Saturday, July 30, 2016

SentinelOne offers users reimbursement for ransomware infections

SentinelOne financially guarantees up to $1 million in damages for any customers infected by ransomware

US-based cyber-security firm SentinelOne has announced a “Cyber Threat Guarantee” that will provide customers with financial protection in the event of ransomware attacks on their networks. The company said that the guarantee provides users with financial support of $1000 per endpoint, or it will cover up to US$1 million in damages for any customers who are infected by ransomware.
SentinelOne financially guarantees up to $1 million in damages for any customers infected by ransomware


The user or the company can then use this money to pay the ransom and recover their files.
“Apparently some of the top re-insurers in the world agree with us," a SentinelOne spokesperson explains. "[I]f we miss something and you get infected - we’ll pay the ransom. 

It’s that simple. And its how security is supposed to be. If you can block something - why not guarantee it? Would you buy a new shiny car without manufacturer warranty?"

Tomer Weingarten, co-founder and CEO of SentinelOne, said that it was keen to deal with ransomware in a “head-on way”. At a roundtable held last night in central London, he explained: “For an infection to take place it has to be in the wild, it has to be able to provide forensic evidence and we can see in real time if it is you hacking yourself and there are a lot of traces to cover."

“For ransomware writers, they don’t care about who they infect. We are just there to provide the comfort. We are the mechanism to get protected and if you get encrypted, we can cover the business interruption and you don’t have to pay the ransom if we did not fulfil our role in protecting you and we don’t encourage you to pay the ransom.”

However, Jeremiah Grossman, its chief of security strategy is convinced that the company wouldn’t have to make any pay outs. SentinelOne’s failure rate in stopping ransomware attacks is “way less than 1 percent,” he said in an interview.

He added that during the times its security failed, the client’s computer hadn’t been running the latest version of SentinelOne’s software.

Grossman hopes the guarantee will bring some accountability to the cybersecurity industry, and allow customers “navigate around outlandish marketing claims.”

“When security vendors sell products they are not giving a guarantee, which is completely different from any other space, whether it be electronics or cars,” he added.

SentinelOne’s guarantee works like this: the company will pay up to $1,000 to free the system for individual computers infected with ransomware. The number of computers it will cover is up to 1,000 systems.

“You pay, say $20 per endpoint to your antivirus vendor and they won’t pay for your ransom and you have to pay an extra $500 to get rid of your ransomware and you pay the pirate. We say pay us a $5 premium and you won’t have to pay that $500,” said Weingarten.

The policy has been designed this way because most ransomware attackers ask for around $250 or more to decrypt any data held hostage, Grossman said.

Customers who opt-in to the guarantee will pay an additional $5 fee for each Windows PC or server protected on top of their existing service. The coverage will last a year before it can be renewed again.

Whether that guarantee makes SentinelOne a target of hackers remains to be seen. Grossman said he doesn’t think that will happen. He added that hackers don’t basically target victims based on who insures them.

Instead, he hopes that the company’s guarantee will help customers distinguish between legitimate security firms and “snake oil vendors” offering inferior products.

“I’m ready for all the other vendors to guarantee what they do,” he said. “I think that’s far superior than us competing for customers with billboard presentations.”
SentinelOne is ready to stand up and say that technology is failing to provide sufficient protection, and that a better guarantee is needed. It’s the first to offer such a guarantee, and “no other cybersecurity company is currently offering to back their security technology with guaranteed financial remuneration”.

No comments:

Post a Comment