SentinelOne Singularity Complete Reviews

Our primary use cases involve Endpoint Detection and Response and Extended Detection and Response.

My positive experience with SentinelOne lies in its comprehensive version, allowing for rollback and replay of events, which is especially useful for EDR. The strength of behavior-based solutions like SentinelOne, CrowdStrike, CyberArk, and others lies in their ability to reveal the consequences of opening a file. Witnessing the impact of a virus gaining control over a computer or understanding the ramifications of opening a file adds a layer of insight.

It stands out for its seamless interoperability with other SentinelOne products and tools, facilitated by REST interfaces. This integration is particularly potent when connecting SentinelOne as an endpoint solution to firewalls like Fortinet, allowing the firewall to receive insights from SentinelOne clients. In today's landscape, where file transfers often occur through encrypted channels, traditional firewalls face challenges in inspecting these streams effectively. SentinelOne's endpoint security addresses this by analyzing downloaded files in their decrypted form, providing a crucial layer of protection. The bidirectional information flow between the firewall and endpoint security, enabled by SentinelOne's REST API, empowers proactive threat prevention and detection, contributing to a robust cybersecurity posture.

Utilizing SentinelOne has significantly reduced the number of alerts for us. We might have experienced more false positives and missed potential attacks without it. Its alert system is efficient, with a low rate of false positives compared to other solutions I've heard about. Managing alerts is straightforward, and the platform allows for creating white lists to handle false positives, such as those related to old printer drivers. The administration is user-friendly, offering features like multi-factor authentication for secure connections to the console and automatic updates within the SentinelOne interface.

It has proven to be a time-saver for our staff, significantly reducing the likelihood of falling victim to various cyber threats. By addressing the spectrum of attacks, from initial malware infiltration to potential worst-case scenarios like Active Directory compromise, SentinelOne has played a pivotal role. It effectively diminishes the probability of becoming a target for attacks that exploit stolen passwords, infiltrate the company's IT infrastructure, and escalate privileges, ultimately leading to severe consequences such as a randomized Active Directory.

The platform is user-friendly, easy to administer, and aligns well with GDPR requirements, which is crucial for us. What makes SentinelOne stand out is its speed and efficiency, consuming minimal computing resources. It operates by checking data only when it's accessed, synchronizing with the process that opens the data which is well-designed and effective.

I don't actively use SentinelOne's Ranger functionality because we haven't implemented it university-wide. While we've employed it in specific cases, my experience with it is limited. However, it provides valuable insights into past events, allowing you to trace the history of a virus download or malware activity. For instance, you might discover that a virus was downloaded two weeks ago using the Safari web browser, saved to the computer, and later opened with Excel, triggering certain actions before SentinelOne intervened. The ability to roll back such ransom actions is a valuable capability provided by SentinelOne.

It primarily operates on local machines, monitoring processes, and not always providing detailed insights, relying on external information to determine the nature of a file. This limitation becomes apparent in more complex scenarios, such as analyzing or assessing the content of files at the byte level, especially in cases involving files like Excel, where there may be some difficulty in discerning potential issues. They should consider incorporating a cloud-based service where users can upload suspicious links, documents like Excel sheets, or ambiguous files to observe their behavior in a sandbox environment. Currently, with SentinelOne, the process involves setting up a separate network and machine for this purpose, requiring users to upload the file and monitor its behavior on the dedicated machine. Offering a free and accessible service like this would be a noteworthy enhancement to their product, providing users with a convenient and efficient way to analyze potentially harmful content.

I have been working with it for four years.

I would rate its stability capabilities ten out of ten.

I would rate its scalability abilities nine out of ten.

I am highly satisfied with their technical support; it is truly excellent. I would rate it ten out of ten.

Positive

Comparatively, SentinelOne has certain drawbacks, particularly when measured against CrowdStrike. CrowdStrike offers a free sandbox at hybrid-analysis.com, allowing the examination of links and downloaded files on a virtual machine. This proves especially valuable in assessing potential phishing emails. Uploading the file or link to hybrid-analysis.com provides a detailed analysis, complete with screenshots of what transpires on the virtual machine. This includes actions like the opening of links, prompting CEO impersonation attempts, and other background information. While SentinelOne may lack these specific features, its advantage lies in being an all-encompassing solution, whereas CrowdStrike functions primarily as a managed service, which may not align with specific preferences.

The initial setup was straightforward.

The deployment of Singularity Complete involved some consultation, as we collaborated with a partner who facilitated the onboarding process with SentinelOne. While the partner occasionally provides support, larger issues are infrequent, and overall, the deployment has been relatively smooth. We have implemented it across various locations. There is some maintenance involved in managing Singularity Complete.

It's challenging to quantify precisely, but the implementation of Singularity Complete has significantly reduced organizational risks. Currently, we employ it on critical systems, constituting approximately fifty percent of our infrastructure.

Creating separate groups for various types of computers, like Windows servers and clients, enables efficient management and customization of security configurations tailored to specific needs. Overall, I would rate it ten out of ten.

We use SentinelOne Singularity Complete to protect all of our servers and cloud workloads, whether they are on-premises or hosted in the cloud.

We were transitioning from our legacy antivirus protection system, which required a lot of overhead to maintain, ensure they were up to date, and verify their performance. It also tended to hurt system performance. We therefore sought to move to a modern EDR solution that did not rely on that type of outdated technology. We migrated to SentinelOne, which gave us better protection without the adverse consequences of legacy AV products.

SentinelOne Singularity Complete is deployed on workstations, data centers, servers in the public cloud, and all of our mobile devices, which are very numerous.

The integration between SentinelOne and IBM QRadar, our security operation center SIEM, is important and works extremely well. It means that if there are any alerts on the SentinelOne platform, they will be sent to QRadar, where a stack analyst will review them. This allows us to start working on incidents quickly, without having to have people continuously monitoring the SentinelOne console. Another benefit of the integration is that it makes it easy to deploy new or upgraded versions of the SentinelOne software to all of our endpoints and servers. We simply notify the data center run by the customer success team, and they take care of the deployment. This eliminates the need for IT overhead to keep everything up to date, which is important from a governance perspective.

The integration with other SentinelOne products and third-party tools is very good.

SentinelOne Singularity Complete's ability to ingest and correlate data from our other security solutions is good. If we look at a diagram of our security operation systems, we can see that the SIEM is at the center of everything. All other products, such as SentinelOne, Chain, patch management, and abnormal security for email, feed into the SIEM, which is where the stack measures everything. Therefore, SentinelOne does not integrate with other solutions directly, but rather through the SIEM.

In the three years since we began using SentinelOne Singularity Complete, we have not had a major security incident. We have observed malware entering browsers through websites, but SentinelOne has always dealt with it effectively. Therefore, we see the benefits of the platform in the absence of any significant events. As long as SentinelOne Singularity Complete continues to operate quietly, we are happy with its performance.

SentinelOne Singularity Complete alerts when it should, and those alerts are sent to the SIEM. I don't approach EDR or SentinelOne from the perspective of wanting to reduce alerts, because I want those alerts. I rely on peripheral systems like SentinelOne to always tell the SIEM anything it needs to know. So, I'm not approaching this from an alert minimization perspective. Instead, I approach it from this perspective: If we have a high, medium, or low alert, it's up to us to decide how we're feeding our highest rate and mediums, but we don't need to feed in the lowest alerts because we don't see the benefit of that. It's up to us to make that judgment. And obviously, our high and medium alerts will be smaller, and our lows will be higher. It's up to the customer to decide how much they want to send over to the team.

SentinelOne Singularity Complete has helped free up our staff time around one day per week.

SentinelOne Singularity Complete helps reduce our MTTD.

SentinelOne Singularity Complete has reduced our MTTR by 25 percent. It is a more reliable product, so we receive alerts and respond to them more quickly than we did with the previous product.

SentinelOne Singularity Complete has reduced our organizational risks by five percent.

The most valuable aspect of SentinelOne Singularity Complete is the protection it provides. We get endpoint protection without the IT team workloads and the negative impact on end-user rotation servers. This is because of the way SentinelOne has implemented the technology.

One of my criticisms of SentinelOne is the Ranger functionality. If Ranger were part of the core product, we would be able to identify endpoints or servers that need to be protected with our licenses. However, to get Ranger, we need to buy more licenses, which doubles our costs. I would like to have Ranger, but I challenge the way that SentinelOne licenses it. I believe that Ranger should be a core part of the product. If we run Ranger today and find that 100 devices on our network are not protected by SentinelOne, we would then need to add on those 100 licenses to cover them.

The licensing model is too complex, whether we agree with all parts of it or not. Everything is now offered as a service, so the console and the licensing model can be improved to make things easier, especially when updating new versions of the software.

I have been using SentinelOne Singularity Complete for three years. 

SentinelOne Singularity Complete is stable.

SentinelOne Singularity Complete is highly scalable.

We are happy with SentinelOne's technical support.

Neutral

We previously used a legacy solution. The migration over to SentinelOne Singularity Complete was relatively trouble-free.

Once all testing was complete, the deployment was straightforward. Eight part-time employees completed the deployment in three months.

The only return on investment we can point to with any EDR is that we have not been attacked.

SentinelOne Singularity Complete is reasonably priced. Compared to other products I've used in the past, such as CrowdStrike, it is significantly less expensive. I can easily find evidence of this price difference, so I believe that SentinelOne is a fairly priced product.

I would rate SentinelOne Singularity Complete eight out of ten.

SentinelOne Singularity Complete is a mature solution of the highest quality.

We have deployed SentinelOne Singularity Complete worldwide in airlines from Australia, throughout Europe, and across Africa in a complex environment.

We have 4,500 endpoints and around ten active users.

The maintenance level for SentinelOne Singularity Complete is relatively low.

SentinelOne is good as a security partner. They do exactly what we expect of them and it protects us.

I would always conduct a proof of concept for these types of products, as each environment is different. Even though SentinelOne Singularity Complete works well, a POC should always be done.

SentinelOne Singularity Complete is primarily used for endpoint protection and integrating vulnerability reports from assessments. It also provides device control, exclusion management, and block listing capabilities. 

Our clientele represents a diverse range of industries, including insurance and manufacturing.

Singularity offers complete interoperability with other SentinelOne solutions and third-party tools, and our clients have reported no issues.

The Ranger functionality provides network and asset visibility, allowing identification of installed and uninstalled assets within the environment. This capability contributes to maintaining a clean and organized environment.

It can prevent unauthorized access and use of USB drives, a common source of malware. Personal USB drives can carry malicious software that infects an entire network. Therefore, SentinelOne Singularity Complete plays a crucial role in protecting organizations from these external threats.

SentinelOne Singularity Complete enables in-depth root cause analysis and the ability to add exclusions as needed, effectively minimizing alert volume.

SentinelOne Singularity Complete helps users save approximately one-third of their time, allowing them to focus on other tasks.

SentinelOne Singularity Complete helps reduce our mean time to detect and helps reduce our mean time to respond by 25 percent.

SentinelOne Singularity Complete helps reduce environmental risk by identifying vulnerabilities.

The visibility feature is crucial for effective detection analysis. The user-friendly console ensures ease of use and learning, even for beginners. Furthermore, the tool's capacity to consolidate various security solutions and perform risk correlation analysis enhances its value.

The primary issue is the console's random automatic logouts, requiring users to repeatedly re-enter their username and password. This problem needs to be addressed.

I have been using SentinelOne Singularity Complete for about six months.

The system has experienced interoperability challenges and high resource utilization, particularly with CPU and RAM.

SentinelOne Singularity Complete is highly scalable.

The response time of customer service could be improved.

Neutral

The initial setup involves configuration policy setup and deploying the agent, which is straightforward if done through tools like SCCM.

Deployment can be managed by one person when using SCCM or similar tools.

The manual effort used for tasks like remediation has been reduced, contributing to ROI.

