SentinelOne Security Statement
In addition to creating the world’s most advanced endpoint protection Solutions, we are also dedicated to protecting all the data that we collect subscribers to the Solutions, in accordance with industry best standards and practices. Our customers demand the highest levels of data security, and many have tested our Solutions to verify that it meets their standards. We have surpassed expectations and received high praises from some of the most sophisticated, security-minded organizations in the world.
We recognize that our customers’ information must be well managed, controlled and protected. To that end, We have a dedicated security team that oversees SentinelOne’s information security program, which encompasses high-quality network security, application security, identity and access controls, change management, vulnerability management and third-party pentesting, log/event management, vendor risk management, physical security, endpoint security, physical security, governance & compliance, and people/HR security, disaster recovery and a host of additional controls. Among other things, Our servers are protected by high-end firewall systems, scans are performed regularly to ensure that any exposed vulnerabilities are quickly found and patched, complete penetration tests are performed yearly, customer data is processed and stored at a specific location known to the customer within a specific region such as North America, Europe or Asia, access to systems is restricted to specific individuals based on “need to know” principles and monitored and audited for compliance, We use Transport Layer Security (TLS) encryption (also known as HTTPS) for all customer data transfers, and customers can elect to have all their data encrypted at rest Our Solutions are hosted by AWS, which is independently audited using the ISO 27001 and SOC 2 TypeII Standards as described here. To ensure that we maintains the highest possible levels of information security, SentinelOne has procured the auditing services of a reputable third party auditors and audits its information security practices annually under the SSAE 18 SOC 2 audit. SentinelOne has achieved the coveted FedRAMP® moderate designation from the Federal Risk and Authorization Management Program. This certification empowers U.S. federal government customers to leverage the most innovative endpoint security solution from the fastest-growing cybersecurity company in the market. With the FedRAMP designation, SentinelOne reinforces its position as a trusted national security partner enabling the federal government to be more efficient and secure. More information about SentinelOne and FedRAMP is available at the FedRAMP marketplace.
Finally, if you are a customer we ask that you ensure that your administrators of the Solutions ensure sound security practices in maintaining access credentials to your instance of the Solutions, including strong account passwords and access restrictions to your accounts to authorized persons. Where customers become aware of a compromise to any of their account credentials, we ask that you notify us immediately by contacting our Support Team.