SentinelOne Singularity Complete Reviews

We use SentinelOne Singularity Complete as an endpoint protection solution. It is our primary endpoint protection solution for our workstations and servers for protection from any kind of threats that may appear on those systems.

We have some localized virtual machines that it is running on. We do not have any cloud workloads.

SentinelOne Singularity Complete is pretty good in terms of being able to fine-tune the alerting that you get. It is better than other solutions that are super noisy to the point that it is difficult to drill down. If you get an alert of something that is actionable, it is better than getting one alert and then getting five others right behind it. This solution is pretty good at not being noisy.

Luckily, I do not spend a ton of time with SentinelOne Singularity Complete unless there is an alert or a potential breach, but that just does not happen very often. Email security is the front door of protection, and that takes the brunt of any kind of security concerns. Luckily, most things are not hitting our network right now.

SentinelOne Singularity Complete is pretty good at picking up things that are not necessarily malicious and alerting me that somebody or something is using something that needs attention. That happens instantaneously. It is pretty quick.

SentinelOne Singularity Complete is as fast as we can ask. I can see the alert and get on it. It does not take very long, so I am not sure how we can improve more when it comes to our time to respond. We are a small enterprise. It does not take us too long to respond to things.

Being able to keep track of the endpoints and the data that is available from the endpoints is valuable. We can see the patch levels, whether Windows endpoints are active or inactive, and who is the last user that was logged on. We get a lot of granular information that is valuable even when we are not talking from a security standpoint.

The agent update is not the most intuitive process, but I understand why they do it. We have a pretty vertical 64-bit environment for Windows. That is pretty much all we have, but we get alerts for things like the new Linux endpoint or things that do not apply to us. That is probably the only thing that I do not like. There may be some way to turn that off so that I do not get endpoint update alerts from platforms that are not applicable to our system, enterprise, or network.

We have had it for a couple of years now.

I have not had any issues related to downtime, uptime, or responsiveness of their infrastructure. I have not seen any reports where something was not working the way it was supposed to.

They would far outpace the scale of what we would be looking at.

I contacted their technical support at the very beginning when I was rolling things out, but it was not a major issue. It was just about me getting up to speed with how they do things. I do not have a negative impression of how that interaction went.

SentinelOne is a good partner. I had a few other technical support questions, and they answered them pretty quickly. They were pretty minor things, and they were always pretty quick to respond. 

Positive

We were using another solution previously. It was long ago. We were using Berkeley, which was bought by Alert Logic. The Berkeley product was pretty good, but when they were bought by Alert Logic, I did not like the way they did things. It was complicated. It was not intuitive. Their sales program was a little shady. We got locked into a contract that was not intentional. It was not a great experience. They have a product that is not a direct competitor to SentinelOne. We tried it, and it was super noisy for alerts. If I tried to clear all the alerts in the system, I would not have time for anything else. We were not necessarily looking for it, but because of the platform that we were on, we tried the other offerings that were included in the platform, and it just was not a good fit.

SentinelOne is a much more robust platform than Berkeley or Alert Logic in terms of endpoint protection. In terms of the ability to be innovative, SentinelOne provides tools. If we had stronger security requirements, they have other tools that we could utilize, such as Ranger. 

The portal is cloud-based, but the agents are on-prem.

I was involved in its deployment. I am a one-man IT shop. It was pretty straightforward. You get the agent that you want to install, and there is a code that you put in that locks it to your portal. It installs pretty easily.

It requires very little maintenance. Occasionally, I check to make sure that the agent version is pushed out because that is not automatic. I get to choose when the agent gets pushed out. If there is an update, I update them when I want to.

We did not need any help at all. It was just me. 

We do not put a price on security, but we have to choose between different products that are on the market. We are constantly evaluating other products every year. Endpoint protection is not something with which there is a huge opportunity cost by moving from one vendor to the next. Our security stack is not so integrated with SentinelOne. If, for some reason, they were not the best option, we could move to another option fairly easily. The fact that we are sticking with SentinelOne is a testament that it is not broken. It is still working for us. It gives us good peace of mind about the product line, where it is going, and the protection that it provides.

It is very competitive with other solutions that are on the market. At least the last time we renewed, it was very competitive.