While SentinelOne Singularity Complete carries a higher price tag than some endpoint security solutions, customers find its robust features and return on investment justify the cost. However, it remains a more budget-friendly option compared to CrowdStrike.

CrowdStrike is a comparable endpoint integration solution. SentinelOne is priced higher than CrowdStrike.

SentinelOne's console offers a more user-friendly experience compared to CrowdStrike and Trend Micro One, making it particularly well-suited for beginners.

I would rate SentinelOne Singularity Complete nine out of ten.

We have many endpoints in multiple locations.

Maintenance is only required if an agent is disabled or cannot connect to the controller; otherwise, no manual intervention is needed.

As a security partner, SentinelOne is on par with CrowdStrike and has strong potential to become a leader in its field.

I recommend SentinelOne for its ease of use and management, especially for new customers. The user-friendly console and straightforward deployment process facilitate a quick learning curve. Furthermore, its cloud-based architecture minimizes the burden of updates.

My company uses SentinelOne Singularity Complete for general endpoint security. The solution is excellent at solving problems many other vendors don't solve properly. My company runs on multiple platforms and software in various environments. My company is a Microsoft company with Azure AD and many Windows computers, and SentinelOne Singularity Complete is terrific for that. The company also has MacBooks, Linux machines, and clusters of Linux containers with various distros and types. SentinelOne Singularity Complete is surprisingly good at supporting the platforms, and the enterprise needs my company has.

The best feature of SentinelOne Singularity Complete is that you don't need to configure a lot with it because it provides an unmatched layer of protection out of the box.

Implementing SentinelOne Singularity Complete is a competitive bid process. As part of the competitive bid process, SentinelOne Singularity Complete stands alone. I work for an enterprise, and the company has old software. CrowdStrike Falcon Pro is a great competitor of SentinelOne Singularity Complete, but CrowdStrike Falcon Pro doesn't fit my company's needs because of its very aggressive deportation policy. If you ever run any software not in the standard manufacturer support or some support package, Crowdstrike cuts you off from updates. In real life, that doesn't work because my company builds software. Some of the company's cluster apps run on Red Hat 7, old Linux kernel,   CentOS, or other distros around that era. My company has significant old technologies that it needs to secure.

A pro of SentinelOne Singularity Complete is the approach that it knows isn't the best, but it will still give you the best it has.

I also find that SentinelOne Singularity Complete gives a significant layer of security on top of SD-WAN, mandatory access control, and general information management, which is very helpful.

In assessing the solution's interoperability with other Sentinel One solutions and third-party tools, my company started utilizing Scalar and has a history of using Scalar and other providers. SentinelOne acquired Scalar, an enterprise log management platform, which is very good for the price. Scalar may not be the best platform in the world, but it's very good for the price. SentinelOne, having acquired Scalar, has gone and built an excellent integration for all logging so that you can get the SIEM logs into the Scalar pipeline and run it through a general log analysis platform, so it's unmatched.

In general, I'm pleased with the ability of SentinelOne Singularity Complete to ingest and correlate across my company's security solutions, especially with its price point. I only found very few antivirus or EDR solutions that can compete with SentinelOne Singularity Complete, but I generally prefer working with the solution because of its interoperability.

Another reason why I like the solution is because it works. It doesn't require an Internet connection. The remediation is automated, and the alerting function is excellent. Support for the platform is also great, including multi-tenancy, role-based access control, and automated deployments.

I don't have much bad feedback about SentinelOne Singularity Complete, while in contrast, I've been quite disappointed by many technical aspects of other antivirus solutions, such as the Deep Instinct Antivirus. As for MSP machines, I used to work at MSP and had many problems. I also find the CrowdStrike sales representative incredibly annoying.

I find that SentinelOne Singularity Complete works pretty well for what I want, and it always hits the right price point and options that suit my company's general, overall security platform and management of that platform.

The Ranger functionality of SentinelOne Singularity Complete works well in providing network and asset visibility, especially as my company is a Microsoft Azure AD company at the core, so most of the company's Mac and Windows endpoints are managed, and monitoring the cloud ID and posture is essential. However, I don't need to check it daily because the solution manages itself well. SentinelOne Singularity Complete works very well for active directory management and posture matching.

I appreciate that the solution can consume at an API level, but I don't care as much whether it runs an agent or doesn't because I can automate agent deployment to the fleet. If the agent works, then great. An agentless solution is suitable for old platforms that don't have the most up-to-date technologies. Whenever you try to run an agent on various environments, it might not be the ideal platform for that agent so you could run into unexpected problems. Being agentless makes SentinelOne Singularity Complete better, but I wouldn't be upset if it were a good and solid agent-based solution.

In terms of how significantly the solution helped reduce alerts depends on how many alerts my company was paying attention to before and how many alerts it is paying attention to now. I'm unsure about that because one reason for implementing the SentinelOne Singularity Complete stack at the company has been to increase the security footprint and security posture. My company might have had several useless alerts before and maybe fewer alerts now, but did the company pay more attention to the alerts now? I'm unsure if the alert reduction or paying more attention to the alerts makes a difference.

About SentinelOne Singularity Complete helping to free up staff for other projects and tasks, that isn't easy to tell, as I have a team of four, and some of the work changed upon implementation. For example, instead of fighting with specific agent installs or trying to figure out how to get logs into another system, some of that workload is reduced, but now my team may be paying more attention and uses the same amount of time for alerts, remediations, or other more important aspects, so it is possible that the amount of time spent after the SentinelOne Singularity Complete implementation wasn't really reduced. That would depend on your perspective.

As to SentinelOne Singularity Complete helping the company reduce the mean time to detect, my company didn't record the mean time to detect before implementing the solution. I feel that it is effective, but right now, I don't have a basis of comparison that allows me to point to that periodically says my company reduced the meantime to detect or that it was increased by some percentage.

SentinelOne Singularity Complete has been very effective in helping reduce organizational risk for my company, especially regarding budgetary footprint. The solution has been very effective at what it does and has helped reduce the company's cyber insurance premium. My company is a SOC 2-certified institute and has to go through an annual compliance process with auditors, so going through and being able to explain and show how the company has automated and deployed solutions and minimized its risk profile has been very helpful.

