SentinelOne Singularity Cloud Security Reviews

We use Singularity Cloud Workload Security for our production and build workloads.

We implemented the solution to simplify the deployment of forensic tools, including EDR, into our cloud infrastructure, where it may be difficult to install an agent.

We have a hybrid deployment, with an estimated 8,000 to 70,000 cloud workloads. We serve a customer base of nearly one billion people, including 700 million current EA subscribers. Handling this workload is no small feat. The estimate is so broad because we do not own or control every AWS, Azure, or GCP account; studios use this infrastructure without our help. We are still in the discovery phase of trying to determine the exact number of workloads. There are thousands of Kubernetes clusters.

Singularity Cloud Workload Security's real-time threat detection capabilities are good. We recompeted SentinelOne against fifteen or twenty different AV vendors over the course of 2018 and 2019 and found SentinelOne to be superior in virtually every possible way.

Forensic capabilities are now excellent. When we started, we had a contractual agreement with SentinelOne to improve deep visibility to match our current toolset, Carbon Black Response. Over the course of two years, they delivered everything we could get from Carbon Black and even more.

The visibility of workload telemetry is excellent, and the hunting capabilities are second to none.

When no human intervention is required Singularity Cloud Workload Security detects and remediates nearly instantaneously.

Our MTTD is sub 30 days.

Our MTTR is seven days after detection for most instances.

The interoperability with third-party solutions is great.

The most valuable feature is the ability to gain deep visibility into the workloads inside containers.

Sometimes the Storyline ID is a bit wacky. It's not that the data is inaccurate, but the threat item that's flagged can sometimes point to a storyline that's not relevant to the hunting object we're looking for. In short, Singularity Cloud Workload Security can sometimes take us on a roundabout way to get to where we want to be when using Storyline ID.

I would like a public repository for CWPP. Having to request a script from SentinelOne to deploy CWPP is not ideal, and this is true for all of the tools, including the Linux agent. Without a public repository, when a deployment team needs something like a GPG key to validate the image, we have to request a signed copy of the software. This is not ideal because it removes our ability to self-serve. Therefore, if I had to ask for anything to make it easier, it would be signed images that are GPG signed and a public repository where we can get the bits from.

I have been using Singularity Cloud Workload Security for over four years.

Singularity Cloud Workload Security is stable. No lag, no crashing, no downtime. The joy of running as a container is that it doesn't break the other parts. 

The Singularity Cloud Workload Security auto-scaling feature is great.

Technical support is excellent. One of the selling points of SentinelOne is the incredibly good support.

Positive

The initial deployment was straightforward, but only because I had to obtain a script from SentinelOne. I completed the deployment myself.

Our three-year renewal with SentinelOne this year was shockingly expensive. In fact, covering our 50,000 endpoints would have nearly bankrupted most security programs, even well-funded ones like ours. The sticker shock is real. I understand that SentinelOne is a market leader, but the bill we received was astronomical.

We evaluated a few application security tools, but CWBB is only a software opportunity. SentinelOne has become our primary solution for all aspects of endpoint security. Therefore, when we considered adding detections for cloud workloads, it made sense to choose SentinelOne as the ideal solution.

I would rate Singularity Cloud Workload Security nine out of ten.

To someone who doesn't think they need CWPP because they already have a continuous security monitoring solution in place, I would say, Consider the old security adage that they are not currently free of malicious items. They have them, but they just don't know where they are.

We have an upgrade policy for maintenance purposes. We need to implement the upgrade policy, but we do this through Chef automation. Writing Chef automation for this can be a bit complex, but it is not impossible.

SentinelOne Cloud Workload Security's ability to be innovative is excellent. I'm a big fan of SentinelOne's API, which has allowed me to develop some creative solutions. I'm actually the only SentinelOne administrator at my organization, so in terms of innovation, it's probably the best tool I've ever used. I've been able to create an automated "one-man army" using SentinelOne.

I recommend deploying a test environment. Do not try to deploy this into an existing environment and test there. It's a bad idea. Not from a SentinelOne perspective, but I'm not much of a Kubernetes expert. I know it can be dangerous, and we tried to do this in a test environment of a live production environment and had a lot of trouble. Not because of SentinelOne, but because of our Kubernetes deployment. Having to complete a bad Kubernetes environment with little knowledge of CWPP basically made getting it working very difficult. So my advice would be to build a clean, industry-standard test environment that can be broken with no risk.

