Skip to content
Request a Demo
All posts

BitLyft AIR® v1.23: Automated Endpoint Response with SentinelOne Integration

v1.23
Picture of Hannah Bennett By  Hannah Bennett  ·  1 minute read

Endpoints remain one of the most common entry points for attackers. Malware, persistence mechanisms, and lateral movement often begin at the endpoint level and spread quickly if not contained early.

With BitLyft AIR® v1.23, we are expanding automated endpoint detection and response capabilities through a native SentinelOne integration. This release brings deeper visibility into endpoint threats while enabling automated investigation and response actions directly from the AIR® platform.

The result is faster containment, stronger endpoint protection, and less manual work for security teams.

Stronger Endpoint Threat Detection

This release introduces new SentinelOne-based detections designed to surface high-risk malware activity early.

Malware Persistence on Host

This policy detects repeated observations of malicious files or processes on a single endpoint. Persistent activity can indicate incomplete remediation, advanced malware attempting to maintain access, or credential abuse tied to the host.

Malware Spread

This policy identifies malicious files or processes appearing across multiple hosts within a short timeframe. Detecting this behavior early helps security teams stop malware propagation and reduce the impact of active outbreaks.

Together, these detections help teams identify both ongoing compromise and lateral movement before threats escalate.

Automated Response Directly Against Endpoints

BitLyft AIR® v1.23 introduces 19 SentinelOne response actions that support both security and operational workflows.

Security teams can now automate key response steps, such as:

  • Isolating compromised endpoints from the network
  • Blocking malicious file hashes globally
  • Initiating endpoint scans
  • Mitigating identified threats
  • Containing outbreaks across multiple systems

These capabilities allow teams to move from alert to action faster, without manually navigating endpoint security consoles.

Supporting IT and Security Operations

The SentinelOne integration also expands automation into everyday operational workflows.

AIR® can now automate actions such as:

  • Managing SentinelOne user access
  • Maintaining endpoint inventory
  • Identifying unauthorized applications
  • Restarting or shutting down compromised systems

These workflows support both security response and operational efficiency, helping teams maintain a stronger security posture with less manual effort.

A Complete Endpoint Response Platform

With the addition of SentinelOne integration, BitLyft AIR® continues to expand its identity and endpoint security automation capabilities.

AIR® now enables:

  • Automated malware containment
  • Endpoint isolation and restoration
  • Threat mitigation at scale
  • Global hash enforcement
  • SOC-ready response actions

Combined with continued UI and performance improvements, BitLyft AIR® v1.23 strengthens the platform’s ability to detect and respond to threats across modern environments.

Learn More

To see how BitLyft AIR® automates detection and response across endpoints, identity providers, and cloud platforms, book a 15-minute demo. 

 

Book a Demo