RSAC DAY 1 – Rollback and Relax

Multichannel Engagement for the Experience Economy: What Does It Mean for Marketers?
March 5, 2019
S1 Mobile Admin App – Feature Spotlight
March 5, 2019
Multichannel Engagement for the Experience Economy: What Does It Mean for Marketers?
March 5, 2019
S1 Mobile Admin App – Feature Spotlight
March 5, 2019

Once again we’re here at RSA! Since last year, SentinelOne has developed a better product, a better team and become even better at innovation, introducing new technologies that are re-defining endpoint security. This year we look forward to meeting our customers and peers at Booth S 1527 and showing how. We’re not forgetting to have some fun while we’re here, too!

https://www.sentinelone.com/wp-content/uploads/2019/03/DAYONErsac.mp4

The day kicked off with big announcements from the tech giants like Google, Microsoft and others. In the space of endpoint security, it seems so many are talking about how they aim to solve the problem for the enterprise, while not so many are explaining why. We do.

Earlier today, we announced SentinelOne Ranger, which expands the SentinelOne offering beyond traditional endpoints and taps into the area of IoT. There are so many different devices that are connected to the enterprise network of today that, without complete visibility, they remain a substantial risk factor. Remember that you are only as strong as your weakest link.

https://www.sentinelone.com/wp-content/uploads/2019/03/Ranger-v2.mp4

On the booth today, we have a lot of new faces, asking about how SentinelOne works, what is ActiveEDR, and how it is different from traditional EDR. We had many asking about SentinelOne integration with Windows ATP and about our cloud offering.

We ran a few demos in parallel. The one we share today is called “Rollback and Relax”. This demo illustrates an attack vector that is one of the most popular out there: a spear phishing attack. Imagine your user receives an email that looks perfectly legitimate, apparently from a colleague from within your organization. As is often the case, the email comes with a work-related attachment. The user saves the file to disk and opens it. What the user does not know is that this Microsoft Word document launches a VBS script that executes a ransomware attack.

Here are a few screenshots. For the full demo, come by our booth!

Spear Phishing email.

The content of the document looks pretty convincing:

Infected doc

But the outcome is not what the user, or your business, was expecting…

Ransowmare

This is how SentinelOne detects this memory based attack.

Detection

And fortunately, if the user’s endpoint was protected by SentinelOne, it would be a simple one-click solution to rollback the machine to its pre-infected state.

Want to see more?

Looking forward to seeing you tomorrow at RSAC~Booth S 1527!

Leave a Reply

Your email address will not be published. Required fields are marked *