The company I work with now spends slightly less than it did and gets more value from SentinelOne Singularity Complete. Though the cost may not be that different from others, the value provided by the solution is very different. In the past, my company had several decentralized alerts and platforms. Still, after implementing SentinelOne Singularity Complete, the solution could bring and tie them together through an automated platform. It works, and when it comes to enterprise security, for every company you work for, you're not the one who built that network or solution. You have no idea what's going on, so your ability to maintain control relies on understanding the threat surface and how to control it, which SentinelOne Singularity Complete is good at.

My background is in Linux administration, and I've gone through several security tools over the years. I built out mandatory access controls and messy Linux policies. I've worked with a lot of different companies over time. SentinelOne Singularity Complete supports Linux systems really well, which is crucial because I work for a company that builds software with an ecosystem of applications, cluster apps, and containers on Linux.

Some other solutions were stuck a decade ago, particularly running Windows and .NET and other affordable systems, and though I love Windows and Mac, those are user endpoints, and endpoints extend beyond user endpoints, for example, endpoints include servers and the full scope of internet-connected devices in a company.

If you're trying to implement a zero-trust framework and a system resilient to failure across a Swiss cheese layer of multiple problems. In that case, finding one solution capable of dealing with that kind of threat is complicated. You look at Microsoft Defender, and Microsoft has improved its security over the last decade. Obviously, Microsoft still has ways to go, given that it still keeps losing its signing keys. Still, the reality is that, similar to Windows and Azure, Microsoft has improved its security footprint. Microsoft Defender went from being a joke of a product to a very viable solution. That's great, but I can't run that on Mac, and I can't run that on Linux clusters.

Looking at CrowdStrike Falcon Pro, it is a great product. It has a very annoying sales team, but it is excellent. The problem in enterprise, however, is that sometimes, you have to run old technology, and when you cut off the solution from working on old technology, that's not helpful and makes everything worse, so I appreciate the aspect of SentinelOne Singularity Complete supporting even the old technology my company is on, which is a significant differentiator that is very useful about the platform.

When you think of Carbon Black and VMware, each platform is good, works quite well on Mac and Windows, and has some capabilities, but the level is not the same as SentinelOne Singularity Complete. SentinelOne Singularity Complete can be a stand-alone product versus other products.

If you're running a decent company, you should be able to invest in security and be willing to spend whatever it takes to have a very competent solution. Since I control the budget, SentinelOne Singularity Complete provides more value for the dollars spent and a more cohesive structure than what you can get from other solutions.

I'm unsure if SentinelOne Singularity Complete is amazingly the best, but it's the best overall product because it fits my company's needs. I work for a SaaS building enterprise company that does financial transactions, which has public internet-facing applications that get constantly attacked. If I can't run a comprehensive security product across all systems, I'd have to look in three different places, which means I lose some of that robust information. I lose some of that ability to correlate threats and figure out what's happening, and so do automated platforms. An automated platform can lose the ability to correlate the different events it doesn't know about, and this is where SentinelOne Singularity Complete really shines. It's a cohesive, widespread solution that's great in various aspects.

In terms of being innovative, SentinelOne Singularity Complete is quite innovative. I grew up with the internet and have seen different generations of security products and ideas. When SentinelOne Singularity Complete came to market, it was significantly different than the other solutions. SentinelOne could either be acquired or build very useful products, taking interoperability between different products to a level you won't find in other companies.

With how my company uses SentinelOne Singularity Complete and the Scalar platform for all its servers, the company logs into Scalar and runs alerts and rejects, flags alerts, and also gets to ingest all SIEM logs from SentinelOne Singularity Complete into Scalar, and then gets automated alerts. This means that my company gets multiple layers of visibility across its stack and analysis pipeline. My company then gets to log push to S3 after the hot tier access is over, which means it gets to retain all security alerts and problems for up to seven years, just in case, which is essential for a financial services company like the one I work for. Doing that is much more complex with other solutions versus SentinelOne Singularity Complete, so I chose it because, currently, it is the best.

I care about aspects that other people don't care about, such as supporting old Linux distros and being able to run the solution in some weird cloud environments easily. I care about SentinelOne Singularity Complete working with my company's log analysis platform, which makes the process easier.

It's difficult to pinpoint areas for improvement in SentinelOne Singularity Complete because I always like to see certain aspects. Still, if I look into the EDR solution itself, I don't have many negative thoughts about it, as it is very good.

If something could be improved in the solution, I'd say better pricing, as I'd always take better pricing. I would appreciate lower pricing. The lower the pricing, the easier it is for me to sell it. A solution with lower pricing tends to sell itself at some point.

Building a more advanced "if this, then that" logic in SentinelOne Singularity Complete, in terms of when to cold shutdown, particularly when it detects a threat, would isolate it from the network, could be an improvement. There could be a better way of saying "yes" or "no" to doing an action or specific actions unless it's one of the exceptions on your list. Having an additional logic layer could improve the solution, mainly because I run multiple systems with different layers. For example, if I'm running a very important server with this agent, and that server gets infected, I may not necessarily be sure that I want to shut it down right away. Maybe I want to isolate some of the connectivity but not do the entire security remediation automatedly or curtail network access type of activity.

If I could have a more advanced control layer where I could say, "Hey, I want to do that on almost every system, but these systems are so important, and they have to keep running, so maybe if there is a problem, you can do these things instead," then that would make SentinelOne Singularity Complete better.

We've been onboarding SentinelOne Singularity Complete as our primary EDR solution this year.

We implemented Scalar last year as the first step, and then it became a natural step to move as we wanted to have all of our logs flow into our general login analysis platform so that we could build and consume our own software platform. We build many SaaS apps, and we have about a thousand web servers facing the Internet, so what better way to analyze all of these than to get our internal logs, such as browser, local events, and all of the data into one place and one data plane?

