SentinelOne Singularity Cloud Security Reviews

In its all-in-one aspect, we started with Cloud Security Posture Management at the beginning and then added the Offensive Security Engine, Vulnerability Management of CDR. We also use it for compliance.

By implementing this solution, we wanted an alerting mechanism and detection of any deviation from our current configuration. We also wanted visibility into Kubernetes and AWS cloud. We wanted something that continuously monitors and gives us updates so that we can take action.

We have an overview of our compliance status. We check on a weekly or monthly basis where we are with respect to various compliance standards.

Its dashboard is quite good. We can select any resource and go to any details we want. We have a visual representation of our assets and how they are connected.

I like the granularity of access. We can give read-only, admin, or other types of access to team members based on their roles.

It provides an option for auto-remediation, but we are not leveraging that. However, we are using the exploit information to check what they saw versus what we are seeing. It helps to be able to see their evidence.

It includes proof of exploitability in its evidence-based reporting. This is very important for us. We can validate if something is false positive or not only if we have any evidence from the findings. Having the evidence for every issue helps us prioritize the findings.

Offensive Security Engine has helped to clear a lot of vulnerabilities in the past. Through the dashboard, we could see all the metrics related to public exposure and misconfigurations. We have a lot of services in our cloud, and they were very hard to track. It solves that problem for us. 

Our time to detect and respond has improved drastically. If a misconfiguration happens, we gain visibility quickly. Our mean time to detect and respond has reduced by about 50%.

It has enabled collaboration between multiple teams for implementing cloud detection and response and understanding vulnerabilities. It has saved 20% to 30% of our time.

It has been highly effective in risk mitigation. Slack and Jira integrations have been helpful for alerting and creating tickets. We also have Kubernetes integration for insights. 

The cloud misconfiguration feature and Offensive Security Engine, as well as their alerting process, are valuable. I get to customize severities or rules. The flexibility to rate a finding or category of vulnerabilities is the most interesting. 

The cloud misconfiguration feature gave us almost zero false positives. We are happy with this feature.

In version 2, a lot of rules have been deployed for Kubernetes security and CDR, which makes a lot of issues of critical severity, whereas they are not critical or of high severity. There is a mismatch of severities. They need to work on severity management. 

Alert fatigue is an issue as well. We get many alerts because of severity mismanagement. In CDR, there is no option to rescan or recheck. In cloud security, if a resource is restarting multiple times and gets a new name, we get alerts each time, leading to alert fatigue. If restarted five times, we get five alerts, which is not favorable.

I have used the solution for two years.

It is a stable product. I would rate it a ten out of ten for stability.

It is scalable. I would rate it a ten out of ten for scalability.

We are using the Enterprise plan which is the maximum that one can leverage. We are paying for all the features, but we are currently not leveraging VCS. We want to increase the usage of that.

Their technical support is top-notch. I made friends there.

Positive

Previously, there was no product. We relied on in-house, independent ad-hoc automations. We now have a comprehensive and all-in-one solution.

Its deployment was easy. It was set up in less than a week.

There were a couple of people from PingSafe and a couple of people from our side.

We are based out of Indonesia and India. The deployment was done on the cloud. We use AWS. The PingSafe team was from Bangalore, India.

Its maintenance is taken care of by the SentinelOne team. There is nothing required from us.

On the resource side, we do not have to invest much money or time into developing our own automation or tools. It has saved us more than 50% of our time.

It is cost-effective compared to other solutions in the market.

I recommend looking at the exact requirements and exploring options for CSPM and Offensive Security Engine. These two are a must-have. I would recommend reviewing the use case first and seeing if any other features are required. 

I would recommend this solution to others. Overall, I would rate it a ten on ten for cloud security.

I use SentinelOne Singularity Cloud Security as an endpoint security tool. We have deployed it on multiple users' endpoints and multiple servers to protect them from security threats.

