<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">

Datashield's Resource Library

Read all of our news, articles, reviews, and more in our company blog

All Posts

SentinelOne: Ransomware Rollback & Warranty

sentinelone ransomwareRansomware remains a top concern for organizations across industries. Modern attackers are utilizing easily accessible and increasingly affordable ransomware kits and creating fileless attacks. Additionally, ransomware programs are becoming more sophisticated and harder to dismantle once deployed.

 

What is Ransomware?

Ransomware is a form of malware that encrypts files, denying access to the user. Attackers then demand a ransom for unlocking their own data. 

Ransomware can range from a simple one-machine lockout to advanced attacks that target entire networks, certain applications, and shared files. 

 

What are the costs? 

The average ransomware attack cost $5,900 per incident in 2019, up from $4,300 in 2018, according to SafetyDetectives. The average cost of ransomware-caused downtime rose from $46,800 in 2018 to $141,000 in 2019, according to the same source. 

 

How SentinelOne handles Ransomware 

SentinelOne protects endpoints through its Singularity platform, defending against malware executables, fileless attacks, document exploits, browser exploits, live/insider scripts and credentials. 

Their endpoint protection platform (EPP) goes beyond detecting known ransomware by utilizing a predictive execution inspection engine. It observes the execution of each system process or thread in real-time. By understanding the execution behavior of applications, programs and processes in real-time the SentinelOne EPP can provide unparalleled protection against ransomware. 

 

Ransomware Protection Features 

Roll-back 

Ransomware typically relies on encrypting system and data files. Many of the more sophisticated variants go even further by eliminating the ability to recover data from “shadow copies” created by operating systems. SentinelOne saves and protects shadow copies of data files, allowing teams to recover from a ransomware infection. 

 

Real-Time Behavioral Detection 

SentinelOne’s platform focuses on real-time detection and remediation. Their software is able to provide broad visibility to endpoints and their processes and add context around processes. Their software can then predict advanced or hidden ransomware attacks based on execution behavior. 

 

Kernel-Space Operation 

The SentinelOne agent operates in the kernel-space, allowing for a smaller footprint compared to other endpoint platforms. Additionally, the software is highly tamper-resistant to ransomware attempts that attempt to evade or disable the agent. 

 

Predictive Execution Inspection 

Unlike static filters, SentinelOne’s inspection engine allows and monitors limited execution of all suspicious software, including memory-based and script-based ransomware to understand its behavior. The platform can find sophisticated ransomware that does not have disk or file activity or that does not have any indicators of compromise. 

 

Automatic Response and Mitigation 

The Singularity platform allows for automatic response and mitigation of ransomware in real-time. The product’s expansive actions allow security teams to act quickly and efficiently. 

 

Broad Platform Support 

While most ransomware targets Windows-based endpoints, other operating systems like Mac OS X and mobile operating systems are also at risk. SentinelOne supports Mac OS X as well as iOS and Andriod devices. Their platform also supports virtual environments like Linux. 

 

SentinelOne’s Ransomware Warranty Policy 

SentinelOne offers a competitive warranty to customers. It announced its warranty back in 2016 and has been offering generous warranty conditions since. According to its current (June 3, 2020) warranty terms: 

The scope of the warranty states (subject to some requirements) that if a successful ransomware attack occurs on company endpoints then SentinelOne will pay sole and exclusive remedy to the company damages equal to the ransom demanded. This payment would be capped at $1,000 per endpoint affected by a breach and further capped at $1,000,000 for every consecutive 12 months in which the company subscribes to solutions. 

Contingent requirements include: 

  • Active and proper configuration 
  • Only files that are on protected endpoints 
  • Solutions: 
  • Policy mode is set to Threats: Protect and Suspicious: Protect 
  • All Engines are ON 
  • Cloud Connectivity is not disabled 
  • Anti Tamper is ON 
  • Snapshots are ON 
  • Scan New Agents is ON 
  • The latest GA version is deployed before ransomware infection 
  • No Pending Actions (like Reboot) listed on any covered endpoint 
  • Supported version of Management Console is deployed 
  • Exclusions specified in the SentinelOne Knowledge Base “Not Recommended Exclusions” article, are not deployed in the Management Console or Agent 
  • Operating System: 
  • Warranty applies to Standard Windows Agents 
  • Each endpoint is malware-free prior to SenintelOne Windows Agent installation 
  • OS is fully updated and patched on each covered endpoint 
  • VSS (Volume Shadow Copy Service) is enabled and functioning on all Windows endpoints. VSS Disk Space Usage allocation must be configured with at least 10% on all disks. 
  • All endpoints of the customer must: 
  • Immediately add specific ransomware added to blacklist 
  • In case ransomware was not blocked (only detected) – take remediation and rollback action within 1 hour of infection/discovery of ransomeware 
  • Notify SentinelOne of the ransomware discovery within 24 hours 

For the full text of their ransomware warranty, click here

The warranty does not cover any other damages such as stolen intellectual property or impact to brand/reputation. 

The Datashield Difference 

SentinelOne is just the first line of defense when protecting your organization’s endpoints. Datashield has helped our clients create leading cloud-native security architecture, perform advanced tool tuning, and deploy custom runbooks to help SentinelOne’s software run even better. 

Powerful tools only work as well as the people wielding them. Datashield has a direct partnership with SentinelOne, unparalleled deployment process, and integration with our leading orchestration and automation tool SHIELDVision. 

If your organization is considering implementing SentinelOne, make sure you partner with the best in managed security service providers. Datashield has been a part of the industry for over a decade and is still on the forefront of cybersecurity solutions. 

Contact us today 

Topics from this Article

Endpoint Detection and Response, Endpoint Data, SentinelOne, Ransomware, Malware

Cassidy Trowbridge
Cassidy Trowbridge
Cassidy is a marketing specialist at Datashield. She manages Datashield's content and social marketing strategies.

Related Posts

Top 5 Most Popular Cybersecurity Certifications

The cybersecurity analyst has become the third most valuable job description in the technology industry. The increasing security incidents to IT infrastructure, the demand for accountability from end-users, and the financial cost of successful breaches are significant reasons enterprises and startups are taking cybersecurity seriously. Ambitious professionals who choose a career in IT security are reaping the benefits of securing operating systems and deployed IT infrastructure.

What is Ransomware?

Ransomware is a form of malware cybercriminals use to encrypt data stored in computers or online servers. Cybercriminals demand payment to release the encryption key blocking the user from accessing the encrypted data. Payment is typically made through diverse mediums, including digital currency like Bitcoin. Once payment has been made, the victim is generally provided with instructions on decrypting their data.

Datashield Announces Partnership with Bishop Fox

Two cybersecurity powerhouses partner to provide defensive and offensive security services to boost enterprise companies’ security posture. Scottsdale, Ariz.— Datashield, a Scottsdale-based cybersecurity company, recently inked its partnership with offensive security services firm Bishop Fox. Both companies are based in Arizona and provide outsourced cybersecurity services to top Fortune 500 companies.