In addition to creating the world’s most advanced endpoint protection Solutions, we are also dedicated to protecting all the data that we collect subscribers to the Solutions, in accordance with industry best standards and practices. Our customers demand the highest levels of data security, and many have tested our Solutions to verify that it meets their standards. We have surpassed expectations and received high praises from some of the most sophisticated, security-minded organizations in the world.
We recognize that our customers’ information must be well managed, controlled and protected. To that end, We have a dedicated security team that oversees SentinelOne’s information security program, which encompasses high-quality network security, application security, identity and access controls, change management, vulnerability management and third-party pentesting, log/event management, vendor risk management, physical security, endpoint security, physical security, governance & compliance, and people/HR security, disaster recovery and a host of additional controls. Among other things, Our servers are protected by high-end firewall systems, scans are performed regularly to ensure that any exposed vulnerabilities are quickly found and patched, complete penetration tests are performed yearly, customer data is processed and stored at a specific location known to the customer within a specific region such as North America, Europe or Asia, access to systems is restricted to specific individuals based on “need to know” principles and monitored and audited for compliance, We use Transport Layer Security (TLS) encryption (also known as HTTPS) for all customer data transfers, and customers can elect to have all their data encrypted at rest Our Solutions are hosted by AWS, which is independently audited using the ISO 27001 and SOC 2 TypeII Standards as described here. To ensure that we maintains the highest possible levels of information security, SentinelOne has procured the auditing services of a reputable third party auditors and audits its information security practices annually under the SSAE 18 SOC 2 audit. SentinelOne has achieved the coveted FedRAMP® moderate designation from the Federal Risk and Authorization Management Program. This certification empowers U.S. federal government customers to leverage the most innovative endpoint security solution from the fastest-growing cybersecurity company in the market. With the FedRAMP designation, SentinelOne reinforces its position as a trusted national security partner enabling the federal government to be more efficient and secure. More information about SentinelOne and FedRAMP is available at the FedRAMP marketplace.
Finally, if you are a customer we ask that you ensure that your administrators of the Solutions ensure sound security practices in maintaining access credentials to your instance of the Solutions, including strong account passwords and access restrictions to your accounts to authorized persons. Where customers become aware of a compromise to any of their account credentials, we ask that you notify us immediately by contacting our Support Team.
FedRAMP is the government’s most rigorous security compliance framework, with a standard security baselines and processes to provide both an initial authorization of a cloud service and a mechanism for that security package to be reused across the federal government. SentinelOne’s flagship Singularity Platform combines autonomous endpoint protection (EPP), endpoint detection and response (EDR), IoT security, and cloud workload protection (CWPP) into a centralized platform, providing federal agencies with complete protection and visibility across their entire network. With the FedRAMP designation, the SentinelOne team is primed to work with government agencies, helping mitigate cyber risk on federal, state, and local levels.
SentinelOne provides endpoint protection Solutions that collect and process various datasets equally, without regard to how a customer might classify their data. Any processing of specific data types is purely incidental, and not required to use the Solutions. SentinelOne does not collect any Non-Public Information (NPI) as defined in GLBA
SentinelOne has designed and implemented an elaborate information security program to protect its customers data in accordance with GLBA’s Safeguard Rule, and is now GLB compliant with the Rule.
SOC 2 Type 2 Examination
SentinelOne has been independently audited against SOC 2 Security, Availability, and Confidentiality Trust Services Criteria (TSC) by Schellman & Company. This examination affirms SentinelOne’s commitment to and maintenance of the highest levels of information security, availability, and confidentiality of our internal infrastructure, controls, and care to customer data.
SOC 2 is an industry standard examination that was developed and maintained by the American Institute of Certified Public Accountants (AICPA).
SentinelOne’s customers can submit a request for SOC 2 report through our support or your assigned technical account manager.
How SentinelOne Can Help Your Organization’s Compliance Needs
PCI Compliance Whitepaper
The SentinelOne malware Solution can help your organization with various PCI DSS requirements, including Number 5, which requires that organizations use and regularly update anti-virus software or programs on all systems commonly affected by malicious software.
For more information about how SentinelOne can help your organization’s PCI compliance, read the Tevora PCI Whitepaper.
The SentinelOne malware Solution can help your organization achieve GLB compliance under the Safeguard Rule, which requires that financial institutions under FTC jurisdiction have measures in place to keep customer information secure and in accordance with the FTC compliance instructions, which require financial organizations to use anti-virus and anti-spyware software that updates automatically.