Competition, Automation Key To Cyber Success? Q&A With SentinelOne



Dan Gunderman
05/07/2018

As part of the Cyber Security Hub’s monthly discussion with a leading security solution provider, we caught up with SentinelOne’s Co-Founder and CEO, Tomer Weingarten (left), along with the company’s Vice President of Business and Corporate Development, Daniel Bernard (right).

Weingarten started the company five years ago, and it has since become entrenched in the cyber security space. The CEO said that the company has been working on both sides of the security equation – offensive and defensive – and features employees with heavy-duty security expertise.

Both security pros discussed the emergence of artificial intelligence (AI) and machine learning in cyber security – as they’re integrated into various offerings. Weingarten and Bernard also touched upon the ongoing evolution to the cloud, the threat landscape and ways to catalyze progress in the space.

See Related: 'Security Is A People Problem': Q&A With Awake's Gary Golomb

Cyber Security Hub: Can you describe a few of your biggest “focal points” right now, for the cyber security space?
Tomer Weingarten: Clearly, what we see today is that attacks are targeting users and devices. It’s safe to say that we’re seeing a vast majority of demand (around the) security of endpoints – and means to secure the perimeter. The perimeter is changing rapidly with the cloud, too, which is compounding everything. It’s changing the way we think about the modern network. A world of everything becomes very much connected, and devices are a lucrative target for an attacker of any kind.

Daniel Bernard: From a vector perspective, the buzz is around the realities of file-less attacks. Devices are (certainly being) targeted. The ways in which they’re targeted is changing and evolving, such that the variety of solutions that have been on the market for decades are rendered defenseless or irrelevant against attacks – specifically those that don’t contain malware, or indicators…


CSHub: What is your deeper assessment of the threat landscape?
Weingarten: We’re definitely seeing more elaborate attacks. They’re taking advantage of most of the deficiencies that current solutions have today. A vast majority of enterprises out there, even consumers, are running dated endpoint solutions. Antiviruses – attackers have moved beyond them. They’re much beyond what these solutions can protect from. This basically creates fertile ground for these attackers to pretty much do what they want…

(Plus) other things are happening, at scale. We’re seeing attackers using machine learning for the first time – AI to conduct attacks at scale. Instead of attacks being one-off, ad hoc or custom, we’re also seeing attackers leveraging techniques to get better chances of compromising an organization or individual…

From the defensive side, it’s clear that we have to up-level what we do – in the monitoring and detection of any type of attack, from any vector… (To up-level defenses, security teams are) leveraging something we call behavioral AI. In essence, it’s (an) autonomous engine that sits on an endpoint, and monitors (threats) in real time. (It can detect) anomalies, and detect it by itself, with no human intervention. What is happening on the endpoint? (It can determine whether it’s) normal or anomalous – or benign behavior that’s expected from the endpoint…

Bernard: Behavioral AI technology is really what we believe prevents not only yesterday and today’s attacks, but those of tomorrow… The “how” (in hacker activity) is always changing, but the “what” is always staying the same: They want data. They want to take it away from the computer, or block you out of the system. The order of the “how” is changing. The behavioral AI engine lets us…model dynamically what those behaviors are, to stop and prevent them in real time.


CSHub: Progress in cyber: Is it dependent on “solutions” or (business) “culture”?
Weingarten: It’s clearly both. There’s no question that part of the problem is the “human” problem. The more educated we are, the more understanding we have on how we might get exploited. This helps us in getting to a better security posture. That said, we’re seeing an increased volume of attacks, and increased sophistication. Even in phishing attempts – there are better tailored phishing attempts (now), given all of the data out there. We have to assume that a prospective attacker can know quite a bit about you and me, and can absolutely tailor more targeted attacks, should they want to compromise anyone. Education is one issue here. Technology, to me, is where we need to invest more, though.

