Eran Ashkenazi, SentinelOne : You can replace your Anti-Virus and even Sandbox today!
August 2015 by Marc Jacob
SentinelOne founded in Israel in 2013, offers an original solution to the problems of advanced attacks detection and remediation. This young company, met during our study trip to Israel, already has about 50 people in the world including 3 in France in the R&D department. According to Eran Ashkenazi, VP of Operations & Field Services SentinelOne, Gartner and AV Test, it would replace antivirus.
GS Mag : Could you present us your company?
Eran Ashkenazi : SentinelOne was created in the first days of 2013 by two Israeli founders: Tomer Weingarten and Almog Cohen, and Today we are 50 employees worldwide. We have already gained the trust of about 50 customers most of them are located in the United States but also in Asia and Europe. The company fundraised $14.5 million, with our headquarters located in Mountain View, California and R&D is based in Israel. In addition, we have a small R&D team of 3 people in France who work on the OSX platform.
GS Mag : What is your solution and how does it work?
Eran Ashkenazi : The problem today is that advanced attacks are too much for existing legacy solutions - Hackers use evasion techniques to bypass Anti-Virus solutions and Sandbox technologies. Therefore, we have created a new generation of protection for the End Point. It is based on six pillars:
•Prevention – Preemptively blocking known threats using cloud based reputation.
•Dynamic Exploit Detection - which prevents from malicious applications
•Dynamic Malware Detection – Our core technology utilizing full context behavioral based detection engine.
•Mitigation - to quarantine suspicious files and/or machines
•Remediation - Ability to roll back any changes the malware did to the system.
•Forensic – Investigative abilities allowing post mortem drill down into malware source, actions and affect.
I’d like to clarify that we are the first Next Generation solution to be certified by AV-Test.org and can also displace those legacy solutions today.
Our solution supports Windows, Mac OSX and we have a beta for Android and we’re looking ahead towards additional platforms like Linux and iOS – in all cases as an autonomous agent that is temper-proof.
Technically, our solution contextually analyses actions on the machine. When a non-habitual action on the endpoint is found, it is blocked and a remediation is automated.
In fact, when a hacker launches an attack against a computer protected by SentinelOne, the solution automatically tracks any action caused not only by the parent process, but also by any spawned or dummy processes it injected to. Once detected the threat in its full context is blocked and detailed information is send to the management console for logging and forensics. The administrator has real-time information on the path of attack, which files were affected, all IP addresses used by the attacker, etc... and with automatic remediation, the SentinelOne EPP destroys all files created by the malware leaving empty folders.
Conceptually, our system works using an algorithm that analyzes the actions, taken paths, injections, memory writes, etc… and based on behavioral patterns we perfected in our labs using machine learning algorithms and cluster computing power. This allowed us not only to pass AC-Test’s certification, but also to have near 0% positive false. We could make an analogy with a sentry posted in a house that is currently breached – he will first hear a sound of a car outside and then a windows breaking and some noise in the house. By correlating these input the sentinel can reach a conclusion that there is a burglar inside the house, even if no alarm was set. When a malware is detected on a machine the entire network is automatically notified and receives an immune response. When participating in the SentinelOne community - this information is also shared between other customers as well.
GS Mag: What is your marketing strategy?
Eran Ashkenazi : Our solution is designed for large accounts, we sell direct and through resellers. We take part in shows and events such as RSA Conference, in France we were present at the CCFI day . We are about to create our distribution network in Europe and welcome partners to join.
In addition, you must know that every quarter, we are launching a new version that includes new opportunities in terms of remediation, detection. At end of the year, we’re planning to launch a beta version for Linux.
GS Mag : What is your message to our readers ?
Eran Ashkenazi : You no longer have to choose between a new generation of detection platform and your antivirus because you can replace it with our solution. The antivirus is a 20-year-old technology; it is time for a new generation of Endpoint Protection Platform.
- Reut Rahimi and Raviv Raz, Hybrid Security: Detecting new threats with behavioral analysis and machine learning technologies.
- Dr Oren Eytan and David Geva, ODI : « O-DIX » your files to be sure of their health…