I try to stay abreast of different platforms. I reached out to SentinelOne, and they put me in touch with a reseller, so I went out and found it. 

The biggest thing was how well SentinelOne ranked versus the other platforms. There was also a cost-benefit of a solution like SentinelOne. We thought it would be effective for endpoint protection.

It certainly was a cost-effective solution as compared to some of the other endpoint protection solutions that were available at the time. I would not have gone with SentinelOne if it was not a good value.

It is a very robust platform. It is a great candidate to serve small business environments. They do not target small businesses. They do not market it to small business environments with 50 users or less, but being a little more technically-minded, I wanted something that was enterprise-ready. Even though our environment is small, it was a good fit for us.

It did not require a lot of in-place support from the integrator or the reseller, but they did provide a large amount of presale decision-making help in terms of what I was getting into and what they could provide. That was very helpful. Talking to an integrator or a reseller so that you can put a person to the discussion is helpful.

In terms of integrations, we have looked into some of the integrations, such as with Mimecast. We have had some interest in that, but we have not utilized any of those third-party integrations. We also looked at the possibility of using some things with log management and being able to have a single source of how protected we are across the enterprise, but we have not yet pulled the trigger on anything like that.

Overall, I would rate SentinelOne Singularity Complete a nine out of ten.

SentinelOne Singularity Complete is an endpoint protection solution that my company deployed on all workstations and servers to protect against ransomware, malware, and other types of infection.

What I like best about SentinelOne Singularity Complete is its web-based admin interface, which allows me to go into the platform, look at the entire organization, particularly all of the sentinels or endpoints, and manage everything from there. For example, if someone is infected, I can manage the whole operation and process from the admin panel.

I also find SentinelOne Singularity Complete beneficial in its interoperability with other SentinelOne solutions and third-party applications. This helps the solution stand out.

The ability of SentinelOne Singularity Complete to ingest and correlate across security solutions is also a great feature.

The solution has not reduced any of the alerts for my company, but I'm happy to see when the alerts come through on the platform. As for the mean time to detect, SentinelOne Singularity Complete helped reduce it by ninety percent.

I noticed the mean time to respond has been reasonably quicker after using SentinelOne Singularity Complete, plus the organizational risk has been reduced.

In terms of quality and maturity, SentinelOne Singularity Complete has been around for a while and is a trusted solution. I have a colleague who works for another organization that was hit with ransomware, and the consulting company working with his team recommended SentinelOne Singularity Complete as one of the changes to implement immediately so from that standpoint, I truly enjoyed hearing that knowing that my company is also a SentinelOne Singularity Complete customer.

As a strategic security partner, I found the solution great, primarily because all of its features work well.

SentinelOne Singularity Complete takes up a lot of memory in Google Chrome, which sometimes causes it to lag, so this is an area for improvement. The solution could be improved by increasing its efficiency within the web browser.

Another area for improvement in SentinelOne Singularity Complete is technical support, particularly the response time when dealing with non-critical issues.

We've been using SentinelOne Singularity Complete for over two years now.

I didn't experience crashing and downtime from SentinelOne Singularity Complete, so I find it stable.

For my company's use, SentinelOne Singularity Complete is great and has no issues scalability-wise.

The technical support provided for SentinelOne Singularity Complete is a seven out of ten because the team takes longer to deal with non-critical support issues. Response time could be faster.

Neutral

My company was looking for a solution encompassing a wide range of protection, and SentinelOne Singularity Complete matched what the company was looking for. The company used another product, particularly Webroot, and then moved to this solution.

Moving to SentinelOne Singularity Complete was my company's decision as it had more features, was more advanced and was more suitable for an enterprise application. Hence, the solution was ultimately a better fit when compared to Webroot.

I was involved in the initial deployment of SentinelOne Singularity Complete, which was very straightforward.

SentinelOne Singularity Complete was implemented in-house. I did it all by myself.

Anytime my company doesn't get infected with ransomware, there's ROI from SentinelOne Singularity Complete, as being infected with ransomware is pretty costly.

I find the licensing cost for SentinelOne Singularity Complete fair.

I've never used the Ranger functionality of SentinelOne Singularity Complete.

In my company, SentinelOne Singularity Complete has a hybrid deployment.

From a maintenance perspective, I have to ensure the solution is working and looks good, but I only have to go in and check occasionally. In SentinelOne Singularity Complete, the upgrade is automated.

My rating for SentinelOne Singularity Complete is nine out of ten.

I'd tell others looking into SentinelOne Singularity Complete that it provides complete protection and has yet to fail my company, so it's a solution that I recommend. I'd tell others to go with SentinelOne Singularity Complete.

My company is a SentinelOne customer.

We use SentinelOne Singularity Complete to provide endpoint protection for all endpoint servers and Kubernetes clusters in our environments where SentinelOne is supported. We also use SentinelOne to help manage our systems and provide visibility into the assets in our environment.

We have found that Singularity Complete integrates well with our existing SIEM solution, Splunk, and some of our other system management tools, such as Okta and Armis. We are also looking forward to the additional future integrations that are planned.

I appreciate Singularity Complete's ability to ingest and correlate data across our security solutions. I use this feature quite often, either to perform deep visibility searches to correlate data across different sources if I have specific concerns about security events, or even to track running or operational issues as well. Singularity is not only a security product but it can also be used for troubleshooting non-security and related issues on devices.

Compared to the previous EDR solution, Cylance Protect, we had substantially fewer false positives when we implemented Singularity Complete.

Singularity Complete has reduced our MTTD.

Singularity Complete has reduced our MTTR somewhat compared to our previous EDR solution.

Singularity Complete has reduced our organizational risk by 20 percent, specifically the risk profile associated with malicious activities on protected devices.

The most valuable features, of course, are the protection and support for the devices. In addition to that, the ability to see the last log-on dates for time-tracking purposes has been helpful. The most useful feature of all is deep visibility. I think it was recently renamed to something else, but it is the ability to run IOC queries across all devices and gain information to look at any kind of potential events that might occur.

We have had cases where Singularity Complete has caused applications to malfunction. The existing interoperability rules have not necessarily been sufficient to resolve those conflicts. SentinelOne needs to work on interoperability with other systems and on the interoperability rule set.

I have been working with SentinelOne Singularity Complete for one year.

We have not had any stability issues in our environment with Singularity Complete.

Singularity Complete is scalable.

With any support service, it depends on the person we get on the line. Some are better than others. But overall, I find the technical support team to be good, comparable to other good technical support teams I've seen from other vendors.

Positive

We implemented SentinelOne Singularity Complete to move away from a legacy EDR platform, Cylance Protect, that did not perform as well as a modern EDR solution should.

The initial deployment was complex due to the complex environment. I would agree that deploying to a single device would be straightforward, but we have a manufacturing environment that requires bespoke applications, which makes any migration complex.

Fifteen people were required for the deployment.

The implementation was completed in-house.

The pricing and licensing make sense. We worked with a third party to help us with licensing, and the licensing we obtained through that process was ultimately reasonable and comparable to other products on the market.

We evaluated Microsoft Defender, CrowdStrike, and Cortex XDR by Palo Alto Networks.

I would rate SentinelOne Singularity Complete ten out of ten.

We are considering the possibility of using SentinelOne to consolidate some of our security solutions, but have not moved in that direction just yet.

Singularity Complete has not yet saved our staff time because it takes more time to deploy and migrate to the point where we have time savings. I think it will in the next couple of years.

We see a lot of innovation from SentinelOne. They are acquiring many other products that are integrating with the platform we looked to adopt in the next couple of years if it works out well. New features and functionalities are also regularly released. So, in terms of innovation, that's one of the reasons we chose SentinelOne Singularity Complete in the first place.

Singularity Complete is a mature product that can sufficiently protect our assets. I would say that the core features associated with that functionality are in place and work well.

Maintenance is relatively low, but systems need regular updates, and we need to troubleshoot all of them. So, there is some work involved.

SentinelOne is a good strategic security partner. We appreciate the direction of their product roadmap and its current coverage. One area where they could improve is in having their EDR support teams reach out to us. We don't believe we have an EDR or anything similar setup, but it would be helpful if they offered quarterly or semi-annual meetings to check in, see how we're doing, and give us an opportunity to provide feedback.

