SentinelOne upgrades Purple AI with major platform links

Today

SentinelOne has announced the extension of its Purple AI security analyst capabilities to integrate with data from major third-party security products. The list of compatible products includes Zscaler Zero Trust Exchange, Palo Alto Networks Firewall, Okta, Proofpoint TAP, Fortinet FortiGate, and Microsoft Office 365.

This integration seeks to enhance security teams' threat hunting and investigation capabilities by utilising Purple AI's functionalities across both native SentinelOne data and third-party data sources, enabling faster and more comprehensive responses to threats.

The development is part of SentinelOne's strategy to leverage the Singularity Platform's data and AI capabilities, further increasing the speed and effectiveness of Purple AI in addressing complex cyber-attacks. Multilingual support has also been introduced for the security analyst platform, which now includes queries and summaries in languages such as Spanish, French, German, Italian, Dutch, Arabic, Japanese, Korean, Thai, Malay, Indonesian, alongside the existing English version.

Ely Kahn, Vice President of Product Management, Cloud Security, AI/ML and Core Platform at SentinelOne, highlighted the rapid growth and positive reception of Purple AI. "Purple AI has rapidly become SentinelOne's fastest-growing product, and customer uptake and feedback has been incredible. Far beyond just a great natural language querying mechanism, Purple AI is automating investigations, prioritising threats, and slashing response times from hours to mere minutes," he stated.

Kahn added, "By extending Purple AI's capabilities across both native and third-party data in Singularity, customers can rapidly stop even the most sophisticated attacks in their tracks, while gaining more value from the full security stack and their collective security data."

The integration allows joint customers of SentinelOne and Zscaler to access Zscaler Security Service Edge logs through an integration available on the Singularity Marketplace, enabling threat investigation using natural language queries.

Amit Raikar, Vice President of Technology Alliances and Business Development at Zscaler, commented, "Enriched by the extensive telemetry from Zscaler, the integration with SentinelOne significantly enhances the ability for SOC teams to leverage AI for threat hunting and complex investigations. Together, we're focused on helping customers strengthen their zero trust security in an increasingly complex risk environment, where closing gaps in hunting coverage with unprecedented speed and ease is more crucial than ever."

Challenges faced by security teams such as overwhelming alert volumes and multiple data sources, which often result in missed incidents and complicated investigations, are addressed by Purple AI through its adoption of the Open Cybersecurity Schema Framework. This framework normalises data upon ingestion, offering customers immediate access to queries, correlations, and context across various data sources for more efficient threat detection and response.

The integration and multilingual support are available to Purple AI customers, with existing SentinelOne users granted early access to the new language features. This expansion supports SentinelOne's broader goal of advancing cybersecurity through artificial intelligence-driven tools and platforms.

Share on: