I do want to see Vigilance reach out with that Identity. I don't have Identity, however, it's a very good tool. There is another tool that I use called Purple Knight that does very similar things. I'd like to see adding Vigilance to the visibility of Identity. 

One thing I don't like is the exportable report. They're not as useful as I'd hoped they would be. I always feel like I have to finagle them a little bit before I can present them to the executive board. The reporting needs to be beefed up a bit more. Everything feels a little lacking. They're trying to keep it simple, yet it is a little oversimplified. 

I really wish it could be an app on my phone. If I could open up an app on my phone and get all the alerts or look at my environment and see the health real quick, that would be ideal. It doesn't have to be a full feature.

I'd like the ability to have text alerts, for example, if something gets quarantined. 

The website, if you are trying to figure out what all the products are, it's kind of busy. I don't know what all the products are. The marketing is a little tough to follow. 

Managing the false positives creates additional management overhead. The behavioral analysis engine might misinterpret real user behavior as malware. For example, a drafter was cleaning up a Revit folder and deleting 4,000 files. That looks like ransomware. The SentinelOne agent kicked his computer off the network.

We interrupted that process and then isolated his computer and the file server. It was somewhat disruptive in the middle of the day. At the same time, it was a perfect simulation of what ransomware would do, so it was reassuring that SentinelOne stepped up and said, "Nope!" 

It was not a malicious process running that was detected. It was simply behavior he shouldn't have done. Now, our drafters know to co my team when they're going to do some file cleanup. The false positives are just inherent in just the large amount of poorly written software that's out there. Any competent antivirus is going to have a behavioral, heuristic engine looking at what's actually being done.

It might be something bad done by the software you use. We used a machine learning engine for five years. The Wire Hauser Corporation builds subpar software because they're supposed to be building lumber products. It triggered a false positive, that's about the only negative for any modern AV is just false positives.

In the future, I would like to see SentinelOne implement integrated patch management. It would be great to manage endpoint patching through SentinelOne. We're on our third patch manager in three years because they are lackluster. It would be nice to have a new patch management tool.

The previous vendor had a lot more features and capabilities under the license. For example, I lost DLP as Sentinel One does not have DLP. By choosing this solution, I created a security gap. 

It has not helped us reduce our alerts. In my last solution, I did not get alert fatigue. We are fresh into the implementation and are getting a lot of false positives. 

They say there is an investigation function in the interface of SentinelOne Singularity Complete, but it's not absolutely available for use. It's a function I've been looking for, but my company can't use it yet for some reason, so this is an area for improvement.

Another area for improvement in the tool is the larger learning curve that stems from it being full-featured, so there's a more significant learning curve in figuring out the environment versus using a more traditional antivirus. It's a lot more than just installing it on the machines.

The other disadvantage of SentinelOne Singularity Complete is that the agent doesn't auto-update, and my company found it more complicated than usual to get the agent updated and keep it updated.

Some of the reports that are exported through SentinelOne can be complicated for people who are not IT professionals. For example, we have some people within our leadership who would like to know why we are spending so much money on their product, and one of the ways that we are able to do that is through reports. Some of those reports are pretty easy to understand, and some of them are very complicated. Because they are not IT or security professionals, they may not have the same grasp. I wish their reporting feature was a little better. If they were able to export and make it a little more presentable, it would be great because this is something that we end up doing on our end where we take some of that data and make it look better. It would definitely save us time if it was a little prettier, for lack of a better word, from the beginning.

It's difficult to pinpoint areas for improvement in SentinelOne Singularity Complete because I always like to see certain aspects. Still, if I look into the EDR solution itself, I don't have many negative thoughts about it, as it is very good.

If something could be improved in the solution, I'd say better pricing, as I'd always take better pricing. I would appreciate lower pricing. The lower the pricing, the easier it is for me to sell it. A solution with lower pricing tends to sell itself at some point.

Building a more advanced "if this, then that" logic in SentinelOne Singularity Complete, in terms of when to cold shutdown, particularly when it detects a threat, would isolate it from the network, could be an improvement. There could be a better way of saying "yes" or "no" to doing an action or specific actions unless it's one of the exceptions on your list. Having an additional logic layer could improve the solution, mainly because I run multiple systems with different layers. For example, if I'm running a very important server with this agent, and that server gets infected, I may not necessarily be sure that I want to shut it down right away. Maybe I want to isolate some of the connectivity but not do the entire security remediation automatedly or curtail network access type of activity.

If I could have a more advanced control layer where I could say, "Hey, I want to do that on almost every system, but these systems are so important, and they have to keep running, so maybe if there is a problem, you can do these things instead," then that would make SentinelOne Singularity Complete better.

There is an area of improvement is agent health monitoring, which would give us the ability to cap and manage resources used by the SentinelOne agent. We had issues with this in our environment. We reached out to SentinelOne about it, and they were very prompt in adding it into their roadmap. A couple of months ago, they came back to us and got our feedback on what we thought about their plan of implementing the agent health monitoring system would look like, and it looks pretty good. So, they are planning to release that functionality sometime during the Summer. I have been amazed with their turnaround time for getting concepts turned into reality. 

I would like to have firewall functionality within SentinelOne Singularity Complete.

Initially, when we first deployed the solution, it caused some third-party connectivity issues. It would see it as an application that was not secure. However, we were able to put in a white listing, to help us operate well. We had to do that with around five applications that we ran. Once we applied those fixes, we haven't had any issues since.

I'd like them to make it easier to log in. 

We are not utilizing all the features available with SentinelOne Singularity Complete, including the built-in XDR and Ranger, due to the substantial associated costs. There is potential for improvement in the cost aspect.

The area in which I would recommend SentinelOne to continue progressing is focused on enhancing its product. This involves not only internal development but also strategic partnerships similar to the Wiz integration which brings a lot of value.

I would hope that they would increase their prebuilt migrations. As an example, they have one Active Directory in Azure Cloud, which is really good. If they can expand that to other pretty well-known software, some platforms, that'd be great. What they have now is good for some of the key players like Azure, Google, and Splunk. I would just like to see that being expanded.

We'd like to have a network map or scan to cover network security. That would be good to have.

I really haven't done enough to really see any improvements. It really has all the telemetry markers that I look for. 

SentinelOne Singularity Complete needs to support more common development languages, such as PowerShell and Python so that we can better use the solution.

In the release, I would like to have application management features and pre-defined command features that allow us to take control of the system. 

SentinelOne needs to provide more documentation for administrators and analytics.

It is not so much on the Singularity platform itself, but they have their own built-in SIEM that is included with it. That needs to evolve a little bit. It is relatively basic in its capabilities. They have potential there for a great product and a needed product too. Having some kind of SIEM capability with the endpoint solution will save me from buying a bigger SIEM or buying another one. I could just use the one that comes with my endpoint solution.

From the looks of it, it does pretty much what we need, but it could do more. It would be nice if it had some newer features that other players have. They would have a good market advantage if they were offering SIEM as a part of it. They kind of do that, but it is not something they are promoting. We just stumbled on it, so you can use it for doing other things as well, not just endpoint incident and event collection.

The UI appears to be flat, and I wish to have the ability to customize it with features and buttons that are tailored to our needs.

The process of uninstalling and reinstalling older agent updates needs improvement. I am aware that the newer versions of SentinelOne that they have been working on are more effective. One of our major frustrations arises when we attempt to remove SentinelOne Singularity Complete from a machine and it only partially uninstalls.