As a security engineer responsible for administering the SentinelOne Singularity Cloud Security, Kubernetes, and VR tool, I work in an organization with over 10,000 employees and numerous virtual servers and corporate network machines. To safeguard these systems from security threats, we've deployed Singularity across all endpoints and servers to monitor for and respond to incidents, gathering detailed information about their spread and affected machines.

Any security incident or malware detection is reported to security administrators within a fraction of a second. Basic rules and AI detections drive this rapid response. For example, suppose a file is flagged as suspicious based on its activity and alignment with the MITRE ATT&CK framework. In that case, the system identifies the file's behavior, categorizes it according to MITRE attackers, generates AI-based responses, and provides insights to security administrators for review and further investigation.

Automated remediation is highly effective, responding in mere fractions of a second to block, quarantine, or contain affected files or devices. Additionally, it can isolate endpoints from the network to prevent malware from spreading or containing compromised systems.

The Ranger feature is not exclusive to Linux systems. It scans all devices on a network, providing information about the types of machines and operating systems present within that specific network environment.

Workload telemetry visibility is valuable during incident response, triage, and analysis. Detailed information about the process is provided when an incident is reported, offering deep insights. For example, if a file is flagged as malware, the entire process behind its execution, including accessed files and invoked processes, is displayed. This comprehensive history effectively aids in determining file behavior and accurately classifying it as benign or malicious.

The benefits of SentinelOne Singularity Cloud Security are immediately visible through the quick response time.

The mean time to detection is under half a second.

The mean time to remediate is between one and one and a half seconds.

It provides an automated response, eliminating the need to block and investigate files manually. SentinelOne Singularity immediately blocks suspicious files, and subsequent investigation allows us to whitelist the file completely or maintain the block.

The most valuable features are automated threat response, AI detection, and static and dynamic detection. Monitoring all activities on the server's endpoint provides security administrators with deep visibility into endpoints, servers, and the incidents occurring on them.

I request that SentinelOne investigate this false positive, as SentinelOne has a higher false positive rate than other XDR solutions. While false positives are an expected part of incident response, excessive numbers can indicate accuracy issues with the tool.

I have been using SentinelOne Singularity Cloud Security for two years.

Cloud-based stability is beneficial because it eliminates downtime for business owners, ensuring uninterrupted operations.

Scalability is relatively straightforward as it primarily involves installing agents on additional machines and addressing licensing requirements.

Auto-scaling based on workload demands is beneficial, for example, when a hundred machines are added to the corporate network. We need to deploy the SentinelOne agent to these additional machines and confirm that the license accommodates the increased number of devices.

We previously used Crowdstrike Falcon but prefer SentinelOne Singularity Cloud Security because it is user-friendly. The GUI is easy to understand, operate, and administer.

Due to SentinelOne's cloud-based nature, initial deployment is straightforward. Simply installing the agent on the endpoints we wish to protect is sufficient, making setup within our existing corporate network infrastructure relatively uncomplicated.

The deployment time varies depending on the number of endpoints and servers accessible within the network, but it typically takes one to two months to complete and transfer responsibility.

Two people are necessary for deployment: one to handle administrative tasks and another to manage the SCCM component, such as pushing agents to multiple machines.

I would rate SentinelOne Singularity Cloud Security eight out of ten.

Sometimes, Singularity incorrectly flags legitimate files as malware or suspicious, which can disrupt the work of some project users. However, we understand the importance of protecting against potential threats and appreciate Singularity's proactive approach. We can easily whitelist false positives, minimizing productivity impact and ensuring our system remains secure.

SentinelOne Singularity Cloud Security is a valuable tool for organizations with the budget to invest in it. It offers robust protection for servers and endpoints, which are primary targets for security breaches. Given the critical nature of endpoint security, this software should not be overlooked. SentinelOne has a strong reputation, provides rapid response times, and includes features such as deep visibility into malicious files, enabling security administrators to isolate threats in the cloud through sandboxing directly.

The only maintenance required is for agent upgrades.

I use SentinelOne for the traffic flow in my customer's account.