We use SentinelOne Singularity Cloud Security to identify threats and vulnerabilities in our AWS accounts and the compute resources that are hosted on those cloud accounts.

We implemented SentinelOne Singularity Cloud Security to address network-related issues, such as communication between individual components (part-to-part or node communication). SentinelOne Singularity Cloud Security's Graph Explorer feature also helped us understand the overall network landscape, including the attack surface. This feature allows us to discover and explore various components within our AWS environment. In essence, SentinelOne Singularity Cloud Security helped us identify how different networks connect and how microservices within our system interact with each other.

We've implemented SentinelOne Singularity Cloud Security across all our core companies, including acquisitions. Previously, managing separate AWS accounts for each company with dedicated DevOps and security teams was a significant challenge. SentinelOne Singularity Cloud Security helped us consolidate these accounts into a single platform, simplifying the process. Now, we can easily track key security metrics. For instance, SentinelOne Singularity Cloud Security provides frequent alerts for critical events such as publicly exposed instances or security groups with significant traffic changes from any source. Monitoring these elements across multiple accounts and security groups was previously difficult without a centralized platform. SentinelOne Singularity Cloud Security has been instrumental in streamlining this process.

We recently made some changes to our information systems. SentinelOne Singularity Cloud Security helped identify instances that were inadvertently made public. This identification is important for compliance purposes, as it allows us to track how well these public instances adhere to regulatory frameworks.

SentinelOne Singularity Cloud Security's compliance monitoring capabilities have provided us with some benefits, particularly in understanding our overall security posture. However, it's important to note that SentinelOne Singularity Cloud Security only monitors our cloud infrastructure. There might be internal deployments with compensating controls that address missing controls identified by SentinelOne Singularity Cloud Security (e.g., control X is missing but mitigated by internal control Y). These internal controls wouldn't be visible to SentinelOne Singularity Cloud Security. Therefore, while SentinelOne Singularity Cloud Security provides a valuable starting point at the surface level, manual review is necessary to ensure complete compliance coverage.

SentinelOne Singularity Cloud Security is easy to navigate. Its menus are straightforward and intuitive, making the overall user experience smooth.

One of the key benefits of the evidence-based reporting is its proof of exploitability. This feature allows us to prioritize vulnerabilities that have been demonstrably compromised and take immediate action to mitigate the risks.

The offensive security engine feature constantly scans and lets us know if any vulnerabilities in our environment can be exploited. While the offensive security engine for verifying exploit paths and prioritizing breach control is valuable, it lacks context awareness. For instance, it might flag something we intentionally made public, like a new website for an upcoming event. In those cases, we can safely ignore the alert. Overall, the engine is a useful tool. We extract the information it provides and prioritize it. A dedicated team reviews the alerts and, if necessary, escalates them to our DevOps team for further action.

By centralizing cloud infrastructure monitoring with SentinelOne Singularity Cloud Security, our security team's productivity, and MTTR have been significantly improved.

Over time SentinelOne Singularity Cloud Security has reduced the number of false positives by 40 percent.

SentinelOne Singularity Cloud Security has significantly improved our organization's risk posture. Since implementing it, we've been able to assess the risk associated with recently discovered CVEs much faster than before. This efficiency is due to the proactive identification and scanning capabilities. Now, we start each day with a clear summary of potential risks, allowing us to prioritize effectively.

SentinelOne Singularity Cloud Security has reduced our mean time to detection by 90 percent. This is because it scans every day and sends us real-time email alerts, allowing us to take immediate action.

SentinelOne Singularity Cloud Security has reduced our mean time to remediation by 40 percent.

We have a dedicated channel where we collaborate with SentinelOne Singularity Cloud Security and our internal teams.

The collaboration helped save our engineering time by 60 percent.

The user interface and ease of use have had a positive impact on our security operations. For example, we recently needed a list of assets deployed in a specific GN in a cloud account for a particular incident. We went straight to SentinelOne Singularity Cloud Security and were able to quickly obtain the assets along with a map of the security groups linked to them. The UI's simplicity helped us save significant time by eliminating the need to search for information manually.