The initial tier of support, when we call or engage with them in conversation, assigns a representative to assist us. However, we have occasionally encountered difficulties with the initial person, either due to their lack of knowledge or failure to follow through. In such cases, we have had to seek assistance from others or navigate through basic support on our own. Despite this, it appears that everything is progressing in the right direction. This is why we chose to renew our contract with them and even expand our range of products with their company.

I would love to see improvement in the integration of SentinelOne Singularity Complete and Visions to better utilize the information we receive.

The browser extension for SentinelOne Hunter is a product designed for monitoring and detecting at a browser level. This library is widely recognized. It should not only detect incidents but also proactively block them within the browser environment. Therefore, I would appreciate seeing the browser extension react more effectively to events, going beyond mere detection.

It seems like they are doing a lot with their automatic updates. They can maybe slow down the actual release cycle to make it easier to deploy the most recent and then do it using the live update. They can continue to work on that because trying to get agent changes through change management platforms and get approvals and testing can be quite difficult.

Off the top of my head, I can't think of much that’s wrong with the product. It's a pretty solid tool from top to bottom. I've had some issues with the specific agents, however, we are moving off of that particular OS that we were having issues with. Other than that, it's been a pretty solid tool.

We had a problem on the Singularity side. So for that particular issue, I’m not sure why it didn’t work with the OS, a Windows Server. It was an issue with some of the clients connecting to the console. We’ve been working with them and haven't been able to find out a single cause of failure.

The ingestion and correlation of data would be improved by integrating with email security solutions such as Proofpoint or our email security solution. We do not yet have a marketplace integration, so we had to build it from scratch. As a result, it has been somewhat difficult for this particular use case, but the data is available and we are able to correlate it with users, not necessarily with endpoints, but we are making progress.

We often experience interruptions to our investigations in SentinelOne Singularity Complete. It would be helpful if we could resume our search query from where we left off, even if we lose internet connectivity or the platform is caching results. This would reduce our MTTR by eliminating the need to wait for the platform to load results again. We expect some load times due to the amount of data in our environment, but the current load times are too long and sometimes produce no results. We would like to see the overall response time of the platform improved.

One area for improvement would be per-user dashboarding. This may be a permissions issue, but we currently only have organization-wide dashboards. I think per-user dashboards would be beneficial because they would allow users to focus on their specific investigations. For example, when a user opens Singularity Complete, they can see a dashboard that is tailored to their current investigation.

About every month, when I go into SentinelOne, if there is a vulnerability that we know about, I search for that vulnerability—for example, Adobe. There are different versions of Adobe, but I'm not able to compile them into one report. I have to create separate reports for those versions. Some of the reporting could be improved a little bit. I wish all Adobe products could be included together, or that you could mix and match Adobe with some other software or video player.

During my use of it over the years, they've been continuously improving it.

My biggest complaint is that when you're logged into the console there is the Help section where you can review all the documentation. But when you log in to the support portal, there is documentation there as well. They need to sync those two into one place so that I don't have to search in two different locations for an answer.

And I'm on the fence about whether to keep the agents a little bit longer than they do, before they go end-of-support. That might be an improvement, but I'm not positive about that.

Recently, the vendor took away my ability to create a ticket, mostly because we're in an MSSP environment. It has created a lot of extra hoops to jump through. I recently had a single sign-on issue on the console. I had to go through my MSSP. It took a month and a half to two months to get any resolution on it because my MSSP can't test our single sign-on. They don't have an account in that system. It has been very detrimental to effectively solving issues. I understand that the vendor does not want the clients of the clients submitting tickets. However, when I'm the one who's doing the majority of the work inside of SentinelOne, removing that from my ability has been very inconvenient.

The filtering features of the application management console could be improved. If I search for applications that shouldn't be installed on our endpoints, filtering is not the most straightforward process. Running through the search process takes a lot of time and effort. It would be hugely beneficial if the tool blacklists the applications that are not allowed to be installed. It would help with the management of unapproved applications or malicious applications that might be installed.

The automated agent upgrade system could use a little bit more fine-tuning. The maintenance windows must be a little bit more robust. I have to manually set what agent we're pushing each time we want to change instead of asking the tool to do N-1 for agent upgrades. It's automatic, but it's not quite automatic.

It can be a little daunting at first. With the deep visibility feature, if I had more insights into how to troubleshoot things better, that would be helpful. Their documentation could be a lot better. It could be more in-depth.

There should be fewer updates. It is a huge one because we are very federated. All of our users go on different cadences of their updates. Some may patch monthly, and some may patch every week. Having a less amount of updates every year would be a huge help.

The support has room for improvement. They take a lot of time to respond.

The documentation provided for implementation is not adequate and has caused us challenges.

The pricing is also high and can be improved.

SentinelOne plans to integrate its endpoint agents, but the process is slow. The company has multiple agents with different functions, such as the ED Ranger, and each agent has different actual clients. Combining the endpoint agents would be a good step.

The endpoint firewall capability is fairly primitive and basic. It does not use objects and different device types to create a single object that can be easily managed. There is a significant amount of work to be done on the firewall side.

Interoperability with other SentinelOne solutions and other third-party tools is an area where you can run into some issues. Because of the way the agent works, there are sometimes things that are blocked or prevented from happening that are not identified as a threat, and therefore, not alerted in the console. Sometimes, we do have to dig through the logs, run tests, and adjust the whitelisting or exclusions to make sure that other applications will run properly. It is very effective, and it protects our environment like no other solution that we have ever worked with or tested. It is very strong, but you have to get in and look at the visibility reports and the information in the system, in the console, and on the dashboard to really identify if something is being blocked and causing a performance issue for a customer or on a machine. They have the flexibility there, but it can be a little frustrating at times to find the needle in the haystack until you get used to the console and understand how it works. So, there are times when it can impede the ability of an application. The way I typically look at that is that the application developer or whoever developed the app is probably using some functionality that is not standard, and that is why SentinelOne is effectively not allowing it. The only issue there is that we do not always know that SentinelOne is not allowing it. It could be impeding the traffic for an application or a database connection, but we do not know that initially. It does not flag that as a threat or block anything, so there is no alert.

They have device and network control that they have added over time. It allows you to take over control of the firewall through the network control, and you can block and manage CD-ROMs and USB devices. One thing that I always thought would be beneficial for device control is the ability to enforce encryption on USB and external hard drives. You do not have to have a separate agent to handle any of that even if it is just tying into BitLocker on Windows devices or BitLocker To Go capabilities. To me, that would be a huge benefit to the product so that there is no other application, and you do not have to privately manage BitLocker settings for USB devices or external hard drives.

If they would stop changing the dashboard so much I'd be a happy man. 

Also, if it had a little bit more granularity in the roles and responsibilities matrix, that would help. There are users that have different components, but I'd be much happier if I could cherry-pick what functions I want to give to which users. That would be a huge benefit.

The nice thing about SentinelOne is that I get to directly engage with their leadership at any time I want. That allows me to provide feedback such as, "I would like this function," and they've built a lot of functions for me as a result of my requests. I don't really have much in the way of complaints because if I want something, I generally tend to get it.

Singularity Complete needs to improve its ability to granularly select and extract the executable files that I want to run.

