INTEGRITY360 LIMITED

SentinelONE

Autonomous cybersecurity platform that consolidates security functions across surfaces–endpoint, cloud, and identity–and makes intelligent use of the data natively ingested and through our partner integrations. SentinelOne strives to extend our native detection and response capabilities with XDR integrations to improve workflows and provide more human context to enterprise security teams.

Features

• Realtime-Security for Windows, Windows Legacy, macOS, Linux, Containers, VMs, Mobile
• Automated or one-click remediation and rollback
• Threat triage & investigation
• EPP Control - Device Control, Firewall Control, Remote Shell
• Application inventory and application CVEs
• Native data ingestion from SentinelOne agents
• Open XDR ingestion from any external, non-native source
• Rogue & unsecured device discovery
• Integration into third party tools through Singularity Marketplace
• Built in data collection scripts

Benefits

• Detect and Prevent malicious activity on user/admin controlled devices
• Restore data on devices even when encrypted/deleted
• Investigate malicious/suspicious activity for incident response
• Centrally control endpoint functionality and investigate remotely via console
• Provides risk prioritisation around app and OS vulnerabilities
• Centrally view malicious/suspicious/benign data from devices
• Centrally view and visualise/dashboard data from third party sources
• Find unprotected devices on the network and fingerprint
• Ingest data to contextualise S1-alerts+enable responses in other tools via-S1
• Send one-to-many scripts to devices for data-collection, incident response+actions

£15.00 a licence

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidreviewboard@integrity360.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

926527003410252

Contact

Paul Momirovski
+44 20 3397 3414
bidreviewboard@integrity360.com

Service scope

• Service constraints: Devices require an internet connection to report data into the central management console and to receive configuration changes
• System requirements:
  • Windows/macOS/Linux/ioS/Android/Chrome OS
  • Minimum hardware requirements - different depending on OS
  • Internet connectivity (TCP 443)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Defined by (1) Support package purchased and (2) Priority of the question. Support standard - Urgent - 4 hours/ High - 12 hours/ Normal - 24 hours / Low - 72 Hours. Support Enterprise/Enterprise Pro - Urgent - 1 hour / High - 3 hours/ Normal - 6 hours/ Low - 12 hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support levels: Standard/Enterprise/Enterprise Pro. A technical account manager can be purchased at additional cost.; customers have access to our support portal (community.sentinelone.com) which is a fully fledged support function using a ticketing system with priorities and email integration. Different SLAs are in place depending on the if the customer has purchased Standard Response, or Response Enterprise/Enterprise Pro , full details at https://www.sentinelone.com/legal/support-terms/. Customers can manage the priority of their support tickets at time of creation and throughout.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Guided onboarding via our SentinelGO team. Comprehensive documentation including 'Getting Started with the SentinelOne platform - deployment, configuration, best practices etc
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: At the end of a contract, SentinelOne facilitates data extraction through a structured process. The process involves defining an API contract for exporting product data, which must cover data format, schema, and export location. This standard ensures that all data from a specific export run is organized in a dedicated directory within an S3 bucket, allowing for transparent processing and avoiding data conflicts. The extraction is performed by a service, referred to as the Producer, which operates on a scheduled basis (e.g., as a cron job) on either VM or Kubernetes. This service requests the contract from a contract service and executes the necessary SQL queries to produce the output data in the specified Parquet file format, including the columns and their types.
• End-of-contract process: SentinelOne provides technical support and guidance throughout the data extraction process. Once the data extraction is complete, both parties may need to perform final actions such as confirming the deletion of customer data from SentinelOne systems, finalizing any outstanding financial transactions, and conducting exit interviews or surveys to gather feedback.