Notifications about the latest vulnerabilities are a valuable feature. SentinelOne Singularity Cloud Security automatically updates itself with the newest threats and scans our infrastructure across all integrated data accounts for them. This is helpful because it's difficult to keep up with the volume of CVEs, especially the critical ones.

The UI is responsive and user-friendly.

There's room for improvement in the graphic explorer. We'd like something that helps us visualize traffic between different ports and containers. Currently, we can see host networking, like communication between instances or perhaps within Kubernetes. However, we're looking for a tool that can also visualize port-to-port communication and display it as a graph. This would give us a clearer picture of our network traffic and help strengthen our network security.

The dashboard currently displays CVEs, but it would be beneficial to receive proactive email notifications in addition to this.

I would also like to have runtime security in SentinelOne Singularity Cloud Security.

I have been using SentinelOne Singularity Cloud Security for 7 months.

I would rate the stability of SentinelOne Singularity Cloud Security 9 out of 10.

I would rate the scalability of SentinelOne Singularity Cloud Security 8 out of 10. We can easily add new cloud accounts.

The technical support response time is good. For feature requests, they can be a little slow.

Positive

The time invested in security operations for threat detection and monitoring has yielded a return on investment of 70 percent. We've also seen a financial benefit by avoiding the need for additional staff to monitor and correlate all database accounts individually by 40 percent. SentinelOne Singularity Cloud Security automates these tasks efficiently.

SentinelOne Singularity Cloud Security is less expensive than other options.

I would rate SentinelOne Singularity Cloud Security 8 out of 10.

We're planning to integrate SentinelOne Singularity Cloud Security with our CI/CD pipeline and Slack. Currently, our only integration is with an email system, which means we receive alerts and notifications via email. We're evaluating the effectiveness of this approach. Integrating with tools like Jira or Slack could help manage the issue of false positives and notification overload, which currently requires the manual closing of alerts. We're still assessing the best course of action, but integration with Jira is a strong possibility.

Around 15 people from our security and DevOps teams use SentinelOne Singularity Cloud Security. SentinelOne Singularity Cloud Security is a SaaS that is integrated with our main company and all our acquisitions.

SentinelOne Singularity Cloud Security does not require maintenance from our end.

I recommend SentinelOne Singularity Cloud Security to others for its cloud security capabilities. I particularly appreciate its offensive security approach. Coming from an offensive security background, I find PingSentinelOne Singularity Cloud Securityafe excels at identifying real threats that we can address immediately. This proactive approach is a major advantage of SentinelOne Singularity Cloud Security. While the defensive side might involve some assumptions and possibilities, I believe the offensive capabilities are the key reason we use SentinelOne Singularity Cloud Security.

We use SentinelOne Singularity Cloud Security as a cloud security posture management tool. SentinelOne Singularity Cloud Security is integrated with our GCP, Azure, and AWS accounts. It will identify all the misconfigurations and security issues on all these cloud platforms and alert us. In addition to the CSPM capabilities, SentinelOne Singularity Cloud Security has several other features like vulnerability management, container security, Kubernetes security posture management, and secret scanning

All of these features are bundled inside SentinelOne Singularity Cloud Security. It combines all the telemetry from the cloud, containers, and the Kubernetes platform. The vulnerability scanners are connected to the registries and give us a holistic picture of what else is vulnerable versus all the dummy data others would give.

Before SentinelOne Singularity Cloud Security, we didn't have visibility into the security aspects of our cloud environment. SentinelOne Singularity Cloud Security allows us to see all the misconfigurations and security vulnerabilities. Certain native tools from AWS are quite expensive and not as reliable, but SentinelOne Singularity Cloud Security fixes that issue. Also, for highly regulated companies, having a cloud security posture management tool is a hard requirement.

Regarding risk posture, there are two kinds of risk: perceived and actual. SentinelOne Singularity Cloud Security has helped us reduce the actual risk. Our compliance score went up from 70 percent to more than 95 percent now.

We realized SentinelOne Singularity Cloud Security's benefits maybe 1 or 2 months after the deployment. We integrated the regional module, and the extra features were there. About 6 months in, we really scaled it up. 

SentinelOne Singularity Cloud Security has helped reduce the number of false positives we deal with. They've been highly proactive. We have a Slack channel with their support team. We tell them the false positive you're seeing, and they get on a call with you in 30 minutes to solve that issue. 

The detection time is immediate. It finds vulnerabilities almost instantly, so the detection time has decreased considerably. In terms of remediation, it depends on how we are doing it. The remediation time has gone down, but not to the extent that we need it to. 

SentinelOne Singularity Cloud Security has improved cooperation between the DevOps and security teams by helping identify critical issues that must be prioritized instead of just going through and fixing each one. 

SentinelOne Singularity Cloud Security released a new security graph tool that helps us identify the root issue. Other tools give you a pass/fail type of profile on all misconfigurations, and those will run into the thousands. SentinelOne Singularity Cloud Security's graphing algorithm connects various components together and tries to identify what is severe and what is not. It can correlate various vulnerabilities and datasets to test them on the back end to pinpoint the real issue.  

For example, let's say you have a vulnerability in a public instance of AWS EC2, and there's a relationship between that instance and the Kubernetes platform. From there, Kubernetes is connected to a container with a misconfiguration or vulnerability. That attack path is the root cause of the issue in your environment. It doesn't simply tell you whether something is public. That is a feature AWS provides natively. Native AWS tools provide us binary results about whether the instance is open, but SentinelOne Singularity Cloud Security can break down the data to identify the core issues. 

SentinelOne Singularity Cloud Security is one of the easiest platforms to use. It's super intuitive. I have used CSPM tools in the past like CrowdStrike. This is much easier. With one click, you can deploy it in an hour. It automatically picks up a lot of the telemetry on its own. You don't need extra configuration steps because the scripts are all there. We can launch the cloud automation templates, and SentinelOne Singularity Cloud Security just directly deploys.

Agentless scanning is convenient for us. It will automatically copy the registry details from AWS, Azure, or GCP without any additional configuration before. If you have registries saved outside of your cloud environment, you can input the client key and secret file, and SentinelOne Singularity Cloud Security will integrate and scan it automatically. You don't need to deploy the agent because it does it on the back end. The best part is that they take this element and bring the cloud security posture management along with it. It will integrate the vulnerability scan into the containers, Kubernetes platform, and the entire cloud platform.

The offensive security engine isn't SentinelOne Singularity Cloud Security's standout feature, but it's an add-on that gives you insight into vulnerabilities in your cloud environment and how attackers can exploit them. 

We have integrated SentinelOne Singularity Cloud Security's infrastructure-as-code features into our GitHub platform, enabling us to scan all the TerraForm and Kubernetes YAML code for vulnerabilities. That is a nice feature that allows you to detect issues in your code before it is deployed. It's inside the pipeline. It will scan the code and block the deployment if it doesn't meet preset criteria.

I want SentinelOne Singularity Cloud Security to integrate additional third-party resources. For example, SentinelOne Singularity Cloud Security is compatible with Azure and AWS, but Azure AD isn't integrated with AWS. If SentinelOne Singularity Cloud Security had that ability, it would enrich the data because how users interact with our AWS environment is crucial. All the identity-related features require improvement.

I have used SentinelOne Singularity Cloud Security for a year.

I have not experienced any instability, yet. SentinelOne Singularity Cloud Security is pretty solid. 

SentinelOne Singularity Cloud Security is scalable if you have the licenses. 

I rate SentinelOne Singularity Cloud Security support 8 out of 10. From the deployment until December of last year, SentinelOne Singularity Cloud Security's support was stellar and proactive. The support hasn't been as good since SentinelOne Singularity Cloud Security was acquired by another company. It's similar to what I've seen with other acquisitions. When it was a startup, you got more personalized support. You could even get the CTO to get on the call with you, which was nice. They have room to improve, but maybe they are undergoing a transition period after the acquisition. 

Positive

We used a different solution, but the correlation wasn't as good, and it was expensive. 