Singularity Cloud Security gives us alerts, and it is helpful for us to get these alerts. We get to know about any issues through these alerts. We can resolve the issues accordingly.

It helps resolve issues more quickly. I do not have to analyze them on my own. We get to know the issues, and we also have documentation and recommendations about how to resolve them. That is very helpful for me.

We were able to realize its benefits pretty quickly because I already had its knowledge. I had studied a little bit and researched it. After implementation, my work got faster by almost 60% to 70%. The client was happy with that.

Singularity Cloud Security has reduced the number of risks. After resolving an issue on one of the servers, I can implement the fix on other servers before getting alerts about those. There is about 70% to 80% reduction.

It has been beneficial for all team members because we are all working in shifts and we are not able to communicate with each other much. The documentation has helped a lot.

Our security posture is much better. I do not have the numbers, but we see fewer notifications about security and threats. We follow the guidelines and best practices.

The security that it provides is valuable. It has a user-friendly dashboard that I can access without any difficulty.

Security notifications or alerts are also very useful. The alert mechanism helps in identifying issues.

It is very easy to use. I would rate it a nine out of ten for usability.

Sometimes, I am not able to see the flow when there is an issue. When anyone complains and I have to troubleshoot it, I find it difficult to search. 

The documentation that I use for the initial setup can be more detailed or written in a more user-friendly language to avoid troubles.

I have six months of experience using it.

It is stable. I would rate it a nine out of ten for stability.

It is scalable. I would rate it a nine out of ten for scalability. Our clients are large organizations.

In our AWS Cloud, we have multiple accounts. We have almost 400 users. The AppSec team is a different team that is responsible for its installation. We are its users.

I use vendor support. I would rate them a nine out of ten.

Positive

I did not use any different solution before.

Initially, it took a lot of time because I had to first learn it and then implement it. First time, there can be some challenges. It took some time to understand because it was my first setup. Once I understood the process, it became easier with subsequent setups.

We implemented this solution after reviewing the documentation. Our AppSec team deployed it.

I would recommend this solution. I find it very user-friendly, and the documentation is also good enough to give solutions, which is very important. In addition to notifications, we also get solutions.

I would rate Singularity Cloud Security a nine out of ten.

We're managing our cloud environment on AWS, and SentinelOne Singularity Cloud Security is assisting us as a CSPM tool. It identifies vulnerabilities in our configuration and helps prevent malicious attacks.

Our current cloud environment allows independent resource deployment by our six to eight-person team, which increases the risk of misconfiguration. To mitigate this, we implemented SentinelOne Singularity Cloud Security. This security tool generates alerts for misconfigurations, allowing us to promptly address them and maintain a strong cloud security posture.

Having too many resources with platform access made misconfigurations more likely. SentinelOne Singularity Cloud Security addressed this by helping us configure everything according to best practices, helping improve our security posture.

SentinelOne Singularity Cloud Security is easy to use.

Evidence-based alerts help us mitigate the priority issues that are detected.

The proof of exploitability in evidence-based reporting is helpful.

The offensive security engine strengthens our organization's security posture by validating potential attacker paths and prioritizing vulnerabilities with the highest likelihood of being exploited in a breach.

Infrastructure as Code facilitates the identification of pre-production issues within our Cloud Formation Templates and Terraform configurations.

SentinelOne Singularity Cloud Security has been instrumental in ensuring our strong cloud security posture, effectively helping us manage and mitigate risks. SentinelOne Singularity Cloud Security helped our team reduce the number of false positives.

SentinelOne Singularity Cloud Security plays a key role in strengthening our risk posture. By providing alerts, it assists both our information security and security assessment teams in identifying and mitigating potential threats, ultimately improving our overall security position.

It has improved our mean time to detection by 30 percent and effectively reduces our average time to resolve incidents. By providing valuable information, SentinelOne Singularity Cloud Security empowers our team to quickly diagnose and rectify problems.

It has improved the collaboration of our cloud security application developers and AppSec teams.

