RAZOR THORN SECURITY LTD

Extended Detection and Response (XDR) - SentinelOne

Autonomous cybersecurity platform that consolidates security functions across surfaces–endpoint, cloud, and identity–and makes intelligent use of the data natively ingested and through our partner integrations. SentinelOne strives to extend our native detection and response capabilities with XDR integrations to improve workflows and provide more human context to enterprise security teams.

Features

• Realtime Security for Windows/Windows Legacy, macOS, Linux, Containers, VMs, Mobile.
• Automated or one-click remediation and rollback.
• Threat triage & investigation.
• EPP Control - Device Control, Firewall Control, Remote Shell.
• Application inventory and application CVEs.
• Native data ingestion from SentinelOne agents.
• Open XDR ingestion from any external, non-native source.
• Rogue & unsecured device discovery.
• Integration into third party tools through Singularity Marketplace.
• Built in data collection scripts.

Benefits

• Detect/Prevent malicious activity on user and admin controlled devices.
• Restore data on devices even when encrypted/deleted.
• Investigate malicious/suspicious activity for incident response.
• Centrally control endpoint functionality and investigate remotely via console.
• Provides risk prioritisation around app and OS vulnerabilities.
• Centrally view malicious/suspicious/benign data from devices.
• Centrally view and visualise/dashboard data from third party sources.
• Find unprotected devices on the network and fingerprint.
• Ingest data to contextualise-S1 alerts/enable responses in other tools via-S1.
• Send one-to-many scripts to devices for data collection/incident response +actions.

£15 a user

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sophia.durham@razorthorn.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

678120341911369

Contact

Sophia Durham
+447470334993
sophia.durham@razorthorn.com

Service scope

• Service constraints: Devices require an internet connection to report data into the central management console and to receive configuration changes.
• System requirements:
  • Supported Operating System (Windows/macOS/Linux/ioS/Android/Chrome OS)
  • Minimum hardware requirements - different depending on OS.
  • Internet connectivity (TCP 443).

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Defined by (1) Support package purchased and (2) Priority of the question. Support standard - Urgent - 4 hours/ High - 12 hours/ Normal - 24 hours / Low - 72 Hours. Support Enterprise/Enterprise Pro - Urgent - 1 hour / High - 3 hours/ Normal - 6 hours/ Low - 12 hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Support levels: Standard/Enterprise/Enterprise Pro. A technical account manager can be purchased at additional cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Guided onboarding via our SentinelGO team. Comprehensive documentation including 'Getting Started with the SentinelOne platform - deployment, configuration, best practices etc.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: At the end of a contract, SentinelOne facilitates data extraction through a structured process. The process involves defining an API contract for exporting product data, which must cover data format, schema, and export location. This standard ensures that all data from a specific export run is organised in a dedicated directory within an S3 bucket, allowing for transparent processing and avoiding data conflicts. The extraction is performed by a service, referred to as the Producer, which operates on a scheduled basis (e.g., as a cron job) on either VM or Kubernetes. This service requests the contract from a contract service and executes the necessary SQL queries to produce the output data in the specified Parquet file format, including the columns and their types.
• End-of-contract process: SentinelOne provides technical support and guidance throughout the data extraction process. Once the data extraction is complete, both parties may need to perform final actions such as confirming the deletion of customer data from SentinelOne systems, finalizing any outstanding financial transactions, and conducting exit interviews or surveys to gather feedback.

Using the service

• Web browser interface: Yes
• Using the web interface: Users can manage all aspects of the SentinelOne Singularity Platform via the web interface. There are no components/features that are controlled from outside of this interface.
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: The SentinelOne API is a RESTful API and is comprised of 300+ functions to enable 2-way integration with other security products. All APIs are well documented directly within the UI using Swagger API referencing and include facilities for developers to test their code.
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
  • Other
• Using the command line interface: Sentinelctl is a command-line interface (CLI) tool that is part of the SentinelOne Agent installation package. It is designed to execute various actions on the SentinelOne Agent, allowing for a degree of control and configuration directly from the command line. This tool is particularly useful for IT administrators and security professionals who need to manage SentinelOne Agents across multiple endpoints.

