Next Generation Endpoint Security, Part Six: Forensics

endpoint protection

It’s pretty uncomfortable to admit, but there may be a day when a piece of malware gets past SentinelOne. It might be some ultra-advanced piece of software designed by a hostile nation-state, or an unbelievably stealthy piece of hitherto-unseen ransomware (what is ransomware?). No matter when or how it happens, we’re prepared.

For ransomware victims, we now offer a Ransomware Cyber Warranty, which ensures that if any ransomware gets past our product, we’ll help pay that ransom, up to $1 million. In addition, SentinelOne also offers built-in forensic protection that shows administrators exactly how malware penetrated a system—so that what fools us once can never fool us again.


The Importance of Forensics to Endpoint Security

First of all, hackers are masters of persistence. Let’s say that they attempt to crack a particular vulnerability in your system using malware. Even if your endpoint protection program recognizes and stops the malware, that doesn’t mean that your attacker is going to give up and try another way in. They’re going to keep hammering on that vulnerability, using slightly different malware every time, until something gives.

In this context, digital forensics is a lifesaver. It’s not enough to know that your endpoint security platform automatically mitigated a cyber-threat. You need to know exactly which vulnerability the attacker targeted, and how. This way, you can patch the opening, or find another solution if the patch is unavailable, shutting down not just a single attack, but the attacker’s entire playbook.

Post-Breach, Forensics Help You Lower Costs

Now, let’s fast-forward to the worst-case scenario—an attacker breaches a secure system and makes off with customer data. This is a grim thought, but nonetheless an inevitability that we must all prepare for. Having a robust digital forensics system in place can make the difference between a swift recovery or an utter fall from grace.

Here’s an example: Let’s say that your breach involves data that’s covered under HIPAA. Under HIPAA, the government assesses fines based on a series of categories. The lightest fines are under Category One, and the heaviest are under Category Four. A Category One fine covers breaches that are entirely unpreventable—you did everything you could, and the worst still happened. Under Category Four, you knew about a gaping hole in your security systems, and did nothing about it. Under Category One, your minimum fine is $100. Under Category Four, the minimum is $50,000.

Having robust digital forensics helps you prove that you did everything you could. Not only does the mere fact of having it show that your company is cognizant of security, it can also prove that an attacker took a path through your organization that no reasonable amount of security could have prevented.

Don’t Just Stop Your Attackers—Put Them Behind Bars

If and when the news of a breach gets out to the media, you’ll be able to say that you did everything you could, that you know how the breach happened, and that no one will ever be able to breach you via the same method. Even better—being able to turn over granular digital forensic data to investigators might actually help them arrest the hackers who were responsible.

With SentinelOne monitoring your most vulnerable endpoints, you can be confident that most, if not all, malware will be deflected by our system. Importantly, each event will be documented with an extremely detailed audit trail, allowing administrators to get a deep look into the attack path, and allowing them to permanently shut it down. Should an attack succeed, you’ll be able to give yourself ample cover for legal and compliance purposes.

Surviving a data breach is never fun, but it’s something that every company should prepare for. Give yourself peace of mind, knowing that when the worst happens, you’re going to be ready. Contact SentinelOne today.