This interview is part of our new AI in Cybersecurity series, where we interview the world's top thought leaders on the front lines of the intersections between AI and cybersecurity.
In this interview, we speak with Tomer Weingarten, CEO of SentinelOne, to understand how his company is using AI to transform cybersecurity, and what the future of the cybersecurity industry holds.
1. What’s the story behind SentinelOne? Why and how did you begin?
TW: I recognized the potential Artificial Intelligence (AI) and Machine Learning (ML) had to revolutionize how endpoints are protected. I had the idea that through utilizing behavioral AI models to understand how programs run, I could develop an effective way to not only detect and block attacks in real-time — but also automate responses in real-time — fulfilling the promise of endpoint prevention, detection, response, and hunting. Traditionally these capabilities could only be achieved with significant technological investment and massive human capital. However, I envisioned finding a way to make these capabilities achievable to enterprises of all sizes, regardless of their cybersecurity know-how or team sizes.
I and my team of Israeli cybersecurity experts, many from Unit 8200, started building the SentinelOne endpoint protection platform (EPP) prototype in early 2013 and received seed funding to advance the project shortly after. The concept of leveraging machine learning to enable behavioral, real-time analysis of malicious threats was and is groundbreaking in the endpoint protection space.
Today, SentinelOne is the only next-gen solution that autonomously defends every endpoint against every type of attack, at every stage in the threat lifecycle. The company recently announced it raised $120 million in Series D funding, bringing its total funding to more than $230 million.
2. Please describe your use case and how SentinelOne uses artificial intelligence:
TW: SentinelOne disrupts the $10 billion endpoint security market by converging two historically separate spaces — EPP (protection) and EDR (detection and response) — in a single agent using patented behavioral AI to deliver autonomous capabilities with the lowest performance impact. The agent’s role is to protect the endpoint from malicious activity at any stage of the attack chain – from the successful exploit to the last payload operation, by leveraging two AI-based engines that work in parallel: Static AI and Behavioral AI.
The Static AI engine detects threats pre-execution by using a statistical model that is capable of detecting malware in files. For all files, SentinelOne is able to extract a wide set of features that are fed to a machine learning algorithm. Eventually, the algorithm produces a statistical model which is used by the agent to classify a file as either malicious or benign.
The Behavioral AI engine detects threats on-execution, meaning while the applications run on the machine. This allows the Behavioral AI engine to maintain context over dynamic operations rather than relying on a simple process tree. And, Behavioral AI allows SentinelOne to be vector agnostic and not rely on scanning files to detect attacks. This is especially relevant to today’s live and file-less attacks. The AI detection engines allow SentinelOne to detect and autonomously respond to malicious behavior immediately, offering prevention of attacks, detection, and most importantly machine speed responses such as on-agent remediation and rollback.
3. Could you share a specific customer/user that benefits from what you offer? What has your service done for them?
TW: McKesson Corporation, currently ranked 7th on the Fortune 500, is a global leader in healthcare supply chain management solutions, retail pharmacy, community oncology and specialty care, and healthcare information technology. The company was looking for a next-generation antivirus solution powered by AI to replace its legacy antivirus after becoming frustrated that their existing solution couldn’t keep up with the modern threat landscape.
As a large corporation, McKesson was constantly challenged with monitoring and protecting every edge of their network, from the endpoint to the cloud, which is why McKesson decided to replace its legacy solution, McAfee, with SentinelOne. With SentinelOne’s ActiveEDR, McKesson’s SOC team can automatically remediate threats and defend against advanced attacks. SentinelOne helps McKesson prevent attacks as well as quickly understand the story and root cause behind threat actors and autonomously respond, without any reliance on cloud resources.
According to Siobhan Smyth, SVP, Global CISO at McKesson, “McKesson selected SentinelOne for the endpoint security solution they provide today, as well as their vision and roadmap. SentinelOne was a great partner throughout the implementation, not just during the sales process. Their support-to-date, and their continuing journey to achieve the vision they articulated, reinforce our decision to partner with SentinelOne.”