As part of our continued efforts to protect our people, data and systems against security threats regardless of location, the University, through an external partner (vendor), will make the SentinelOne (S1) next-generation anti-virus solution available to the University. S1 will provide next-generation autonomous defense capabilities. The solution’s deployment will be delivered in a phased project over about 18 months.

What is S1 next-generation anti-virus solution?

S1 is a next-generation anti-virus solution that detects and responds to cyber threats like malware and ransomware. S1 provides a lightweight single-agent approach with AI capabilities. The anti-virus software uses data from the device’s operating system to perform automated analysis using S1’s global cloud-based threat intelligence. This will enable quick detection of and response to attacks and device compromises.

Why S1 next-generation anti-virus?

  • One agent – does not require multiple modules to keep updated
  • Signature-less – no virus signatures, exploit signatures or engines to update
  • Cloud-based (more features and constantly improving)
  • Relatively simple to:
    • Setup core configuration in the console
    • Deploy
    • Update agent versions
    • Use the console
    • Handle incidence – good workflow
  • Has consistently passed MITRE attack (MITRE Adversarial Tactics, Techniques, and Common Knowledge) framework test without the need for special configurations

Scope & Timeline

The S1 offer will cover options for both managed and unmanaged endpoints in multiple phases. However, the roll-out will prioritize the onboarding of high-risk assets – assets that host or access sensitive data classified as level three or level four and assets that are part of critical infrastructure (e.g., active directory). Institutional budget will fund some S1 licenses for high-risk assets each year, while participating divisions will cover the cost of licenses once the quota for the year has been exhausted.

Outside of high-risk assets and budget permitting, participating divisions are encouraged to deploy S1 licenses to their environment as soon as feasible.

The University is conducting a pilot as part of the overall project to establish the best model to configure, deploy and manage the solution across different units.

The project is estimated to end in Q2 of 2024, starting with the pilot, which runs from December 2022 to April 2023.

EPP – S1 project timeline

  • Pilot: December 2022 to April 2023:
  • Phase 2: September 2023 to April 2024
  • Phase 3: May 2024 to September 2024

S1 license distribution approach

Licenses would be distributed in the following order:

  • Server hosting level 3 or level 4 data or services considered as critical infrastructure
  • Laptops/desktops accessing level 3/level 4 data
  • All servers
  • All laptops
  • All desktop

For more information on license distribution, contact the project team.

How do units get on board?

Interested units may opt to join phase two (starting in May 2023) or phase three (starting in October 2023) of the project to onboard their endpoints into the S1 platform by responding to the “call to participate” survey. Units that missed the survey may contact the project team through any of the contacts listed in the support section for more details on how to participate.