People researching Singularity Complete should first understand their environment and deployment goals to ensure compatibility between their existing solutions and the new product. They should also evaluate multiple competitors before making a commitment.

We're a partner of SentinelOne, but we're also a partner of many other companies. We're not a vendor per se. We sell SOC as a service, and as a part of that service, we provide protection solutions. My area is around antivirus. So, we are not a reseller in that sense.

I am using its latest version. It can be deployed on-prem as well as on the cloud. I have customers with a requirement for both. SentinelOne provides their own cloud because that's where they do their artificial intelligence (AI).

SentinelOne is what they call extended detection and response (XDR). So, it is the next generation of endpoint detection. The main difference between Endpoint Detection and Response (EDR) and XDR is that in XDR you have visibility on how something is executing. An EDR solution detects a suspicious or malicious package based on its signature or its behavior and sends an alert, but the problem is that you only see the file that it alerts on. For example, if it is an attachment to an email, you'll see the trigger on the attachment when you try to open it, but what you don't always know is from where that came. With an XDR solution like SentinelOne, you can see the whole process execution. You can say that it was executed from inside Word, Outlook, or something else. For example, when you opened an attachment in Outlook, it triggered Word and got opened in Word. This whole process execution is visible with XDR. It also offers the possibility to suspend or respond intelligently. So, you can use it not only to detect that the package is suspicious, but you could also suspend it so that when the person comes to investigate, the suspended process is still there.

The process visualization, automated response, and snapshotting are valuable. The integration and automation possibilities are also valuable.

The update process can be better. It is very easy to deploy, but over a long period, the updating process can be a little messy. In some EDR solutions, you end up with a very good mechanism to push new versions. It could do with a little work in that area. It is not particularly difficult, but it could do with a little work.

I have been using it for about a year and a half.

It gives good stability. It can have an impact on the performance of the workstation, but that is usually a question of tuning. From a stability point of view, I've never had a machine with a blue screen.

It scales very well.

They're excellent. I would rate them a five out of five.

Positive

We are technology agnostic in the sense that if a customer doesn't have a solution, we'll make a recommendation. If they don't have a solution, then our recommendation goes along the lines of SentinelOne, Palo Alto Cortex, Microsoft Defender ATP, or ESET. These are the ones that I typically would recommend, but Microsoft Defender ATP is problematic because you have to have the Azure and Office licenses to get it. For the other ones, you can buy the licenses separately. We also take over other solutions. I have some customers on Kaspersky and other solutions.

It is straightforward. If we deploy it from a URL where it downloads, it can be done in 10 minutes. If it is coming from an internal deployment server, it can be a few minutes. It is essentially headless. There are no prompts.

I have six people, but they normally work with the customers. As an MSSP, we normally work with the customer IT teams to deploy the agents in large companies. In small companies, it could be our people who do it. 

The number of people required depends on the number of endpoints, but generally, the number is low because it is a very simple installation. In fact, we even have end users running this.

It has the best ROI that I've seen. If I compare it to Microsoft Defender ATP or Defender for Endpoint, which a lot of people compare it against because it's included with the E3 or E5 Office licenses, Defender is three to five years behind SentinelOne. You're also tied to Microsoft's licensing scheme, whereas SentinelOne is independent of all of them. The ROI is very good. For me, its closest direct competitor is either Cybereason or Palo Alto's Cortex.

Its price is per endpoint per year. One of the features of its licensing is that it is a multi-tenanted solution. From an MSSP point of view, if I want to have several different virtual clouds of customers, it is supported natively, which is not the case with, for example, Microsoft Defender.

Another nice thing about it is that you can buy one license if you want to. Some vendors insist that you buy 50 or 100, whereas here, you can just buy one.

The Singularity product has three versions: Singularity Core, Singularity Control, and Singularity Complete. The Singularity Complete one is really what I consider an enterprise rate solution. The middle one, Control, is more than adequate. In terms of price, it works out very similar to what you would pay for Kaspersky or for any other solution. The licensing per endpoint, per year, and per version is progressively more expensive for the Core, Control, and Complete versions. 

