Contest Challenges Users to Bring Their Own Malware to RSA

Security firm SentinelOne challenges RSA conference-goers to bring malware that will bypass the company's detection technology.

malware challenge

There are a lot of security companies that will be making a lot of claims at the RSA Conference that runs April 20-24 in San Francisco, but one company in particular is putting its money behind its claims. Security vendor SentinelOne is running a Bring Your Own Malware Challenge at the conference, with the winner being awarded $1,000.

"Our solution [Endpoint Defense and Response] is taking a different approach to security than people are used to, and we wanted to take it to the crowd and show the capabilities that we have," Tomer Weingarten, CEO of SentinelOne, told eWEEK. "There is quite a bit of noise in the security market, so we thought a contest would be a good way to show that the proof is the pudding and put our product to the test."

Endpoint Defense and Response (EDR) is SentinelOne's core product and combines multiple techniques and technologies to detect potential threats.

The SentinelOne Bring Your Own Malware contest is not a free-for-all with an endless prize pool. Weingarten said the $1,000 prize is the total prize pool, and if more than one person is able to defeat SentinelOne EDR, there will be a drawing among winning participants. Weingarten is not too worried, however, that his platform will be defeated.

In contrast to other hacking challenges, the $1,000 prize might not seem like that much. Hewlett-Packard sponsors the annual Pwn2Own browser hacking challenge and in 2015 awarded a total of $557,500. Pwn2Own, however, is a contest that is designed to find zero-day flaws, while Weingarten is just looking for attacks that can bypass his company's detection platform.

"You don't need a zero-day to bypass many malware detection solutions," he said. "Our solution is tailored to give an adequate response to any type of attack."

An individual can come with a new exploit or a variant of a known exploit or anything that can be used to bypass malware detection, according to Weingarten. He emphasized that the challenge is more about detection of attack vectors rather than the discovery of a zero-day vulnerability.

Multiple vendors have emerged in recent years with advanced emulation technologies to detect unknown malware. Weingarten explained that many forms of advance malware now actively seek to evade emulation and will only run on a real endpoint.

"Our solution sits on the endpoint target itself, so we're able to see the malware," he said. "We're running a complete dynamic behavior analysis in real time, with no emulation and no sandboxing."

Although SentinelOne runs directly on the endpoint, Weingarten said there is very little performance impact on the running system, with an average of between 0.4 and 0.5 percent CPU utilization on a Microsoft Windows system.

From a product positioning perspective, Weingarten's goal for SentinelOne is to replace a traditional antivirus product in an enterprise. Currently, SentinelOne is not certified as an antivirus vendor for compliance purposes, and as such SentinelOne is considered to be a complementary solution for an existing antivirus deployment.

While SentinelOne is hosting its Bring Your Malware Challenge at RSA, the company has also been selected to be a finalist in the RSA Conference Innovation Sandbox Contest that aims to find the most interesting security vendors.

"We're trying to disrupt the antivirus landscape and bring a new approach," Weingarten said. "If we're successful, I think it will have a deep impact on the security industry as a whole."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.