SentinelOne – Endpoint Security Solution
Exclusive Networks Group
Roberto BORSELLOSystem [email protected]
Distribuiamo Valore ai nostri PartnersSosteniamo la Vs. crescita
Certifications & Award
Founded
January 2013
Employees
300+
HeadquartersSilicon Valley
R&DFrance, Israel
Funding
$110.0MAccel Partners
Third Point VenturesTiger Global Management
Granite Hill Capital Partners
Customers
2000+Technology
FinancialMediaEnergy
Founding Team
Tomer Weingarten
CEOAlmog Cohen
CTOEhud Shamir
CSO
SentinelOne’s leadership brings decades of deep cybersecurity expertise developed at Checkpoint Software, Intel Security and the Israeli Defense Force (IDF) Intelligence Branch.
Customers
Autonomously Delivering Real-Time
Endpoint Protection of the Future Defined by
P r o t e c t i o n V i s i b i l i t y S i m p l i c i t y A u t o m a t i o n
99%+ efficacy for file
and fileless vectors,
online and offline, on-
prem and
cloud delivered
Action encrypted traffic
and threat hunt
One lightweight agent
(<2% CPU usage) to
automate EPP & EDR
workflows with elegant
reporting
Automate as much as
possible through in-
product workflows as
well as unlimited
integration capabilities
from 200+ APIs
no breaches enable SOC analysts to see
more and do more quickly
fewer agents, no end-user
impact or interruption
do more faster while unlocking the
value of existing/future IT tools
S AV E T I M E S AV E T I M E S AV E T I M E S AV E T I M E
New Threat LandscapeAttacks use a Combination of Different Vectors…
Malware
Exploits
Live
Attacks
▪ Document-based exploits
▪ Browser-based exploits
▪ Ransomware, trojans, worms,
backdoors
▪ File-less / Memory-based malware
▪ Script-based: Powershell, Powersploit,
WMI, VBS
▪ Credentials: credential-scraping,
Mimikatz, tokens
Endpoint Protection EssentialsSentinelOne
▪ Block threats in real-time
▪ Analyze behavior to predict all threat types and vectors
▪ Automated response capabilities to eliminate lateral spread of attack
▪ Endpoint visibility
▪ One agent means outstanding user experience
▪ Protection pre-execution, on-execution and post-execution
All levels Protection
Behavior-based Threat Detection Dynamically detect the most advanced
attacks across any vector
Advanced Static Prevention Deep File Inspection engine uncovers
known and unknown malware-- upfront
Dynamic Whitelisting / Blacklisting Reduce overall attack surface by blocking
known bad programs
Dynamic
Whitelisting /
Blacklisting
Cloud
Intelligence
PREVENTION
DETECTION RESPONSE
360-degree
Attack View
Forensics
Mitigation
Remediation
Rollback
Auto-immunize
Blocked files
& applications
File-based malware
APTs
File-less / Memory-only malware
Exploits & script-based attacks
Common
threats
Nation-grade
APTs
Advanced
Static
Analysis
PRE-EXECUTION POST-EXECUTIONON-EXECUTION
STATIC
PROTECTION
DYNAMIC
PROTECTION
Dynamic
Behavior
Detection
Single Autonomous
Agent
LIGHTWEIGHTMemory Footprint
Single
Management
Console
Cloud
or
On-Premise
Deployment
The SentinelOne Endpoint Protection Platform
SentinelOne Static Engine (Pre-Execution)Detect & Prevent Malware Codes
▪ Hash Lookup
Black /
White
Mitigate
Continue Black
White
Static Analysis Engine
Sentintelone machine learning used
• Detect & Prevent malware codes
• Minimize False Possitive
31,000Unique file
characteristics
defined and referenced
Known and unknown
file-based malware
SentinelOne Dynamic Engine (On-Execution)The “SentinelOne” decides right from wrong
SentinelOne
Agent
10100
01001
01011
01110
10010
01010
00111
00010
10111
01100
10111
01011
01100
11101
01110
00101
0111
File creates a copy of itself
Opens up cmd.exe and
deletes the original file
Creates an autorun registry
key
Encrypts other files /
connects to outbound network /
logs keystrokes
MALWARE
DETECTED
.exe
Benign
Behavior
Malicious
Behavior
SentinelOne Treat Response (Post-Execution)
DEEP FILE INSPECTION (DFI)
DYNAMIC BEHAVIOURAL ANALYSIS
PREVENTION
Whitelisting Blacklisting
MITIGATION
REMEDIATION
• Automated response capabilities• Kill / Quarantine• Auto-Immune• Network Quarantine
• Rollback to clean state• Able to restore damage• Inc. encrypted files!
FORENSICS
• Sandbox-grade forensics• Cloud intelligence Full raw
data• Files / Folders• Registry keys• Network connections• Processes
• IR enablement tools• Attack overview & event • Visual attack storyline
Protection from Ransomware. Guaranteed.
▪ SentinelOne detects and remediates ransomware
attacks AND financially backs its products
▪ With the SentinelOne Cyber Guarantee:
▪ Customers will be compensated for any
successful ransomware attack
▪ Up to $1,000 per affected endpoint
▪ Up to $1M total
Endpoint Protection EssentialsSentinelOne
Deep VisibilityWith 2.1 release
1. New VISIBILITY view2. User-defined query3. Filters4. Results show matched IOCs
For the 2nd Year in a row:
✓ Leading TCO rating on the
Security Value Map
✓ 100% block rate rating for
malware and exploits across six
categories
✓ 97.7% security effectiveness
rating
NSS-LABS ADVANCED ENDPOINT PROTECTION REPORT (APR 2018)
Attacks Demo SentinelOne
RAMSONWARE DEMO: https://www.youtube.com/watch?v=GzUulCXl1VY
WORD EXPLOIT DEMO: https://www.youtube.com/watch?v=1De19RkvrF0
FILELESS DEMO: https://www.youtube.com/watch?v=wkOlKvnsuKY
NATION STATE GRADE
ATTACK