SentinelOne Meets Intent of PCI DSS Security Controls

SentinelOne® retained Tevora, a security and risk management consulting firm and a reputable PCI Qualified Security Assessor (QSA), to conduct an independent, in-depth evaluation of SentinelOne’s anti-malware Endpoint Protection, Detection, and Response Platform (SentinelOne Singularity™ Platform) and software against PCI DSS version 3.2.1 Requirements 5, 10.8, and 11.5.

The evaluation covers the SentinelOne Singularity Platform and how it dynamically prevents, detects, and responds to cyberattacks. The full report outlines the specific ways in which the SentinelOne Singularity Platform can bring organizations in line with PCI DSS Requirements 5, 10.8, and 11.5.

How Does SentinelOne Help Customers Meet PCI DSS Requirements?

Here’s how the SentinelOne Singularity Platform addresses each applicable PCI DSS requirement:

Requirement 5.1: Deploy anti-virus software on all systems commonly affected by malicious software (particularly personal computers and servers).

How SentinelOne Helps: The SentinelOne Singularity Platform is available on Windows, macOS, Linux, and Kubernetes containerized workloads; operating systems commonly used by businesses (See Appendix in full report).

Requirement 5.1.1: Ensure that anti-virus programs are capable of detecting, removing, and protecting against all known types of malicious software.

How SentinelOne Helps: Malware is detected upon being introduced to the endpoint. This notifies both the user and the administrator, who can set parameters that will quarantine and kill the virus, and then add the virus hash to a policy blacklist. The antivirus is also proven to identify malware and fileless attacks based on behavior alone.

Requirement 5.1.2: For systems considered to be not commonly affected by malicious software, perform periodic evaluations to identify and evaluate evolving malware threats in order to confirm whether such systems continue to not require anti-virus software.

How SentinelOne Helps: The SentinelOne Singularity Platform effectively protects all major operating systems, allowing businesses to rest assured their systems, users, and data are protected.

Requirement 5.2: Ensure that all anti-virus mechanisms are maintained as follows: Are kept current, Perform periodic scans, Generate audit logs which are retained per PCI DSS Requirement 10.7.

How SentinelOne Helps: Updates are delivered to the SentinelOne Singularity Platform immediately, ensuring the SentinelOne Singularity Platform is updated in real time on the latest known threats to ensure up-to-date EPP performance. The ability to perform periodic background scans in addition to configurable full system scans surpasses best practices. Scans can also be user initiated on folders and external USB storage with a right-click. Logs are also kept for anti-virus activities and configurable to send to all any SIEM tool.

Requirement 5.3: Ensure that anti-virus mechanisms are actively running and cannot be disabled or altered by users, unless specifically authorized by management on a case-by-case basis for a limited time period.

How SentinelOne Helps: The anti-tamper mechanism makes it impossible for users to uninstall or deactivate the SentinelOne Singularity Platform and can be configured in a single click. Only designated administrators can change access and administer rights, and all changes to administration rights are logged.

Requirement 11.5: Deploy a change-detection mechanism (for example, file-integrity monitoring tools) to alert personnel to unauthorized modification (including changes, additions, and deletions) of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly.

How SentinelOne Helps: File Integrity Monitoring (FIM) capabilities are in place using the Deep Visibility function within the SentinelOne Singularity Platform. This allows users to monitor devices using queries and report on changes to any file integrity. FIM scans in real-time and alerts according to user preferences.

As a service provider, SentinelOne is under-scope of PCI requirement 10.8 that requires organizations to have the capacity to detect, identify, and resolve failure of security mechanisms or security incidents.

Requirement 10.8 – Additional requirement for service providers only: Implement a process for the timely detection and reporting of failures of critical security control systems, including but not limited to failure of: Firewalls, IDS/IPS, FIM, Anti-virus, Physical access controls, Logical access controls, Audit logging mechanisms, Segmentation controls (if used)

How SentinelOne Helps: For the purposes of PCI DSS 10.8, the SentinelOne Singularity Platform has implemented processes to detect, identify, and address security incidents and any failures of security mechanisms. The integrity of the SentinelOne Singularity Platform is monitored and processes are in place to contain security threats. In the event that security incidents affect customer data, SentinelOne has defined processes to notify customers with next steps and recommendations to secure their environment. These processes are under scope of SentinelOne’s ISO/IEC 27001:2013 certification.

Tevora’s Conclusion

Tevora attests that SentinelOne Singularity Platform meets the intents of controls set out in PCI DSS 3.2.1 Requirement 5, 10.8, and 11.5. The SentinelOne Singularity Platform provides the ability to protect, detect, contain, and remove all known and previously unknown types of malware. Additionally, the SentinelOne Singularity Platform regularly updates and patches itself to frequently maintain optimal performance. The ability of Deep Visibility to target and monitor file paths on endpoints for activity and alert immediately ensures sufficient File Integrity Monitoring. With verbose log capabilities, configurable system scans, anti-tamper mechanisms, and hundreds of Singularity Marketplace integrations with SIEM and other information security solutions, the SentinelOne Singularity Platform checks all PCI boxes relevant to endpoint controls.

 

To dive into how the SentinelOne Singularity Platform addresses each applicable PCI DSS requirement, download the full report.