There is much more to do; with AI and machine learning, what we’re trying to do is also solve the scalability problem. At the end of the day, it’s not only about how good (they) are, but about how autonomous they are. (There can be a) massive amount of alerts, or flags, that the machine highlights. (What we) want the machine to be able to do…(is be) autonomous. AI-driven (security requires) less overhead – less overhead on the human teams. (Granted, there’s) always (issues that) require human intervention. In solutions orchestrated by humans, they’re not building something utterly in control of the machine, they’re using machine learning to take away a lot of the defense responsibilities from the teams… (If) scaled better, (it provides a) way we can actually deal with the massive influx of attacks. It’ll generate an influx of data that someone needs to crunch, and sift through, and really understand. You can (really) only do (that) with the technology…

Bernard: Progress is driven by two horses in the race: adversaries that innovate, and vendors – the good guys – that innovate. It’s interesting, that relationship between actors, because it’s competitive on both sides. Attacks succeed. (Still), most of the market has solutions on its endpoints. Yet we hear a new derivative of an attack – SamSam, WannaCry, NotPetya – (all the time). It’s almost a game of back and forth. Who’s investing? Who’s on the leading edge that drives the outcome? … (It’s a) constant (and) dynamic market. It keeps it fun and interesting. The competition makes it progress as a whole.


CSHub: How can you communicate effectively to other organizational leaders?
Weingarten: This is a general problem with the cyber security market. There’s a lot of confusion and noise. It’s hard to communicate effectively. That said, I do feel like one thing incrementally changing is public knowledge of the fact that everything is hackable. We’re more vulnerable, due to the fact that we’re very connected. That sensation is slowly sinking in… Today, cyber security (is becoming) more digitized, and that’s incredibly important. We try to educate our channels (in our own) ecosystem. We educate our prospective customers, and reach out to them as much as we can – for educational purposes, such as webinars, talks, and every means that we have to expose some of the techniques out there. At the end of the day, there are some advantages of being a young company in cyber security. When you’re a true innovator and disruptor, you’re forcing others to innovate as well. (You become a) catalyst for change. All of these are good ways to progress cyber security.

CSHub: How can cyber security professionals both flesh out risks and use their expertise to help augment the wider business?
Weingarten: I encourage CISOs to think beyond buying protection solutions, or defense, or anti-malware. I encourage them to think about how to reduce risk and identify risk. There’s a need in the enterprise to map out risk, that’s incredibly important…

Deploying AI, detecting exploits in malware and gaining visibility in encrypted traffic – (they’re all top priorities). For “complete” risk management – identify the most vulnerable groups and prioritize what you want to do first. There is a lot to do – a lot of budget decisions, or resource decisions that need to be made. Where do you deploy additional budget, products or resources in your environment? It’s hard to cover everything in an endpoint-rich environment. When you identify risk, and know you have risk, that’s an important part. From there you can articulate the business impact. That’s where the CISO has to become the person that’s in charge of (the wider) security posture…

I encourage almost every CISO to sit down and revisit their base assumptions on what they need and don’t need. Also, which capabilities they truly need today… (What’s) clear (is that) cloud is changing the way we think about networks. It calls for a completely new (concept) about ways to secure a fleet of endpoints. (For many) client rosters: a lot of them are moving away from the classic antivirus protection. (That’s) in a bid to really up-level what they can do with AI, which has consequences for endpoints, and network connections in and out of the endpoint… The weight of “defense” is shifting toward the endpoint…

Bernard: To build on Tomer’s commentary – we’re reimagining the paradigm of the network. The bigger story: cyber security, in general, has a problem of data. There’s too much data… and too much information across the enterprise on how you manage from a technology perspective… Today, there are too many products and too many consoles. There are not enough people, productivity tools or network tools… The key point, and to round that storyline out: All of the different things we’ve listed, and how they integrate together, is the key to a winning security posture. (It must) protect workflows and productivity. It’s not about cyber security tools, but about protecting the whole thing…

Be Sure To Check Out: Cloud Is The 'Biggest Cyber Revolution Of Our Age': Tufin CEO Ruvi Kitov