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: SentinelOne employs a variety of strategies and technologies to ensure that the demand from other users does not negatively affect a user's experience. Key among these strategies is the use of Amazon Elastic Load Balancing (ELB), which plays a crucial role in managing the distribution of incoming network traffic across multiple servers. This ensures that no single server bears too much load, which can degrade performance. ELB automatically adjusts to incoming application traffic, providing greater levels of fault tolerance and ensuring that applications are highly available.
• Usage notifications: No

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: SentinelOne.

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Cloud server - all data received from SentinelOne agents.
  • Cloud server - configurations made within the console.
  • Endpoint - Rollback capability gives the ability to restore files.
• Backup controls: Cloud console backups are taken automatically on a 24 hour basis, this is not user controlled. With regard to the 'rollback' capability for Windows OS devices, this is controlled through vssadmin as part of Group Policy - in terms of the cadence of the backups.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: SentinelOne's Service Level Agreement (SLA) specifies that planned downtime should not exceed six hours a month. This planned downtime is accounted for outside the service availability calculations. SentinelOne measures Singularity Platform Availability in minutes per calendar month, excluding downtime due to force majeure events, issues caused by the customer or third parties, and planned downtime or upgrades requested by the customer.
• Approach to resilience: SentinelOne employs a distributed architecture that enhances resilience. The service leverages a Content Delivery Network to improve the performance, reliability, and scalability of content delivery over the internet. By using a network of geographically distributed servers, SentinelOne reduces latency, enhances availability, scales bandwidth, and optimizes content delivery. This not only improves user experience but also contributes to the resilience of the service by ensuring content is accessible even under high demand or potential attack scenarios.
• Outage reporting: SentinelOne is committed to transparency and effective communication with its customers, especially in the event of service disruptions. When an outage occurs, SentinelOne employs a multi-channel communication strategy to inform its users promptly. This includes notifications through the SentinelOne platform itself, email alerts to registered users, and updates on the SentinelOne status page, which provides real-time information on system performance and any ongoing issues. Additionally, for significant incidents, SentinelOne may engage directly with affected customers through their account managers to provide personalized updates and support. The goal is to ensure that all users are well-informed about the nature of the outage, the expected resolution time, and any recommended actions they should take. This approach underscores SentinelOne's commitment to maintaining a high level of service availability and customer satisfaction.

Identity and authentication

• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: SentinelOne's Access Control Policy is based on an employee’s job function and role using Least-Privilege and Need-to-Know concepts to match access privileges to defined responsibilities. By default SentinelOne employees are granted only a limited set permissions to access company resources such as email internal portals and HR information and access credentials cannot be shared among authorised personnel. Access to SentinelOne’s data systems is controlled by authentication and authorization mechanisms.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SSAE 18
  • SOC 2 Type Two