Singularity Complete can be improved by allowing for better nesting of policies. Currently, when we create a policy and want to apply two different policies to an endpoint, we cannot do so. Instead, we must create two separate policies and place the endpoint in each policy, even if the only difference between the policies is slight. This makes the policy nesting process cumbersome and inefficient. Therefore, allowing for nested policies would be a valuable improvement to Singularity Complete.

The Endpoint Health telemetry could be improved. This is likely true of all tools, but I think it would be particularly useful for us to be able to see the sensor when it is running on an endpoint and starts to consume more memory, or if there is a memory leak. This would allow us to collect better telemetry on this topic.

Native integration with the mobile console is an area that can be improved.

I'd like to see more operations with the XDR platform.

I would have liked the dashboard to be more user-friendly. I often have to navigate through several menus to locate exactly what I'm searching for. I had difficulty finding the site token required for device installation or agent installation on devices. It actually took me quite a while to locate these menus. Instead of having them at the top after selecting from the left-hand side, they list the sub-menus at the top. This forces me to scroll through my screen to access all the different sub-menus. If they were placed underneath the main menu or bookmarked on the left-hand side, it would make navigation significantly easier. 

I would appreciate having more comprehensive reporting. While I believe the current reporting is accurate, I find it slightly simplistic in my view. However, I want to note that I've been using the product for only about a month, so it might take more time to fully process the information and generate detailed reports.

I would like to have the same features such as ransomware that are available on the cloud version of SentinelOne also made available for the on-prem version because a lot of people in our region are not ready for cloud solutions.

Something we are looking forward to is the ability of the SentinelOne backend to ingest data from other sources. Now that they are moving to the Singularity data lake, we are looking forward to being able to query data that is not just collected by SentinelOne endpoint agents. We are looking forward to being able to query against all data that we are ingesting into that backend.

The improvement could be in terms of reducing more noise and continuing to cut that down. AI seems to be the big thing with Purple. We are excited to get our hands on that.

One way to improve and get additional benefits would be for SentinelOne to host the updated installer files for us, rather than us having to download and host them ourselves. This could be done in cloud storage or through our mobile device management platform. When they release a new package, whether it's an early release or a general release, I believe they could provide more value by hosting those packages directly. Currently, when they release a new package, I get notified, which is great. However, I then have to go to the portal, download the package, and replace the package that we have posted on our own cloud storage. This is time-consuming. If they could simply provide me with a link to the latest general release installer, that would be fantastic. Even if the link changes, I would only need to change the URL in our cloud storage. This would save me a lot of time.

The grouping feature needs improvement. There are many times I've wanted to do blacklisting or exclusions for specific people in a group, however, I don't want to remove them from the group itself. 

I'd like to see an auto-update feature. 

I would like to see a privilege access management feature added to SentinelOne Singularity Complete. This would allow us to generate alerts when users try to run applications as administrators to approve or deny these requests and create policies within SentinelOne. I think this would be a great addition to the suite, as it would eliminate the need to purchase a PAM solution from another vendor. It would also give us greater visibility into user activity, as the SentinelOne portal is already very good.

SentinelOne needs to improve its endpoint deployment process. To illustrate, compared to ConnectWise, a remote management software that also has some security features. In ConnectWise, we can generate an installation package based on a group and deploy the software to all endpoints in that group without the need for a script.

The agent update is not the most intuitive process, but I understand why they do it. We have a pretty vertical 64-bit environment for Windows. That is pretty much all we have, but we get alerts for things like the new Linux endpoint or things that do not apply to us. That is probably the only thing that I do not like. There may be some way to turn that off so that I do not get endpoint update alerts from platforms that are not applicable to our system, enterprise, or network.

SentinelOne Singularity Complete takes up a lot of memory in Google Chrome, which sometimes causes it to lag, so this is an area for improvement. The solution could be improved by increasing its efficiency within the web browser.

Another area for improvement in SentinelOne Singularity Complete is technical support, particularly the response time when dealing with non-critical issues.

We have had cases where Singularity Complete has caused applications to malfunction. The existing interoperability rules have not necessarily been sufficient to resolve those conflicts. SentinelOne needs to work on interoperability with other systems and on the interoperability rule set.

The update process can be better. It is very easy to deploy, but over a long period, the updating process can be a little messy. In some EDR solutions, you end up with a very good mechanism to push new versions. It could do with a little work in that area. It is not particularly difficult, but it could do with a little work.

One area of SentinelOne that definitely has room for improvement is the reporting. The canned reports are clunky and we haven't been able to pull a lot of good information directly from them.

Also, integration is almost non-existent. We would really like to see integration with ConnectWise. Within ConnectWise Automate, you're only allowed to deploy at the top-level group. Our company is dealership-focused, but if we have a parent dealership that has 10 sub-dealerships with SentinelOne, we have to treat them as one large group instead of one parent and 10 sub-groups. That's been a pain point for us. We've done some workarounds, but since there is no integration, it's tough.

It primarily operates on local machines, monitoring processes, and not always providing detailed insights, relying on external information to determine the nature of a file. This limitation becomes apparent in more complex scenarios, such as analyzing or assessing the content of files at the byte level, especially in cases involving files like Excel, where there may be some difficulty in discerning potential issues. They should consider incorporating a cloud-based service where users can upload suspicious links, documents like Excel sheets, or ambiguous files to observe their behavior in a sandbox environment. Currently, with SentinelOne, the process involves setting up a separate network and machine for this purpose, requiring users to upload the file and monitor its behavior on the dedicated machine. Offering a free and accessible service like this would be a noteworthy enhancement to their product, providing users with a convenient and efficient way to analyze potentially harmful content.

I don't know how complicated it would be, however, a patch solution should be included inside of this. If we find a vulnerability, we should also be capable of patching the PC right away.

Some reports could be better. Sometimes you need to search inside of SentinelOne to get some information. Only then could one be done. 

A daily report would be helpful.

Their CASB tool needs to mature. I think there are some CASB vendors out there that have a dashboard tool that's much more mature than SentinelOne. That would be the only constructive criticism that I have.

The role-based access is in dire need of improvement. We actually discussed this on a roadmap call and were informed that it was coming, but then it was delayed. It limits the roles that you can have in the platform, and we require several custom roles. We work with a lot of third-parties whom we rely on for some of our IT services. Part of those are an external SOC function where they are over-provisioned in the solution because there isn't anything relevant for the level of work that they do.

While SentinelOne Singularity Complete effectively visualizes security data across our solutions, requiring extensive manual effort for analysis limits its effectiveness. I would therefore rate it a seven out of ten.

The pricing has room for improvement.

The uninstallation process for the SentinelOne agent could be improved. While it is currently possible to uninstall through the console, it can be more complex if registry modifications are required. Streamlining this process, especially for users with console access, would be a valuable improvement.

I encountered issues running Singularity Complete alongside other machine-learning tools. The program uses hooks, which we configure through a whitelist to specify allowed functionalities for each app. However, I've observed compatibility problems with certain applications. This seems to stem from my limited access to information from those companies, hindering the creation of effective hooks.

