Skip to main content

Help us improve the Digital Marketplace - send your feedback

TheTechForce Limited

SentinelOne

Autonomous cybersecurity platform that consolidates security functions across surfaces–endpoint, cloud, and identity–and makes intelligent use of the data natively ingested and through our partner integrations. SentinelOne strives to extend our native detection and response capabilities with XDR integrations to improve workflows and provide more human context to enterprise security teams.

Features

  • Realtime Security for Windows, Windows Legacy, macOS, Linux, Containers, VMs
  • Automated or one-click remediation and rollback
  • Threat triage & investigation
  • EPP Control - Device Control, Firewall Control, Remote Shell
  • Application inventory and application CVEs
  • Native data ingestion from SentinelOne agents
  • Open XDR ingestion from any external, non-native source
  • Rogue & unsecured device discovery
  • Integration into third party tools through Singularity Marketplace
  • Built in data collection scripts

Benefits

  • Detect and Prevent malicious activity on user
  • Restore data on devices even when encrypted/deleted
  • Investigate malicious/suspicious activity for incident response
  • Centrally control endpoint functionality and investigate remotely via console
  • Provides risk prioritisation around app and OS vulnerabilities
  • Centrally view malicious/suspicious/benign data from devices
  • Centrally view and visualise/dashboard data from third party sources
  • Find unprotected devices on the network and fingerprint
  • Ingest data to contextualise S1 alerts
  • Send one-to-many scripts to devices for data collection

Pricing

£25 a unit

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jai@techforce.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

6 7 6 8 8 8 7 9 0 1 2 2 0 9 0

Contact

TheTechForce Limited Jai Aenugu
Telephone: 01224516181
Email: jai@techforce.co.uk

Service scope

Service constraints
Devices require an internet connection to report data into the central management console and to receive configuration changes.
System requirements
  • 1 - Supported Operating System (Windows/macOS/Linux/ioS/Android/Chrome OS)
  • 2 - Minimum hardware requirements - different depending on OS
  • 3 - Internet connectivity (TCP 443)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Yes, customers have access to our support portal (community.sentinelone.com) which is a fully fledged support function using a ticketing system with priorities and email integration. Different SLAs are in place depending on the if the customer has purchased Standard Response, or Response Enterprise/Enterprise Pro , full details at https://www.sentinelone.com/legal/support-terms/. Customers can manage the priority of their support tickets at time of creation and throughout.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Onsite support
Support levels
Support levels: Standard/Enterprise/Enterprise Pro. A technical account manager can be purchased at additional cost.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Guided onboarding via our SentinelGO team. Comprehensive documentation including 'Getting Started with the SentinelOne platform - deployment, configuration, best rpactices etc
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
At the end of a contract, SentinelOne facilitates data extraction through a structured process. The process involves defining an API contract for exporting product data, which must cover data format, schema, and export location. This standard ensures that all data from a specific export run is organized in a dedicated directory within an S3 bucket, allowing for transparent processing and avoiding data conflicts. The extraction is performed by a service, referred to as the Producer, which operates on a scheduled basis (e.g., as a cron job) on either VM or Kubernetes. This service requests the contract from a contract service and executes the necessary SQL queries to produce the output data in the specified Parquet file format, including the columns and their types.
End-of-contract process
SentinelOne provides technical support and guidance throughout the data extraction process. Once the data extraction is complete, both parties may need to perform final actions such as confirming the deletion of customer data from SentinelOne systems, finalizing any outstanding financial transactions, and conducting exit interviews or surveys to gather feedback.

Using the service

Web browser interface
Yes
Using the web interface
Users can manage all aspects of the SentinelOne Singularity Platform via the web interface. There are no components/features that are controlled from outside of this interface.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Users can manage all aspects of the SentinelOne Singularity Platform via the web interface. There are no components/features that are controlled from outside of this interface.
Web interface accessibility testing
SentinelOne is actively working towards achieving WCAG 2.1 Level AA compliance across its platform. This initiative is part of a broader project aimed at updating the Management Console and user-facing documentation to adhere to the WCAG 2.1 Level AA accessibility standards. The project's goals include redesigning certain pages or flows to comply with the WCAG principles of being perceivable, operable, understandable, and robust. Technical improvements are also being implemented, such as enhancing UI elements with focus states, color contrast, and keyboard navigation.
API
Yes
What users can and can't do using the API
The SentinelOne API is a RESTful API and is comprised of 300+ functions to enable 2-way integration with other security products. All APIs are well documented directly within the UI using Swagger API referencing and include facilities for developers to test their code.
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface
Sentinelctl is a command-line interface (CLI) tool that is part of the SentinelOne Agent installation package. It is designed to execute various actions on the SentinelOne Agent, allowing for a degree of control and configuration directly from the command line. This tool is particularly useful for IT administrators and security professionals who need to manage SentinelOne Agents across multiple endpoints.

