SentinelOne’s chief security officer believes security products must be held liable for failures in their software programs…
Jeremiah Grossman, SentinelOne’s chief security officer, shared that their security software product is offering $1,000 payouts to ransomware victims who are using their software. The coverage is available for up to 1,000 computers per account, making the maximum payout per customer, one million dollars.
Grossman reported to CIO Magazine, the payout events will be minimal as their failure rate is “way less than one percent”. Nonetheless, if you are a SentinelOne user, this protection is available to you, in case you happen to fall into that “way less than one percent” bracket. In order to be eligible for the coverage, the customers must pay a five dollar fee per PC or server protected.
According to Network World, customers must also meet the following criteria to receive a payout after paying for the protection:
- Users must be using the company’s Endpoint Protection Platform in a mandatory configuration.
- The PCs must have fully patched operating systems and applications.
- The volume shadow copy service must be enabled, which is a back-up service.
- Customers must report the ransomware within one hour of infection.
- The coverage will pay for only the ransomware demand – not any other cost related to the infection.
- The encryption key must recover the files. If not, SentinelOne will not pay.
Now just some food for thought, if you pay for this protection, and are meeting all of the above requirements, the likelihood of needing the payout protection is next to nothing. First of all, it’s only paying for the ransom demand, which we STRONGLY advise against paying. Second, you wouldn’t need to pay it, if you indeed had your backups current (which is part of the steps necessary for coverage anyway). Also, you’re mitigating your exposure risk by having security software, as well as properly patched applications and operating systems.
I can appreciate the concept of holding security software companies accountable for failed software protection; however, when offers like this are made, be sure to read all of the fine print.