Update SentinelOne

[ticklemefeet]

I wanted to introduce the next best thing since sliced bread everyone. SentinelOne from the same bunch that brought us home users, Cylance Protect.

This has to be much better since it not only detects fileless but also srcipts, browser and credidentials. Same price as Cylance was, 60 bucks, but maybe the SentinelOne company will follow on Cylance's steps and offer a home version for half price.
They also flag a bunch of stuff on VT. Any bitters? Slyguy? Testers?
About SentinelOne

Let the posts begin!!!!!!!!!!!!!!!!!!!!

 

[Raiden]

Do I get a prize for being the first poster

 

[ticklemefeet]

Do I get a prize for being the first poster

Yes you sure do, a yearly prescription of Preparation H lol

 

[Raiden]

Yes you sure do, a yearly prescription of Preparation H lol

I finally did it, I won the jackpot!

 

[Slyguy]

I have a license of DeepArmor from SparkCognition here as well. Maybe we should test that for the next big thing?

I happen to believe that it's only a matter of time before these types of solutions are commonplace, and traditional solutions are relegated to F-Prot categories. It's the next logical evolution of security in the face of a rapidly changing threat landscape. Any vendor not probing into these areas will be left behind IMO.

 

[ticklemefeet]

I have a license of DeepArmor from SparkCognition here as well. Maybe we should test that for the next big thing?

I happen to believe that it's only a matter of time before these types of solutions are commonplace, and traditional solutions are relegated to F-Prot categories. It's the next logical evolution of security in the face of a rapidly changing threat landscape. Any vendor not probing into these areas will be left behind IMO.

Yes but the majority like to use free. I would like to see this tested by the MT testers but dought any would pay the 60 bucks to do it. I think I see DeepAmor doing well on VT also. I thought this thread would take off like the Cylance AV one but nope. Maybe that is because nobody here is using it.

 

[rsonic]

Is this trolling?

 

[ticklemefeet]

Is this trolling?

Why do you say that? I am not a troll. I started this thread.

 

[rsonic]

Because every "new gen" AV thread ends in polemics, and you said "best thing since sliced bread", so I thought it was irony.

 

[ticklemefeet]

Because every "new gen" AV thread ends in polemics, and you said "best thing since sliced bread", so I thought it was irony.

It was somewhat irony but not trolling. And I am serious about what kind of software this is. Since I test malware, I want to hear others opinions.

 

[Deleted member 178]

Discuss - BSidesMCR 2018: Next Gen AV vs My Shitty Code by James Williams

have a nice day

 

[Libera Milanesi]

I do not understand why SentinelOne thought that by trying to take down the video demonstrations their product was used in would do them any favors... because now they look like bad sports for it!

I have not used SentinelOne before but have heard many good things online, I do not know anyone who has used it from a business POV yet. Cylance on the other hand, I do have a friend who used to use Cylance for their business and I have been told that it served them well for the duration they used it.

 

[SHvFl]

Half the price, half the protection and 1% of configuration when it moves from the enterprise version to the home version? There is a reason the price is lower and it's not because they are nice or the lord told them.
Now about the actual product, i watched a few video demonstrations and it seems that it covers more bases than other "next gen" but i don't see the point in paying $60 to test a security product.

 

[Kubla]

I do not understand why SentinelOne thought that by trying to take down the video demonstrations their product was used in would do them any favors... because now they look like bad sports for it!

I have not used SentinelOne before but have heard many good things online, I do not know anyone who has used it from a business POV yet. Cylance on the other hand, I do have a friend who used to use Cylance for their business and I have been told that it served them well for the duration they used it.

It appears the tester was using a very old version of SentinelOne if you look at the the SentinelOne app monitor when he shows it on the screen it looks like it is version 1.84 I believe the latest version is 2.61.

I would imagine the latest version would do a lot better on that test and likely why the SentinelOne people were ticked off.

 

[Slyguy]

It appears the tester was using a very old version of SentinelOne if you look at the the SentinelOne app monitor when he shows it on the screen it looks like it is version 1.84 I believe the latest version is 2.61.

He probably used an ancient version on purpose. There are a lot of things people can do to game the system, and virtually none of them will happen in real life. These youtube videos should generally be taken with a grain of salt (or less), as I illustrate with the lockpicking ones. There is almost always an agenda behind them, or people are inflating their egos to 'prove' they can do this or that.

Even worse, when he says "A product like this will never product you on day one", he's really showing that he has bias at the outset. That's a broad claim that doesn't factor those products in how they are generally used - once piece of a security fabric, a piece in the security puzzle. That's like constructing a simple accident scenario where seatbelts don't work, then proclaiming 'seatbelts are useless and won't protect you. It's reckless.

 

[Libera Milanesi]

I would imagine the latest version would do a lot better on that test and likely why the SentinelOne people were ticked off.

That's understandable but their approach feels dirty to me. I think if they had just explained why they were sad about the video it would have been a lot cleaner for their image.

What do you think?

 

[Kubla]

That's understandable but their approach feels dirty to me. I think if they had just explained why they were sad about the video it would have been a lot cleaner for their image.

What do you think?

I guess just as with the Hollywood elite, the Political elite, and the Corporate elite, the Tech elite are no different, more often than not reacting with arrogance rather than civility.

 

[Emmanuellws]

It is sad when your videos were taken down especially by S1. Before BsidesMCR videos taken down by them, my video was taken down way earlier April this year. huhuhu... and again, even the new version and platform, i bypassed it again and again. I told the sales people that I love their product, but the way they handled criticism and how they shut people off and not admitting to their weakness and improve is a turn-off for me. Their product is sexy, with all the rollbacks and powerful visibility, they do not want to study my videos and prove that I am wrong and they have taken actions to resolved the issues and weaknesses, instead, my videos were taken down through Copyright claim in April 29th 2018.

There is something OFF about their detection of malicious HTA with MS Edge that does not blend. If they fix this, I will buy their product for 1000 license next year. Right now, I still have the chance to test their new version and platform, it got worst, I was able to implant a ransomware sample as a Local Service and it is already too late for it to rollback. And again, everything is made possible through MS Edge. If only they fix this issue, then I am willing to buy their product and I don't have to tell my users to not to use MS Edge when browsing the Internet.