Stability-wise, I haven't run into many problems with SentinelOne Singularity Complete, except for one case where the agent was short-cycle restarting, but that was due to some problems I caused. I can't really complain about that.

I wouldn't say I liked the SELinux policy that you force out over Ansible configurations, which naturally conflicted with the SentinelOne Singularity Complete agent. Still, once that got flagged and tagged, it was fine.

Overall, I'm satisfied with the stability of the solution, which was why my company implemented it.

SentinelOne Singularity Complete is a scalable solution, which is another reason my company chose it.

I don't contact technical support very often, but when I have, I haven't been disappointed. For example, the Scalar data center team has provided excellent technical support whenever I've asked for help with query matching strings and building RigX, so I'm very happy.

I found the technical support for SentinelOne Singularity Complete very good, and I'd probably reach out to the support team with more questions, which the team would probably answer.

My rating for technical support is nine out of ten.

Positive

Previously, we used Microsoft Defender, but I also used SentinelOne Singularity Complete in a former company. I like it a lot, and that's part of why my company uses SentinelOne Singularity Complete now. 

Deploying SentinelOne Singularity Complete didn't take long for a small global company like ours. My company has offices in the US, Canada, France, and India, and working between different locales took more time, but generally, the process didn't take very long, as it only took about two weeks.

SentinelOne Singularity Complete is a commercial solution that I found easy to implement, which is another reason my company paid for a commercial solution.

Myself and two other people were involved in the deployment.

In terms of getting ROI from SentinelOne Singularity Complete, some factors must be considered. There is a requirement for a few layers to start with. My company has to spend some money just as a baseline.

One requirement is to be SOC 2 compliant, which means an auditor will come in and ask about the company's antivirus software, whether it's running an EDR, including analyzing logs.

Another player is the cyber risk insurance, as the company tries to get the premiums as low as possible and takes security as seriously as possible, by demonstrating to insurance partners that the company is a very low risk in terms of threats becoming problems.

In terms of cost-effectiveness, mainly based on adjustments to your premium, which either raises or lowers the price, SentinelOne Singularity Complete is quite effective.

SentinelOne Singularity Complete is aggressively priced compared to smaller solutions. Still, in the past, as I worked for a SentinelOne reseller partner that deployed SentinelOne solutions to a lot of different customers, I was able to appreciate its capabilities and full features, which is part of the reason my company has implemented SentinelOne Singularity Complete.

The solution is a bit cheaper than CrowdStrike Falcon Pro and more expensive than smaller solutions. Still, it has a pretty reasonable pricing point, as I appreciate the flexibility SentinelOne Singularity Complete offers. I haven't been disappointed with its pricing because I'm more of a "not everything cheaper is better" person. It's not better if it makes the worst product.

I'm very satisfied with SentinelOne Singularity Complete, especially its price because I've worked with various companies. Yet, I found that no one provides a really good solution for the price except for SentinelOne.

When I started at this company, an MSP recommended a legacy type of antivirus, and I felt it was not up to par with what SentinelOne Singularity Complete provides. SentinelOne Singularity Complete is an excellent enterprise product with an excellent price point that's hard to argue with in terms of results and efficiency per dollar spent, so it's a no-brainer.

My company is mainly a cloud-based company. Very few solutions in the company have been deployed on-premises.

SentinelOne Singularity Complete is managed across different layers and all verticals, such as the web, firewall, etc.

Between two hundred to two thousand five hundred people use SentinelOne Singularity Complete within the company.

My rating for SentinelOne Singularity Complete overall is a nine out of ten. I don't give tens because there's always room for improvement, but the solution is pretty good.

We use SentinelOne Singularity Complete for its end-to-end detection and response capabilities.

We started using SentinelOne Singularity Complete because I wanted to eliminate a number of our existing first-generation tools, which were designed primarily for on-premises use cases. I wanted to move to our new set of tools, which were designed predominantly for cloud deployment and cloud infrastructure. There were two primary drivers for this decision: to reduce complexity and cost and to move to a solution that was specifically designed for our new architecture.

One of the main reasons we bought SentinelOne was for its integration capabilities. We don't have a standalone tool to supplement our overall security architecture. This includes our security data link, analytics layer, and intelligence capabilities. So that was really one of the primary reasons.

SentinelOne Singularity Complete excels at ingesting and correlating data across the security solutions that it has visibility into.

It has helped consolidate two of our security solutions.

SentinelOne Singularity Complete has helped our organization by boosting our confidence in our ability to detect and respond to the broadest range of threats, reducing noise in our security operations capability and resulting in fewer false positives than ever before.

It helped reduce our alerts by around 60 percent per day. SentinelOne Singularity Complete helped free up 20 percent of our staff's time to work on other projects.

Although I do not have data to support the claim, SentinelOne Singularity Complete should reduce MTTD. SentinelOne Singularity Complete has reduced our MTTR. It has saved us around 18 percent of our costs.

I find two features particularly valuable. First, deployment is much simpler than with other solutions with similar capabilities. Second, the fidelity of the detections is excellent. We have had very few false positives or false negatives, which allows our analysts to focus on their work instead of dealing with noise.

SentinelOne plans to integrate its endpoint agents, but the process is slow. The company has multiple agents with different functions, such as the ED Ranger, and each agent has different actual clients. Combining the endpoint agents would be a good step.

The endpoint firewall capability is fairly primitive and basic. It does not use objects and different device types to create a single object that can be easily managed. There is a significant amount of work to be done on the firewall side.

I have been using SentinelOne Singularity Complete for almost seven months.

SentinelOne Singularity Complete is stable.

SentinelOne Singularity Complete is scalable.

Technical support has been excellent so far.

Positive

We previously used Tanium and Symantec, two separate sets of tools. Tanium is a first-generation tool that is not specifically designed for the cloud. It requires a significant amount of manual effort to configure and manage, rather than automate these tasks. Symantec does its job, but we are essentially buying two tools to do what SentinelOne Singularity Complete can do on its own. Therefore, the switch to SentinelOne is primarily a cost-saving measure.