The interesting thing is that it is possible to upgrade across the versions without a major change. If a customer buys the most basic installation and would like some of the features out of the middle, it is possible.

You have a choice between an on-premise console and the cloud. My advice would be to use the cloud, but it is a consideration of whether your endpoints can connect to the cloud or not. One of my customers is in the military defense area, and they have no connection to the internet. So, we had to deploy on-prem. What you don't get with the on-prem is all the AI. So, if you're deploying on-prem, you get the core features of SentinelOne, but you don't get all of the bells and whistles that you get from the cloud environment. The same is true for Cisco AMP and other solutions that are deployed on-prem. So, you need to consider how you're going to consume it if you have a disconnected network. If you're in the financial world, a lot of the production networks are not connected to the internet. So, solutions like Microsoft Defender are not an option because they're cloud-based, whereas SentinelOne is an option in those environments.

I would rate it an eight out of ten. It is a very good solution, but you have to compare it to understand it better.

Everyone who is a client of ours gets SentinelOne by default. It provides ransomware protection, malware protection, and increased security. Those are our top-three selling points for SentinelOne when we talk to clients.

Prior to deploying Sentinel One, we had a team of staff members dedicated to ransomware prevention and malware alerts. Since deploying Sentinel One, we have been able to allow that team to focus on other proactive security measures for our clients.

The dashboard alerting is great and it has helped us out a ton.

SentinelOne has also greatly reduced incident response time, based on the toolsets and the ability to deploy it to new companies through a script. That has been very helpful. It has decreased the amount of time spent on incident response by 40 to 60 hours a month.

And when it comes to mean time to repair, while we haven't had a situation where we've had to reload an operating system or repair to that extent, we've used the 1-Click Rollback feature which saves several hours over a reload of a PC. 

The detection and response feature is really good for us. 

Also, there is a feature called Applications, and it shows all the critical applications that are on devices that may need to be reviewed.

The solution’s Static AI and Behavioral AI technologies are great when it comes to protecting against file-based, fileless, and Zero-day attacks. I would rate that aspect at eight out of 10. They have been great at detection.

The solution’s 1-Click Rollback for reversing unauthorized changes is also huge for us. That is one of the top reasons we have SentinelOne in place. For example, we had a site that had downloaded malware on a share for their sales office. It was trying to move laterally throughout the network but SentinelOne detected it. We then used the 1-Click option to remove it from the 10 or so PCs it had infected. Then we blocked it based on the information SentinelOne provided to us. That way if it happened again, it would already be blocked and wouldn't be allowed to launch.

One area of SentinelOne that definitely has room for improvement is the reporting. The canned reports are clunky and we haven't been able to pull a lot of good information directly from them.

Also, integration is almost non-existent. We would really like to see integration with ConnectWise. Within ConnectWise Automate, you're only allowed to deploy at the top-level group. Our company is dealership-focused, but if we have a parent dealership that has 10 sub-dealerships with SentinelOne, we have to treat them as one large group instead of one parent and 10 sub-groups. That's been a pain point for us. We've done some workarounds, but since there is no integration, it's tough.

I have been using SentinelOne for about two years.

We haven't had any issues, outages, or upgrades. I would rate the stability at 10 out of 10.

One of the features that we love about SentinelOne is that we don't have to buy licenses ahead of time. It just scales up as we grow. We're bringing on a client now that has 500 endpoints and I don't have to worry about contacting sales at SentinelOne and getting a PO for 500 licenses. It just scales up and we're charged based on what we use, which is awesome.

The solution is on 100 percent of our clients that we manage, and that's going to be the goal moving forward. Our sales team does not put in a contract without SentinelOne.

SentinelOne technical support has always been very quick and responsive. We haven't used them a lot. We're a technology company as well and we're able to fix the minor stuff ourselves or by looking at a knowledge base.

One of our concerns or complaints at the beginning was the lack of training, which they fixed. They allowed us to schedule our staff to do the eight hours of free training, which was great. That would have been my only complaint, but that was resolved a few months ago.

Positive

We didn't have any EDR solution in place like SentinelOne. We had Bitdefender for antivirus, but that has been removed. Our existing antivirus was failing in several ways. It wasn't detecting everything that was coming through. That was the big catalyst for the switch.