Deploying SentinelOne Singularity Cloud Security is effortless because it's a cloud-based platform. It's pretty intuitive, and we had lots of support from SentinelOne Singularity Cloud Security. If we had issues, we just got them on a call, and they fixed them. SentinelOne Singularity Cloud Security requires no maintenance on our end after deployment. 

SentinelOne Singularity Cloud Security is cost-effective for the amount of infrastructure we have. It's reasonable for what they offer compared to our previous solution. It's at least 25 percent to 30 percent less. 

I rate SentinelOne Singularity Cloud Security 9 out of 10. I recommend that new users onboard as many features as possible. Don't just stick to the cloud security part. Integrate the cloud security with your containers and GitHub or Bitbucket repositories. Perform all the integrations whether you need them or not, and it will take care of everything on the back end for you.

We use Singularity Cloud Workload Security primarily as an EDR for protecting our endpoints. We also use it for incident response. We can track down issues or weirdness in our network via Singularity Cloud Workload Security and other tools we have. 

We use it as an additional set of storage for our Splunk SIEM. It collects some of the less important events, and we keep them in Singularity Cloud Workload Security. We save money on storage space and the number of events that we have to search through.

The most valuable feature of the solution is its storyline, which helps trace an event back to its source, like an email or someone clicking on a link. This feature has helped our incident response team and SOC team to track stuff down and ensure that it hasn't spread further into the network than we're aware of. It also helps us see where it started and take appropriate steps.

While it is good, I think the solution's console could be improved. I'm the SME for Singularity Cloud Workload Security, and the amount of time I have to spend resetting passwords or accounts seems particularly high. We don't use SSO for the time being. It's fairly common for me to go in weekly and reset a password or reissue credentials to get people to log in. This process is very antiquated and could definitely be improved upon.

We have been using Singularity Cloud Workload Security for about two years now.

I have not experienced any issues with the solution's stability. Occasionally, we'll have an issue with an install where it may not install correctly, and we have to pull it out and reinstall it. Other than that, we have not had any serious issues with the solution's stability. Singularity Cloud Workload Security is significantly more stable than our previous solution.

We have not had any issues with the solution's scalability. As we grow and shrink and our offices open and close, we've never had an issue scaling the product according to our needs.

Singularity Cloud Workload Security's technical support team gets to your issue relatively quickly. I've never had an issue where I've had to call in to follow up on a ticket. Other than a complex issue that needed resolving, I've never had any serious issues with them.

Positive

Before Singularity Cloud Workload Security, we used a product called Endpoint Security. With Endpoint, it was almost as if the company that had created the solution had forgotten about it. Its updates were coming slowly, and it wasn't making any effort to improve itself. That was a big push. We saw that SentinelOne was a very new and good product that took many innovative steps. Hence, we decided to use Singularity Cloud Workload Security.

I feel Singularity Cloud Workload Security's initial setup was fairly straightforward. Deploying the product was not terribly difficult. It was more about scheduling and timing on the various teams' parts. Once we had that under control, the deployment of the product itself was very simple.

We deployed the solution by ourselves. We did have SentinelOne support available. A team was available for us, but we did roll it out on our own. Around five people were involved in the solution's deployment.

The solution has provided improvement in productivity and the time spent on issues. With the implementation of Singularity Cloud Workload Security, our teams have been able to more efficiently use their time to fight other fires, as it were.

Singularity Cloud Workload Security's pricing is good. It's pretty similar to a lot of newer products' pricing. A lot of legacy products don't really use it. This newer pricing model seems to be a better fit for our company, and I like that.

Before choosing Singularity Cloud Workload Security, we evaluated CrowdStrike and Symantec. I feel like CrowdStrike is probably an equal to Singularity Cloud Workload Security. However, we decided not to go for CrowdStrike because it was more expensive.

Singularity Cloud Workload Security is a SaaS product, so no equipment or installations are needed other than agents on the endpoints. The ability to be available if we were to have some type of DR incident was a huge plus. That way, we could still keep the tool working if there was some issue with one location or multiple locations. As always, cost was definitely an issue here as well. The features and the efficiency that was offered were also a big draw.

Other than the manual upgrades we do, Singularity Cloud Workload Security doesn't require any maintenance.

