SentinelOne Financially Guarantees Ransomware Recovery

If ransomware is to be defeated, one company has put its faith in a financial guarantee in how decent its product is in stopping such nasties.

Endpoint security vendor SentinelOne has announced a cyber-threat “protection guarantee” that will provide customers with financial protection in the event of ransomware attacks on their networks. The guarantee provides users with financial support of $1000 per endpoint, or up to $1 million per company and if a company suffers an attack and SentinelOne is unable to block or remediate the effects, they get a payout.

Tomer Weingarten, co-founder and CEO of SentinelOne, said that it was keen to deal with ransomware in a “head-on way”. At a roundtable held last night in central London, he explained: “For an infection to take place it has to be in the wild, it has to be able to provide forensic evidence and we can see in real time if it is you hacking yourself and there are a lot of traces to cover."

“For ransomware writers, they don’t care about who they infect. We are just there to provide the comfort. We are the mechanism to get protected and if you get encrypted, we can cover the business interruption and you don’t have to pay the ransom if we did not fulfil our role in protecting you and we don’t encourage you to pay the ransom.”

The SentinelOne Cyber Guarantee is an opt-in program offering SentinelOne customers financial coverage against damages caused by any ransomware attack that wasn’t detected by the SentinelOne Endpoint Protection (EPP) or Critical Server Protection (CSPP) platforms.

When a ransomware attack is detected, SentinelOne’s technology can automatically mitigate the attack, remediate it by rolling back affected files to their previous trusted states (this feature requires Shadow Copy enabled on Windows-based endpoints and servers) and requires a SentinelOne agent to be installed on each Windows-based endpoint or server, and the management console needs to have ‘Cloud Validation’ turned OFF, and the mitigation policy set to ‘Quarantine’.

“We plan to back about 500 enterprises with the first effort, and it is about statistics and no-one is claiming that we are going to be bulletproof, and I am sure we will make payouts and we as a company are sharing the risk,” he said.

“You pay, say $20 per endpoint to your antivirus vendor and they won’t pay for your ransom and you have to pay an extra $500 to get rid of your ransomware and you pay the pirate. We say pay us and a $5 premium and you won’t have to pay that $500.”

Also on the panel was Graeme Newman, CIO for CDC Underwriting, who said that this showed so much confidence in the product that if this goes wrong, that they believe so much in the products that it will pay up to $1M, and it is an extraordinary way to back-up its message.

While former hacker turned writer and consultant Robert Schifreen said that you are not just buying peace of mind but a real guarantee that if it all goes wrong, you get something more than just someone apologizing.

The concept sounds very interesting. I asked Weingarten what would happen if I was using an outdated version of Windows and was exploited that way. He explained that the user would have to provide evidence that the vector of attack was running the most up to date version, otherwise the claim would not be valid.

SentinelOne is making an offer which others are not and while the battle against ransomware have been made clear, and industry made efforts only yesterday to help the public, it is good to see a company making some effort.

What concerns me is that the stringency of the ability to make a claim may see few payments being made. SentinelOne were keen to point out that this is not about insurance, as that “is aimed at protecting the vendor itself from lawsuit” and this was about “making sure they’re covered” and this guarantee is only intended to cover the costs associated with the ransom itself, not any damages associated with loss of IP, or business disruption.

Speaking with vendors, I’ve argued that we need a better solution to ransomware than just backing up as what is essentially simple malware needs to be blocked and if that is not the case the education fails, then industry needs to offer something better.

SentinelOne is prepared to stand up and say that technology is failing to offer adequate protection, and that a better guarantee is needed. It’s the first to offer such a guarantee, and “no other cybersecurity company is currently offering to back their security technology with guaranteed financial remuneration”.

What’s Hot on Infosecurity Magazine?