Originally, we had SentinelOne through SolarWinds, which was our previous RMM tool. And when we migrated to ConnectWise, we moved our existing licenses over.

The initial setup was straightforward. It was through our RMM. We bought licenses and we had a one-click deployment to deploy that software. And when we migrated, the gentleman who helped us was awesome. We migrated 9,000 endpoints from that RMM directly into SentinelOne, and he did a lot of the heavy lifting. We just had to check and confirm things were getting moved over.

The migration of the 9,000 agents took 10 to 14 days.

Our implementation strategy included a deployment where we would do a test phase. We picked certain endpoints at different clients and we would deploy and set it in a "listen-only" mode and see what it caught. If everything was good, we would then turn it on to regular mode. That process helped a lot in the implementation.

We have about 75 people in our company using SentinelOne. The main roles among them are about 60 percent help desk, which is view-only; 20 percent client-side, which is reporting and view-only; and the rest are our engineering level where they have the ability to do rollbacks and fix certain issues that are coming in. There is very little maintenance involved with the solution, maybe a handful of hours a month. We have it set up to auto-update. Prior to that, we had to set up our script to download the most recent version, but that's all been replaced now with automation. Maintenance on the actual system is very minimal.

In the past, we had to purchase licenses in advance, so if we hit our license limit, we could not expand until we got a signed agreement in place with the sales rep after the back-and-forth. That meant if a client had ransomware and they had 200 agents, we couldn't deploy right away if we were up against our limit. So we always had that balancing act of figuring out if we were close to our limit and whether we needed to buy more licenses? We ended up paying for licenses we didn't need because we had to buy them in packages of 100.

We now pay based on usage. They do an audit once a quarter and calculate any overages. We pay a set amount quarterly, based on our licenses in use, and then they true-up the figure. Right now we have 12,800 agents with SentinelOne on them. We charge our clients monthly, so it would be really difficult for us to write a check to SentinelOne, in advance, for a full year's worth, at that level. It's been great for us to have the quarterly payments.

We looked at CylancePROTECT in addition to SentinelOne. We liked the pricing better and the contract options better with SentinelOne. The deployment also seemed to be easier. In addition, SentinelOne detected things that others missed. We did a few quick trials of other solutions, but SentinelOne seemed to be the best in terms of detection. For example, we did a test with Mimikatz and SentinelOne detected it immediately, whereas some of the others bypassed or didn't see it at all.

And when we talked to the ConnectWise sales rep—because ConnectWise was integrated with Cylance at that point, and SentinelOne was not—the rep told us that they were actually dropping Cylance and moving to SentinelOne over the next year for integration, which was a big factor for us.

My advice would be to implement SentinelOne immediately. It is one of the top things that we've implemented and it has saved us countless hours. It's really hard to quantify the savings, but if a client were to get ransomware, it could involve weeks of several team members working around the clock to get them back up and running. Since we've implemented this, we haven't had to do that in an environment where we had experienced having to do so previously.

The biggest thing I've learned from using SentinelOne is that there are a lot more attacks out there than a typical antivirus will display. Regular antivirus, rather than an EDR-type platform, gives people a false sense of security because there are a lot of processes running in the background that the typical antivirus solution is not equipped to catch. It was eye-opening when we started deploying this at clients, locations where we felt we had very good peace of mind in terms of what was happening. SentinelOne started detecting things left and right that were completely unable to be seen prior.

Our primary use cases involve Endpoint Detection and Response and Extended Detection and Response.

My positive experience with SentinelOne lies in its comprehensive version, allowing for rollback and replay of events, which is especially useful for EDR. The strength of behavior-based solutions like SentinelOne, CrowdStrike, CyberArk, and others lies in their ability to reveal the consequences of opening a file. Witnessing the impact of a virus gaining control over a computer or understanding the ramifications of opening a file adds a layer of insight.