For example, an external scanner's EXE file might not provide hooks for features like memory protection or script locking, potentially conflicting with SentinelOne's capabilities. In my experience, Singularity Complete doesn't always play well with others. While it coexists with Kaspersky's detection without issue, enterprise AI solutions employing algorithmic scans or pre/post-execution analysis can pose problems. We might need to modify the whitelist due to unavailable information about the application's memory range. Sharing this information could create vulnerabilities, so companies understandably keep it confidential. While I believe CylanceOPTICS could likely work with Singularity Complete, I haven't achieved it because I prioritize optimal protection. Disabling all CylanceOPTICS features and putting it in uninstall mode allows it to function but without intervention. In such cases, CylanceOPTICS detects threats first, possibly due to its higher application number in Windows. Similar behavior has been observed with other products.

Deep Instinct is another excellent detection software I use for remote devices. Expanding Singularity Complete's coverage to include IoT devices, Linux, servers, Docker, and mobile platforms (currently limited to Deep Instinct on my devices) would be highly beneficial. While Deep Instinct allows uploading and installation via email code, Singularity Complete currently lacks this functionality.

We started using SentinelOne Ranger, but we found two problems. Perhaps they are particularities, but they should be addressed as they may change the minds of other companies that are considering this feature.

The first problem is that, while it scans all the assets that are on the network, when it comes to discerning whether an asset is a server or a laptop, it tends to fail. It does not have a very high level of precision. We have experienced problems when reporting these types of assets to those responsible for installing the agent, and then they tell us, "Hey, this is not a server, this is a fax," or "this is a printer." When things like that happen, we lose credibility.

The other issue that we saw with the functionality of Ranger is that if, for whatever reason, you have a product with SentinelOne installed but it is on a client's network, the SentinelOne agent starts scanning the ports and the network and goes to a honeypot. As a result, the client may think that it is being attacked because someone has reached its honeypot, when it’s actually us on the client's network. When you don't know that this is happening, it can generate conflict and tension with the clients. Once you know about the problem, you can deactivate that process, but sometimes it can have a negative impact.

Ranger does provide me with visibility of the network, but not completely because the assets it scans are often mistakenly identified regarding what type of device they are. A SentinelOne agent is worth a lot of money, and there is no point in putting it onto a printer, for example. It should have the ability to go a little further and be more precise.

Another very clear area for improvement, one that I don't understand why they haven't deployed it yet, is a self-updating SentinelOne agent. The agent has a version, and what SentinelOne proposed up until one year ago is that you had to be proactive in consulting the dashboard to see if your agent had reached end-of-life and then update it. Now, they've released a new feature where I believe you can schedule updates, so it makes perfect sense for the agent to update itself without any action on our part, and never go out of version. By simply connecting to the network it should be able to download and update.

This idea is not critical because SentinelOne updates many versions of the agent and, when one becomes obsolete, it does not mean that it no longer works. But this is something that SentinelOne should know how to work with. A solution could be that if you do not have the ability to auto-update the agent, SentinelOne would directly tell you which agents are not updated. That way, we would not have to go to the documentation, look at the dashboard, and filter the agents by version. It would be great if it were able to tell if the operating systems are unsupported so that we wouldn't have to look in the official documentation at whether the Windows Server is outdated or not.

If the agents self-updated, maintenance due to the update process would be minimal.

The application management needs improvements, but I understand that they are working on it. We talked to them a few months ago, and it is something they are trying to get up to speed and fix. This way, we will be able to disable critical apps or vulnerable apps through SentinelOne. We will be able to patch applications or disable applications through the Application Management tab.

Singularity Complete has not helped reduce alerts. In fact, it produces a lot of false positives. It does its job, but I have spent the last week fine-tuning the system and trying to suppress false positives. I am getting a hang of it.

The SentinelOne portal is not user-friendly, which is one of its drawbacks. We have to search for options to disable and enable protection. We have to go through it on our own to find the options we need to add or remove notifications. SentinelOne did not tell us about these options until we encountered problems and had to contact them. We were not well informed. When we first implemented the solution all the options were turned off and we did not know that we had to navigate through and turn on what we required.

The MTTD has room for improvement. I was attacked last year and did not receive an alert from SentinelOne Singularity Complete until 24 hours after the attack occurred.

The reporting dashboards require improvement. Currently, they lack customization options, preventing me from generating a summarized executive report for management. 

SentinelOne's customer support is sluggish and frequently fails to deliver sufficient assistance. The quality of after-sales support is also subpar and requires enhancement. The support is not meeting the expected standards, and as a result, I am feeling dissatisfied.

I am not a fan of the UI and feel it has room for improvement.

Heuristic analysis can always be improved. Many companies need to work on this. So, I think the sooner SentinelOne, for example, can get ahead of the curve on that, the sooner we can count on it as a realistic enterprise solution.

We did use the Ranger functionality. However, there was some scanning going on and it caused a lot of noise, so we had to disable it.

The remote console is currently an add-on. Having the remote console without having to pay a huge fee would be ideal. They could reduce the cost a lot.

There was an issue a few months ago where the agent kept getting shut off, however, now there's a newer agent and that's not happening anymore. 

The setup process could be improved, and it would be good if artificial intelligence were added as an additional feature in the next release.

There should be full and complete integration in the single console of the mobile agent.

SentinelOne is making a lot of moves to acquire various companies, but the roadmap isn't clear, and it is still uncertain how the new acquisitions will integrate. For example, SentinelOne recently acquired a mobile security solution, but there is no real integration between the platforms. 

We also have a SOAR platform that helps us reduce the number of incidents that our analysts must handle manually. It would be nice if Singularity Complete had native security automation and integrated mechanisms to reduce the number of false positives. 

I would like to see a better mobile app so that I could look through my phone at the alerts and not have to go to the website. They should make it a little more mobile-accessible.

The ease of use can be better in Deep Visibility. It is not always the easiest. If I have not been in there in the Deep Visibility module for a long time, I do not always find it that easy to use. I tend to go and have to consult the help quite often if I have not been in there a long time. I am not a primary user of the application, so I do not always find it second nature to go in there and gather information. It could be a little easier. 

The product must provide the ability to update applications from the SentinelOne Management Console. Using SentinelOne Management Console to patch applications will be quite useful.

I have raised a couple of comments regarding the speed of investigating incidents and performing analysis by the MDR service team. We are a telecom company. We are sensitive to the information of the users. The speed of investigation of the MDR service team must be improved.

The way Singularity Complete handles blocking external mass storage is annoying because it is so difficult to unblock single endpoints. We can only add a general rule to block everything, and we cannot add any exceptions. Additionally, Singularity Complete uses different names for endpoints other than the actual actions that will happen or be taken, such as quarantining a device. This is also confusing, as the wording used by Singularity Complete is slightly different from other endpoint security solutions and can be difficult at the start.

The most difficult part of using Singularity Complete is logging in, as they often update the management console. I don't know if our accounts become disassociated or what the deal is, but if we don't log in within a certain amount of time, we have to go through a password reset or account reset process.

Managing the alerts is a challenge. Singularity generates a lot of alerts and false positives. While it speeds up our detection time, it takes us longer to respond because we have to do a follow-up analysis to weed out the false positives. A lot of time goes into determining whether it's a genuine threat. 

It should not limit itself to EDR. I need some other solutions to integrate into it. It should give us more visibility by integrating other solutions with it.

I want some other solutions like email security. Email security should also integrate with it to get more visibility on it.

Agent upgrades might cause some issues. Most of the time, an agent gets removed after it is not communicating with the server. After every three months, it will get automatically removed. That might cause an issue.

The solution is expensive. It is costlier than Trend Micro and Palo Alto XDR.

