AI-assisted summary is good, but if we get it in the exact threat module where we investigate all the threats, it would be more helpful for the AI part. For next step suggestions, if they simply add a good analysis part of threat analysis integrated with AI, it would be very helpful for the platform. Additionally, if they have more customizable admin options (they have some predefined accesses in the SaaS platform), but if we could have more customizable roles for assigning a person, it would be helpful. Coming to Purple AI, it is quite good compared to CrowdStrike Charlotte AI. Charlotte AI gives a very good threat overview, whereas Purple AI lacks that. If Purple AI covers that threat overview, it would be more useful. Building the Star custom rules and building alerts are areas which could improve. It could give more detailed steps on exactly how we can build a good query based on the context and exactly where to give nice steps on how to implement those queries. That would be a good improvement for Purple AI. Purple AI is more passive in SentinelOne. It's not active. If it were more active, taking some actions and interacting with the threat feed, showing the overview of the threat and the recommended steps for whatever threat we are working on, it would be a good addition. It's passive, so only when we ask about a particular thing does it investigate at that moment and then give insights. If it were more active in the threat session, it would be more useful.
There are still areas that could be improved. People will talk more about the storage part and the analytics piece. Sometimes they provide architecture use cases that all have limitations. The only concern related to pricing is the ingestion-based pricing model, which is higher at scale. Regarding the solution stability, the only concern is the prompting requirement. We have to provide prompts in a proper manner, otherwise it will not work correctly. This is related to all AI solutions having similar issues. It is not unique to Purple AI.
We have not tested in that manner because when comparing with the competition product CrowdStrike, Purple AI and CrowdStrike are pretty good and more or less equal in the way of responding to a query. On the technical side, I can compare Purple AI with CrowdStrike's threat intelligence. CrowdStrike was initially a breach investigation company and was in the Indian market well before SentinelOne, acquiring more significant ground. We have used Charlotte AI, which is provided by CrowdStrike, the direct competitor of SentinelOne. These two have key differences. Charlotte AI focuses more on IOAs and IOCs, whereas Purple AI helps us query the logs and hunt threats. As an improvement, if SentinelOne could focus on IOA similar to what CrowdStrike is giving, that would be a good point. They could feed information on IOA, such as based on attackers, what different attack groups are performing the attacks, and provide those insights. Compared to its competition, for doing DFIR (Digital Forensics and Incident Response), not only IOCs are needed but also IOAs. Information about the indication of the attacker, who is attacking, and the attacker group history would be better if Purple AI could incorporate that. We can build some queries and automated responses for any suspicious or malicious conditions. It would be better if there were workflows in place for giving alerts. The way alerts are handled could be improved because when compared to other competing products, I am able to handle the technique of the threat and categorize it based on severity. If it has a major impact on the environment, I can contain the system. I have numerous options to create various kinds of alerts.
Purple AI offers real-time threat detection and security enhancement through AI-assisted summaries and natural language processing. Integrated with various tools, it provides quick incident summaries and improves response times across multiple organizations.Purple AI empowers users to manage threats proactively with features like the Threat Hunting Quick Start library, enhancing threat intelligence and simplifying security investigations without needing query language knowledge. It integrates...
AI-assisted summary is good, but if we get it in the exact threat module where we investigate all the threats, it would be more helpful for the AI part. For next step suggestions, if they simply add a good analysis part of threat analysis integrated with AI, it would be very helpful for the platform. Additionally, if they have more customizable admin options (they have some predefined accesses in the SaaS platform), but if we could have more customizable roles for assigning a person, it would be helpful. Coming to Purple AI, it is quite good compared to CrowdStrike Charlotte AI. Charlotte AI gives a very good threat overview, whereas Purple AI lacks that. If Purple AI covers that threat overview, it would be more useful. Building the Star custom rules and building alerts are areas which could improve. It could give more detailed steps on exactly how we can build a good query based on the context and exactly where to give nice steps on how to implement those queries. That would be a good improvement for Purple AI. Purple AI is more passive in SentinelOne. It's not active. If it were more active, taking some actions and interacting with the threat feed, showing the overview of the threat and the recommended steps for whatever threat we are working on, it would be a good addition. It's passive, so only when we ask about a particular thing does it investigate at that moment and then give insights. If it were more active in the threat session, it would be more useful.
There are still areas that could be improved. People will talk more about the storage part and the analytics piece. Sometimes they provide architecture use cases that all have limitations. The only concern related to pricing is the ingestion-based pricing model, which is higher at scale. Regarding the solution stability, the only concern is the prompting requirement. We have to provide prompts in a proper manner, otherwise it will not work correctly. This is related to all AI solutions having similar issues. It is not unique to Purple AI.
We have not tested in that manner because when comparing with the competition product CrowdStrike, Purple AI and CrowdStrike are pretty good and more or less equal in the way of responding to a query. On the technical side, I can compare Purple AI with CrowdStrike's threat intelligence. CrowdStrike was initially a breach investigation company and was in the Indian market well before SentinelOne, acquiring more significant ground. We have used Charlotte AI, which is provided by CrowdStrike, the direct competitor of SentinelOne. These two have key differences. Charlotte AI focuses more on IOAs and IOCs, whereas Purple AI helps us query the logs and hunt threats. As an improvement, if SentinelOne could focus on IOA similar to what CrowdStrike is giving, that would be a good point. They could feed information on IOA, such as based on attackers, what different attack groups are performing the attacks, and provide those insights. Compared to its competition, for doing DFIR (Digital Forensics and Incident Response), not only IOCs are needed but also IOAs. Information about the indication of the attacker, who is attacking, and the attacker group history would be better if Purple AI could incorporate that. We can build some queries and automated responses for any suspicious or malicious conditions. It would be better if there were workflows in place for giving alerts. The way alerts are handled could be improved because when compared to other competing products, I am able to handle the technique of the threat and categorize it based on severity. If it has a major impact on the environment, I can contain the system. I have numerous options to create various kinds of alerts.