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: SSAE 18 SOC 2 type II.
• Information security policies and processes: SentinelOne implements and maintains a multi-layer Information Security Management System (ISMS), in accordance with ISO 27002 guidance. To test the implementation of the controls, SentinelOne has retained the auditing services of a top-tier, independent 3rd party auditor and has undergone a SOC 2 Type 2 audit. The ISMS provides for controls at multiple levels of data storage, processing, export and/or deletion, access, and transfer.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: SentinelOne's Information Security Program includes a configuration management plan. The configuration management plan mandates the creation of configuration management procedures by system owners with each procedure required to have a change control process in place.; ; All changes to systems, including patches, software, and firmware updates and security permission changes, are appropriately tested, and approved by authorised business personnel prior to changes being implemented into production.; ; Change management flow exists and is governed by R&D Project Managers. No change to planned content shall occur without the assessment of the Change Management committee. Operational and security impacts are considered for all changes.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Security Vulnerability Management Policy & Patch management standard: detailed process for testing SentinelOne products and corporate systems for security vulnerabilities, reporting of identified vulnerabilities and a corresponding elimination procedure. The vulnerability management program also includes:; ; Quarterly network vulnerability scans and annual penetration testing process implemented, Application of security patches to production systems on a regular basis.; ; Updating all software components and operating systems as part of every application/management console major release; Performing Static, Dynamic code analysis & 3rd party library vulnerability scanning before every major release.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: SentinelOne has put in place a security incident management process for managing security incidents that may affect the confidentiality, integrity, or availability of its systems or data, including Customer Data. The process specifies courses of action, procedures for notification, escalation, mitigation, post-mortem investigations after each incident, response process, periodic testing, and documentation. SentinelOne has a dedicated SOC function, which manages & monitors a Security Information & Event Management (SIEM) solution deployed across the organisation.
• Incident management type: Supplier-defined controls
• Incident management approach: SentinelOne has put in place a security incident management process for managing security incidents that may affect the confidentiality, integrity, or availability of its systems or data, including Customer Data. The process specifies courses of action, procedures for notification, escalation, mitigation, post-mortem investigations after each incident, response process, periodic testing, and documentation. SentinelOne has a dedicated SOC function, which manages & monitors a Security Information & Event Management (SIEM) solution deployed across the organisation.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Other
• Other virtualisation technology used: N/A
• How shared infrastructure is kept separate: Customer accounts and data are kept within separate clusters within datacentres. This ensures there is no interaction of data between separate customers and no possibility for one customer to view another's data.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: https://sustainability.aboutamazon.com/products-services/the-cloud?energyType=true

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  "Razorthorn is dedicated to combating climate change and has set a bold target of achieving Net Zero emissions by 2025. To fulfil this commitment, we prioritise tangible reductions in emissions through collaborative efforts with key suppliers and empowering our team to make climate-conscious travel decisions.; ; As a socially responsible business, Razorthorn upholds the highest standards of ethics and professionalism. Our efforts fall into two main categories: compliance and proactiveness. Compliance entails adhering to legal obligations and community values, while proactiveness involves initiatives to promote human rights, support communities, and safeguard the environment.; In addition to meeting legal requirements, we actively engage in environmental protection initiatives such as recycling, energy conservation, and adoption of eco-friendly technologies. We are in the process of aligning our operations with ISO 14001 standards for Environmental Management to continually improve our environmental performance.; Razorthorn is committed to delivering further environmental benefits, including striving towards net zero greenhouse gas emissions, as part of our ongoing contract performance."

  Covid-19 recovery

  Razorthorn's mission is to enhance workplace conditions for COVID-19 recovery, emphasising social distancing, remote work, and sustainable travel. Our G Cloud 14 services aid organisations in managing and rebounding from COVID-19 impacts, promoting remote service delivery to mitigate transmission risks. We support remote work and enforce social distancing in offices, with travel following the most recent COVID-19 guidelines.

  Tackling economic inequality

  Razorthorn actively tackles economic inequality by strengthening supply chains and managing cyber security risks in contracts. We promote innovation in supply chains for cost-effective, high-quality goods. Our social responsibility drives us to support local charities, nurture future security professionals, and address regional inequality through inclusive recruitment and skill development initiatives.

  Equal opportunity

  Razorthorn is dedicated to detecting, managing, and mitigating modern slavery risks within contract delivery and supply chains. We actively combat employment, skills, and pay disparities within our workforce. Our firm adheres to rigorous 'Equal Opportunity' and 'Equality and Diversity' policies, ensuring fair treatment across all engagements.

  Wellbeing

  Razorthorn is deeply committed to safeguarding and promoting the physical and mental health and well-being of our workforce. Our support begins with the initial recruitment process and extends throughout every working day within the organisation. For team members facing challenges such as disabilities, mental health conditions, or caring responsibilities, we have an established network that offers a supportive environment to connect with peers, seek advice, and share experiences.

Pricing

• Price: £15 a user
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Full solution provided, for customer testing, typically over 2-4 weeks.
• Link to free trial: Via Razorthorn team.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sophia.durham@razorthorn.com. Tell them what format you need. It will help if you say what assistive technology you use.