Scaling

Scaling available
Yes
Scaling type
Automatic
Independence of resources
SentinelOne employs a variety of strategies and technologies to ensure that the demand from other users does not negatively affect a user's experience. Key among these strategies is the use of Amazon Elastic Load Balancing (ELB), which plays a crucial role in managing the distribution of incoming network traffic across multiple servers. This ensures that no single server bears too much load, which can degrade performance. ELB automatically adjusts to incoming application traffic, providing greater levels of fault tolerance and ensuring that applications are highly available.
Usage notifications
No

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
Encryption of all physical media
Data sanitisation process
No
Equipment disposal approach
In-house destruction process

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Cloud server - all data received from SentinelOne agents
  • Cloud server - configurations made within the console
  • Endpoint - Rollback capability gives the ability to restore files
Backup controls
Cloud console backups are taken automatically on a 24 hour basis, this is not user controlled. With regard to the 'rollback' capability for Windows OS devices, this is controlled through vssadmin as part of Group Policy - in terms of the cadence of the backups.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
SentinelOne's Service Level Agreement (SLA) specifies that planned downtime should not exceed six hours a month. This planned downtime is accounted for outside the service availability calculations. SentinelOne measures Singularity Platform Availability in minutes per calendar month, excluding downtime due to force majeure events, issues caused by the customer or third parties, and planned downtime or upgrades requested by the customer.
Approach to resilience
SentinelOne employs a distributed architecture that enhances resilience. The service leverages a Content Delivery Network to improve the performance, reliability, and scalability of content delivery over the internet. By using a network of geographically distributed servers, SentinelOne reduces latency, enhances availability, scales bandwidth, and optimizes content delivery. This not only improves user experience but also contributes to the resilience of the service by ensuring content is accessible even under high demand or potential attack scenarios.
Outage reporting
SentinelOne is committed to transparency and effective communication with its customers, especially in the event of service disruptions. When an outage occurs, SentinelOne employs a multi-channel communication strategy to inform its users promptly. This includes notifications through the SentinelOne platform itself, email alerts to registered users, and updates on the SentinelOne status page, which provides real-time information on system performance and any ongoing issues. Additionally, for significant incidents, SentinelOne may engage directly with affected customers through their account managers to provide personalized updates and support. The goal is to ensure that all users are well-informed about the nature of the outage, the expected resolution time, and any recommended actions they should take. This approach underscores SentinelOne's commitment to maintaining a high level of service availability and customer satisfaction.

Identity and authentication

User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
SentinelOne's Access Control Policy is based on an employee’s job function and role using Least-Privilege and Need-to-Know concepts to match access privileges to defined responsibilities. By default SentinelOne employees are granted only a limited set permissions to access company resources such as email internal portals and HR information and access credentials cannot be shared among authorized personnel. Access to SentinelOne’s data systems is controlled by authentication and authorization mechanisms.
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication
Devices users manage the service through
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • SSAE 18 SOC 2 type II
  • SSAE 18 SOC 2 type II

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
SentinelOne implements and maintains a multi-layer Information Security Management System (ISMS), in accordance with ISO 27002 guidance. To test the implementation of the controls, SentinelOne has retained the auditing services of a top-tier, independent 3rd party auditor and has undergone a SOC 2 Type 2 audit. The ISMS provides for controls at multiple levels of data storage, processing, export and/or deletion, access, and transfer

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
SentinelOne's Information Security Program includes a configuration management plan. The configuration management plan mandates the creation of configuration management procedures by system owners with each procedure required to have a change control process in place.
All changes to systems, including patches, software, and firmware updates and security permission changes, are appropriately tested, and approved by authorized business personnel prior to changes being implemented into production
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Security Vulnerability Management Policy & Patch management standard: detailed process for testing SentinelOne products and corporate systems for security vulnerabilities, reporting of identified vulnerabilities and a corresponding elimination procedure. The vulnerability management program also includes:
Quarterly network vulnerability scans and annual penetration testing process implemented, Application of security patches to production systems on a regular basis;
Updating all software components and operating systems as part of every application/management console major release; Performing Static, Dynamic code analysis & 3rd party library vulnerability scanning before every major release.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
SentinelOne has put in place a security incident management process for managing security incidents that may affect the confidentiality, integrity, or availability of its systems or data, including Customer Data. The process specifies courses of action, procedures for notification, escalation, mitigation, post-mortem investigations after each incident, response process, periodic testing, and documentation. SentinelOne has a dedicated SOC function, which manages & monitors a Security Information & Event Management (SIEM) solution deployed across the organization.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
SentinelOne has put in place a security incident management process for managing security incidents that may affect the confidentiality, integrity, or availability of its systems or data, including Customer Data. The process specifies courses of action, procedures for notification, escalation, mitigation, post-mortem investigations after each incident, response process, periodic testing, and documentation. SentinelOne has a dedicated SOC function, which manages & monitors a Security Information & Event Management (SIEM) solution deployed across the organization.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
VMware
How shared infrastructure is kept separate
Customer accounts and data are kept within seperate clusters within datacentres. This ensures there is no interaction of data between seperate customers and no possibility for one customer to view nother's data.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
https://sustainability.aboutamazon.com/products-services/the-cloud?energyType=true

Social Value

Social Value

Social Value

Wellbeing

Wellbeing

The wellbeing of every pack member is critical to our success. When we’re strong individually, we’re stronger together, and unstoppable as we seek to grow, advance the industry, and carry out our mission to End Cyber Risk.

We want our employees to advance their career and our mission while feeling mentally clear, physically energetic, and connected to the things and people they care about most. Our goal is to encourage a work environment where wellbeing is the foundation that propels our employees forward, not something that has to be sacrificed for them to be successful.

SentinelOne offer focus areas, benefits and tools that focus on Professional enhancements, as well as physical, mental, financial and emotional wellbeing.

Pricing

Price
£25 a unit
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jai@techforce.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.