Using the service

• Web browser interface: Yes
• Using the web interface: Users can manage all aspects of the SentinelOne Singularity Platform via the web interface. There are no components/features that are controlled from outside of this interface.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: SentinelOne is actively working towards achieving WCAG 2.1 Level AA compliance across its platform. This initiative is part of a broader project aimed at updating the Management Console and user-facing documentation to adhere to the WCAG 2.1 Level AA accessibility standards. The project's goals include redesigning certain pages or flows to comply with the WCAG principles of being perceivable, operable, understandable, and robust. Technical improvements are also being implemented, such as enhancing UI elements with focus states, color contrast, and keyboard navigation.
• Web interface accessibility testing: SentinelOne is actively working towards achieving WCAG 2.1 Level AA compliance across its platform. This initiative is part of a broader project aimed at updating the Management Console and user-facing documentation to adhere to the WCAG 2.1 Level AA accessibility standards. The project's goals include redesigning certain pages or flows to comply with the WCAG principles of being perceivable, operable, understandable, and robust. Technical improvements are also being implemented, such as enhancing UI elements with focus states, color contrast, and keyboard navigation.
• API: Yes
• What users can and can't do using the API: The SentinelOne API is a RESTful API and is comprised of 300+ functions to enable 2-way integration with other security products. All APIs are well documented directly within the UI using Swagger API referencing and include facilities for developers to test their code.
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: Sentinelctl is a command-line interface (CLI) tool that is part of the SentinelOne Agent installation package. It is designed to execute various actions on the SentinelOne Agent, allowing for a degree of control and configuration directly from the command line. This tool is particularly useful for IT administrators and security professionals who need to manage SentinelOne Agents across multiple endpoints.

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: SentinelOne employs a variety of strategies and technologies to ensure that the demand from other users does not negatively affect a user's experience. Key among these strategies is the use of Amazon Elastic Load Balancing (ELB), which plays a crucial role in managing the distribution of incoming network traffic across multiple servers. This ensures that no single server bears too much load, which can degrade performance. ELB automatically adjusts to incoming application traffic, providing greater levels of fault tolerance and ensuring that applications are highly available.
• Usage notifications: No

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: SentinelONE

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: Encryption: SentinelOne enforces encryption for data at rest to safeguard sensitive and confidential information. ; Client-side Encryption: Allows for complete control over the encryption and decryption process, including managing keys, algorithms, libraries, and compute resources. This method ensures that client-side master keys and unencrypted data are never sent to AWS, emphasizing the importance of securely managing encryption keys to prevent data loss.; Server-side Encryption: Implemented as a storage class within S3 for long-term data storage. Data can be transitioned to the S3 Glacier storage class for more flexible encryption options compared to standalone Glacier vaults.
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Cloud server - all data received from SentinelOne agents
  • Cloud server - configurations made within the console
  • Endpoint - Rollback capability gives the ability to restore files
• Backup controls: Cloud console backups are taken automatically on a 24 hour basis, this is not user controlled. With regard to the 'rollback' capability for Windows OS devices, this is controlled through vssadmin as part of Group Policy - in terms of the cadence of the backups.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Industry standard AES-256 cipher
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Industry standard AES-256 cipher

Availability and resilience

• Guaranteed availability: SentinelOne's Service Level Agreement (SLA) specifies that planned downtime should not exceed six hours a month. This planned downtime is accounted for outside the service availability calculations. SentinelOne measures Singularity Platform Availability in minutes per calendar month, excluding downtime due to force majeure events, issues caused by the customer or third parties, and planned downtime or upgrades requested by the customer.
• Approach to resilience: SentinelOne employs a distributed architecture that enhances resilience. The service leverages a Content Delivery Network to improve the performance, reliability, and scalability of content delivery over the internet. By using a network of geographically distributed servers, SentinelOne reduces latency, enhances availability, scales bandwidth, and optimizes content delivery. This not only improves user experience but also contributes to the resilience of the service by ensuring content is accessible even under high demand or potential attack scenarios.
• Outage reporting: SentinelOne is committed to transparency and effective communication with its customers, especially in the event of service disruptions. When an outage occurs, SentinelOne employs a multi-channel communication strategy to inform its users promptly. This includes notifications through the SentinelOne platform itself, email alerts to registered users, and updates on the SentinelOne status page, which provides real-time information on system performance and any ongoing issues. Additionally, for significant incidents, SentinelOne may engage directly with affected customers through their account managers to provide personalized updates and support. The goal is to ensure that all users are well-informed about the nature of the outage, the expected resolution time, and any recommended actions they should take. This approach underscores SentinelOne's commitment to maintaining a high level of service availability and customer satisfaction.