SentinelOne Singularity Cloud Security has helped save engineering time by 50 percent. 

SentinelOne Singularity Cloud Security offers security solutions for both Kubernetes and CI/CD pipelines. It helps with vulnerability remediation, ensuring timely alerts for misconfigured resources, so we can address security issues efficiently.

While SentinelOne Singularity Cloud Security offers real-time response, there is room for improvement in alert accuracy. We've encountered instances where misconfigurations created by teammates were not flagged promptly by SentinelOne Singularity Cloud Security, leading to downstream issues.

I have been using SentinelOne Singularity Cloud Security for one year.

I would rate the stability of SentinelOne Singularity Cloud Security nine out of ten.

I would rate the scalability of SentinelOne Singularity Cloud Security nine out of ten.

The technical support is helpful.

Positive

SentinelOne Singularity Cloud Security's team clearly explained the implementation process, which our team of three was then able to complete in just one week.

SentinelOne Singularity Cloud Security falls within the typical price range for cloud security platforms.

I would rate SentinelOne Singularity Cloud Security ten out of ten.

Our organization has over 35 members across various teams, each utilizing SentinelOne Singularity Cloud Security according to their specific needs.

No maintenance is required on our end.

I recommend SentinelOne Singularity Cloud Security to others. It has done a great job of improving our security posture.

We are using it for the primary purpose of cloud security posture management.

We use infrastructure as code scanning, as our primary mission is for cloud security posture management, and it identifies hard-coded secrets in source code, including aspects of Kubernetes security. 

It provides several features, such as attack visualization and evidence-based reporting, that help us proactively mitigate vulnerabilities. It reduces compliance risks and audit pressures.

For evidence-based reporting, we integrated it with CWPP and CI/CD. It helps us secure infrastructure because it presents the reports.

I can see the proof of exploitability results for each tool in the dashboard. It provides great insights into our cloud security posture and informs us about the complexities of certain issues.

SentinelOne Singularity Cloud Security helps us identify if the development has a public repository. It offers better UI and improved visibility compared to open-source tools. It identifies issues in minutes, including hard-coded secrets that could expose our systems if accessed publicly.

SentinelOne Singularity Cloud Security is on top of protecting ephemeral workloads. It has automated capabilities that block misconfigurations and identify issues.

SentinelOne Singularity Cloud Security has helped to reduce false positives. 

With SentinelOne Singularity Cloud Security, I appreciate the monitoring features and the report with the compliance score.

I find it easy to use, and there is nothing complicated about this. The dashboard and the UI/UX are very helpful, making it easy to follow and get used to.

There is room for improvement in application security posture management features, and SentinelOne Singularity Cloud Security is on the costlier side.

I have been using SentinelOne Singularity Cloud Security for around 2 years.

It is a highly stable product, and we have not faced any reliability issues.

It is scalable, and I would rate it a nine out of ten for scalability. We have not seen any performance slowdowns while onboarding multiple projects.

It is being used by multiple departments. Ten members of our security and DevOps team use the solution in our internal security team.

I would describe their support as neutral.

Positive

It was easy. It took two days. Its maintenance is handled by another team.

It has improved our detection and response rate by about 30%. 

It has improved collaboration. It has saved a lot of communication through the central dashboard. Anybody can look at the dashboard and see the open issues and resolve them accordingly.

It has improved our security posture by 30% to 40%.

SentinelOne Singularity Cloud Security is on the costlier side.

I have not looked into the agentless vulnerability scanning and automated malware scanning for S3 buckets on the dashboard. It runs in the background.

So far, I have not encountered any challenges while using SentinelOne Singularity Cloud Security. I would rate it a nine out of ten compared to other vendors I have experienced.

In my organization, we use SentinelOne Singularity Cloud Security to enhance our security posture. The platform provides alerts and recommendations on best practices, policies, and necessary updates to strengthen our infrastructure security.