It stands out for its seamless interoperability with other SentinelOne products and tools, facilitated by REST interfaces. This integration is particularly potent when connecting SentinelOne as an endpoint solution to firewalls like Fortinet, allowing the firewall to receive insights from SentinelOne clients. In today's landscape, where file transfers often occur through encrypted channels, traditional firewalls face challenges in inspecting these streams effectively. SentinelOne's endpoint security addresses this by analyzing downloaded files in their decrypted form, providing a crucial layer of protection. The bidirectional information flow between the firewall and endpoint security, enabled by SentinelOne's REST API, empowers proactive threat prevention and detection, contributing to a robust cybersecurity posture.

Utilizing SentinelOne has significantly reduced the number of alerts for us. We might have experienced more false positives and missed potential attacks without it. Its alert system is efficient, with a low rate of false positives compared to other solutions I've heard about. Managing alerts is straightforward, and the platform allows for creating white lists to handle false positives, such as those related to old printer drivers. The administration is user-friendly, offering features like multi-factor authentication for secure connections to the console and automatic updates within the SentinelOne interface.

It has proven to be a time-saver for our staff, significantly reducing the likelihood of falling victim to various cyber threats. By addressing the spectrum of attacks, from initial malware infiltration to potential worst-case scenarios like Active Directory compromise, SentinelOne has played a pivotal role. It effectively diminishes the probability of becoming a target for attacks that exploit stolen passwords, infiltrate the company's IT infrastructure, and escalate privileges, ultimately leading to severe consequences such as a randomized Active Directory.

The platform is user-friendly, easy to administer, and aligns well with GDPR requirements, which is crucial for us. What makes SentinelOne stand out is its speed and efficiency, consuming minimal computing resources. It operates by checking data only when it's accessed, synchronizing with the process that opens the data which is well-designed and effective.

I don't actively use SentinelOne's Ranger functionality because we haven't implemented it university-wide. While we've employed it in specific cases, my experience with it is limited. However, it provides valuable insights into past events, allowing you to trace the history of a virus download or malware activity. For instance, you might discover that a virus was downloaded two weeks ago using the Safari web browser, saved to the computer, and later opened with Excel, triggering certain actions before SentinelOne intervened. The ability to roll back such ransom actions is a valuable capability provided by SentinelOne.

It primarily operates on local machines, monitoring processes, and not always providing detailed insights, relying on external information to determine the nature of a file. This limitation becomes apparent in more complex scenarios, such as analyzing or assessing the content of files at the byte level, especially in cases involving files like Excel, where there may be some difficulty in discerning potential issues. They should consider incorporating a cloud-based service where users can upload suspicious links, documents like Excel sheets, or ambiguous files to observe their behavior in a sandbox environment. Currently, with SentinelOne, the process involves setting up a separate network and machine for this purpose, requiring users to upload the file and monitor its behavior on the dedicated machine. Offering a free and accessible service like this would be a noteworthy enhancement to their product, providing users with a convenient and efficient way to analyze potentially harmful content.

I have been working with it for four years.

I would rate its stability capabilities ten out of ten.

I would rate its scalability abilities nine out of ten.

I am highly satisfied with their technical support; it is truly excellent. I would rate it ten out of ten.

Positive

Comparatively, SentinelOne has certain drawbacks, particularly when measured against CrowdStrike. CrowdStrike offers a free sandbox at hybrid-analysis.com, allowing the examination of links and downloaded files on a virtual machine. This proves especially valuable in assessing potential phishing emails. Uploading the file or link to hybrid-analysis.com provides a detailed analysis, complete with screenshots of what transpires on the virtual machine. This includes actions like the opening of links, prompting CEO impersonation attempts, and other background information. While SentinelOne may lack these specific features, its advantage lies in being an all-encompassing solution, whereas CrowdStrike functions primarily as a managed service, which may not align with specific preferences.

The initial setup was straightforward.

The deployment of Singularity Complete involved some consultation, as we collaborated with a partner who facilitated the onboarding process with SentinelOne. While the partner occasionally provides support, larger issues are infrequent, and overall, the deployment has been relatively smooth. We have implemented it across various locations. There is some maintenance involved in managing Singularity Complete.

It's challenging to quantify precisely, but the implementation of Singularity Complete has significantly reduced organizational risks. Currently, we employ it on critical systems, constituting approximately fifty percent of our infrastructure.

