RAZOR THORN SECURITY LTD

Extended Detection and Response (XDR) - SentinelOne

Autonomous cybersecurity platform that consolidates security functions across surfaces-endpoints, cloud, identity, and makes intelligent use of partner integrations. SentinelOne strives to extend our native detection and response capabilities with XDR integrations to improve workflows and provide more human context to enterprise security teams.

Features

• Realtime security for Window/Windows Legacy, macOS, Linux, Containers, VMs, Mobile.
• Automated or one-click remediation and rollback.
• Threat triage & investigation.
• EPP control - Device control, firewall control, remote shell.
• Application inventory and application CVEs.
• Native data ingestion from SentinelOne agents.
• Open XDR ingestion from any external, non-active sources.
• Rogue & unsecured device discovery.
• Built in data collection scripts.

Benefits

• Detect and Prevent malicious activity on user/admin controlled devices.
• Restore data on devices even when encrypted/deleted.
• Investigate malicious/suspicious activity for incident response.
• Centrally control endpoint functionality and investigate remotely via console.
• Provides risk prioritisation around app and OS vulnerabilities.
• Centrally view malicious/suspicious/benign data from devices.
• Centrally view and visualise/dashboard data from third party sources.
• Find unprotected devices on the network and fingerprint.
• Ingest data to contextualise S1-alerts/enable responses in other tools via-S1.
• Send one-to-many scripts to devices for data collection, incident-response +actions.

£15 a user

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sophia.durham@razorthorn.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

987929716758244

Contact

Sophia Durham
+447470334993
sophia.durham@razorthorn.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No.
• System requirements:
  • One licence per device (EEP/EDR).
  • One licence per user (identity).
  • Minimum operating specs for those devices (different per OS).

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Defined by (1) Support package purchased and (2) Priority of the question. Support standard - Urgent - 4 hours/ High - 12 hours/ Normal - 24 hours / Low - 72 Hours. Support Enterprise/Enterprise Pro - Urgent - 1 hour / High - 3 hours/ Normal - 6 hours/ Low - 12 hour.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Support levels: Standard/Enterprise/Enterprise Pro. A technical account manager can be purchased at additional cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Guided onboarding via our SentinelGO team. Comprehensive documentation including 'Getting Started with the SentinelOne platform - deployment, configuration, best practices etc.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: SentinelOne is actively working towards updating its Management Console and user-facing documentation to comply with WCAG 2.1 Level AA accessibility standards. This effort is part of a broader project aimed at enhancing accessibility across the platform, with a focus on making the software perceivable, operable, understandable, and robust, in line with WCAG principles. The project includes technical updates such as improving UI focus states, colour contrast, keyboard navigation, and more. Additionally, the documentation and pages are being prepared for future localization by externalising text strings and ensuring they are covered with Playwright tests to validate accessibility.
• End-of-contract process: SentinelOne provides technical support and guidance throughout the data extraction process. Once the data extraction is complete, both parties may need to perform final actions such as confirming the deletion of customer data from SentinelOne systems, finalising any outstanding financial transactions, and conducting exit interviews or surveys to gather feedback.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • Windows
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The key differences between SentinelOne's mobile and desktop solutions primarily revolve around their approach to addressing the unique security challenges and operational environments of mobile versus desktop endpoints. SentinelOne's mobile threat defence (MTD) focuses on the increased attack surface presented by mobile devices, offering advanced security features designed to protect against zero-day and zero-click vulnerabilities, rogue networks, and complex mobile malware. This is in contrast to the desktop solution, which may deal more with traditional threats and system vulnerabilities.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: There is a separate service interface for mobile device accessed on a separate URL but hyperlinked from the 'primary' SentinelOne Singularity Management platform. This separate interface allows for the management and configuration of mobile devices and policies. Data from this separate service interface can be ingested into the Singularity Data Lake.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: The SentinelOne API is a RESTful API and is comprised of 300+ functions to enable 2-way integration with other security products. All APIs are well documented directly within the UI using Swagger API referencing and include facilities for developers to test their code.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: In terms of the console, the customer can customise dashboards and reporting around data coming from SentinelOne agents. This is managed within the SentinelOne management console. Those with administrative access to the console can customise.

Scaling

• Independence of resources: SentinelOne employs a variety of strategies and technologies to ensure that the demand from other users does not negatively affect a user's experience. Key among these strategies is the use of Amazon Elastic Load Balancing (ELB), which plays a crucial role in managing the distribution of incoming network traffic across multiple servers. This ensures that no single server bears too much load, which can degrade performance. ELB automatically adjusts to incoming application traffic, providing greater levels of fault tolerance and ensuring that applications are highly available.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: SentinelOne.

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Threat Data - via SYSLOG, All process data - via S3 bucket into SIEM. Console data via CSV or API.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • SYSLOG
  • API
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: SentinelOne's Service Level Agreement (SLA) specifies that planned downtime should not exceed six hours a month. This planned downtime is accounted for outside the service availability calculations. SentinelOne measures Singularity Platform Availability in minutes per calendar month, excluding downtime due to force majeure events, issues caused by the customer or third parties, and planned downtime or upgrades requested by the customer.
• Approach to resilience: SentinelOne employs a distributed architecture that enhances resilience. The service leverages a Content Delivery Network to improve the performance, reliability, and scalability of content delivery over the internet. By using a network of geographically distributed servers, SentinelOne reduces latency, enhances availability, scales bandwidth, and optimises content delivery. This not only improves user experience but also contributes to the resilience of the service by ensuring content is accessible even under high demand or potential attack scenarios.
• Outage reporting: SentinelOne is committed to transparency and effective communication with its customers, especially in the event of service disruptions. When an outage occurs, SentinelOne employs a multi-channel communication strategy to inform its users promptly. This includes notifications through the SentinelOne platform itself, email alerts to registered users, and updates on the SentinelOne status page, which provides real-time information on system performance and any ongoing issues. Additionally, for significant incidents, SentinelOne may engage directly with affected customers through their account managers to provide personalised updates and support. The goal is to ensure that all users are well-informed about the nature of the outage, the expected resolution time, and any recommended actions they should take. This approach underscores SentinelOne's commitment to maintaining a high level of service availability and customer satisfaction.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: SentinelOne's Access Control Policy is based on an employee’s job function and role using Least-Privilege and Need-to-Know concepts to match access privileges to defined responsibilities. By default SentinelOne employees are granted only a limited set permissions to access company resources such as email internal portals and HR information and access credentials cannot be shared among authorized personnel. Access to SentinelOne’s data systems is controlled by authentication and authorization mechanisms.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Other
• Description of management access authentication: SSO.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SSAE 18.
  • SOC Type Two

