the new dawn of end point protection - passport by exclusive · – driven by mobility and iot...
TRANSCRIPT
Roberto NARETTOTechnical Director – [email protected]+39.347.0569.515
The new dawn of End Point Protection
EXTINCTION WARNING: AntiVirusaurus
…and AV Vendors Know It
The Edge of Extinction Legacy AV Will Be Wiped Out !
Desktop antivirus is a dinosaur – about to become extinct!
> Traditional antivirus and network-based solutions have proven to be
ineffective
> 25-50% of threats are being missed
> Detection is half the battle
Market dominated by legacy vendors
> No innovation
> No credibility - 44% of customers using AV/EPP… have been
compromised! (Gartner)
> Too easy for advanced attacks to go unnoticed
> Too slow to detect and react
Enterprises must ‘break the habit’ of buying legacy AV
> Only 43.8% of endpoint security spending was deemed ’effective’
with just 14% representing a ‘big win’ for the organisation (SANS
Institute )
> Endpoint security is the TOP priority for CIOs/CISOs in 2016!
Top Priority Concern for CIO’s
81% of CIOs ranked End Point Security as their Top Priority in 2016
(Piper Jaffray, 2016 CIO Survey)
Pushing the AntiVirusaurus to Extinction
Shaking up the market
> For the first time: an alternative to legacy AV
> Address evolution of known and unknown advanced
threats
> Offer better protection, detection and reaction in a
single package
> Price-competitive with legacy solutions, but a far
greater margin opportunity
Market disruption opportunity from SMB to large
enterprise
> Replacing legacy AV
> Offer EPP & EDR tools in 1 solution (AV & Forensics)
> Superior to other ‘next-gen’ endpoint protection
solutions
Other next-gen solutions ‘complement’ legacy AV –
they don’t replace it!
> No other next-gen offering provides a complete
solution
> Sandboxing has become too easy for attackers to
detect and evade
Evolution is Inevitable
The Market
– $6bn a year today and growing strongly
– The endpoint is the new perimeter
The Challenge
– Known threats are not the problem
– Exploited too easily by targeted attacks/advanced threats
– CIO’s need to protect business reputation through prevention andremediation
The Strategy
– 81% of CIOs ranked it as their BIGGEST spending priority for 2016
– Driven by mobility and IoT megatrends – number of endpoints rapidlyincreasing
The Opportunity
– Only 50% of threats are getting blocked
– Today’s Threat Landscape is much more than file-based malware
– Today’s endpoint protection stuck in the Jurassic Age: still based on1980s technology!
Industry Certifications
FoundedJanuary
2013
Employees
95Headquarters
Palo Alto, CA
R&D
France, Israel
Funding
$39.5MAccel Partners
Third Point Ventures
Tiger Global Management
Granite Hill Capital Partners
Customers
100+Technology
Financial
Media
Energy
Founding Team
Tomer Weingarten
CEOAlmog Cohen
CTOEhud Shamir
CSO
SentinelOne’s leadership brings decades of
deep cybersecurity expertise developed at
Israeli Defense Force (IDF) Intelligence Branch.
SentinelOne Customers
“SentinelOne is
bringing major
innovation to endpoint
protection.”
— Doug Shean
Senior Vice President, CITI
SentinelOne & Netflix
Real-Time, Unified Endpoint Protection
is a next-generation endpoint protection company that delivers real-
time detection, prevention and remediation of advanced threats in a
single platform.
Complete visibility
into all endpoint activity
without any performance drag
Dynamic behavior analysis
to detect threats across
all major vectors
Fully automated
threat mitigation
and remediation
Certified Antivirus
replacement
Visionary
2016 Magic Quadrant for Endpoint Protection Platforms
The Endpoint is the New Perimeter
Endpoints are primary targets.
This is where sensitive data lives.
