Galtec SentinelONE EDR Managed Service

The Galtec SentinelONE EDR Managed Service ensures comprehensive endpoint security for the entire device estate. This service deploys and maintains the award-winning SentinelONE EDR agent on all devices, equipped with the latest version and signatures for optimal protection. The SentinelONE EDR platform provides multiple layers of security, including AV signature-based scanning and advanced features:

  1. Static AI Pre-execution: Verifies file behaviour before execution, identifying and flagging any abnormal activities such as running scripts or unauthorised registry changes.

  2. Static AI Suspicious: Builds on the previous layer, escalating actions if running applications do not behave as expected.

  3. Post-Execution: Monitors application behaviour after user interactions to ensure proper functionality.

  4. Documents and Scripts: Scans macros and scripts in PowerShell to detect potential threats.

  5. Lateral Movement: Identifies and tracks threats attempting to move across the network.

  6. Anti-Exploitation and Fileless Protection: Neutralises zero-day threats and threats living in device memory without hash codes.

  7. Unwanted Applications: Thoroughly examines unsigned applications to detect potential security risks.

  8. Detect Interactive Threat: Offers real-time detection and response to threats, especially when someone is actively compromising a device in an office environment.

Key Service Provisions:

  1. Coverage: Galtec will ship all newly built devices with the security product deployed. In scenarios where an on premise server is available, frequent scans will be carried out for new devices and where detected the security product will be automatically deployed. In scenarios where no on premise services are available, Customer is required to alert Galtec to any new devices added to the network so the security product can be installed by the Service Desk.

  2. Scheduled Device Updates: To ensure optimal protection, Customer is required to power on devices at least once per week for up to 2 hours. During this time, necessary updates will be run into the devices, enhancing their security posture. Updated signatures will be applied frequently through each day of the week.

  3. Device Notification and Monitoring: Customer must promptly notify Galtec whenever new devices are added to the estate. This enables Galtec to efficiently add the security product and extend protection to the newly added devices. Our monitoring system continuously tracks the status and health of the security product on all devices. Where an issue is identified, a Service Desk ticket is automatically raised for an engineer to resolve, ensuring adherence to security policies and standards.

  4. Comprehensive Incident Response Plans: Galtec's incident response plans are fully inclusive of the Galtec service. In the event of attacks, the service aims to identify and neutralise threats wherever possible and rebuild the affected environment to restore normal operations once the threat is neutralised.

  5. Forensic Investigation Exclusions: While Galtec's incident response plans are robust, it's important to note that detailed forensic investigation is not included within the agreement. In cases where Galtec is unable to ascertain the inception point of an attack, further auditing may be required. For this purpose, a third-party specialist may be engaged. Galtec cannot guarantee the identification of the inception point in all cases.