Creating separate groups for various types of computers, like Windows servers and clients, enables efficient management and customization of security configurations tailored to specific needs. Overall, I would rate it ten out of ten.

We primarily use the solution for security. 

Cyber threats are growing. I have some other colleagues from other companies that have had some attacks. For us, SentinelOne or EDR solution was something appropriate.

It's pretty easy to implement. 

It gives you good visibility of any threats or vulnerabilities that you might have on your network. 

It's very simple to use, and user-friendly as well.

I don't know how complicated it would be, however, a patch solution should be included inside of this. If we find a vulnerability, we should also be capable of patching the PC right away.

Some reports could be better. Sometimes you need to search inside of SentinelOne to get some information. Only then could one be done. 

A daily report would be helpful.

I've been using the solution for six months. 

The software looks to be okay right now. It is very stable. I have no complaints regarding that.

It is very scalable. Most of the software that is on-demand is scalable.

We have about 350 licenses for the solution right now. If the company grows, we will increase usage. 

We use the SUP team that is provided by the provider of SentinelOne. However, I've never directly dealt with them. 

Previously we had an antivirus. That was Kaspersky. However, we didn't have an EDR solution. It can't be really compared. 

Of course, with Kaspersky, now, with what's happening in Ukraine, there has been a break in trust.

The implementation process is quite straightforward. It's not complex at all. 

The deployment process took a maximum of a month. That said, we were doing very slowly since there were some computers that we knew would not have any attacks on it. However, there were others that were using acquisition data. We needed to install it and maybe wait a week to ensure everything conformed, and after that, we patched the rest.

Maybe five or six people are maintaining. However, no one really has to worry about it full-time. Really, only one to two people would be required. 

We did a third-party integration. Another company is hosting SentinelOne. 

Since we are a French company in France, we partnered with a company called Arrange which is our vendor. We did some quotes and found they have a reasonable price for this kind of technology. SentinelOne offers one of the best software quotes and has excellent reviews and everything.

The licensing is done per device.

I'm not directly involved in the licensing process and can't speak to the exact costs. 

This is an on-demand product. We are always on the latest version. 

I'd rate the solution eight out of ten. It's a good product. We like working with it. 

Our primary use cases for SentinelOne are data endpoint management, document version tracking, and email security.

A concrete fact is that it allows us insight into our data and our security and helped us protect our intellectual property.

For us, the dashboard is the most valuable feature. The analytics that you can pull out of the actual tool are valuable.

Their CASB tool needs to mature. I think there are some CASB vendors out there that have a dashboard tool that's much more mature than SentinelOne. That would be the only constructive criticism that I have.

I have been using SentinelOne for more than five years now. 

I have total confidence in the stability of the solution. 

SentinelOne's scalability is very good. The solution is very flexible. 

I was extremely happy with their technical staff. The solution's tech support is top-notch. They have some really good engineers on their team.

We previously used McAfee ePO and we switched to SentinelOne just because of the customer service and the product.

The initial setup was complex, but their technical staff are professionals and were able to help us custom-tailor the package we needed. On a scale of one to five, in terms of the complexity, with one being impossible to do and five effortless, I would put SentinelOne at about a four.

Deployment was about a six-month project for us and it included a discovery period and learning about our environments. We worked with SentinelOne to learn the environments and figure out what we needed to be successful. Then, we focused on an implementation period and then just monitored it after that. It was about a month and a half for each phase of that six-month period.

We implemented it in-house but we worked directly with SentinelOne. Our experience with them was fantastic. I wouldn't want to do it without those folks again.

The ROI we saw was that for the first time we had actual dashboard data on our data usage for our cloud vendor that we chose and also for our on-premises. We purchased our servers from Dell and it allowed us to actually get a better grip on what we actually needed to buy versus what we were buying.

SentinelOne's licensing costs are reasonable. I can't provide hard numbers, but I can say that SentinelOne is a much better solution with better value and a lower cost than the McAfee ePO. 

We did not evaluate any other options before switching to SentinelOne. 

SentinelOne would be my go-to security provider. I would recommend that others go there first. They will get solicitations from McAfee and such because McAfee knows they're losing that business, but they just can't offer what SentinelOne offers.

Overall, I would give the product a nine out of ten rating.