Fair warning: I am not a cybersecurity engineer, and can only speak high level. My job is to have these high level conversations and be able to engage with anyone from business owners to CIOs on determining their business needs, put together solutions to those needs, and to effectively translate what IT/network/security engineers say to the small business owner. However, going any deeper than this high level requires me to pull in my support team of experts from my own company or the manufacturer/provider. I'm pretty certain there are some CISSP level Aggies on this forum who could really go into greater detail.
SentinelOne is definitely an option for small companies. If you look at their site, we generally implement the SentinelOne Complete option, unless there is a specific need we need to meet. The list price is somewhere around $12-$13 per month, per endpoint, but we usually sell it for less than that, to be competitive in the market. For our full managed service, we also bundle in our Security Operations Center (SOC) to the service.
SentinelOne is your Endpoint Detection and Response solution, so the focus is to be proactive in detecting and responding to any threat on your machine. This solution does such a good job at stopping ransomware that every remediation demo I've seen of it when the person demonstrated a ransomware attack, they first had to disable SentinelOne.
As far as how that compares to SonicWall, all I can give you are very generic answers. Your SonicWall firewall focuses on network security, which is what your TotalSecure license provides (which should always be renewed). Now, it looks like SonicWall does offer some form of EDR, based on a quick search, but it has been a long time since I've stayed up to date on the SonicWall product line (not since soon after Dell sold them). This would also be an additional service/license you would have to purchase.
Any business of any size really needs to think about the following:
- Firewall/Web Gateway Security: Though these two things are slightly different, most companies will use their firewall to do both. This is protecting access to your network and watching your internal network traffic. A good security appliance will also catch some malicious risks on their way into your network, but it's not necessarily going to catch ransomware embedded in a word doc being sent to your email address.
- Email Security: What are you doing to prevent phishing and other spam? Most attacks on a business begin via email.
- Passwords: How are you storing your passwords? Are you changing them regularly?
- Multi-Factor Authentication: Have you implemented MFA in your Microsoft environment and all other business related services you use? (ie: Banking, Quickbooks, CRM, ERP, etc)
- Computer Updates: Are you managing all of your updates to keep your devices on the most current versions of software?
- Endpoint Detection Response: This protects your individual endpoints from ransomware, viruses, malware, and other cyber attacks. "Anti-virus" is outdated, as a concept. A modern EDR solution should protect you against a file-less and script-based attacks. But more than that, they should also offer remediation solutions and roll backs for ransomware attacks.
- Mobile Device Security: Keep in mind, so much of what we do is now done on your cell phone. How are you protecting those devices and data on those devices?
- Backups & Disaster Recovery: If you do not currently have a back-up and disaster recovery plan for your business' critical data, then that needs to be a priority. Also, using SharePoint and/or OneDrive is not a back-up/disaster recovery plan. If you are expecting to restore data in the event of a deletion or corruption, then you may be disappointed.
- Cybersecurity Insurance: If you do not have cybersecurity insurance, you need to look into it. Most insurance companies will require you to meet many of the above expectations before they will even cover you.
Again... cybersecurity is not a quick fix. It is an evolving world where you must constantly be vigilant. Also, just because you have an IT guy doesn't mean you are protected. You need to have a conversation with them on how they are meeting standards for your business, like the NIST framework. And if they aren't, then why is that? Your IT person or company should act as though your business is their business. The NIST framework is one of the most common cybersecurity frameworks used by many IT companies. Here's a brief overview of what every company should be thinking about:
https://www.ftc.gov/business-guidance/small-businesses/cybersecurity/nist-frameworkOne of our customers is a spine surgery doctor with a small office, who's had an IT guy for years. He was hit with ransomware and was cutoff from his EMR system until they resolved their issue, which could cost them anywhere from $20-$30K. Fortunately, we were able to come in on the back end with SentinelOne and our back end SOC to remediate the threat.