<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">

Datashield's Resource Library

Read all of our news, articles, reviews, and more in our company blog

All Posts

SentinelOne: Security Compliance

sentinelone compliance and reporting

SentinelOne’s cloud Endpoint Protection Platform (EPP) not only provides advanced alerting and threat detection but also provides security reporting and compliance for PCI DSS, HITECH Act and HIPAA.

They have a dedicated security team that oversees their Information Security Program. The team focuses on:

  • high-quality network security
  • application security
  • identity and access controls
  • change management
  • vulnerability management and third-party pentesting
  • log/event management
  • vendor risk management
  • physical security
  • endpoint security
  • governance and compliance
  • people/HR security
  • disaster recovery

Their servers are protected, and scans are performed regularly and complete penetration tests occur yearly.

Additionally, SentinelOne ensures customer data is processed and stored specific locations known to the customer with restricted access to “need to know” principles. Their data is also monitored and audited for compliance.

The company uses Transport Layer Security (TLS) encryption for all customer data transfers, and customers can elect to have all data encrypted at rest.

Their solutions are hosted by Amazon Web Services (AWS), which is independently audited using ISO 27001 Standard and SOC 3 Type II standards.

SentinelOne also reports working on a Federal Risk and Authorization Management Program (FedRAMP) compliance program with Moderate Authority to Operate (Moderate ATO).


2019 Tevora Report

SentinelOne retained Tevora, a security and risk management consulting firm to perform an independent evaluation of their platform. The third party performed an in-depth evaluation of the SentinelOne Platform core features: sophisticated multi-layered protection, detection, visibility, investigation, remediation, and automation.

Tevora is a PCI Qualified Security Assessor (QSA) and HITRUST Assessor. The report was held to PCI DSS version 3.2.1 Requirement 5 and HIPAA Security Rule Requirements 164.308(a)(1), 164.308(a)(5)(ii)(B), and 164.308(a)(6)(ii).


Four Key Compliance Features

SentinelOne lists these four features of their platform as key components to fulfilling compliance requirements:

  • Endpoint Protection Platform (EPP): Launched during pre-execution of processes to prevent attacks
  • ActiveEDR: Using TrueContext technology, triggers on-execution to track, identify, correlate, contain, and remediate potentially malicious activity
  • Device Control, Firewall Control, Vulnerability Management
  • Advanced Threat Hunting Tools and Techniques


Automation Capabilities

A central feature of the platform is the use of intelligent automation to reduce risk and increase efficiency. Full endpoint automation minimizes response time, reduces the need for manual SOC intervention, and minimizes disruption to end-user productivity.

Automation is facilitated by over 300 APIs developed by SentinelOne which allow for the integration of its platform with various SIEM tools. Logging and monitoring is available and can be configured easily for businesses with nearly any technical architecture.



  • Samples of malware were downloaded into a test environment. The platform immediately triggered an alert and the payload was quarantined. Activity reports highlighted the complete narrative, including the source and how the malware was introduced to the system, which services it attempted to call upon and what files were launched and targeted. After quarantine the malware was encrypted with an administrator-defined password, if the file is required to be maintained.
  • ActiveEDR was a valuable feature for identifying anomalous behavior with its automatic SOC functionality, zero-day and uncommonly known vulnerabilities were detected without reliance on virus signatures or definitions. The functionality also provided automated investigation, orchestration, containment, and remediation capabilities with respect to previously unknown and uncommonly known threats.
  • Endpoints report to the platform’s management console every 10 seconds to keep virus hashes as current as possible. Background system scans run continuously and may be configured to run at any time interval or even during file downloads or transfers. Logs are available to administrators on the management console and are encrypted with AES-256 to maintain log integrity.
  • The management console provided anti-tamper functionality that prevented deactivation and tampering by default. Tevora verified the feature prevented the end-user from seeing anything besides the active status of the platform.

Overall, Tevora found that SentinelOne’s Endpoint Protection Platform provides a robust endpoint protection solution that is capable of satisfying PCI DSS and HIPAA compliance requirements.


The Datashield Difference

SentinelOne is just the first line of defense when protecting your organization’s endpoints and providing security and compliance. Datashield has helped our clients create leading cloud-native security architecture, perform advanced tool tuning, and deploy custom runbooks to help SentinelOne’s software run even better.

Powerful tools only work as well as the people wielding them. Datashield has a direct partnership with SentinelOne, unparalleled deployment process, and integration with our leading orchestration and automation tool SHIELDVision.

Our security experts take the time to fully understand your organization’s operations, security goals, and compliance and reporting requirements.

If your organization is considering implementing SentinelOne, make sure you partner with the best in managed security service providers. Datashield has been a part of the industry for over a decade and is still on the forefront of cybersecurity solutions.

Contact us today.


Topics from this Article

Endpoint Detection and Response, Compliance, HIPAA, PCI DSS, EDR, SentinelOne, Malware

Cassidy Trowbridge
Cassidy Trowbridge
Cassidy is a marketing specialist at Datashield. She manages Datashield's content and social marketing strategies.

Related Posts

Top 5 Most Popular Cybersecurity Certifications

The cybersecurity analyst has become the third most valuable job description in the technology industry. The increasing security incidents to IT infrastructure, the demand for accountability from end-users, and the financial cost of successful breaches are significant reasons enterprises and startups are taking cybersecurity seriously. Ambitious professionals who choose a career in IT security are reaping the benefits of securing operating systems and deployed IT infrastructure.

What is Ransomware?

Ransomware is a form of malware cybercriminals use to encrypt data stored in computers or online servers. Cybercriminals demand payment to release the encryption key blocking the user from accessing the encrypted data. Payment is typically made through diverse mediums, including digital currency like Bitcoin. Once payment has been made, the victim is generally provided with instructions on decrypting their data.

Datashield Announces Partnership with Bishop Fox

Two cybersecurity powerhouses partner to provide defensive and offensive security services to boost enterprise companies’ security posture. Scottsdale, Ariz.— Datashield, a Scottsdale-based cybersecurity company, recently inked its partnership with offensive security services firm Bishop Fox. Both companies are based in Arizona and provide outsourced cybersecurity services to top Fortune 500 companies.