SentinelOne
Autonomous cybersecurity platform that consolidates security functions across surfaces–endpoint, cloud, and identity–and makes intelligent use of the data natively ingested and through our partner integrations. SentinelOne strives to extend our native detection and response capabilities with XDR integrations to improve workflows and provide more human context to enterprise security teams.
Features
- Realtime Security for Windows, Windows Legacy, macOS, Linux, Containers, VMs
- Automated or one-click remediation and rollback
- Threat triage & investigation
- EPP Control - Device Control, Firewall Control, Remote Shell
- Application inventory and application CVEs
- Native data ingestion from SentinelOne agents
- Open XDR ingestion from any external, non-native source
- Rogue & unsecured device discovery
- Integration into third party tools through Singularity Marketplace
- Built in data collection scripts
Benefits
- Detect and Prevent malicious activity on user
- Restore data on devices even when encrypted/deleted
- Investigate malicious/suspicious activity for incident response
- Centrally control endpoint functionality and investigate remotely via console
- Provides risk prioritisation around app and OS vulnerabilities
- Centrally view malicious/suspicious/benign data from devices
- Centrally view and visualise/dashboard data from third party sources
- Find unprotected devices on the network and fingerprint
- Ingest data to contextualise S1 alerts
- Send one-to-many scripts to devices for data collection
Pricing
£25 a unit
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
6 7 6 8 8 8 7 9 0 1 2 2 0 9 0
Contact
TheTechForce Limited
Jai Aenugu
Telephone: 01224516181
Email: jai@techforce.co.uk
Service scope
- Service constraints
- Devices require an internet connection to report data into the central management console and to receive configuration changes.
- System requirements
-
- 1 - Supported Operating System (Windows/macOS/Linux/ioS/Android/Chrome OS)
- 2 - Minimum hardware requirements - different depending on OS
- 3 - Internet connectivity (TCP 443)
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Yes, customers have access to our support portal (community.sentinelone.com) which is a fully fledged support function using a ticketing system with priorities and email integration. Different SLAs are in place depending on the if the customer has purchased Standard Response, or Response Enterprise/Enterprise Pro , full details at https://www.sentinelone.com/legal/support-terms/. Customers can manage the priority of their support tickets at time of creation and throughout.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
- Support levels: Standard/Enterprise/Enterprise Pro. A technical account manager can be purchased at additional cost.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Guided onboarding via our SentinelGO team. Comprehensive documentation including 'Getting Started with the SentinelOne platform - deployment, configuration, best rpactices etc
- Service documentation
- Yes
- Documentation formats
- HTML
- End-of-contract data extraction
- At the end of a contract, SentinelOne facilitates data extraction through a structured process. The process involves defining an API contract for exporting product data, which must cover data format, schema, and export location. This standard ensures that all data from a specific export run is organized in a dedicated directory within an S3 bucket, allowing for transparent processing and avoiding data conflicts. The extraction is performed by a service, referred to as the Producer, which operates on a scheduled basis (e.g., as a cron job) on either VM or Kubernetes. This service requests the contract from a contract service and executes the necessary SQL queries to produce the output data in the specified Parquet file format, including the columns and their types.
- End-of-contract process
- SentinelOne provides technical support and guidance throughout the data extraction process. Once the data extraction is complete, both parties may need to perform final actions such as confirming the deletion of customer data from SentinelOne systems, finalizing any outstanding financial transactions, and conducting exit interviews or surveys to gather feedback.
Using the service
- Web browser interface
- Yes
- Using the web interface
- Users can manage all aspects of the SentinelOne Singularity Platform via the web interface. There are no components/features that are controlled from outside of this interface.
- Web interface accessibility standard
- None or don’t know
- How the web interface is accessible
- Users can manage all aspects of the SentinelOne Singularity Platform via the web interface. There are no components/features that are controlled from outside of this interface.
- Web interface accessibility testing
- SentinelOne is actively working towards achieving WCAG 2.1 Level AA compliance across its platform. This initiative is part of a broader project aimed at updating the Management Console and user-facing documentation to adhere to the WCAG 2.1 Level AA accessibility standards. The project's goals include redesigning certain pages or flows to comply with the WCAG principles of being perceivable, operable, understandable, and robust. Technical improvements are also being implemented, such as enhancing UI elements with focus states, color contrast, and keyboard navigation.
- API
- Yes
- What users can and can't do using the API
- The SentinelOne API is a RESTful API and is comprised of 300+ functions to enable 2-way integration with other security products. All APIs are well documented directly within the UI using Swagger API referencing and include facilities for developers to test their code.
- API automation tools
-
- Ansible
- Chef
- OpenStack
- SaltStack
- Terraform
- Puppet
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- Command line interface
- Yes
- Command line interface compatibility
-
- Linux or Unix
- Windows
- MacOS
- Using the command line interface
- Sentinelctl is a command-line interface (CLI) tool that is part of the SentinelOne Agent installation package. It is designed to execute various actions on the SentinelOne Agent, allowing for a degree of control and configuration directly from the command line. This tool is particularly useful for IT administrators and security professionals who need to manage SentinelOne Agents across multiple endpoints.
Scaling
- Scaling available
- Yes
- Scaling type
- Automatic
- Independence of resources
- SentinelOne employs a variety of strategies and technologies to ensure that the demand from other users does not negatively affect a user's experience. Key among these strategies is the use of Amazon Elastic Load Balancing (ELB), which plays a crucial role in managing the distribution of incoming network traffic across multiple servers. This ensures that no single server bears too much load, which can degrade performance. ELB automatically adjusts to incoming application traffic, providing greater levels of fault tolerance and ensuring that applications are highly available.
