EPP-SentinelOne (EPP-S1) project

As part of our continued efforts to protect our people, data and systems against security threats regardless of location, the University, through an external partner (vendor), will make the SentinelOne (S1) next-generation anti-virus solution available to the University. S1 will provide next-generation autonomous defense capabilities. The solution’s deployment will be delivered in a phased project over about 18 months.

What is S1 next-generation anti-virus solution?

S1 is a next-generation anti-virus solution that detects and responds to cyber threats like malware and ransomware. S1 provides a lightweight single-agent approach with AI capabilities. The anti-virus software uses data from the device’s operating system to perform automated analysis using S1’s global cloud-based threat intelligence. This will enable quick detection of and response to attacks and device compromises.

Why S1 next-generation anti-virus?

  • One agent – does not require multiple modules to keep updated
  • Signature-less – no virus signatures, exploit signatures or engines to update
  • Cloud-based (more features and constantly improving)
  • Relatively simple to:
    • Setup core configuration in the console
    • Deploy
    • Update agent versions
    • Use the console
    • Handle incidence – good workflow
  • Has consistently passed MITRE attack (MITRE adversarial tactics, techniques and common knowledge) framework test without the need for special configurations

Scope & timeline

S1 offer will cover options for both managed and unmanaged endpoints in multiple phases. However, the roll-out will prioritize the onboarding of high-risk assets – assets that host or access sensitive data classified as level 3 or level 4nand assets that are part of critical infrastructure (e.g., active directory). Institutional budget will fund some S1 licenses for high-risk assets each year, while participating divisions will cover the cost of licenses once the quota for the year has been exhausted.

Outside of high-risk assets and budget permitting, participating divisions are encouraged to deploy S1 licenses to their environment as soon as feasible.

The University conducted a pilot as part of the overall project to establish the best model to configure, deploy and manage the solution across different units.

The project is estimated to end in Q4 of 2024.

EPP – S1 project timeline

Pilot: December 2022 to April 2023 Phase 2: September 2023 to April 2024 Phase 3: May to November 2024

S1 license distribution approach

Licenses would be distributed in the following order:

  • Server hosting level 3 or level 4 data or services considered as critical infrastructure
  • Laptops/desktops accessing level 3/level 4 data
  • All servers
  • All laptops
  • All desktops

For more information on license distribution, contact the project team.

How do units get on board?

Contact the project team listed in the support section for details on how to participate.