Communication-STEM Ltd

Sentinal One

Sentinal One Singularity Complete provides best-in-breed EPP & EDR capabilities in one platform, management console, and agent. Designed for organizations seeking enterprise-grade prevention, detection, and response scalable across the enterprise, coupled with custom automations, Singularity Complete empowers security teams to easily identify and secure every user endpoint on their network

Features

• Patented Storyline™ for fast RCA and easy pivot
• Flexible data retention options up to 3 years
• Hunt by MITRE ATT&CK® Technique
• Mark benign Storylines as threats for enforcement
• Custom detections and automated hunting rules
• Open XDR ingestion from any external, non-native source
• Rogue & unsecured device discovery
• Security for Windows, Windows Legacy, macOS, Linux, Containers, VMs, Mobile
• Automated or one-click remediation and rollback
• EPP Control - Device Control, Firewall Control, Remote Shell

Benefits

• Complete visibility of both benign and malicious data
• Builtin data collection scripts to enhance visibility and incident investigations
• Restore data on devices even when encrypted/deleted
• Provides risk prioritisation around app and OS vulnerabilities
• Find unprotected devices on the network and fingerprint
• Centrally view and visualise/dashboard data from third party sources
• Centrally control endpoint functionality and investigate remotely via console

£69.34 a server a year

• Free trial available

Service documents

• Pricing document

  ODT

• Service definition document

  PDF

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrea.le.velle@c-stem.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

592582245354559

Contact

Andrea le Velle
0345 241 0000
andrea.le.velle@c-stem.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No constraints.
• System requirements:
  • Supported OS
  • Meets minimum system requirements for platform (Varies by platform)
  • Internet access on TCP port 443

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Defined by (1) Support package purchased and (2) Priority of the question. Support standard - Urgent - 4 hours/ High - 12 hours/ Normal - 24 hours / Low - 72 Hours. Support Enterprise/Enterprise Pro - Urgent - 1 hour / High - 3 hours/ Normal - 6 hours/ Low - 12 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Support levels: Standard/Enterprise/Enterprise Pro. A technical account manager can be purchased at additional cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Guided on-boarding via our SentinelGO team. Comprehensive documentation including 'Getting Started with the SentinelOne platform - deployment, configuration, best pactices etc
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: SentinelOne provides technical support and guidance throughout the data extraction process.
• End-of-contract process: Once the data extraction is complete, both parties may need to perform final actions such as confirming the deletion of customer data from SentinelOne systems, finalizing any outstanding financial transactions, and conducting exit interviews or surveys to gather feedback.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The key differences between SentinelOne's mobile and desktop solutions primarily revolve around their approach to addressing the unique security challenges and operational environments of mobile versus desktop endpoints. SentinelOne's mobile threat defense (MTD) focuses on the increased attack surface presented by mobile devices, offering advanced security features designed to protect against zero-day and zero-click vulnerabilities, rogue networks, and complex mobile malware. This is in contrast to the desktop solution, which may deal more with traditional threats and system vulnerabilities.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: There is a separate service interface for mobile device accessed on a separate URL but hyperlinked from the 'primary' SentinelOne Singularity Management platform. This separate interface allows for the management and configuration of mobile devices and policies. Data from this separate service interface can be ingested into the Singularity Data Lake.
• Accessibility standards: None or don’t know
• Description of accessibility: SentinelOne is actively working towards achieving WCAG 2.1 Level AA compliance across its platform. This initiative is part of a broader project aimed at updating the Management Console and user-facing documentation to adhere to the WCAG 2.1 Level AA accessibility standards.
• Accessibility testing: SentinelOne is actively working towards achieving WCAG 2.1 Level AA compliance across its platform. This initiative is part of a broader project aimed at updating the Management Console and user-facing documentation to adhere to the WCAG 2.1 Level AA accessibility standards.
• API: Yes
• What users can and can't do using the API: The SentinelOne API is a RESTful API and is comprised of 300+ functions to enable 2-way integration with other security products. All APIs are well documented directly within the UI using Swagger API referencing and include facilities for developers to test their code.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: In terms of the console, the customer can customise dashboards and reporting around data coming from SentinelOne agents. This is managed within the SentinelOne management console. Those with administrative access to the console can customise.

Scaling

• Independence of resources: SentinelOne employs a variety of strategies and technologies to ensure that the demand from other users does not negatively affect a user's experience. Key among these strategies is the use of Amazon Elastic Load Balancing (ELB), which plays a crucial role in managing the distribution of incoming network traffic across multiple servers. This ensures that no single server bears too much load, which can degrade performance. ELB automatically adjusts to incoming application traffic, providing greater levels of fault tolerance and ensuring that applications are highly available.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller (no extras)
• Organisation whose services are being resold: SentinelOne