I would ask users to put the solution through the spaces, do what they normally do in response to an incident, and see how Singularity Cloud Workload Security acts. If you have a certain set of steps that you take for an incident, follow those in Singularity Cloud Workload Security. Whatever you do with your current product, do it in Singularity Cloud Workload Security, and make sure that every step you've taken in the old one works in the new one.

Singularity Cloud Workload Security's real-time detection and response capabilities seem to be pretty good. They're very on point. We don't have to deal with anything like signatures. It updates itself automatically. It works very quickly and efficiently so that we can track down issues and events without wasting a lot of time.

We don't use the solution's automated remediation too much because taking something out of the hands of the engineers doesn't make everyone very comfortable. So, we use it sparingly, but what it does, it does well.

Cloud Workload Security's forensic visibility is fantastic. We have a smaller Linux footprint than a Windows footprint, but the footprint we do have is very exposed to the internet and other nasty places that are out there.

Being able to look into those and make sure that things aren't open or open things are being remediated quickly is very important to us. We like the solution's forensic visibility feature quite a bit.

The historical data record provided by Singularity Cloud Workload Security after an attack is fantastic. We want to fix the problem initially, but when we do the rehash of the event, we'd like to go back and see where it all started. We'd like to see what happened in the meantime and ensure that everything that was infected, attacked, or damaged is listed and taken care of so that no things out there can reinfect us or cause more problems. So, we really enjoy that feature.

The solution has helped reduce our organization's mean time to detect. It's much quicker than our old solution. It's reduced the response time from 24 hours down to 12 hours for the most part. That's nearly a 50% increase in the response time.

The solution has helped reduce our organization's mean time to remediate. It's good, and it works really well. We haven't had to use it too frequently, but the times we've tested it or the times we have had to enable it have been very quick and successful without too many issues behind it.

I would say Singularity Cloud Workload Security has helped free up SOC staff to work on other projects. I don't think we have any true measurements of it. However, I feel like they have more freedom to explore or work on projects as a whole versus having to chase down incidents like they did in the past.

Singularity Cloud Workload Security has improved our organization’s productivity by at least 50%.

If someone is comfortable with another solution, they can stay with it. However, the threat landscape changes so frequently and so fast that not having an up-to-date feature-packed product could be a detriment. Singularity Cloud Workload Security is a good product that provides such an environment for big and small customers.

We don't have a large Kubernetes environment. From what I have seen via Windows and Linux, we have not had any serious issues with Singularity Cloud Workload Security's interoperability with any of those solutions.

We haven't really used autoscaling as we don't want to scale it mostly for over-licensing our products. It has never been an issue. We just don't want it to grab onto something that it doesn't need to grab onto or implement itself in an environment that doesn't need it. We don't really use that, but we have tested it on a smaller scale, and it has scaled easily without too much issue.

I think the solution can help us when we need a significant innovation, a new product, or a new system being implemented. For the most part, it hasn't hindered anything currently in the works, so I see it as a plus to innovate in the future as needed.

Overall, I rate Singularity Cloud Workload Security a nine out of ten.

We use the solution basically for AD protection. We get to see at a deeper level the different processes that are being run on computers.

We've been able to stop any potential malicious actions that are being taken on various computers.

Their detection of potentially malicious stuff is probably the most beneficial feature and their new Singularity XDR is an awesome platform.

The solution's real-time detection and response capabilities are very good. Pretty much anytime that there is something that we might see as potentially malicious is caught. Depending on the type of computer it is, it does a great job of blocking those actions that are being taken. 

It's really easy to configure enterprise-wide, which actions we want to stop. It's very easy to stop malicious stuff.

The solution's automated remediation is really good. We're doing the rollback also now. That way, if something does happen, it's able to roll back to the state before the process happens.

The solution's forensic visibility into our Linux kernel in regards to deep visibility is really good. It is very granular. It's able to show everything that it did. 

The historical data record provided by the solution after an attack is great. You're able to search by different computers. You can get a whole scope of computers - as much as you want. You're able to get as granular as you want as well and can identify different cross processes than indicators and different files that were launched during a period of time.