We implemented SentinelOne Singularity Cloud Security to strengthen our security posture. Previously, we lacked clear guidance on best practices, including password reset policies, patching procedures, and VM updates. SentinelOne provides these best practices and recommendations, significantly improving our infrastructure security.

SentinelOne Singularity Cloud Security is user-friendly.

Evidence-based reporting helps prioritize and solve cloud security issues. When an issue occurs in my infrastructure, I receive an alert on their dashboard and a notification is sent to our common email address. SentinelOne Singularity Cloud Security provides a direct link to the affected resource in the AWS console, allowing me to navigate to the issue and resolve it quickly.

SentinelOne Singularity Cloud Security has improved my organization's security posture significantly. Before its implementation, we lacked an understanding of best practices for security. The solution has clarified our path by providing guidelines and alerts, which have helped us secure our infrastructure effectively.

It has reduced the number of false positives significantly, providing accurate data for our security processes.

SentinelOne Singularity Cloud Security has significantly improved our risk posture.

Prior to implementing SentinelOne Singularity Cloud Security, our mean time to detect ranged from 30 to 35 minutes. Now, with SentinelOne, our MTTD has significantly improved, falling within the range of 5 to 10 minutes.

Our mean time to remediate has been reduced to five minutes since implementing SentinelOne Singularity Cloud Security.

SentinelOne Singularity Cloud Security offers several valuable features, most notably the rapid vulnerability notifications that provide timely alerts regarding our infrastructure. Furthermore, the platform's intuitive interface enables even novice team members to navigate the dashboard with ease, minimizing the need for extensive documentation.

I believe the UI/UX updates for SentinelOne Singularity Cloud Security have room for improvement. While the current interface is excellent, enhancements could make it more user-friendly. Additionally, an improved notification system that sends alerts about vulnerabilities directly to our centralized console would allow for a more prompt response.

I have been using SentinelOne Singularity Cloud Security for almost one and a half years.

I rate the stability of SentinelOne Singularity Cloud Security as nine out of ten.

I rate the scalability of SentinelOne Singularity Cloud Security as ten out of ten.

I have contacted SentinelOne's technical support team once, and they were very helpful. Their communication and product knowledge were excellent.

Positive

The initial cloud-based deployment was straightforward, taking approximately two to three working days with a team of three people.

The implementation was handled internally by my team with guidance from a senior resource.

I rate SentinelOne Singularity Cloud Security nine out of ten.

We have 150 users of SentinelOne Singularity Cloud Security.

I recommend SentinelOne Singularity Cloud Security to others because it is very important from a security standpoint. 

We are using SentinelOne for CSPM Cloud, specifically for cloud misconfiguration monitoring and related tasks on SentinelOne.

The reporting feature is noteworthy. We have scheduled reports for all accounts. We have seven to eight accounts in our AWS setup, so we have scheduled reports for production and similar tasks. We have separate reports for misconfiguration issues. For other accounts, we have created summary reports. We share these summary reports separately and can bifurcate them based on our requirements. Furthermore, we have added a feature where we can see the total hierarchy of an event, viewing the account details and the changes that occurred. When I joined, there were more than one hundred open findings on SentinelOne where our team was not fully aware of the misconfigurations. We had calls with SentinelOne to gain more solutions and proper descriptions, as many issues were not properly described. They have changed many scripts to improve alerting and reduce false alerts. In one instance, there was a twenty-four-hour delay in an issue appearing on the portal. They have since resolved these issues.

In the Analytics section, there is a tab for showing the severity of open issues by day. There are three options: by week, by month, and for more than thirty days. However, despite being aware of many issues open for more than thirty days, it shows no data available. We contacted the team, and they are working to resolve this, as it gives our management a false impression of there being no open incidents over that period.

I have worked with this product for the last one and a half years.

It is stable. Based on my observation, it appears stable.

There are no issues. It is working properly. I do not see any changes needed currently. We need to discuss with our team about adding something new, like resolving the Analytics part not showing data for more than thirty days. We have a call scheduled next week for this, and it will likely be resolved.

