Technology Spotlight: SentinelOne
-Endpoint Protection was a Losing Battle-
Hackers are smart, motivated, and sophisticated. Like most people with those qualities, anything that stands in the way of their goals is simply another obstacle that has to be overcome. Anti-virus software has long been the ‘go-to’ remedy to prevent hackers, but for more than a decade they’ve fallen woefully short of the protection we expected from them. Attackers learned new ways to avoid, bypass, disable, or ultimately thwart traditional anti-malware solutions, and vendors simply haven’t bothered to keep pace.
In the modern age, the tooling available for attackers is more capable, more agile, and more clever than what is usually available for defenders. If the difference in weaponry didn’t have the game rigged, then the win condition for either side definitely did. Defenders have small budgets, lots of responsibilities, and they have to plug every hole an attacker might exploit. The attacker has more resources, more time, more specialized skills, and only has to find one hole that the defender missed. Definitely not a fair fight.
Fortunately, a young company of cyber security experts in Mountain View has found a new approach that has proven capable of turning the tide.
The Old Guard
Anti-virus solutions of old were engineered around a common premise: watch out for known malicious software. For a long time, this approach was reasonable – most computers didn’t have internet, and malicious software usually got around on removable media like floppy disks. These ‘viruses’ weren’t very complex or sophisticated, and you could simply match against a dictionary of known bad files. Vendors would update this dictionary as new malicious software was found, so as long as you kept the dictionary updated with new ‘definitions’, you were pretty safe.
There was a problem though. Anti-virus vendors could only create definitions for malicious software that they had encountered before. As a result, if a sophisticated attacker wrote their own virus to target your company, your anti-virus wouldn’t catch it. Most customers understood this, and simply had to hope that they weren’t on the ‘hit list’ of any attacker with those kind of resources. Imagine it like the ‘Borg’ in Star Trek: the Borg could adapt their defenses quickly, so the good guys would “only get one or two shots”. Same concept, and this approach was suitably effective for many years.
Fast-forward to today. Exploit frameworks are abundant and remarkably capable. Attackers have decades of aggregated attack knowledge at their disposal, and tooling that is brutally effective. Every modern tool includes ways to obfuscate (or ‘camouflage’) an attack. The variations that even long-known attacks can take are now infinite, and the old method of file matching is simply no longer effective. Modern attacks often run entirely within the computer’s memory, which means there’s not even a file to match against!
A Ray of Hope
In 2013, a group of experts from McAfee, CheckPoint, and IBM founded ‘SentinelOne’ – a Mountain View-based company with a focus of bringing endpoint protection into the modern age. They knew that file-based detection was a thing of the past, and wanted something better. Their approach focuses on what malicious software does, instead of what it is. They understood that malicious software is only a concern when its code actually runs, and the motivations of an attacker are far fewer in number than the number of ways something can be encrypted. As a result, they built software that watches how a program behaves, and uses this information to identify suspicious or malicious activity. Brilliant!
It gets better. They knew that detection was only one piece of the puzzle, and that finding something after the fact isn’t ‘protection’. As a result, not only does SentinelOne watch this behavior itself, it allows security professionals to dive into precisely what occurred when something suspicious happened. If there’s a problem, you can simply UNDO to malware’s actions!
The Way Forward
At INFANGER, we want modern defenses to be within the reach of anyone who wants to defend themselves. As a result, we’re proud to announce that SentinelOne will be added as a fundamental element in all our standard offerings. No matter what level of management you choose with us, SentinelOne will be deployed to give you the strongest and most sophisticated endpoint protection available today.