The initial deployment was straightforward. The entire deployment took 16 weeks, with eight weeks spent deploying the endpoints and eight weeks spent deploying the service. A total of 20 people were required for the deployment.

We are beginning to see a return on investment in SentinelOne Singularity Complete due to the reduced number of alerts in the operations center and the high-fidelity data.

After negotiations, the pricing was found to be fair.

I would rate SentinelOne Singularity Complete an eight out of ten.

SentinelOne Singularity Complete is a really mature product and seems to be focused on enhancing core capability and not getting distracted by other stuff.

SentinelOne Singularity Complete is deployed across our entire estate. We have around 10,000 endpoints.

It requires maintenance, such as builds, policies, and other related tasks. We have a team of four responsible for maintenance and another three people for day-to-day operations.

They have stepped up as a strategic security partner.

I recommend organizations do a proper proof of concept with the SentinelOne Singularity Complete in their environment using their tools and their people.

It is an all-in-one agent on multiple operating systems that can detect malicious and suspicious activities. You can also use it to respond to different threat signals that you get from the platform.

There are multiple engines that run different types of detection, such as behavioral-type activities, that it can detect. It can also detect malicious activity based on a hash. It's a pretty great tool.

Overall, the level of detection and visibility we get have vastly improved, and that means the protection for our company has improved likewise.

Singularity has helped reduce the number of alerts we get. We were using FireEye at one point, and it was producing a ton of false positives. We have seen a major reduction in false positives, and that has saved our team's time. We have time to do other projects now.

In my previous company, we were using a Cisco product, and there was a ton of time wasted. Out of a 40-hour week, about eight to 10 hours were wasted, and with Singularity, we were able to get back about nine of those hours. Obviously, there are alerts coming in, and you have to investigate them, but the number was greatly reduced. In my current company, about 15 hours a week were wasted with false positives and wild goose chases and alerts. Now, we may put an hour into investigations. The great thing about SentinelOne is that you can get right down to what's going on with the events and deep visibility. It has saved us around 12 to 14 hours a week.

It's pretty quick when it comes to time to detect because you're right on the endpoint. Some agents have a delay in terms of when they report back to a console or a reporting server, but with SentinelOne, it seems that the agent is talking to the console right away. There isn't a huge delay.

Our mean time to respond is also very quick once we see the threat come in. It depends on the policy that is in place and the type of threat. If it is something suspicious, which we don't always have a set response for with the platform, we are able to easily look at what's going on a couple of minutes before the threat and what comes after. We can see the artifact on the endpoint, what is executed and what the user was probably doing. That means we're able to respond really quickly with all that visibility.

When it comes to cost savings, in the first company where I used SentinelOne, man-hours were saved, and it was cheaper to use SentinelOne than the Cisco product.

One use case where we've reduced risk has been due to users using something risky. They were trying to use an application that's like a keylogger. We've blocked it, and we've also created a rule using a star to detect when people are trying to use it. We have also set up rules to detect downloads of risky software, and that's protecting us too. It's protecting us from risk, but there's not a lot of reduction other than some protections and blacklists.

The deep visibility is a valuable feature. I can use it during threats or alert signals that we get. I can also use it when we have alert signals from other security tools that we have. I can use the SentinelOne platform to dive into those, even though there's no alert from SentinelOne, and zero in with a timestamp using its deep visibility to look at an endpoint and see if there's anything going on that might be correlated to a threat.

And Singularity's interoperability with other solutions has been a major bonus. You can put exclusions in place for other security platforms. For example, if you're using Symantec, you could easily put in an exclusion for that. The way that you can put them in, with the scope and the different groups, is really great. Singularity also provides pre-baked exclusions for interoperability with other pieces of equipment. For instance, for Microsoft SQL Servers, it already has pre-baked exclusions that you can put in for interoperability. It's far beyond the other platforms that I was using before.

In terms of ingestion, it's definitely taking in a lot of information at the endpoint level. You still need a human to do some of the correlation of the activities. The SentinelOne platform is looking at the endpoint, but you still need a human on the other end to analyze what the human at the other end of the endpoint was doing. But overall the solution does pretty well at correlating activities. I have seen some serious threats come in, and it definitely detects them right away with a pretty good correlation to the threat.

During my use of it over the years, they've been continuously improving it.

My biggest complaint is that when you're logged into the console there is the Help section where you can review all the documentation. But when you log in to the support portal, there is documentation there as well. They need to sync those two into one place so that I don't have to search in two different locations for an answer.

And I'm on the fence about whether to keep the agents a little bit longer than they do, before they go end-of-support. That might be an improvement, but I'm not positive about that.

I have been using SentinelOne Singularity Complete for about four years.

Uptime is all the time. 

I've only had one experience where there was a disconnect between the agents and the console. It was pretty brief, but that is when I opened a case with support. I had never seen that before, so the uptime is awesome. It's up 99.9 percent of the time.

It's very scalable. We are working on a special project, in which we want to set up a lab for a special event. I talked with our support, and they said we could set up another site. It's really scalable.

As I mentioned, I recently had a case because there were a lot of agents offline for a moment. Their support responded within one minute. That was an outlier. Every other case that I've opened up with them has not been a priority-one issue, but they usually respond within about five to 10 minutes, and they have been really great. I have not had an issue yet with support.

Everyone I've worked with in support is awesome. They always have the answers. Even if it's a complex issue, we usually get right down to it. I'm really happy with support.

Positive

I have used it in two different workplaces. Both workplaces were replacing platforms that just did not perform well and did not give you good visibility into what was going on on the endpoints. Both had a higher rate of false positives, and neither had the various detection engines that SentinelOne provides.

I was involved in the initial deployment of the solution in my previous place of employment and it was straightforward. It was only made complex by our own IT department.

There is a little maintenance. I check on a daily basis because you can build out multiple groups. When a new agent is deployed, I have it start off in a specific group to get the agent installed, and then it does a full disk scan. There is a little maintenance—and maybe no one else does this—but I log in and check for new systems. Once they have their full disk scan completed, I'll move them over to the production policy. You could do that on a weekly basis but I do it daily. The morning maintenance is less than five minutes for me, and you could definitely do that weekly as well.

