliance, you know, what percentage of our devices are currently compliant across various benchmarks, and you’re gonna be able to break this out. Not only see, like, your whole organization, but you could break it out per policy, per department, per client, and you could create these individual reports. When you look at these, you’ll be able to see if your compliance is a hundred percent or if there’s some drift, and you’ll actually be able to see, like, what day that drift happened, you know, making it easy to go back and basically remediate that and secure your devices. And so when you combine the power of Addges, real time device management, compliance benchmarks, conditional access, and then SentinelOne’s powerful EDR and MDR solution, You know, managing and securing your devices goes from being this tedious, scary, and cumbersome task to really the seamless experience that enables you to sleep soundly and, you know, even if you’re managing thousands of, of devices. Right? So now, the team does have a quick poll out here. I think it went out. Yep. It looks like it’s live. So if you’re interested in learning more about how to secure your, environment with these solutions, we’re more than happy to jump on, give you a personal walk through, the security suite, SentinelOne, you know, just so it meets your exact organizational needs. And if you’re somebody who likes to tinker, personally like to tinker and try things out myself. If you have the owner permission inside of your Adity organization, on the left hand side on the navigation bar, you’re gonna see a security button. Press that. You’re gonna be able to start a fourteen day free trial security suite right now. You’re gonna be able to jump in there. You’ll be able to try the ease of deployment. You’ll just get the CVE scanning, and all the other goodies like MDR that we talked about today. So, feel free to try that out. You can do it right now. During this call, after this call, it doesn’t matter. Once you start tinkering in there, you could also reach out to us if you have any questions. We’ll be happy to answer those for you. So I think the poll is out. We’ll let that hang there for a minute or two, and then I’ll just jump in here and see if there’s any, q and a for us, Drew, that we could answer. Oh, there’s a question. It’s a good one. I actually answer a separate question that others might have. They’re currently using, s one through Pax eight, and they’re wondering if there’s a way to bring that over into the Adity integration today. The answer to that, unfortunately, is that there isn’t a clean way to do that today. If you talk to your account manager, they might have some processes, but it’s not something that we could do, super easily. And then, just on the Windows question, one question that we get a lot is if I deploy something on one via Atigee, can I deploy and enroll Windows devices? The answer to that is yes. Those, Windows devices won’t show inside of the Atigee’s, devices page, but if a threat does pop up on that Windows device, you would see it in the Atigee Threat dashboard. There’s a question here about how to move from, Threat down over to s one. That is, very possible. We could help you do that if that’s something you’re interested in doing. You know, I guess my recommendation would be, like, you know, try out the free trial. See if that’s something that fits for you. You know, I think you’ll you’ll love it personally, and then our team could help facilitate that whole process for you. Alright. Well, I think we could probably close out that that, poll now. Are you good there? Let me see if there’s anybody else here. Oh, there’s questions about pricing. The security suite is part of the it’s so the central one is part of the security suite. I believe that’s our product manager and not the sales guy, so forgive me on this. Think it starts at potentially eight, per agent, and it is per seat. Yeah. Yeah. Sorry, guys. I see that there’s a few questions on pricing. I could definitely just take a note here, and I’ll get the right person to reach out to you. I just don’t wanna, spew this information here live on the webinar. Sorry. Oh, do we have any other questions here? Alright, Drew. I don’t know. Do you have any closing remarks on this? I do see one additional question, it looks like, that Roger asked, and he said, we already use s one in their org. Would this integration remove the need to visit the s one console in managing threats on a Mac? So you why why don’t you speak to that first, Joel, and then I’ll I’ll add on if you want to. Yeah. In terms of, not having to go into the s one console, we do bring over the majority of the things that you would need to manage those Apple solutions. There might be some edge cases because we we’re not just gonna replicate the whole s one platform over in Atigee, but we do you know, the the eighty twenty is basically inside of Atigee. If you have admins that are only managing, your Apple devices and they have access to Atigee, they should be able to get most of the functionality that they need from s one. But you do have your stand alone s one account available to you at all times. If you wanted to jump in there and, you know, basically have access to every single, bell and whistle of s one, you do have access to that. Yeah. I I think and to add on that, I think what you’re gonna see is you look at it to what Joel’s saying. Right? A lot of the alerting, a lot of the information that you’re gonna see to track what’s happening, what’s going on, be able to look at some of the things, like the story lines and pieces you’ll be able to do there. As if you have an active incident that’s happening, you’re probably gonna find some use cases to dig in, be able to look at some of the deep visibility, some of the deeper things, maybe if you’re working with our vigilance team to dig in and understand deeper into an active incident that’s happening, there there will be reasons probably to jump into the full environment. But just on the day to day use cases of what’s there, you’re gonna be able to do a lot of that straight inside the Angi environment. Yep. Also, I didn’t see that question. It was in the chat. Thank you for catching that. Alright. Cool. Well, if we don’t have any questions, guys, you could always reach out to me personally at joy at adigee dot com in case you do have any questions as you begin to tinker and play around with this, or you could reach out to product adagi dot com as well. We’re we’re always happy to help you guys. If you’re already using this and you have feedback for us, please send that over. We’re constantly iterating on the integration. We’re always, you know, ears open, looking to improve the experience for everybody. So thank you everybody for joining today, and I hope you guys have a fantastic day. There’s actually a webinar tomorrow. If you’re an Atagy customer, there’s the league of champions. So please, tune into that, and I may see you there as well. Take care, everybody. Bye bye.