- Usage notifications
- No
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- In-house
- Protecting data at rest
- Encryption of all physical media
- Data sanitisation process
- No
- Equipment disposal approach
- In-house destruction process
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Cloud server - all data received from SentinelOne agents
- Cloud server - configurations made within the console
- Endpoint - Rollback capability gives the ability to restore files
- Backup controls
- Cloud console backups are taken automatically on a 24 hour basis, this is not user controlled. With regard to the 'rollback' capability for Windows OS devices, this is controlled through vssadmin as part of Group Policy - in terms of the cadence of the backups.
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Supplier controls the whole backup schedule
- Backup recovery
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- SentinelOne's Service Level Agreement (SLA) specifies that planned downtime should not exceed six hours a month. This planned downtime is accounted for outside the service availability calculations. SentinelOne measures Singularity Platform Availability in minutes per calendar month, excluding downtime due to force majeure events, issues caused by the customer or third parties, and planned downtime or upgrades requested by the customer.
- Approach to resilience
- SentinelOne employs a distributed architecture that enhances resilience. The service leverages a Content Delivery Network to improve the performance, reliability, and scalability of content delivery over the internet. By using a network of geographically distributed servers, SentinelOne reduces latency, enhances availability, scales bandwidth, and optimizes content delivery. This not only improves user experience but also contributes to the resilience of the service by ensuring content is accessible even under high demand or potential attack scenarios.
- Outage reporting
- SentinelOne is committed to transparency and effective communication with its customers, especially in the event of service disruptions. When an outage occurs, SentinelOne employs a multi-channel communication strategy to inform its users promptly. This includes notifications through the SentinelOne platform itself, email alerts to registered users, and updates on the SentinelOne status page, which provides real-time information on system performance and any ongoing issues. Additionally, for significant incidents, SentinelOne may engage directly with affected customers through their account managers to provide personalized updates and support. The goal is to ensure that all users are well-informed about the nature of the outage, the expected resolution time, and any recommended actions they should take. This approach underscores SentinelOne's commitment to maintaining a high level of service availability and customer satisfaction.
Identity and authentication
- User authentication
- 2-factor authentication
- Access restrictions in management interfaces and support channels
- SentinelOne's Access Control Policy is based on an employee’s job function and role using Least-Privilege and Need-to-Know concepts to match access privileges to defined responsibilities. By default SentinelOne employees are granted only a limited set permissions to access company resources such as email internal portals and HR information and access credentials cannot be shared among authorized personnel. Access to SentinelOne’s data systems is controlled by authentication and authorization mechanisms.
- Access restriction testing frequency
- At least once a year
- Management access authentication
- 2-factor authentication
- Devices users manage the service through
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
-
- SSAE 18 SOC 2 type II
- SSAE 18 SOC 2 type II
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- SentinelOne implements and maintains a multi-layer Information Security Management System (ISMS), in accordance with ISO 27002 guidance. To test the implementation of the controls, SentinelOne has retained the auditing services of a top-tier, independent 3rd party auditor and has undergone a SOC 2 Type 2 audit. The ISMS provides for controls at multiple levels of data storage, processing, export and/or deletion, access, and transfer
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
SentinelOne's Information Security Program includes a configuration management plan. The configuration management plan mandates the creation of configuration management procedures by system owners with each procedure required to have a change control process in place.
All changes to systems, including patches, software, and firmware updates and security permission changes, are appropriately tested, and approved by authorized business personnel prior to changes being implemented into production - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Security Vulnerability Management Policy & Patch management standard: detailed process for testing SentinelOne products and corporate systems for security vulnerabilities, reporting of identified vulnerabilities and a corresponding elimination procedure. The vulnerability management program also includes:
Quarterly network vulnerability scans and annual penetration testing process implemented, Application of security patches to production systems on a regular basis;
Updating all software components and operating systems as part of every application/management console major release; Performing Static, Dynamic code analysis & 3rd party library vulnerability scanning before every major release. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- SentinelOne has put in place a security incident management process for managing security incidents that may affect the confidentiality, integrity, or availability of its systems or data, including Customer Data. The process specifies courses of action, procedures for notification, escalation, mitigation, post-mortem investigations after each incident, response process, periodic testing, and documentation. SentinelOne has a dedicated SOC function, which manages & monitors a Security Information & Event Management (SIEM) solution deployed across the organization.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- SentinelOne has put in place a security incident management process for managing security incidents that may affect the confidentiality, integrity, or availability of its systems or data, including Customer Data. The process specifies courses of action, procedures for notification, escalation, mitigation, post-mortem investigations after each incident, response process, periodic testing, and documentation. SentinelOne has a dedicated SOC function, which manages & monitors a Security Information & Event Management (SIEM) solution deployed across the organization.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- VMware
- How shared infrastructure is kept separate
- Customer accounts and data are kept within seperate clusters within datacentres. This ensures there is no interaction of data between seperate customers and no possibility for one customer to view nother's data.
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
- https://sustainability.aboutamazon.com/products-services/the-cloud?energyType=true
Social Value
- Social Value
-
Social Value
WellbeingWellbeing
The wellbeing of every pack member is critical to our success. When we’re strong individually, we’re stronger together, and unstoppable as we seek to grow, advance the industry, and carry out our mission to End Cyber Risk.
We want our employees to advance their career and our mission while feeling mentally clear, physically energetic, and connected to the things and people they care about most. Our goal is to encourage a work environment where wellbeing is the foundation that propels our employees forward, not something that has to be sacrificed for them to be successful.
SentinelOne offer focus areas, benefits and tools that focus on Professional enhancements, as well as physical, mental, financial and emotional wellbeing.
Pricing
- Price
- £25 a unit
- Discount for educational organisations
- Yes
- Free trial available
- No