I did it mostly by myself. I had another engineer working with me but that was it. It's really easy, a no-brainer. And that was for about 1,200 endpoints

I'm not a manager, but the return on investment may be in saving man hours.

When we were checking out different platforms we did get a price from Microsoft and it was unreasonable. SentinelOne was definitely reasonable and worth the money.

I've used several different platforms. We had a demo of the Carbon Black EDR, and I've used the FireEye EDR, Symantec, and Cisco.

We did a comparison between CrowdStrike, Carbon Black, and looked at Microsoft's EDR products.

As far as consolidation of security solutions goes, I have some suggestions for my leadership. I think we can definitely consolidate. For instance, we have a certain network segmentation where we have multiple security tools, including the SentinelOne agent and other agents on the devices. These devices are lower-end systems that don't have super-high specs like you might have on a power user's PC. In that area, we could eliminate one of the security agents and leave the SentinelOne agent. We would be covered in several different areas, such as FIM. I could create a custom rule to watch a certain configuration file, and if it changed, we would receive an alert. You can definitely use it to consolidate. Although we haven't done that yet, we're going to start because it's possible with the SentinelOne.

I believe we could save money by reducing the number of agents on those endpoints. If you walk that back to the yearly cost when we buy licenses, we should be able to save money on licensing for the other agent that we're using.

SentinelOne is very mature as an EDR platform. I would definitely put it in my top two. Across the breadth of everything I've dealt with using SentinelOne, even support, it's definitely top-two and you should check it out. I don't have a bad thing to say about it.

You definitely have to check out SentinelOne. They are firing on all cylinders for multiple areas that you want to consider when buying a tool like this. They're at 100 percent. When it comes to visibility, they present the information so that it's easy to read and understand. Responding is really easy to do. Support, which is a big factor nowadays, has faltered at some companies over the past four years, but support from SentinelOne has been awesome. Put SentinelOne in your PoCs. If you're looking at a couple of companies, you have to look at SentinelOne.

SentinelOne as a provider is a major player in hardening the protection of our environment.

I use SentinelOne Singularity Complete for endpoint protection and remediation. It protects all computers in my company and sends real-time alerts about malware, viruses, etc., that may have found a way through all of my company's defenses.

SentinelOne Singularity Complete has benefited my organization through its rapid ability to find new and existing malware that I must act on. As the solution uses AI technology, it's able to find both known and unknown threats.

My organization realized the benefits from SentinelOne Singularity Complete quickly from the time of deployment.

What I found most valuable in SentinelOne Singularity Complete is the ability to connect to the terminal remotely. The solution is pretty handy because it allows my company to do investigations and whatnot, wherever the person may be. After all, I belong to a hybrid organization, which means you never know if someone will be in the office.

It is another tool in the tool belt for looking at some of the files, which means that even if the file is not a virus, you can go in and do some investigation.

SentinelOne Singularity Complete has excellent interoperability with other SentinelOne solutions, including third-party tools. I was pleasantly surprised with how in-depth the APIs go because it's almost integrated with my company's SOAR solution, consolidating all alerts in one place and triangulating more per case. In my company, SentinelOne Singularity Complete is integrated with a third-party tool.

My impression of the ability of SentinelOne Singularity Complete to ingest and correlate data across security solutions is good so far, though right now, my company only set up SentinelOne Singularity Complete. Still, it's good that the integration option exists because, in the future, who knows? My company might do some integration depending on what the timing allows.

My company has not consolidated solutions yet because SentinelOne Singularity Complete is just one of the many tools used within my company. It's a helpful tool, but it's not the only player.

SentinelOne Singularity Complete helped free up staff for other projects and tasks and is time-saving, though I don't have specific data on that.

The tool has also helped reduce my organization's mean time to detect. However, I can't give an approximation just because SentinelOne Singularity Complete is the only solution my organization uses. The tool has also helped reduce my organization's mean time to respond because, together with the SOAR solution, SentinelOne Singularity Complete allows my company to go in and correlate everything to find out where the threat came from, so my company can go in and take the appropriate measures to shut down threats more reliably.

SentinelOne Singularity Complete has helped reduce organizational risk because it's one of the modern architecture tools, which gives more confidence in the detections my company sees. The tool also reduces the number of false positives and false negatives, so my company knows that if the tool shows a hit, then that truly warrants further investigation.

I'd give SentinelOne Singularity Complete an eight out of ten in terms of its ability to innovate because it's very much on par with a few other options out there, though I can't recall the names right now.

SentinelOne is an excellent strategic security partner that quickly incorporates my organization's feedback. My organization hasn't had any problems. If my team is looking for a feature, for example, SentinelOne either edits a roadmap or makes the change pretty quickly if there's bandwidth.

They say there is an investigation function in the interface of SentinelOne Singularity Complete, but it's not absolutely available for use. It's a function I've been looking for, but my company can't use it yet for some reason, so this is an area for improvement.

Another area for improvement in the tool is the larger learning curve that stems from it being full-featured, so there's a more significant learning curve in figuring out the environment versus using a more traditional antivirus. It's a lot more than just installing it on the machines.

The other disadvantage of SentinelOne Singularity Complete is that the agent doesn't auto-update, and my company found it more complicated than usual to get the agent updated and keep it updated.

I've been working with SentinelOne Singularity Complete for six months as an end user.

We didn't have any problems with the stability of SentinelOne Singularity Complete.

For the most part, SentinelOne Singularity Complete is scalable, but with my company's problem with auto-updates, it just means needing to rely on other tools to get new agents pushed out to the endpoints. It would have been better and more scalable if there was a way to update on the directory.

We found the technical support for SentinelOne Singularity Complete one of the best we've ever had to deal with, surprisingly, so we'd rate it as ten out of ten. If we open a ticket, we'll typically get some answers quickly, but for more complex issues, we have standing meetings with them that are set once a week so that they can go more in-depth.

