SentinelOne's $1m ransomware guarantee dismissed as PR stunt
'Entirely comfortable paying money to criminals' grumbles infosec bod
A “ransomware guarantee” from security outfit SentinelOne has been dismissed by critics as a marketing stunt.
Ransomware is currently the biggest scourge of internet security, affecting corporates and consumers alike.
So self-styled next generation endpoint security firm SentinelOne unsurprisingly created waves with a pledge to pay out on ransomware demands if its product failed to protect customers from file-encrypting pathogens such as Locky and CryptXXX.
We believe it is time to stand behind what you sell. We have great technology, and we’re not afraid to back it. Financially.
And apparently some of the top re-insurers in the world agree with us. We’ve created the first ever Ransomware Cyber Guarantee – a warranty for our product’s performance. It’ll give you the best protection from ransomware attacks – and if we miss something and you get infected – we’ll pay the ransom.
“SentinelOne’s cyber threat protection guarantee program provides its customers with financial support of $1,000 per endpoint, or up to $1m per company,” according to a press release the firm issued on Tuesday.
Anti-virus industry veteran Graham Cluley said the offer showed SentinelOne is willing to pay crooks if its tech doesn't work as advertised.
“SentinelOne says it's entirely comfortable paying money to criminals,” he said in a blog post.
“Of course it's a marketing stunt, but still one – I must admit – that leaves a strange taste in my mouth… couldn't SentinelOne have just offered to throw in a decent backup program?”
El Reg put this criticism to SentinelOne’s PR representatives on Thursday morning but we’re yet to receive any response.
SentinelOne raised hackles earlier this month by reporting it had discovered “SCADA” malware that had infected at least one European energy firm, before walking back on its claims after others questioned the ability of the malicious code it had identified to infect industrial control systems. ®
SentinelOne has got in touch to say:
- Security vendors for years and years have been marketing effectiveness numbers with no repercussions to them if their product doesn’t deliver—the customer ends up paying the price. By offering the guarantee, we are backing the product and taking the financial risk if, for some reason, the product doesn’t deliver.
- We'd like to change the industry by having multiple vendors back their products—imagine if a customer had endpoint security, firewalls, email security and web security, all backed by a guarantee. We are in conversations with several vendors and have publicly offered to share the warranty framework with any vendor confident in their product’s detection.
- We are currently talking to other firewall, email security and web security vendors to encourage adoption—the hope is to bring about a change in the industry so that we build and guarantee more secure products for customers.
- From a customer perspective, the guarantee license is less than 8% of the license cost for a $1,000,000 of coverage. From an industry perspective, we’re hoping other vendors with other infrastructure follow suit to build stronger products that they back with a guarantee.