Once again we’re here at RSA! Since last year, SentinelOne has developed a better product, a better team and become even better at innovation, introducing new technologies that are re-defining endpoint security. This year we look forward to meeting our customers and peers at Booth S 1527 and showing how. We’re not forgetting to have some fun while we’re here, too!
The day kicked off with big announcements from the tech giants like Google, Microsoft and others. In the space of endpoint security, it seems so many are talking about how they aim to solve the problem for the enterprise, while not so many are explaining why. We do.
Earlier today, we announced SentinelOne Ranger, which expands the SentinelOne offering beyond traditional endpoints and taps into the area of IoT. There are so many different devices that are connected to the enterprise network of today that, without complete visibility, they remain a substantial risk factor. Remember that you are only as strong as your weakest link.
On the booth today, we have a lot of new faces, asking about how SentinelOne works, what is ActiveEDR, and how it is different from traditional EDR. We had many asking about SentinelOne integration with Windows ATP and about our cloud offering.
We ran a few demos in parallel. The one we share today is called “Rollback and Relax”. This demo illustrates an attack vector that is one of the most popular out there: a spear phishing attack. Imagine your user receives an email that looks perfectly legitimate, apparently from a colleague from within your organization. As is often the case, the email comes with a work-related attachment. The user saves the file to disk and opens it. What the user does not know is that this Microsoft Word document launches a VBS script that executes a ransomware attack.
Here are a few screenshots. For the full demo, come by our booth!
The content of the document looks pretty convincing:
But the outcome is not what the user, or your business, was expecting…
This is how SentinelOne detects this memory based attack.
And fortunately, if the user’s endpoint was protected by SentinelOne, it would be a simple one-click solution to rollback the machine to its pre-infected state.