They have tiers of support like most companies do. For the first three years, we had the top tier of their support and we would get a response from a technician quickly. We didn't have many things we had to ask of them. They would be very quick. We are now one tier down from that. The SLA for us is no longer within an hour or two. It's within half a day or something like that. As far as if I do ask a question of them, it is a little slower than what it used to be. I understand that we're at a lesser tier, but sometimes it feels like that could be a little better. I have to preface that by specifying that we're no longer paying for their top tier support.

They changed the UI a little bit which is to be expected but there are times where I actually preferred the older UI. The newer UI, once I got used to it, was fine. But before, when we would launch into the UI, it went straight to the bread and butter. In this case, it goes to a dashboard, which gives some statistics on the attack surface, endpoint connection status, and stuff, which looks nice. It's a lot of nice bar graphs. It's a lot of nice pie charts. But that's not what I really need. I had to configure it to get it somewhat back to what it was. I wanted to know immediately if there any threats that are incoming. I actually had to add that. I think the new dashboard has a lot of bells and whistles but I don't need it. We used to have to dig in to get this kind of stuff and that's exactly what I prefer it to be. The dashboard, in my particular case, has to tell me where the threat is, how severe the threat is, and let me remediate it as quickly as possible. I don't want to fish through pie charts to find that.

I think they put this new dashboard in two versions ago. In their defense, it's a fully customizable dashboard. I was able to put back what I wanted. It seemed like that should be a default, not something I have to add later. 

It's good on Linux, and Windows is pretty good except that the Windows agents sometimes ask for a lot of resources on the endpoints. That could be in the fine-tuning of the scanning. In Mac, they are complaining about the same problems, that it's using a lot of resources, but that could also be that we have to configure what it is scanning and what it should not scan. Currently it scans everything.

One of the areas which would benefit from being improved is the policies. There are still software programs where we need to manually program in the policies to tell the system, "This program is legitimate." Some level of AI-based automation in creating those policies would go a long way in improving the amount of time it takes to deploy the system. 

There is also a bit of room for improvement in the way SentinelOne is deployed. Right now we push it, but a lot of the time the pushing doesn't work. So we have to log in to each computer and do a manual install. That area would help in making the product stronger.

The learning curve was a little steep. The solution gives training we can go through, but we have to pay for that. We ended up paying for it so we could get everybody ramped up. The product must enable easier onboarding for less familiar or less formally trained people. It would've helped us adopt it quickly.

In automation, if we could schedule when we run the task and on which systems we want to run the task, it would improve automation.

The biggest thing for me in terms of improvements is the online console. There are frequent updates, and sometimes we'll get a little agitated getting signed in. However, on the product itself, I would not recommend any changes.

Since SentinelOne Hologram was an Attivo Networks product acquired by Microsoft, I have to install a different agent on endpoints for that product. It would be better if the same SentinelOne agent could be used for both the EDR and deception technology. I don't want to have to install an additional agent on all 5,000 of our endpoints. If the SentinelOne EDR agent could be used for both Hologram and SentinelOne, that would be ideal.

The performance could be better. Singularity lags a bit, and it's a resource-hungry application, so it takes a while to load. 

The channel policy has room for improvement.

SentinelOne has some inputs, some traditional NPRs, or models like IPS and IDS. We can configure individual rules for particular machines. In a sense, control is not from the console.

There should be more integration models with different security operations tools or soft tools. It could provide a single pane for integration with the firewall, or a soft solution should be there.

I would like SentinelOne to add a threat-hunting report and more UEBA features. They could add more SIEM functionality. It would be nice to have the ability to easily drag all the logs from the agents, so there's no need for multiple agents installed on the endpoint. 

They could add more visibility on the network side. That is currently done via a plugin.

Also, it would help if they could get all the relevant threat information, the related events, in one place. Currently, we need to go to a number of places and do research. If they could have it all in one place, that would help investigations.

In the beginning, we had some issues with their product on some of the Windows 32-bit operating systems. However, that was only on a special group of computers as we have our own special software. Other than that, for other computers and servers, we had no issue at all.

The web portal needs improvement. Sometimes when I go on their web portal and put in the username and password, and then all of a sudden, it says that the web interface has been refreshed. You have to put in the username and password again. It's very minor. Other than that, there isn't anything else I can see.

The adware and pop-up blockers have room for improvement.

The reports for the executives who are the decision makers should be better. That would help with product renewal and adding new modules. There aren't enough reporting capabilities for decision-makers. 

SentinelOne should include Ranger Pro out of the box with Singularity Complete.

One aspect to consider is the SentinelOne network firewall they have in place. I believe they implemented it approximately a year ago. Initially, we faced challenges during the setup phase, which consumed a considerable amount of time. Although the SentinelOne firewall seems to offer potential benefits, in reality, it hasn't proven to be very helpful. While the idea behind it appears promising, I think SentinelOne should consider removing it.

I would like to improve the reports because they are not so customizable and we would like more info from them.

I cannot download all the hosts that we have on our tenant, because there is limit of 10,000. I have asked our provider to work with SentinelOne to fix this. For example, my complaint is that if I want to download an Excel file or CSV, I have a limit of 10,000 rows. However, in our tenant environment, we can download more than 16,000 rows. 

SentinelOne is causing a problem with the data service that causes one of our applications to crash randomly. We're still looking for a permanent fix, but we have implemented a temporary workaround that excludes that application from the scan. 

I would like to have a remote desktop feature added so we can remotely access our endpoints.

Right now, the solution meets our needs. We do not need anything added to it. 

Maybe they can develop some firewall aspects for it to better protect us. If they did that, we can write a lot of rules for the firewall and custom rules.

It has all the features that other leading products in the market provide. They should keep enhancing it based on the challenges in the market. I am fine with its detection capability, but they can work more on deep inspection.

When comparing SentinelOne to CrowdStrike, I find that CrowdStrike has more comprehensive vulnerability assessment tools. It offers a variety of Falcon tools, including deep inspection, while Singularity Complete does not have all of these features. It still sticks to EDR or EDP. Therefore, I need improvements to match the features that CrowdStrike offers, such as a higher level of vulnerability assessment and a better understanding of the IOCs in our system so that we can apply fixes.

SentinelOne Singularity Complete needs improvement on Linux machines. We identified a few issues with most of our Linux customers' machines. Specifically, the application is not working properly after installation.

A major area of Singularity Complete that needs improvement is the restart option. We do not need a restart after installing a CrowdStrike agent. So for organizations that are running 24/7 and can't restart their machines, we do not recommend SentinelOne Singularity Complete.

I have been trying to synchronize SentinelOne Singularity Complete with our SIEM, but it has not been very successful.

SentinelOne's customer service has room for improvement. It is hard to reach them.

The solution is a bit costly for some customers. 

DLP support would be a good addition. Currently, there are multiple vendors and agents on endpoints. The solution looks at data from a specific documentation view so it would be beneficial to use that same documentation to look at DLP. 

I would like to see the reports from SentinelOne more customizable, as there are very few options.

Improvements for SentinelOne's Singularity Complete could include adjusting pricing for specific markets, ensuring affordability, and better alignment with customer expectations in those regions. 

I've not been using SentinelOne Singularity Complete for a long time to have a lot of feedback on its areas for improvement, as my team is still learning the tool, but what comes to mind is the need for it to give more straightforward directions or communication about detection or what has been detected.

