SentinelOne launches Purple AI Athena to boost SOC automation
SentinelOne has announced the introduction of new agentic artificial intelligence capabilities as part of its latest Purple AI Athena release.
The release of Purple AI Athena introduces features aimed at automating and accelerating security operations tasks that are typically undertaken by Security Operations Centre (SOC) analysts, including the triaging, investigation, and remediation of security threats.
These capabilities are designed to support increasingly overstretched security operations teams by reducing the mean time to respond (MTTR) and mitigating alert fatigue.
According to the details disclosed, Purple AI Athena leverages AI that mimics the iterative thinking processes and deductive reasoning of experienced SOC analysts.
The underlying system utilises SentinelOne's security models and agentic framework to execute investigations on suspicious activities across multiple data sources. Orchestrating multi-step response actions, it aims to remediate threats in a matter of seconds, contrasting with more traditional approaches that can require hours.
The AI is reported to be fine-tuned through an advanced combination of neural networks working across trillions of security-relevant data points.
This architecture is bolstered by a global network of security professionals who provide continuous feedback, resulting in what SentinelOne describes as a scalable approach to autonomous security operations. The platform's Auto Triage feature applies deep security reasoning to conduct similarity analysis on alerts, identifying and prioritising those more likely to be true positives. Auto Triage is stated as being made generally available with the new release.
The Purple AI Athena release also features full-loop remediation and response, powered by what the company refers to as Singularity Hyperautomation. The agentic AI system within Purple AI employs no-code workflow capabilities, automatically creating detection rules and transforming insights from investigations into autonomous processes. It provides security teams with result summaries and prompts analysts to convert tasks and insights into reusable automation workflows. These workflows reportedly enable the system to investigate and resolve alerts, learning and improving remediation actions over time.
This move is intended to move beyond basic, rules-based automation in security operations, facilitating more comprehensive and orchestrated responses to threats.
Another significant component of the announcement is the data-agnostic integration feature.
With this release, security operations teams can directly use Purple AI with third-party Security Information and Event Management (SIEM) systems and security data lakes without the need for data migration.
Alerts are ingested and correlated in real time, after which Purple AI applies streaming analytics and remediation actions. This is intended to enable organisations to avoid incurring additional costs or delays due to data transfers or integration steps, providing immediate access to advanced AI-driven security operations across diverse environments.
SentinelOne states that Purple AI's development has benefited from broad adoption in production environments since its initial unveiling in 2023. The company's proprietary sensor architecture is described as supporting granular, customer-specific tuning of data collected from endpoints and cloud workloads.
This data is processed within SentinelOne's AI-powered SIEM, and the resulting dataset is continuously refined via feedback from SentinelOne's Managed Detection and Response (MDR) team and global partners.
The Purple AI Athena release includes expanded agentic AI capabilities such as AI-powered data integrations, automated threat hunting and detection, auto-triage and investigations, rule creation for new detection scenarios, automated response and reporting, and AI-powered support functions.
Tomer Weingarten, Co-Founder and Chief Executive Officer of SentinelOne, commented, "AI and automation have long held the promise of fundamentally transforming security operations and supercharging analysts to detect and respond – at machine speed – to threats from even the most sophisticated nation state adversaries and cyber criminals. At RSA, we're revealing the industry's first true end-to-end agentic AI cybersecurity platform built on over a decade of security expertise – and we're bringing it to all security data in the modern SOC."
He added, "By delivering agentic AI automation and orchestration capable of reasoning and responding like an advanced security analyst, we believe humans get empowered even more as they assume supervision of these systems - an important role that will also shape the coming generation of security service providers."
