The SentinelOne Singularity Platform empowers SOC & IT Operations teams with a more efficient way to protect information assets against today’s sophisticated threats. Visit this page for more information.

SentinelOne offers support for 17 years of Windows releases from everything modern back through to legacy EOL versions, macOS including the new Apple kextless OS security model, and 10 distributions of Linux. Cloud-native containerized workloads are also supported.

Singularity Cloud Workload Security offers visibility and runtime security for apps running on VMs or containers, no matter their location. Visit this page for more information.

Ranger controls the network attack surface by extending the Sentinel agent function. Ranger reports what it sees on networks and enables blocking of unauthorized devices. Ranger fulfills asset inventory requirements. Visit this page for more information.

Yes, the Singularity Platform protects against ransomware, fileless threats, “Living off the Land” (aka LOLbin) attacks… just to name a few. Our tech uses on-agent static AI to prevent, block, and quarantine malware in real-time. Similarly, on-agent behavioral AI engines detect malicious behavior by tracking and contextualizing everything on a device. Malicious acts are identified and halted in real-time. All unauthorized changes are remediated with a single click. All critical data is contextualized and available within the EDR platform for digital forensics, incident response, and threat hunting activities.

SentinelOne commissioned Forrester Research to independently assess the ROI that a prototypical customer, built upon real customer interviews, might reasonably expect to achieve. The 2020 Forrester Total Economic Impact reports 353% ROI. More information is available here.

Sentinel agents are designed to do much more locally than competing solutions, resulting in far faster protective responses since they don’t rely on the cloud or humans to do everything. However, these agents are deeply integrated to the overall SaaS solution to work in tandem with intelligent cloud-delivered components like Deep Visibility ActiveEDR®, Storyline Active Response–STAR™, and Ranger for a well-rounded stable of features enabling effective security consolidation and the elimination of legacy agents.

Storyline constantly monitors all OS processes, malicious and benign, and automatically builds a process tree and maps events to MITRE ATT&CK® TTPs. In Protect Mode, ActiveEDR will automatically thwart the attack at machine speed. Never build another process tree. We do it for you.

We offer several international options for cloud hosting location to meet data localization requirements. Most of the information that SentinelOne collects through the Solutions is not Personal Information and relates to the computing processes of devices protected against malware infection by the SentinelOne Services, or device standard identifiers. More information is available here.

SentinelOne invests significant effort into securing its platform to multiple standards that in turn help customers secure their own. Visit this page for links to relevant information.

Benign data artifacts used for threat hunting purposes are retained for 14 days by default. Customers may opt for longer retention periods. For example: 30, 60, 90 days and up to one year. Data that contains indicators of malicious content is retained for 365 days. Data regarding configuration and audit logs are kept for traceability and audit purposes and retained through the lifetime of your subscription.

Yes, with optional Cloud Funnel you can securely stream a copy of the EDR telemetry data from SentinelOne’s Deep Visibility Cloud to your enterprise data lake, whether on-prem or hosted in the public cloud, via a Kafka subscription.