I feel like SentinelOne is very locked away from being able to be sold to smaller businesses to self-manage. We did have to jump through a lot of hoops to purchase SentinelOne and have control over it because, most of the time, you're forced to go through a reseller. In our experience, the reseller also wanted to manage it for us.

Unless it's a managed detection and response, that's not adding as much value as adding access outside of our organization that we may not necessarily want. The ability to have more direct purchasing for smaller groups and smaller businesses would be great. However, I understand if that's not part of what SentinelOne wants and is not lucrative for their bottom line.

As a cloud-based product, there is a minimum number of licenses that need to be purchased, which is unfortunate.

The solution’s distributed intelligence at the endpoint is pretty effective, but from time to time I see that the agent is not getting the full execution history or command-line parameters. I would estimate the visibility into an endpoint is around 80 percent. There is 20 percent you don't see because, for some reason, the agents don't get all of the information.

Another area that could be improved is their handling of the updating of the agent. It is far from optimal. The agent changes often and about 5 percent of our machines can't be automatically updated to the newest agent. That means you have to manually uninstall the agent and install the new agent. That needs to be improved.

The area where it could be improved is reporting. They have some online reporting, but it would be nice to be able to pick and choose. When I'm looking at the console, I would love to be able to pull certain things into a report, the things that are specific to me. They're very responsive. They regularly ask customers to provide feedback. They've been working on their reporting since the last feedback meetings. It's not only me but other customers as well who would like to see improvements in the reporting.

 File Integrity Monitoring is not a gap, but to do it you have to type several times. It's not the few-click intuitive situation.

It would be nice to have some data leakage included. Also, when it comes to data leakage, while you can get out everything that a person does on a machine, there needs to be a proper way of doing so, like other products that are just focused on data leakage.

I can't wait to see their advances in the cloud infrastructure (containers and serverless).

It would be nice (and is critical) to allow administrators to notate when they make changes to the console configurations - perhaps a tag for reporting. I might, for example, whitelist an application. If I did that today and I leave the company at some point, someone might wonder why I did this. There should be a place to easily notate everything.

Singularity's reporting isn't that great. The dashboards could be more customizable. It could be better integrated with other tools. SIEM tools provide better feeds. Singularity is a separate product altogether. It does not give enough information to integrate with different solutions to correlate better.

There could be more integrations with more software. We have been looking at Palos and getting those put into the data lake. If there was a native integration for that, that would help a lot. They can just continue adding more integrations with these big brands and software security products. 

Singularity Complete's process stream has room for improvement.

I find CrowdStrike's vertical layout to be better than SentinelOne Singularity Complete's horizontal layout.

The mobile agents need improvement, especially in their integration with the dashboard of the normal Windows Image-based agents. The goal was to achieve full integration support, but this has not yet happened. The integration is incomplete.

There are some obstacles you have to overcome when it comes to whitelisting and the like, but that's true of every XDR platform.

Their documentation could afford to be a little bit better communicated. A lot of times we have to look at things in the knowledge base, and much of that could be communicated better, but that would probably be the only thing that needs to be improved.

Using the filters takes a little bit of time to get used to. There are so many. You have to scroll from side to side in the filter section to find them. It's not very user-friendly. 

Some of the options they have up top are a bit much. It is a bit daunting. It minimizes, and then you have to click on select filters for it to completely open, and then you've got a scroll to the right or scroll to the left. Even if you maximize your screen from left to right, there are still more filters to scroll through. They're not well laid out.

I haven't used the reporting feature much, however, having a little bit more options in reporting would be helpful.

The dashboard should include troubleshooting because it can have problems. 

Sometimes, the XDR does not configure its policies for data security on time. 

The XDR should include ECI compliance, multiple data securities, and the load balancer for network firewalls under one umbrella. It would be beneficial to buy a salient solution that does everything. 

The cloud side could be improved to include security, advanced integrations with other products, storage accounts, monitoring, and support. 

The solution should include USB blocking for specific machines. 

While I'm sure improvements are necessary, there isn't one specific area I've found to be lacking. 

Security could always be better. It always needs to be adjusted to keep up with what's happening. 

Given that SentinelOne is primarily a host-based intrusion prevention system, I would appreciate it if they would consider providing a comprehensive vulnerability assessment report that goes beyond just application vulnerabilities. Currently, the scope of the vulnerability assessment seems limited, and I don't believe it adequately covers the full spectrum of vulnerabilities that may exist on endpoints. This is a capability that I feel SentinelOne is still lacking, and it's the reason why users still need to rely on other tools for certain isolated cases. If SentinelOne could provide this functionality, it would eliminate the need to look beyond their solution for vulnerability assessment. Apart from the vApp component of Singularity Complete, I believe SentinelOne is already excelling in other areas. However, this is one area where I believe they could introduce additional features to make SentinelOne a truly comprehensive security solution.

I would like to generate a vulnerability assessment report that leverages the national vulnerability database or, if possible, calculates the CDSS score by conducting an endpoint assessment using the SentinelOne agent that is already deployed and resides on endpoints 24/7. I prefer not to deploy additional applications solely for information gathering, as the SentinelOne agent provides ample data for this purpose.

One of my criticisms of SentinelOne is the Ranger functionality. If Ranger were part of the core product, we would be able to identify endpoints or servers that need to be protected with our licenses. However, to get Ranger, we need to buy more licenses, which doubles our costs. I would like to have Ranger, but I challenge the way that SentinelOne licenses it. I believe that Ranger should be a core part of the product. If we run Ranger today and find that 100 devices on our network are not protected by SentinelOne, we would then need to add on those 100 licenses to cover them.

The licensing model is too complex, whether we agree with all parts of it or not. Everything is now offered as a service, so the console and the licensing model can be improved to make things easier, especially when updating new versions of the software.

One of the things they could do is extend the product range to include Android and iPhone so that you could have the app on your phone as well. There is probably something going on there with that, but that's something that they're lacking at the moment. For instance, if I was to have to recommend a client to protect their phone, I'd have to recommend Norton or something else. I don't have an answer within the SentinelOne solution.

The only concern we have is that there are a few features that were not readily available. We use a lot of application files that didn't have a connection.

We would also like to see integration with other tools that have to collect the logs.

Although Microsoft claims the use of building artificial intelligence to correlate events, we have actually had a couple of events that should have logs but did not. The solution is not at the same level in terms of building artificial intelligence.

SentinelOne can do a better job of not only creating corrective action based on the correlation. For example, someone was trying to repeatedly change their password. What they didn't realize was that they weren't connected correctly.

The inventory is a good feature. However, it's not up to date. The delay in updating inventory is ten minutes. If it can be improved, it will help a lot. 

For the general IT management, there is a need to correlate the software version from inventory with the CVE information. For example, we have the CVE, however, it doesn't take into account the current version. We need it to stay up to date with the latest version. 

SentinelOne can improve by having better integration with Active Directory.

The ability to integrate this product with an antivirus solution would be welcome. Even consolidation with more security products, like Umbrella networking abilities etc. to provide more on this platform, that would be great.

We are now using an external monitoring tool to monitor the services of SentinelOne, because apparently they don't have any solution for that. When the SentinelOne agent is down, you can go to the interface and see a mark on SentinelOne that something is not correct or the server needs to be rebooted, but you will not get an alert. You will not be warned that there is an issue with the SentinelOne agent. I have found that a little bit disturbing, because then we need to use a third-party monitoring tool to make sure that all services of SentinelOne are up and running. 