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
23-05-2025
- Techday NZ
Siemens to acquire Excellicon to expand EDA software portfolio
Siemens has signed an agreement to acquire Excellicon, a supplier of software for timing constraint management in integrated circuit (IC) design, to enhance its electronic design automation (EDA) portfolio. The acquisition will see Excellicon's suite integrated into Siemens' EDA software offerings, with the aim of supporting System-on-a-Chip (SoC) designers in accelerating design closure and improving both functional and structural constraint correctness during the IC design process. Siemens announced that the addition of Excellicon's products will facilitate new approaches for implementation and verification flows, providing designers with capabilities to optimise power, performance and area (PPA), while addressing challenges in present workflows. The ongoing evolution of SoC design, driven by increasing design complexity, demands advanced timing constraints management across the development process to ensure products meet power, performance, area, and time-to-market targets. Siemens underscored the significance of this requirement in the context of modern semiconductor design. Mike Ellow, Chief Executive Officer, Siemens EDA, Siemens Digital Industries Software, commented on the planned acquisition, stating: "Effective timing constraints management is crucial for the overall success of semiconductor system-on-chip designs. Excellicon's constraint verification and management solution complements Siemens' existing EDA offerings and expands our portfolio into key market segments in flows with the Questa, Tessent, Aprisa and PowerPro products." Excellicon's tools are designed to cover the entire timing constraints spectrum, from authoring and compiling to verification, formal validation and management, using a multi-mode approach. This approach is intended to bridge the gap between early design concepts and their physical implementation, providing insights into partitioning for optimal floorplans and timing. Siemens expects that the integration of Excellicon's technology will reinforce both implementation and verification stages in existing EDA workflows. Himanshu Bhatnagar, Chief Executive Officer of Excellicon, commented on the agreement, saying: "We are delighted to join Siemens and bring our knowledge and expertise in timing constraints management to the wider Siemens EDA community. Together, we'll be able to provide better process coverage and enable our customers to deliver robust innovation to market more quickly and overcome the ever-growing complexity challenges facing the IC industry." Excellicon, founded in 2009 and based in Laguna Hills, United States, specialises in developing tools to support timing constraints in digital design and verification workflows. The company has established a reputation for its solutions across the IC industry. The terms of the acquisition were not disclosed. Siemens indicated that completion of the transaction is expected within a few weeks. Siemens Digital Industries Software provides software, hardware and services through its Xcelerator business platform. The division supports digital transformation initiatives across diverse sectors and offers tools that help organisations optimise design, engineering and manufacturing processes from the chip level through to complete systems.
Techday NZ
22-05-2025
- Techday NZ
Survey reveals gap between threat intelligence & execution
A new survey has highlighted a disconnect between the importance organisations place on threat intelligence and their ability to implement it effectively. The research, conducted by Cyware, collected responses from 100 cybersecurity executives and professionals working across enterprises, government agencies, and service providers. Nearly all respondents (92%) described operationalising threat intelligence as either "absolutely crucial" or "very important" in their organisations' efforts to combat cyber threats. Despite this consensus, only 13% of those surveyed reported satisfaction with their automation between cyber threat intelligence (CTI) and security operations (SecOps) tools. The survey also found that nearly 40% of participants experienced difficulty coordinating data between critical security systems such as Threat Intelligence Platforms (TIPs), Security Information and Event Management (SIEM) tools, and vulnerability management platforms. Speaking on the findings, Anuj Goel, Co-founder and Chief Executive Officer of Cyware, stated: "The RSAC survey data reveals a serious gap between that belief and the operational reality. Threat intelligence isn't just about collecting data - it's about connecting people, processes, and platforms to act on it. These findings reinforce the need for more unified, automated, and collaborative approaches to security operations." Internal collaboration and automation maturity were flagged as key areas where organisations fall short. Although almost all those surveyed regard threat intelligence sharing as fundamental, only a small proportion felt their automation systems worked well in practice. Artificial intelligence (AI) is seen as a promising area for improving threat intelligence processes, with 78% of respondents believing AI will enhance threat intel sharing within their organisations. However, only 43% reported that AI has already made a meaningful impact, pointing to difficulties in implementing AI solutions and integrating them into existing security processes. The Cyware survey also drew attention to the timeliness of threat intelligence sharing. Only 17% of teams said they disseminate threat intelligence among key roles — such as SecOps, incident response, and vulnerability management - in real time, while another 25% do so on a daily basis. At the same time, 22% indicated that information is shared infrequently or not at all, raising questions about internal communication and responsiveness to emerging threats. External collaboration with industry peers for the purpose of improving threat intelligence is another area identified for additional growth. According to the survey, while 57% of respondents claimed that their organisation collaborates with other companies in their sector, a significant 30% were unsure if this kind of peer cooperation even exists at their workplace. Automation challenges remain evident, with more than half (56%) of survey participants reporting significant or moderate obstacles in automating workflows across CTI and SecOps teams. This suggests that technical, procedural, or organisational hurdles are hampering efforts to scale effective threat intelligence practices. Additionally, participation in Information Sharing and Analysis Centres (ISACs) or similar organisations is relatively low. Only 18% confirmed their organisation is involved with such groups, while 45% were unaware of any such participation. The lack of engagement or awareness about ISACs could be limiting access to valuable, sector-specific threat information, potentially reinforcing the existing silos within the threat intelligence community. The survey's findings align with a broader trend: as cyber threats evolve and become more complex, organisations face mounting pressure to bridge the gap between recognising the importance of threat intelligence and actually executing it through internal collaboration, real-time sharing, automation, and peer engagement.