Endpoints are your organization’s
weakest link.Endpoint platforms are diverse, and often drift
from standard configuration with frequent exposure
to unsecured networks
AV is no Match for the New Threat Landscape
Malware
Exploits
Live
Attacks
Document-based exploits
Browser-based exploits
Ransomware, trojans,
worms, backdoors
File-less / Memory-based
malware
Script-based: Powershell,
Powersploit, WMI, VBS
Credentials: credential-scraping,
Mimikatz, tokens
Endpoints are Vulnerable to Multiple Attack Vectors
MALWARE EXPLOITS
File-less• Memory-only
malware
Executables• Ransomware
• Trojans
• Worms
• Backdoors
Browser• Drive-by
Downloads
• Flash, Java
• iframe/html5,
plug-ins
Documents• Office Doc
Exploits
• Adobe Macros
• SpearPhishing
e-mails
LIVE/INSIDERScripts• Powershell
• PowerSploit
• WMI, VBS
Credentials• Credential
Scraping
• Mimikatz
• Tokens
Effective Endpoint Protection Needs to Address the
Entire Advanced Threat Lifecycle
On ExecutionPre-Execution
Prevention +
Whitelisting / Blacklisting
Post-Execution
Mitigation Remediation
Forensics
Dynamic Malware
Detection
Dynamic Exploit
Detection
Today’s Enterprises Face 3 BILLION Attacks
Legacy Threats
BLOCKED
Advanced Threats
DETECTED
Advanced Threats
UNDETECTED
50%
25%
25%
Traditional, AV-based Protection
Sandboxing Solutions
“Next-Generation”
Endpoint Security
Predict Malicious Behavior
Lightweight, Autonomous Agent
Continuously monitors all low-level activity on the
endpoint device, online or offline
Dynamic Behavior Tracking
Predicts how attacks unfold against context of normal
application behavior
Real-Time Forensic Analysis
360-degree views of threat behavior, with Attack
Storyline
Rapidly Eliminate Threats
Zero-Touch Mitigation
Policy-based; covers all
endpoints for decisive incident
response
Robust Containment
Stops lateral threat movement
by disconnecting the device
from the network
Full Remediation
Reverses malware-driven file
modifications
Seamlessly Adapt Defenses
Cloud Intelligence
Extend protection by leveraging
threat intelligence from select
reputation services
Auto-Immunization
Notify all Agents on the network
when a new threat is detected
SentinelOne Benefits
Superior detection of advanced
threats without performance
overhead
Automated threat mitigation at
machine speed
Visualize attacks with real-time
forensics
Seamlessly adapt against the
latest threats
Lower TCO by up to 5x over
multi-solution approaches
Protect user endpoints and data
center servers with a single
platform
Easily deployable across
enterprise-scale environments
Optimizing Endpoint Protection with SentinelOne
Static Prevention +
Whitelisting / blacklisting
Pre-Execution
Mitigation
Remediation
Post-Execution
Forensics
Dynamic Malware Detection
Dynamic Exploit Detection
On ExecutionE
nd
po
int
Pro
tecti
on
Pla
tfo
rm
Single lightweight
agent
Single
management
console
Fewer FTEs
Reduced TCO
Multi-Solution Approach
Multiple agents
Multiple
management
consoles
More FTEs
> 4x TCO of
SentinelOne
Unified Approach
EMET
Best-in-class Next-Generation Endpoint Protection
Certified Proven Recognized
Visionary - 2016 MQ
for Endpoint Protection PlatformsThe #3 cloud hosting provider
The #1 retailer
The #1 internet television
network
The #1 online travel chain
The #2 financial exchange
Our customers include:SentinelOne is a
certified replacement
for Antivirus
PCI DSS 3.1
HIPAA
Visionary: 2016 Gartner MQ for Endpoint Protection Platforms
“SentinelOne is the only vendor in this analysis
that includes full EDR-type functionality in the
core platform. SentinelOne is a good prospect
to replace or augment existing EPP solutions
for any company looking for a fresh approach
and integrated EDR…”
Address evolution of known and unknown
advanced threats
Offer better protection, detection and reaction in
a single package
Pure Player – Built for purpose
SentinelOne
Next Steps
For more info, check out our collection of resources:
sentinelone.com/resources
Videos & Tutorials
S E N T I N E L O N E
Roberto NARETTOTechnical Director – [email protected]+39.347.0569.515