Positive

My current organization only uses SentinelOne Singularity Complete, but in my previous organizations, more traditional antivirus was used, like BitDefender, and it was fine.

With SentinelOne Singularity Complete, I'm more confident that it can detect threats better and will miss fewer incidents coming in because of the more modern ways it detects malware.

I was not involved in the entire setup process for SentinelOne Singularity Complete, but it was mostly straightforward. However, getting the agents onto the machines was more complicated than the team would have liked.

The team started with a test machine and then expanded after issues arose, including figuring out how to fix the issues.

We implemented SentinelOne Singularity Complete in-house, with the support of the SentinelOne team, whenever we had questions.

I have seen ROI from SentinelOne Singularity Complete.

I have no information on the pricing or licensing cost for SentinelOne Singularity Complete.

I wasn't involved in evaluating solutions, so I'm unsure if the company evaluated other solutions before choosing SentinelOne Singularity Complete.

The organization I'm working for doesn't use the Ranger function of SentinelOne Singularity Complete. It uses a homegrown solution for network visibility.

I don't believe SentinelOne Singularity Complete has helped reduce alerts within the company, and it's not because it can't but because the SOAR solution handles the alerts and sends the alerts. Still, there is potential to improve the process.

I've not observed cost reduction or money saved from SentinelOne Singularity Complete just because it's such a small aspect in the grand scheme of things. It's tough to put a number on that.

Many people were involved in deploying SentinelOne Singularity Complete for the organization.

I'm the one maintaining the solution, and for my organization, in terms of scale, one person is sufficient to maintain SentinelOne Singularity Complete.

The solution is deployed on three thousand endpoints worldwide on both MacOS and Windows machines, along with an agent on the servers.

I advise others looking into implementing SentinelOne Singularity Complete to be prepared to work with the SentinelOne support team. Implementation is not hard to do, but the support team is there to help with much of the work and is happy to help. My standard advice is to ensure you're also checking out other providers. Just because the solution works for my organization, it doesn't mean it will work for yours. You have to find a solution that checks all the boxes for your organization.

I would rate SentinelOne Singularity Complete as eight out of ten.

We got rid of our previous vendor, and we went with SentinelOne. We basically use it as our AV platform. In other words, it is supposed to be a solution that is next-gen and can detect ransomware and give us the opportunity to roll back if we are attacked.

The organization wanted to take advantage of their rollback feature so that, if we ever did suffer ransomware, that would help us with triage or remedying the issues.

The rollback feature is the most valuable aspect of the solution. 

In terms of its ability to ingest and correlate across our security solutions, we're still early on. The implementation team has helped us turn on the XDR feature, however, we haven't utilized it as much as we should. We're still testing the capabilities. 

We did a pilot with the Ranger functionality. The organization opted not to purchase it just yet. Long-term, next fiscal year, we may adopt it. It does come at an extra cost. It may be added during the next renewal.

The previous vendor had a lot more features and capabilities under the license. For example, I lost DLP as Sentinel One does not have DLP. By choosing this solution, I created a security gap. 

It has not helped us reduce our alerts. In my last solution, I did not get alert fatigue. We are fresh into the implementation and are getting a lot of false positives. 

We just went live this past year. I would say we have been using the solution for maybe six to eight months.

The product has been up more than it's been down. We typically do get alerts if there is a maintenance window. That's appreciated. There have been times when we have had issues accessing the console. that tends to get resolved quickly. That said, no one vendor can boast resiliency. 

We only have one module or solution from them. We haven't tacked on multiples from a scalability side. However, from a licensing side, it's easy to add extra agents, it's easy.

I've contacted technical support multiple times. The level of satisfaction is 50/50. It depends on who picks up the ticket on their end. If it's a level one help desk versus an engineer will dictate how easily we get an answer or not. If someone is not well-versed on the backend, we'll need to escalate and that takes time. 

Positive

We previously used Trend Micro. It was cheaper and had more features under license. However, management was looking for cyber security insurance and methodology. Therefore, management decided to go through Sentinel One.

Getting the solution spun up and put into the environment, and getting it set up to where it's working smoothly, was okay in terms of a process. They are like any other vendor trying to give you a white-glove service.

I was involved in the initial setup.

Once we understood the methodology, it was pretty straightforward. 

I chose to rely on people who knew how the product worked. I relied on their input and insights. We did procure professional services to really get into training and understanding the solution.

The learning curve continues to be the false positives. I've had to create a new exclusion list from scratch. I'm still going through the process. 

New users need to have a work-in period. There will be a period to get all of the little anomalies tweaked out.

There were three of us implementing the solution.

There's no real maintenance to worry about. That's why we purchased the SaaS solution. We do need to update the agent. 

I implemented the solution with the assistance of professional services. 

Purely from a budget perspective, Sentinel One was more expensive than my previous vendor, plus I lost a lot of features. I can't say that I see cost savings yet while using the solution. 

We also piloted CrowdStrike. 

I haven't used the solution in conjunction with any other third-party solutions and can't speak to its integration capabilities. We will do that, we just haven't yet.

The solution hasn't freed up any time. It's the same as our old solution. 

So far, it has not changed our mean time to detect. However, I have not seen a true positive yet. I would need to see a real threat come into my environment yet. This is true with the mean time to respond. The process is exactly the same. I have it configured so that if anything is critical, I get real-time alerts. 

I'd advise new users to hone in on the subject matter experts and grill them during the POC. We were so accustomed to doing workflows a certain way, it was almost like how we had to learn how to walk again when we switched solutions. 

I haven't seen Sentinel One's innovation just yet. We have asked for adjustments or features. We're going through a feature request platform and I have yet to see them implement a feature we requested. My previous vendor, Trend Micro, was very willing to implement changes.

You can't just take it back if you don't like it. It's here to stay. There's no going back to the previous vendor. We need to make it work. We want to stay with them at least a good while.

I'd rate the solution eight out of ten.

I would advise new users to understand what workflows they are accustomed to and how their current setup works so that they can ask a lot of questions during the POC. It's important to fully understand Sentinel One's logic to be successful.