Identity and authentication

• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: SentinelOne's Access Control Policy is based on an employee’s job function and role using Least-Privilege and Need-to-Know concepts to match access privileges to defined responsibilities. By default SentinelOne employees are granted only a limited set permissions to access company resources such as email internal portals and HR information and access credentials cannot be shared among authorized personnel. Access to SentinelOne’s data systems is controlled by authentication and authorization mechanisms
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SSAE 18 SOC 2 type II

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: SSAE 18 SOC 2 type II
• Information security policies and processes: SentinelOne implements and maintains a multi-layer Information Security Management System (ISMS), in accordance with ISO 27002 guidance. To test the implementation of the controls, SentinelOne has retained the auditing services of a top-tier, independent 3rd party auditor and has undergone a SOC 2 Type 2 audit. The ISMS provides for controls at multiple levels of data storage, processing, export and/or deletion, access, and transfer

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: SentinelOne's Information Security Program includes a configuration management plan. The configuration management plan mandates the creation of configuration management procedures by system owners with each procedure required to have a change control process in place.; All changes to systems, including patches, software, and firmware updates and security permission changes, are appropriately tested, and approved by authorized business personnel prior to changes being implemented into production.; Change-management flow exists and is governed by R&D Project Managers. No change to planned content shall occur without the assessment of the Change Management committee which includes Product Managers, Project Managers. R&D management, and Information-Security.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Security Vulnerability Management Policy & Patch management standard: detailed process for testing SentinelOne products and corporate systems for security vulnerabilities, reporting of identified vulnerabilities and a corresponding elimination procedure. The vulnerability management program also includes:; Quarterly network vulnerability scans and annual penetration testing process implemented, Application of security patches to production systems on a regular basis;; Updating all software components and operating systems as part of every application/management console major release; Performing Static, Dynamic code analysis & 3rd party library vulnerability scanning before every major release.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: SentinelOne has put in place a security incident management process for managing security incidents that may affect the confidentiality, integrity, or availability of its systems or data, including Customer Data. The process specifies courses of action, procedures for notification, escalation, mitigation, post-mortem investigations after each incident, response process, periodic testing, and documentation. SentinelOne has a dedicated SOC function, which manages & monitors a Security Information & Event Management (SIEM) solution deployed across the organization.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: SentinelOne has put in place a security incident management process for managing security incidents that may affect the confidentiality, integrity, or availability of its systems or data, including Customer Data. The process specifies courses of action, procedures for notification, escalation, mitigation, post-mortem investigations after each incident, response process, periodic testing, and documentation. SentinelOne has a dedicated SOC function, which manages & monitors a Security Information & Event Management (SIEM) solution deployed across the organization.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Other
• Other virtualisation technology used: Customer accounts and data are kept within seperate clusters within datacentres. This ensures there is no interaction of data between seperate customers and no possibility for one customer to view another's data.
• How shared infrastructure is kept separate: Customer accounts and data are kept within seperate clusters within datacentres. This ensures there is no interaction of data between seperate customers and no possibility for one customer to view another's data.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: https://sustainability.aboutamazon.com/products-services/the-cloud?energyType=true

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  SentinelONE have been recognised for their Equal Opportunities programs including Gender Neutral Parental-Leave, Life Assurance. ; They're recognised as a Workplace of Choice for Mothers 2023.; Fortune Best Workplaces for : Millennials, Technology, Medium Workplaces.

Pricing

• Price: £15.00 a licence
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Full solution provided, for customer testing, typically over 2-4 weeks.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidreviewboard@integrity360.com. Tell them what format you need. It will help if you say what assistive technology you use.