They should train their own people so that they can train us better. The theory is good. If the product is good, but we cannot rely on it or pass it along to the customer, it's useless. When we purchased the solution, we were told that certain functions could be done. I understand it is part of sales, but I feel like I'm being fooled. We couldn't test it because it was in production. We first had a proof of concept but didn't connect it to our Azure portion.

There are features that I would like them to add. They have little to do with endpoint protection, but if they could add encryption and DLP on, it would make it even better. 

I would like to see a better control panel for the managed service side of it.

With respect to product patches, it should have the ability to patch directly from SentinelOne, rather than be presented with a list and have to do it separately. As it is now, it shows you what products require patching, but you need a separate application to install the patch. If you could initiate an update to the application from SentinelOne, that would be a nice feature. 

The only integration that we are having a challenge with is our Rapid7 SIM solution. We have created exclusions for it, but sometimes there are still some false positives that the team works through.

The false positive rate has room for improvement.

We can build exclusions in a few ways, but one challenge is that many third-party applications spawn files with random names. This can make it difficult to write rules to account for these files. If there are better ways to deal with this, it would help to reduce conflicts between our Rapid7 solution and some of our other solutions that generate PowerShell scripts.

When agent updates require a reboot, this can be challenging for our large customer environments.

There should be Terraform support for console administration. Dynamic tagging would be also useful. 

The auto-upgrade capability should be improved.

I'm able to have my analyst view everything from one console, and we have multiple boxes with them, and we have to log into separate consoles to access each of those one boxes. We really need a more centralized view of all of our environments. 

The MDM functionality and maturity still need improvement.

The solution works quite well and I don't have many notes for improvement. 

The solution can use up a lot of resources when scanning. It would be ideal if it was lighter. 

We find the initial setup does take some time, as you have to do a lot of whitelisting. We'd like the process to be faster. 

The solution does not have an application security and control module.

We want more communication about features that we request and when they will be added to the product. For example, they can tell us what is being done about it. part, if that can be shared for the new features. 

We've requested that SentinelOne's agent provide more reporting on the endpoint's OS, system host, modem, and serial number. It's not able to determine this now. If the SentinelOne team can provide us with some updates about whether they're working on it, that would be useful.Also, we'd like SentinelOne to upgrade automatically. It doesn't automatically update the agent if some system has an older version of the SentinelOne. It has to be triggered from the console.

An area for improvement in SentinelOne is the search feature. It could be easier. For example, you can select the number of results that will be shown to you, such as two thousand events, and you can even go up to twenty thousand events for the search you've made, but you can't go beyond twenty thousand. You can only receive up to twenty thousand if you find login-related, detection-related, or process creation-related events. That's the limitation in the search feature of SentinelOne, which ruins the task because it isn't enough when you're doing your investigation.

The retention period of the tool also has room for improvement. The retention period is a time when you can patch up the logs, even older ones. Still, on SentinelOne, the retention period is only one week or one week up to twenty-eight days, and that period is insufficient, especially for a security breach. If a security breach occurs within the company, it could be six months to a year, so if you want to view the logs, you cannot go beyond the limit set by SentinelOne.

The retention period of the tool is way less than what other EDR solutions provide. SentinelOne and CrowdStrike come with a shorter retention period, which means you cannot go beyond one month when investigating the logs.

One month is the timeframe of the retention period, and one week is real-time, as scheduled by the vendor. For forensics purposes, the retention period is critical, so what would make SentinelOne better is a more extended retention period that lets you investigate logs. If you want to patch logs, you can directly call or reach out to the vendor who can provide you with the logs. If the vendor has no logs, you won't get the initial alert when the incident starts.

What I want to see from SentinelOne in its next release is a faster search. I also wish that the twenty thousand event limitation be removed.

They need to improve how we install the software. For the agent of SentinelOne in the endpoint, it's not an automated process. We have to download it and then upload it on the endpoint. That is something that can be made simple. The uploading of the software in the endpoint, if that can be done publicly, would be great. The setup should be available publicly. The agent installation should all be done in the cloud.

I cannot speak to any missing features. It has what we need.

If they can extend their product further on the DLP side of it so that I don't have to have another agent run exclusively for DLP production, that would be ideal.

Set up is very labor-intensive. You have to provide multiple codes from multiple places within the S1 dashboard in order to use the provided automation, and it's different for each client (or "sites" as they call it). It very much feels like an enterprise application that has been adapted for SMBs, but not very thoroughly. It would be better if they had a "site package" similar to the one offered by SolarWinds for the RMM. You just run the package on the client machine and done. 

SentinelOne Singularity Complete should focus on analytical data. Backend aggregation can make things faster in the front end. 

The solution can improve by adding more granular firewall capabilities. I would like to see an interface where I can in one view change the security posture of all groups with one click. I would like to have a listing of all the groups and then apply what's relevant to all the groups at once.

It doesn't have application control capability. Other antivirus or EDR solutions have that. I would be happy if SentinelOne added that to their platform. This is the first point.

The second point is SentinelOne should provide support for legacy open-source operating systems. For example, old versions of Oracle are not supported by SentinelOne.

The third point is that SentinelOne does not support a few platforms, including IBM AIX and UNIX-based OS. These three platforms are almost all used in all enterprises, and SentinelOne does not support them. If SentinelOne provides agents for these missing platforms, it'll be very good.

It would be ideal if they offered video support for troubleshooting issues.

The agent update schedule is a little sporadic, and the updates are frequent. You are definitely going to want to have a good management solution in place, such as SCCM, Intune, or Jamf in order to maintain the environment properly.

There is agent data, such as last known IP address, that is not stored historically. It would be nice if the console stored data daily, so that you could look at a timeline of events on a machine over a period of time, and currently this is not possible. You can see a snapshot of the data at the moment, but once it changes whatever was there previously is not stored. 

SentinelOne Singularity Complete could improve by having DNS filtering. Other competitor solutions have this feature.

SentinelOne makes it more difficult to define users.

It is difficult to manage users in SentinelOne.

There are many defining roles. It is granular, but it is also complicated. It is more granular than CrowdStrike, but it is not preferred because you have to check hundreds of roles. It's a challenge.

This user assignment feature would be more efficient. It would be fantastic if they could design it.

In comparison to CrowdStrike, EDR is less detailed. CrowdStrike provides more information about an adversary than SentinelOne.

Having a good EDR is a huge plus. In my opinion, it earns two points. The number will be nine if they can expand it with a more detailed one. 

I could complain about SentinelOne's pricing right now, but I am sure CrowdStrike is using its own staff to provide its clients with a complete solution. Being expensive is a little more reasonable than you think. 

Most people want to know why CrowdStrike is more expensive than other options.

CrowdStrike can assist you with their technical personnel, and CrowdStrike is the only provider who can assist you with their own threat hunters. SentinelOne is not currently doing this.

It would be good to see some small tools to test files or hashes that are a potential threat, I know there are already products offering this.

All they need to do to improve it is for it to grow further. The hackers don't sleep. If the hackers don't sleep, the solution continually needs to be updated. They need to keep ahead of the hackers.

It is complicated to do certain tasks.

