They have a dedicated security team that oversees their Information Security Program. The team focuses on:
- high-quality network security
- application security
- identity and access controls
- change management
- vulnerability management and third-party pentesting
- log/event management
- vendor risk management
- physical security
- endpoint security
- governance and compliance
- people/HR security
- disaster recovery
Their servers are protected, and scans are performed regularly and complete penetration tests occur yearly.
Additionally, SentinelOne ensures customer data is processed and stored specific locations known to the customer with restricted access to “need to know” principles. Their data is also monitored and audited for compliance.
The company uses Transport Layer Security (TLS) encryption for all customer data transfers, and customers can elect to have all data encrypted at rest.
Their solutions are hosted by Amazon Web Services (AWS), which is independently audited using ISO 27001 Standard and SOC 3 Type II standards.
SentinelOne also reports working on a Federal Risk and Authorization Management Program (FedRAMP) compliance program with Moderate Authority to Operate (Moderate ATO).
2019 Tevora Report
SentinelOne retained Tevora, a security and risk management consulting firm to perform an independent evaluation of their platform. The third party performed an in-depth evaluation of the SentinelOne Platform core features: sophisticated multi-layered protection, detection, visibility, investigation, remediation, and automation.
Tevora is a PCI Qualified Security Assessor (QSA) and HITRUST Assessor. The report was held to PCI DSS version 3.2.1 Requirement 5 and HIPAA Security Rule Requirements 164.308(a)(1), 164.308(a)(5)(ii)(B), and 164.308(a)(6)(ii).
Four Key Compliance Features
SentinelOne lists these four features of their platform as key components to fulfilling compliance requirements:
- Endpoint Protection Platform (EPP): Launched during pre-execution of processes to prevent attacks
- ActiveEDR: Using TrueContext technology, triggers on-execution to track, identify, correlate, contain, and remediate potentially malicious activity
- Device Control, Firewall Control, Vulnerability Management
- Advanced Threat Hunting Tools and Techniques
A central feature of the platform is the use of intelligent automation to reduce risk and increase efficiency. Full endpoint automation minimizes response time, reduces the need for manual SOC intervention, and minimizes disruption to end-user productivity.
Automation is facilitated by over 300 APIs developed by SentinelOne which allow for the integration of its platform with various SIEM tools. Logging and monitoring is available and can be configured easily for businesses with nearly any technical architecture.
- Samples of malware were downloaded into a test environment. The platform immediately triggered an alert and the payload was quarantined. Activity reports highlighted the complete narrative, including the source and how the malware was introduced to the system, which services it attempted to call upon and what files were launched and targeted. After quarantine the malware was encrypted with an administrator-defined password, if the file is required to be maintained.
- ActiveEDR was a valuable feature for identifying anomalous behavior with its automatic SOC functionality, zero-day and uncommonly known vulnerabilities were detected without reliance on virus signatures or definitions. The functionality also provided automated investigation, orchestration, containment, and remediation capabilities with respect to previously unknown and uncommonly known threats.
- Endpoints report to the platform’s management console every 10 seconds to keep virus hashes as current as possible. Background system scans run continuously and may be configured to run at any time interval or even during file downloads or transfers. Logs are available to administrators on the management console and are encrypted with AES-256 to maintain log integrity.
- The management console provided anti-tamper functionality that prevented deactivation and tampering by default. Tevora verified the feature prevented the end-user from seeing anything besides the active status of the platform.
Overall, Tevora found that SentinelOne’s Endpoint Protection Platform provides a robust endpoint protection solution that is capable of satisfying PCI DSS and HIPAA compliance requirements.
The Datashield Difference
SentinelOne is just the first line of defense when protecting your organization’s endpoints and providing security and compliance. Datashield has helped our clients create leading cloud-native security architecture, perform advanced tool tuning, and deploy custom runbooks to help SentinelOne’s software run even better.
Powerful tools only work as well as the people wielding them. Datashield has a direct partnership with SentinelOne, unparalleled deployment process, and integration with our leading orchestration and automation tool SHIELDVision.
Our security experts take the time to fully understand your organization’s operations, security goals, and compliance and reporting requirements.
If your organization is considering implementing SentinelOne, make sure you partner with the best in managed security service providers. Datashield has been a part of the industry for over a decade and is still on the forefront of cybersecurity solutions.