Image of Vectra at SentinelOne RSAC 2019 booth

RSAC DAY 1 – Relax & Rollback

Once again we’re here at RSA!  Come meet us at Booth S 1527!

The day kicked off with big announcements from the tech giants like Google, Microsoft and others. In the space of endpoint security, it seems so many are talking about how they aim to solve the problem for the enterprise, while not so many are explaining why. We do.

Earlier today, we announced SentinelOne Ranger, which expands the SentinelOne offering beyond traditional endpoints and taps into the area of IoT. There are so many different devices that are connected to the enterprise network of today that, without complete visibility, they remain a substantial risk factor. Remember that you are only as strong as your weakest link.

On the booth today, we have a lot of new faces, asking about how SentinelOne works, what is ActiveEDR, and how it is different from traditional EDR. We had many asking about SentinelOne integration with Windows ATP and about our cloud offering.

Relax & Rollback

We ran a few demos in parallel. The one we share today is called “Rollback and Relax”. This demo illustrates an attack vector that is one of the most popular out there: a spear phishing attack. Imagine your user receives an email that looks perfectly legitimate, apparently from a colleague from within your organization. As is often the case, the email comes with a work-related attachment. The user saves the file to disk and opens it. What the user does not know is that this Microsoft Word document launches a VBS script that executes a ransomware attack.

Here are a few screenshots. For the full demo, come by our booth!

Spear Phishing email.

The content of the document looks pretty convincing:

Infected doc

But the outcome is not what the user, or your business, was expecting…

Ransowmare

This is how SentinelOne detects this memory based attack.

Detection

And fortunately, if the user’s endpoint was protected by SentinelOne, it would be a simple one-click solution to rollback the machine to its pre-infected state.

Want to see more?

Looking forward to seeing you tomorrow at RSAC~Booth S 1527!