Improvement seems necessary, especially with the focus on enhanced support. This is particularly crucial in the analytics domain, where the existing agent falls short in comprehensive performance. Additionally, there's room for enhancement in the mobile element. Although it's in their pipeline, the current state is not optimal, especially when considering the need to install it on people's phones.

The overall integration functionality for this solution could be improved. 

The solution can be improved by ensuring threats are being mitigated on the platform autonomously and by considering introducing an on-premises solution with affordable pricing for government institutions.

There is not much focus on the on-premise solution as the license cap is so huge for small and medium-sized institutions.

There is room for improvement with the management interface. It could be more user friendly. 

The training for SentinelOne Singularity should be free. The solution has a lot of features but we do not know how to use them all. The moment someone purchases the solution they should contact them and provide them with a feature session on how to use the features.

When we connect the solution to our patch management system they should explain to us how to do it. Additionally, it should be notifying me what patch is missing in my system.

I think communication and documentation could be improved in the solution. When you get a virus alert, there's not a lot of upfront training to let you know how to resolve a situation when it occurs. The first couple of times you're flailing a little bit until you get it sorted. I would probably also suggest that the interface could use a little bit of help. It's a little hunt and peck. 

For additional features, I'd like to see the ability to control it on a cell phone. It would be great if I could have it in the palm of my hand so that if I get a false positive, I can just look at the dashboard on my phone.

I don't like switching the way you switch from legacy to XDR.

The solution just needs to step up and take on other solutions. Some are a bit stronger in comparison.

My improvements have been qualitative. For example, previously they didn't have a mobile device solution. However, two months ago, or three months ago they released the mobile version. Previously, they could only cover Linux, Windows, and macOS. However, two months, three months ago roughly, they start supporting mobile devices.

I'd like to see more documentation. 

SentinelOne documentation is only available to partners or people who own SentinelOne. There is no public documentation of SentinelOne. With other EDRs you can literally fix your problem by going to the documentation publicly. There is always public documentation. However, with this product,  public documentation is hidden from subscribers. If you Google some SentinelOne issue, you don't find any answers. There needs to be more public information about the product.

We added some sessions with a customer to go through testing, including a UAT session and testing session of the solution, and the customer listed some things they wanted to see in the solution. 

The automation of certain features could use improvement. For example, it seems common sense to me that if a threat was executed out of a task in your task scheduler that part of neutralizing the threat would be removing that task from the scheduler.

I would like to see something a little more sophisticated than simply being able to mark a false positive as safe or there's usually just one or two options in certain areas and they're a little rudimentary at this stage.

We have had one or two occasions when we had to roll back off our Windows machine. Then, we had an issue with SentinelOne where we couldn't let the client make contact with the cloud service anymore. Therefore, the integration with the Windows Service Recovery could be improved in the future.

In terms of improvement, the documentation could be better. I would also like to see SingularityOne compatibility with Huntress, and the tighter integration between them would bring more to the table.

It's probably not that top-notch like CrowdStrike or Microsoft Defender. However, it's okay, it's not bad. 

The only problem I have is they don't manually review the threat files. That's the only thing I'm concerned about.

The support needs improvement. There are some limitations. 

In terms of improvement, they should work on agents' updates because that is not a strong part. It's not their strong point. It's not straightforward to upgrade agents. I send them questions about it. They already worked on this and they promised that in the next release that they will show me their solution for it. But this year I have had complaints about agents' updates, that they aren't clear.

They have a lot of updates on their management console. They have a lot of features. There is not enough time to read about it all. It's really a lot. The features that they apply are great and I would love to use them, but it's lots of things to know. And if you're not only working with antivirus on SentinelOne like me, there isn't much time to learn about it. 

In terms of improvement, I would like to see better alerting to let us know if there is anything wrong with SentinelOne working on the endpoint of the computer.

Every site has its own key. I'm not sure how I can implement the key for the setup package. Therefore, with every installation, I need to do it manually and put on the site keys.

It is an expensive product. They could work on lowering the price a bit.

We sometimes have issues with the disc space and that's because of the anti-ransomware technology they use. The volume of shadow copies becomes too large and we have to manage that. 

SentinelOne's ongoing updates and rate of technology improvments are adequate for now, and have kept SentinelOne ahead of the cyber criminals, but we cannot rest, and continuous development - in particular with regard to the areas of automation, machine learning, and artificial intelligence - is required to stay ahead of the cyber criminal techniques and exploits.  The "false positive" detection rate could be improved, if possible, but this should not increase the risk of the endpoint being breached.

This solution would be more attractive to customers if the price were lower.

We had some stability issues when we started working with SentinelOne. 

Periodically we have an application that does not work correctly when SentinelOne is installed, yet performs as expected when SentinelOne is removed. SentinelOne gives no clue as to the problem, so to diagnose what is happening can be difficult. To make it worse, the behavior is inconsistent. Two people in the office might have the application working correctly, but a third person using the same program will have a problem.

Nothing is displayed by the agent that is running on the workstations, but it would be helpful to have a mode available where we can see feedback as to what it is doing. We wouldn't want it running all the time because there would be more overhead, but it could be helpful for debugging or diagnosing problems.

SentinelOne's phishing feature could be improved.

SentinelOne could improve by creating an autopilot or automated way to roll out the solution more efficiently which would be helpful.

The SentinelOne is one of my daily consoles and I use it regularly to identify the root cause of some infections.  However, when a file is flagged as suspicious it would be very helpful to have the system highlight precisely what event or characteristic of the file SentinelOne considers potentially dangerous.  In this way it would help focus our investigations on the specific characteristics or actions of the file.

They need to improve their UI and the way they show that the scanning is running on the endpoint. Sometimes users wanted to see whether their AV is working via visual context.

They could add “right click>scan” where most users were trained to do so in handling flash drives.

Also, add remote code execution via the management console, application control, device control, and all other common features found on the legacy antiviruses. This would help administrators to fully shift from legacy to Next Gen EPP without sacrificing usable features.

• Deployment strategy for large organizations that do not use active directory (AD).
• Windows updates have not been done on the client side, so minimum requirements stop the installation.

It corrects all of the EFC files with a virus. All the achievements, maximum EFC files. Many EFC files will be flagged as a virus. Some virus databases need to be updated. The model is good at finding many EFC files. The trouble is it needs to be updated. 

From the client-side, some scanning and other features can be enabled for scanning viruses better. If they want to scan for an individual reason other than viruses, such as scanning for legal files, they haven't been able to gather that from the client-side.

Some features could be more user-friendly. For instance, setting restrictions in the explorer for what level one must be to use it is not user-friendly. It is difficult to find what we're searching for.

SentinelOne's performance and the accuracy of its incident filtering could be improved.

We need to analyze the threats and make decisions based on that, so the analytics could be better at analyzing exactly where the threats are coming from.

The reporting needs improvement and I would like to see a more granular level of administrative privileges.

I would like to see category-based web filtering.

The stability of SentinelOne should be improved.

They can improve the administrative interface. They can make it more user-friendly.

Its price can be lower.

SentinelOne could improve by reducing the price.

The management console.

The price is a bit high. They should make their pricing model more affordable.

The solution needs better reporting on new threats and malware. The reporting is present, but I can't find the information easily.

There is not much flexibility in terms of policy fine-tuning. We can turn it off or turn it on, but there's nothing much else to do. Everything is predefined. It's good in a way, but you don't get much flexibility if you want to do something particular.