In the realm of consumer products, warranties that help to guarantee that a product works and refund users when the product doesn't work are commonplace, but such is not the case in the security software business. It's a situation that Jeremiah Grossman, chief of security strategy at SentinelOne, is trying to change with the launch of a $1 million cyber-threat protection guarantee.
"I'm a big believer in security guarantees as something the industry needs to do," Grossman told eWEEK. "The best way I see for security vendors to regain credibility is for the vendors to start guaranteeing what their products claim to do."
Grossman is no stranger to the world of security guarantees. Prior to joining SentinelOne earlier this year, he was the founder of WhiteHat Security, which also offered a security guarantee. In a 2015 video interview with eWEEK, Grossman detailed why guarantees work.
A primary reason why Grossman joined SentinelOne was in fact to help design and launch a security guarantee program. A core focus of SentinelOne is helping organizations avoid becoming a victim of ransomware attacks.
"The way SentinelOne's program is structured it's more like an extended warranty," he said.
For example, Apple's AppleCare program is a popular consumer electronics warranty, where consumers pay extra for additional protection. The SentinelOne extended warranty, however, doesn't necessarily mean that SentinelOne will pay the ransom if a customer is in fact infected by ransomware. Grossman explained that SentinelOne has a feature in its product called rollback that takes advantage of a Microsoft Windows capability called shadow copy.
"So, if you get infected and you get a ransomware warning, you should be able to recover from the backup and not have to pay the ransom," Grossman said.
That said, if the backup fails and a SentinelOne customer must pay the ransom to get their data back, Grossman said that the customer will pay the ransom directly and then open a reimbursement claim with SentinelOne. The reimbursement that SentinelOne will pay is up to $1,000 per endpoint, with a maximum total claim per customer of $1 million per year.
Grossman said he doesn't expect that SentinelOne is perfect and so there is a chance that the company will have to pay out on a claim. When setting up the program, he ran through all the numbers and analytics to make sure that the program makes economic sense for SentinelOne.
"We do expect at some point to make some amount of payout, but definitely not enough such that the program isn't useful," Grossman said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.