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: SSAE SOC 2 Type II.
• Information security policies and processes: SentinelOne implements and maintains a multi-layer Information Security Management System (ISMS), in accordance with ISO 27002 guidance. To test the implementation of the controls, SentinelOne has retained the auditing services of a top-tier, independent 3rd party auditor and has undergone a SOC 2 Type 2 audit. The ISMS provides for controls at multiple levels of data storage, processing, export and/or deletion, access, and transfer.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: SentinelOne's Information Security Program includes a configuration management plan. The configuration management plan mandates the creation of configuration management procedures by system owners with each procedure required to have a change control process in place.; ; All changes to systems, including patches, software, and firmware updates and security permission changes, are tested, approved by authorised personnel prior to changes being implemented into production.; ; Change management flow exists and is governed by R&D Project Managers. No change to planned content shall occur without the assessment of the Change Management committee. Operational and security impacts are considered for all changes.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Security Vulnerability Management Policy & Patch management standard: detailed process for testing SentinelOne products and corporate systems for security vulnerabilities, reporting of identified vulnerabilities and a corresponding elimination procedure. The vulnerability management program also includes:; ; Quarterly network vulnerability scans and annual penetration testing process implemented, Application of security patches to production systems on a regular basis.; ; Updating all software components and operating systems as part of every application/management console major release; Performing Static, Dynamic code analysis & 3rd party library vulnerability scanning before every major release.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: SentinelOne has put in place a security incident management process for managing security incidents that may affect the confidentiality, integrity, or availability of its systems or data, including Customer Data. The process specifies courses of action, procedures for notification, escalation, mitigation, post-mortem investigations after each incident, response process, periodic testing, and documentation. SentinelOne has a dedicated SOC function, which manages & monitors a Security Information & Event Management (SIEM) solution deployed across the organization.
• Incident management type: Supplier-defined controls
• Incident management approach: SentinelOne has put in place a security incident management process for managing security incidents that may affect the confidentiality, integrity, or availability of its systems or data, including Customer Data. The process specifies courses of action, procedures for notification, escalation, mitigation, post-mortem investigations after each incident, response process, periodic testing, and documentation. SentinelOne has a dedicated SOC function, which manages & monitors a Security Information & Event Management (SIEM) solution deployed across the organisation.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  "Razorthorn is dedicated to combating climate change and has set a bold target of achieving Net Zero emissions by 2025. To fulfil this commitment, we prioritise tangible reductions in emissions through collaborative efforts with key suppliers and empowering our team to make climate-conscious travel decisions.; ; As a socially responsible business, Razorthorn upholds the highest standards of ethics and professionalism. Our efforts fall into two main categories: compliance and proactiveness. Compliance entails adhering to legal obligations and community values, while proactiveness involves initiatives to promote human rights, support communities, and safeguard the environment.; In addition to meeting legal requirements, we actively engage in environmental protection initiatives such as recycling, energy conservation, and adoption of eco-friendly technologies. We are in the process of aligning our operations with ISO 14001 standards for Environmental Management to continually improve our environmental performance.; Razorthorn is committed to delivering further environmental benefits, including striving towards net zero greenhouse gas emissions, as part of our ongoing contract performance."

  Covid-19 recovery

  Razorthorn's mission is to enhance workplace conditions for COVID-19 recovery, emphasising social distancing, remote work, and sustainable travel. Our G Cloud 14 services aid organisations in managing and rebounding from COVID-19 impacts, promoting remote service delivery to mitigate transmission risks. We support remote work and enforce social distancing in offices, with travel following the most recent COVID-19 guidelines.

  Tackling economic inequality

  Razorthorn actively tackles economic inequality by strengthening supply chains and managing cyber security risks in contracts. We promote innovation in supply chains for cost-effective, high-quality goods. Our social responsibility drives us to support local charities, nurture future security professionals, and address regional inequality through inclusive recruitment and skill development initiatives.

  Equal opportunity

  Razorthorn is dedicated to detecting, managing, and mitigating modern slavery risks within contract delivery and supply chains. We actively combat employment, skills, and pay disparities within our workforce. Our firm adheres to rigorous 'Equal Opportunity' and 'Equality and Diversity' policies, ensuring fair treatment across all engagements.

  Wellbeing

  Razorthorn is deeply committed to safeguarding and promoting the physical and mental health and well-being of our workforce. Our support begins with the initial recruitment process and extends throughout every working day within the organisation. For team members facing challenges such as disabilities, mental health conditions, or caring responsibilities, we have an established network that offers a supportive environment to connect with peers, seek advice, and share experiences.

Pricing

• Price: £15 a user
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Full solution provided, for customer testing, typically over 2-4 weeks.
• Link to free trial: Via Razorthorn team.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sophia.durham@razorthorn.com. Tell them what format you need. It will help if you say what assistive technology you use.