SentinelOne – Endpoint Security Solution

Exclusive Networks Group

Roberto BORSELLOSystem Engineerrborsello@exclusive-networks.com

Distribuiamo Valore ai nostri PartnersSosteniamo la Vs. crescita

Certifications & Award

Founded

January 2013

Employees

300+

HeadquartersSilicon Valley

R&DFrance, Israel

Funding

$110.0MAccel Partners

Third Point VenturesTiger Global Management

Granite Hill Capital Partners

Customers

2000+Technology

FinancialMediaEnergy

Founding Team

Tomer Weingarten

CEOAlmog Cohen

CTOEhud Shamir

CSO

SentinelOne’s leadership brings decades of deep cybersecurity expertise developed at Checkpoint Software, Intel Security and the Israeli Defense Force (IDF) Intelligence Branch.

Customers

Autonomously Delivering Real-Time

Endpoint Protection of the Future Defined by

P r o t e c t i o n V i s i b i l i t y S i m p l i c i t y A u t o m a t i o n

99%+ efficacy for file

and fileless vectors,

online and offline, on-

prem and

cloud delivered

Action encrypted traffic

and threat hunt

One lightweight agent

(<2% CPU usage) to

automate EPP & EDR

workflows with elegant

reporting

Automate as much as

possible through in-

product workflows as

well as unlimited

integration capabilities

from 200+ APIs

no breaches enable SOC analysts to see

more and do more quickly

fewer agents, no end-user

impact or interruption

do more faster while unlocking the

value of existing/future IT tools

S AV E T I M E S AV E T I M E S AV E T I M E S AV E T I M E

New Threat LandscapeAttacks use a Combination of Different Vectors…

Malware

Exploits

Live

Attacks

▪ Document-based exploits

▪ Browser-based exploits

▪ Ransomware, trojans, worms,

backdoors

▪ File-less / Memory-based malware

▪ Script-based: Powershell, Powersploit,

WMI, VBS

▪ Credentials: credential-scraping,

Mimikatz, tokens

Endpoint Protection EssentialsSentinelOne

▪ Block threats in real-time

▪ Analyze behavior to predict all threat types and vectors

▪ Automated response capabilities to eliminate lateral spread of attack

▪ Endpoint visibility

▪ One agent means outstanding user experience

▪ Protection pre-execution, on-execution and post-execution

All levels Protection

Behavior-based Threat Detection Dynamically detect the most advanced

attacks across any vector

Advanced Static Prevention Deep File Inspection engine uncovers

known and unknown malware-- upfront

Dynamic Whitelisting / Blacklisting Reduce overall attack surface by blocking

known bad programs

Dynamic

Whitelisting /

Blacklisting

Cloud

Intelligence

PREVENTION

DETECTION RESPONSE

360-degree

Attack View

Forensics

Mitigation

Remediation

Rollback

Auto-immunize

Blocked files

& applications

File-based malware

APTs

File-less / Memory-only malware

Exploits & script-based attacks

Common

threats

Nation-grade

APTs

Advanced

Static

Analysis

PRE-EXECUTION POST-EXECUTIONON-EXECUTION

STATIC

PROTECTION

DYNAMIC

PROTECTION

Dynamic

Behavior

Detection

Single Autonomous

Agent

LIGHTWEIGHTMemory Footprint

Single

Management

Console

Cloud

or

On-Premise

Deployment

The SentinelOne Endpoint Protection Platform

SentinelOne Static Engine (Pre-Execution)Detect & Prevent Malware Codes

▪ Hash Lookup

Black /

White

Mitigate

Continue Black

White

Static Analysis Engine

Sentintelone machine learning used

• Detect & Prevent malware codes

• Minimize False Possitive

31,000Unique file

characteristics

defined and referenced

Known and unknown

file-based malware

SentinelOne Dynamic Engine (On-Execution)The “SentinelOne” decides right from wrong

SentinelOne

Agent

10100

01001

01011

01110

10010

01010

00111

00010

10111

01100

10111

01011

01100

11101

01110

00101

0111

File creates a copy of itself

Opens up cmd.exe and

deletes the original file

Creates an autorun registry

key

Encrypts other files /

connects to outbound network /

logs keystrokes

MALWARE

DETECTED

.exe

Benign

Behavior

Malicious

Behavior

SentinelOne Treat Response (Post-Execution)

DEEP FILE INSPECTION (DFI)

DYNAMIC BEHAVIOURAL ANALYSIS

PREVENTION

Whitelisting Blacklisting

MITIGATION

REMEDIATION

• Automated response capabilities• Kill / Quarantine• Auto-Immune• Network Quarantine

• Rollback to clean state• Able to restore damage• Inc. encrypted files!

FORENSICS

• Sandbox-grade forensics• Cloud intelligence Full raw

data• Files / Folders• Registry keys• Network connections• Processes

• IR enablement tools• Attack overview & event • Visual attack storyline

Protection from Ransomware. Guaranteed.

▪ SentinelOne detects and remediates ransomware

attacks AND financially backs its products

▪ With the SentinelOne Cyber Guarantee:

▪ Customers will be compensated for any

successful ransomware attack

▪ Up to $1,000 per affected endpoint

▪ Up to $1M total

Endpoint Protection EssentialsSentinelOne

Deep VisibilityWith 2.1 release

1. New VISIBILITY view2. User-defined query3. Filters4. Results show matched IOCs

For the 2nd Year in a row:

✓ Leading TCO rating on the

Security Value Map

✓ 100% block rate rating for

malware and exploits across six

categories

✓ 97.7% security effectiveness

rating

NSS-LABS ADVANCED ENDPOINT PROTECTION REPORT (APR 2018)

Attacks Demo SentinelOne

RAMSONWARE DEMO: https://www.youtube.com/watch?v=GzUulCXl1VY

WORD EXPLOIT DEMO: https://www.youtube.com/watch?v=1De19RkvrF0

FILELESS DEMO: https://www.youtube.com/watch?v=wkOlKvnsuKY

NATION STATE GRADE

ATTACK

Grazie !

Roberto BORSELLOSystem Engineerrborsello@exclusive-networks.com