ITHQ LTD

SentinelOne ActiveEDR - Endpoint Detection and Response

The SentinelOne Endpoint Protection Platform unifies prevention, detection, and response in a single purpose-built agent powered by machine learning and automation. It provides prevention and detection of attacks across all vectors, elimination of threats with automated, policy-driven response capabilities, and complete visibility into the endpoint environment with full-context, real-time forensics.

Features

  • Autonomous AI on every endpoint protecting and responding to malware
  • Alerts include full context analysis to enable effective investigations
  • Alerts include full context analysis to enable effective investigations
  • Windows, Linux and Mac device support for EDR
  • Real time identification of threats that need investigation
  • Automated threat hunting with event correlation
  • Cloud hosted web management platform
  • Support for on-premise, hybrid and full cloud environments
  • Behavioural analysis of all device activities monitoring even trusted processes

Benefits

  • Ransomware warranty up to $1M if breached
  • Unify prevention, detection and response in one product
  • Single software package to deploy and manage
  • Simplified administration and ease of operation reduces management overhead
  • Fewer alerts releasing overburdened staff for other projects
  • Real-time forensic breakdown of any attack
  • Visualisation tools to easily evaluate the impact of attacks
  • Enterprise proven solution for all environments
  • Integrated with other security platforms eg Fortinet/Splunk/Rapid7
  • Certified and recognised to meet industry and vertical certifications

Pricing

£12 to £85 a device a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at transform@ithq.pro. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

8 0 8 6 4 9 2 5 9 1 6 9 8 4 8

Contact

ITHQ LTD Dale Nursten
Telephone: 02039977979
Email: transform@ithq.pro

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Fortinet
Netskope
Okta
BigFix
Tanium
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
No specific constraints outside of the SentinelOne compatibility matrix.

https://go.sentinelone.com/rs/327-MNM-087/images/SEN0202_DataSheet_EPP_WEB.pdf
System requirements
  • Windows, Mac, Linux Desktop Endpoints
  • Windows, Linux Server Endpoints

User support

Email or online ticketing support
Email or online ticketing
Support response times
https://www.sentinelone.com/legal/support-terms/
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
SentinelOne Support levels are detailed in this document: https://www.sentinelone.com/legal/support-terms/
Support available to third parties
Yes

Onboarding and offboarding

Getting started
SentinelOne is a simple cloud based service to install and deploy and should not require a large amount of professional services. However, should they be required we are able to provide resources to assist with configuration and deployment.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data can be extracted throughout the contract within the platform and will continue to be available up until the final contract date.
End-of-contract process
At the end of the service subscription the customer will offered the opportunity to renew the service or cease using the platform.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Yes
Compatible operating systems
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices
No
Service interface
No
API
Yes
What users can and can't do using the API
There are over 200 APIs available from SentinelOne. This includes all operations, activities and functionality of the product.
API documentation
Yes
API documentation formats
Other
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Alerting and response actions to attacks,

Scaling

Independence of resources
Services are hosted on a public cloud that can easily and immediately scale to meet demand. Each customer has their own instance and can be provisioned as needed to comply with performance objectives. There are over 4000+ customers including Fortune 10 and Global 2000 customers.

Analytics

Service usage metrics
No

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
SentinelOne

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Using vendor provided tools within the SentinelOne platform.
Data export formats
  • CSV
  • Other
Data import formats
Other

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
As a hosted platform the service should be available at all times with the exception of the defined maintenance windows.

https://www.sentinelone.com/legal/terms-of-service/
Approach to resilience
SentinelOne has a high-availability cloud based architecture and design to minimise disruption from a single data centre, Policies compliant with ISO 27001 and SOC3 Type II are in place to ensure resilience.
Outage reporting
Service status can be verified through the SentinelOne Support portal.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
End users have no access to the cloud hosted management platform unless granted access by system administrators which can be integrated with MFA.

Support channels can only be accessed by defined users/representatives of the customer.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Schellman & Company LLC
ISO/IEC 27001 accreditation date
17/09/2019
What the ISO/IEC 27001 doesn’t cover
The scope of the ISO/IEC 27001:2013 certification is limited to the information security management system (ISMS) supporting the SentinelOne endpoint protection products, including the products’ agents, management console software, customer data processing activities, and Software-as-a-Service (SaaS), which together comprise the SentinelOne Core and SentinelOne Complete product offerings, and in accordance with the statement of applicability, version 4.00, dated September 17, 2019.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Tevora
PCI DSS accreditation date
20/02/2016
What the PCI DSS doesn’t cover
Tevora attests that SentinelOne’s Platform meets the intents of prevention, detection, remediation, and reporting requirements covered by the HIPAA Security Rule and HITECH when properly configured. Further, it aligns with HIPAA’s Security Rule Requirements §164.308(a)(1), §164.308(a)(5)(ii)(B) and 164.308(a)(6)(ii) for security violations and incidents, and more specifically malware protection. Tevora further attests that SentinelOne’s Platform meets the intents of controls set out in PCI DSS 3.2.1 Requirement 5. The Platform provides the ability to protect, detect, contain, and remove all known and previously unknown types of malware. Additionally, the Platform regularly updates and patches itself to ensure it is frequently maintained for optimal performance. With verbose log capabilities, configurable system scans, Anti Temper mechanism, and hundreds of integrations with SIEM and other information security solutions, the SentinelOne Platform checks all PCI boxes. Overall, Tevora found that SentinelOne’s Endpoint Protection Platform provides a robust endpoint protection solution that is capable of satisfying PCI DSS and HIPAA compliance requirements.
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
SOC3 Type II
Information security policies and processes
We have a dedicated security team that oversees SentinelOne’s information security program, which encompasses high-quality network security, application security, identity and access controls, change management, vulnerability management and third-party pentesting, log/event management, vendor risk management, physical security, endpoint security, physical security, governance & compliance, and people/HR security, disaster recovery and others. Our servers are protected by high-end firewall systems, scans are performed regularly to ensure that any exposed vulnerabilities are quickly found and patched, complete penetration tests are performed yearly, customer data is processed and stored at a specific location known to the customer within a specific region such as North America, Europe or Asia, access to systems is restricted to specific individuals based on “need to know” principles and monitored and audited for compliance, We use (TLS) encryption for all customer data transfers, and customers can elect to have all their data encrypted at rest. Our Solutions are hosted by AWS, which is audited using the ISO 27001 and SOC3 TypeII Standards. To ensure that we maintains the highest possible levels of information security, SentinelOne has procured the auditing services of a reputable third party auditors and audits its information security practices annually under the ISO27001 Standard.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We have a dedicated security team that oversees SentinelOne’s information security program, which encompasses identity and access controls, change management, vulnerability management and third-party pentesting,
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We have a dedicated security team that oversees SentinelOne’s information security program, which encompasses vulnerability management and third-party pentesting, log/event management, vendor risk management, physical security, endpoint security, physical security, governance & compliance, and people/HR security, disaster recovery and a host of additional controls.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We have a dedicated security team that oversees SentinelOne’s information security program, which encompasses high-quality network security, application security and a host of additional controls.
Incident management type
Supplier-defined controls
Incident management approach
We have a dedicated security team that oversees SentinelOne’s information security program, which encompasses high-quality log/event management, physical security, endpoint security, physical security, governance & compliance, and people/HR security, disaster recovery and a host of additional controls.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£12 to £85 a device a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
A Proof of Concept / evaluation period can be arranged for a limited time on a limited number of endpoints. Details will be finalised after an initial demo and scoping meeting.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at transform@ithq.pro. Tell them what format you need. It will help if you say what assistive technology you use.