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: SentinelOne enforces encryption for data at rest to safeguard sensitive and confidential information. This is achieved through both Client-side Encryption and Server Side Encryption. Customers have complete control over the encryption and decryption process, including managing keys, algorithms, libraries, and compute resources. This method ensures that client-side master keys and unencrypted data are never sent to AWS.
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Threat Data - via SYSLOG, All process data - via S3 bucket into SIEM. Console data via CSV or API
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Syslog
  • API
• Data import formats:
  • CSV
  • Other
• Other data import formats: Any data formatted into OCSF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: SentinelOne's Service Level Agreement (SLA) specifies that planned downtime should not exceed six hours a month. This planned downtime is accounted for outside the service availability calculations. SentinelOne measures Singularity Platform Availability in minutes per calendar month, excluding downtime due to force majeure events, issues caused by the customer or third parties, and planned downtime or upgrades requested by the customer.
• Approach to resilience: SentinelOne employs a distributed architecture that enhances resilience. The service leverages a Content Delivery Network to improve the performance, reliability, and scalability of content delivery over the internet. By using a network of geographically distributed servers, SentinelOne reduces latency, enhances availability, scales bandwidth, and optimizes content delivery. This not only improves user experience but also contributes to the resilience of the service by ensuring content is accessible even under high demand or potential attack scenarios.
• Outage reporting: SentinelOne is committed to transparency and effective communication with its customers, especially in the event of service disruptions. When an outage occurs, SentinelOne employs a multi-channel communication strategy to inform its users promptly. This includes notifications through the SentinelOne platform itself, email alerts to registered users, and updates on the SentinelOne status page, which provides real-time information on system performance and any ongoing issues. Additionally, for significant incidents, SentinelOne may engage directly with affected customers through their account managers to provide personalized updates and support. The goal is to ensure that all users are well-informed about the nature of the outage, the expected resolution time, and any recommended actions they should take. This approach underscores SentinelOne's commitment to maintaining a high level of service availability and customer satisfaction.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: SentinelOne's Access Control Policy is based on an employee’s job function and role using Least-Privilege and Need-to-Know concepts to match access privileges to defined responsibilities. By default SentinelOne employees are granted only a limited set permissions to access company resources such as email internal portals and HR information and access credentials cannot be shared among authorised personnel. Access to SentinelOne’s data systems is controlled by authentication and authorisation mechanisms.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SSAE 18
  • SOC Type2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: SSAE SOC 2 Type II
• Information security policies and processes: SentinelOne implements and maintains a multi-layer Information Security Management System (ISMS), in accordance with ISO 27002 guidance. To test the implementation of the controls, SentinelOne has retained the auditing services of a top-tier, independent 3rd party auditor and has undergone a SOC 2 Type 2 audit. The ISMS provides for controls at multiple levels of data storage, processing, export and/or deletion, access, and transfer

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: SentinelOne's Information Security Program includes a configuration management plan which mandates the creation of configuration management procedures by system owners with each procedure required to have a change control process in place. All changes to systems, including patches, software, and firmware updates and security permission changes, are tested, and approved by authorised business personnel prior to changes being implemented into production. Change management flows exists and are governed by Project Managers. No change to planned content occurs without the assessment of the Change Management committee which includes Information Security. Operational and security impacts are considered for all changes.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: SentinalOne's Security Vulnerability Management Policy & Patch management standard is followed for testing SentinelOne products and corporate systems for security vulnerabilities, reporting of identified vulnerabilities and contains a corresponding elimination procedure. The vulnerability management program also includes Quarterly network vulnerability scans and annual penetration testing. Security patches are applied to production systems on a regular basis and the updating of all software components and operating systems is performed as part of every application/management console major release. Static and Dynamic code analysis as well as 3rd party library vulnerability scanning is performed before every major release.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: SentinelOne has put in place a security incident management process for managing security incidents that may affect the confidentiality, integrity, or availability of its systems or data, including Customer Data. The process specifies courses of action, procedures for notification, escalation, mitigation, post-mortem investigations after each incident, response process, periodic testing, and documentation. SentinelOne has a dedicated SOC function, which manages & monitors a Security Information & Event Management (SIEM) solution deployed across the organization.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: SentinelOne has put in place a security incident management process for managing security incidents that may affect the confidentiality, integrity, or availability of its systems or data, including Customer Data. The process specifies courses of action, procedures for notification, escalation, mitigation, post-mortem investigations after each incident, response process, periodic testing, and documentation. SentinelOne has a dedicated SOC function, which manages & monitors a Security Information & Event Management (SIEM) solution deployed across the organization.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  Our employees are our most valuable resource and are a key factor in the delivery of services to our clients. We recognise that it is the calibre of the people that make up our teams that differentiates us from our competitors. As such, we work hard to recruit, develop and retain the best talent in the industry. As part of their personal development, each of our employees is given a clear route for progression, including technical and professional training. Further to this, it is crucial that all employees maintain a high level of safety and technical expertise, therefore regular training and advice is made available. We provide our employees with training to ensure they are aware of the company's legal obligations, policies and internal procedures relating to the provision of Equality and Diversity. This understanding of their obligations allows them to interact with their colleagues fairly and equally in all areas of their employment. Annual appraisals are conducted with all employees, allowing quality one-to-one time with their manager to discuss their performance, establish new objectives and determine the employee's individual training and development needs that are required to assist in achieving their goals.

Pricing

• Price: £69.34 a server a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: All features are available for you to test with for 14 days.

Service documents

• Pricing document

  ODT

• Service definition document

  PDF

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrea.le.velle@c-stem.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.