The customer service is good. When we raise a ticket, we receive a proper response, and it does not take much time.

Neutral

I have mainly worked with 'being safe'. Previously, I was involved in networking. Upon joining this organization, I became part of the InfoSec team, and we monitor networks and security. Initially, 'being safe' worked well, but after the migration, I have had more clarity on the issues.

During migration, we have not faced any issues. The migration from 'being safe' to SentinelOne was smooth. When I joined, eight accounts were already integrated with 'being safe'. We have not added new accounts yet, only migrated the existing eight.

We had a call with our team, and they resolved certain issues. They have changed many scripts to improve alerting.

The AWS team considered shifting from SentinelOne to another tool offered by AWS; however, during the migration and agreement signing, our CISO and InfoSec team advocated for keeping this tool. We have suggested enhancements, which SentinelOne has implemented without hesitation. The cooperation from SentinelOne has prevented us from wanting to shift.

Surely, it is a good tool to have. During the migration period and agreement signing, our CISO and InfoSec team required this tool, and SentinelOne made changes for us without hesitation. Their cooperative nature has influenced our decision not to shift. We are using CSPM; the rating is eight and a half to nine out of ten. I am an Information Security Manager. I would rate the overall solution as 8.5 to 9 out of 10.

We use SentinelOne Singularity Cloud Security to maintain security best practices. The platform alerts us to security issues, ranging from low to critical severity, based on our infrastructure. 

We chose SentinelOne Singularity Cloud Security for its targeted vulnerability recommendations and best practice guidance, which allow us to address alerts effectively and maintain a secure infrastructure.

SentinelOne Singularity Cloud Security is user-friendly and easy to understand.

SentinelOne Singularity Cloud Security's evidence-based reporting for helping prioritize and solve the most important cloud security issues is excellent.

The exploitability proof in reports is crucial, enabling me to pinpoint issues and solutions. Without it, identifying vulnerabilities and applying fixes would be impossible. The system alerts me to security events, pinpointing the problem's location with resource and account IDs. This detailed information allows for rapid resolution, saving valuable time.

Upon joining the company, the user interface was not very user-friendly. However, over time, upgrades were introduced, such as more issue resolution documentation and best practices, which enhanced the security of our infrastructure. I realized the benefits of SentinelOne Singularity Cloud Security within five months.

SentinelOne Singularity Cloud Security has significantly strengthened our security posture. Previously, we relied on AWS-managed security alarms, which provided a limited and reactive approach to threat detection. Singularity Cloud Security offers a more proactive and comprehensive solution, enhancing our ability to identify and respond to potential threats.

SentinelOne Singularity Cloud Security has reduced our mean time to detect by five to ten minutes.

SentinelOne Singularity Cloud Security allows us to complete remediation in five minutes.

The most valuable feature is the easy-to-understand user interface, which allows even non-technical users to comprehend and resolve issues. Additionally, the solution provides highly useful recommendations.

To enhance the notification system's efficiency, resolved issues should be promptly removed from the portal. Currently, these issues take two to three hours to be removed, creating unnecessary clutter and potentially delaying the identification of new issues.

I have been using SentinelOne Singularity Cloud Security for almost two years.

I would rate the stability of SentinelOne Singularity Cloud Security nine out of ten.

I would rate the scalability of SentinelOne Singularity Cloud Security ten out of ten.

Customer service and support are excellent. They respond promptly, and the technical support is knowledgeable and helpful with any issues we face.

Positive

The initial setup took approximately one week due to the testing phase. It went smoothly with the team's collaboration.

I was present with my team during the deployment process, but I did not personally deploy it.

I would rate SentinelOne Singularity Cloud Security ten out of ten.

Our organization has multiple departments, but only five individuals have access to Singularity Cloud Security.

Singularity Cloud Security's maintenance is handled by SentinelOne.

From a security standpoint, SentinelOne Singularity Cloud Security is excellent, and I highly recommend it.