Techday NZ
21-05-2025
- Techday NZ
Exabeam partners with Vectra AI to boost cloud threat defence
Exabeam has announced a partnership with Vectra AI to integrate the Exabeam New-Scale Security Operations Platform with the Vectra AI Platform. The collaboration aims to address the challenges faced by security teams in identifying advanced threats, particularly those that move laterally across cloud environments. Many existing solutions, originally developed for on-premises systems, struggle to detect these attacks, resulting in delayed responses and increased manual workloads for analysts. The integration combines Exabeam's SIEM, user and entity behaviour analytics (UEBA), and automated workflows with Vectra AI's network detection and response (NDR) capability. According to Exabeam, this unified solution will centralise visibility, accelerate threat detection, and streamline investigation processes across cloud-based environments. Vectra AI's platform provides visibility into lateral threat movement by monitoring activity both east-west and north-south across a variety of network architectures, including data centres, campus facilities, remote workspaces, cloud, and operational technology (OT) environments. By incorporating Vectra AI's analytics into the Exabeam infrastructure, the two companies aim to give security teams improved detection and response capabilities. Steve Wilson, Chief AI and Product Officer at Exabeam, said, "Teaming up with Vectra AI, isn't just a partnership, it's a power move. We need to shift the balance in cybersecurity, putting defenders back in control. With their cloud threat intel and our AI-driven platform, we're exposing the threats others miss and flipping the script on what modern threat detection looks like." The integration is designed to provide a number of practical benefits. Accelerated threat detection is achieved by consolidating security data from various sources and automating processes throughout the security operations centre (SOC) stack. This allows analysts to identify and respond to incidents faster and with greater accuracy. Enhanced visibility is another feature, with the combined platform able to detect network-based risks throughout cloud infrastructures by leveraging behavioural analytics. This helps security teams spot lateral movement, insider threats, and post-compromise activities that traditional tools might overlook. Streamlined operations are facilitated by out-of-the-box integration features. These include prebuilt mappings, a preconfigured Vectra AI dashboard tile, and webhook collectors, all of which are intended to speed up deployment and reduce ongoing operational complexity for SOC teams. Jeff Reed, Chief Product Officer at Vectra AI, said, "Security teams today need visibility to stay ahead of advanced threats, especially as attacks become more complex and move across hybrid and cloud environments. By integrating Vectra AI's advanced NDR with Exabeam's powerful SIEM and automation capabilities, we're empowering teams with a unified, intelligent platform to quickly identify, investigate, and stop threats before they escalate. This partnership is a major step forward in modernising security operations for the AI-driven threat landscape." The partnership is built on the understanding that today's threat landscape is increasingly shaped by cloud adoption and remote work, where attack vectors are more diverse and attacks often bypass traditional network boundaries. By providing centralised and integrated defence tools, Exabeam and Vectra AI aim to help organisations keep pace with these developments and reduce the burden on security staff. Analysts using the integrated platform are expected to benefit from simplified incident investigations, less manual effort, and improved overall security outcomes. The new solution is positioned as addressing a market demand for unified threat detection and response that adapts to both legacy systems and modern, cloud-native environments.