It helped reduce our organization's mean time to detect very significantly. We had Endgame before this. It did not stop the processes in a manner of time that you would like it to. This definitely improved our response time to anything that we saw. It's very fast. It's improved the response time by 50% to 75% from just detection time to our response. 

The solution reduced the organization's mean time to remediate. It is as fast as the potentially malicious process that's launched. It'll stop it right then and there. It'll remediate the action immediately. 

It helped free other staff to work on other projects or other tasks. We basically just had to do a bunch of upfront configuring. With it, we do not have to spend as much time in the console.

The solution's impact on your organization's productivity has been impressive. We just had to put a bunch of time upfront. However, ever since then, we haven't had to really do much there besides analyzing threats.

There's the singularity marketplace, which they've expanded a bunch. However, there are some other APIs that I'd like to see. We'd like to be able to connect to them from a SIM perspective.

The Automation tab is an add-on that doesn’t work properly. They provide a list of scripts that don’t work and I have asked support to assist but they won’t help. When running on various endpoints the script doesn’t work and if it does, it’s only a couple. There are a lot of useful scripts that would be beneficial to run forensics, event logs, and process lists running on the endpoint.

I've used the solution for about a year and a half.

The stability is very good. I'd rate stability ten out of ten. I've never had issues. It's never been down. 

We have four different properties on which agents are one and 1,700  workstations as well as 250 servers. 

The product is scalable. We have about 2,000 endpoints. If we had 4,000 or 10,000 it really wouldn't be an issue. It's just a matter of configuring your groups. It's good at autoscaling based on workload demands. 

Technical support is really good. Whenever a threat comes into our environment, they will comment and give analysis. That's been very helpful in covering items we're not totally sure of. 

Positive

I previously used a different solution called Endgame. We did a POC with Crowdstrike and SentinelOne and SentinelOne was a much cleaner, easier-to-use console.

The initial setup did take some understanding on our part of how we wanted to split and group. We needed to figure out how to split our servers and workstations. That was the hardest part. After that, we had to get our policies in order. 

We were able to get everything up within a week to where we were comfortable with how everything was running. We're still tweaking little things. 

We had three people on our team and two people from professional services. 

Maintenance is minimal, such as adding exclusions to threats or alerts. 

We did initiate the setup with professional services. 

We have noted a good ROI and haven't had a single incident since implementing the solution. 

The solution is fairly priced for what they're offering especially compared to other platforms. It gives you great visibility into the different processes that are running on different computers. It's fairly priced, especially for a cloud platform.

We are customers and end-users.

If someone doesn't think they need a singularity cloud workflow protection platform because they have a continuous security monitoring solution, I'd say it depends on whether you're able to block potentially malicious stuff or not. This solution gives you just about the fastest understanding from a machine-learning perspective. 

This is much better than our previous solution. They've innovated a lot in terms of their deep visibility and singularity XDR (which is more granular).

I'd advise potential users to do a POC no matter what. That said, this is a great product. I rave about it to everybody. It's likely my favorite product for our environment.

I'd rate the solution ten out of ten. 

I am working as an application developer, and SentinelOne Singularity Cloud Security plays a role in the cloud infrastructure where my application is deployed. It provides me with alerts and ensures that I follow best practices in everything.

It gives us alerts and resolutions for anything that is missing or any vulnerabilities in our infrastructure in terms of security. If we have a firewall that is missing some rules that may expose us to attacks, it lets us know. It guides us through alerts, documentation, and other things.

It is very easy to use. The dashboard is very useful for beginners.

Its evidence-based reporting helps prioritize and solve the most important cloud security issues. It can automatically fix certain vulnerabilities or inform us to fix them on priority.

It alerts us on everything at the infrastructure level. Our application is deployed in the cloud. From the load balancer to the application level, there are many points. SentinelOne Singularity Cloud Security plays an important role in terms of security. 

Before SentinelOne Singularity Cloud Security, there was nothing I used as a best practice. It gives me much clarity in my daily work. Earlier, I would look into what kind of rules I needed to add, but there was no helpful reference or documentation. SentinelOne Singularity Cloud Security highlighted those things, helping me secure my cloud infrastructure.

SentinelOne Singularity Cloud Security has reduced our false alerts by 10%. It has improved our risk posture by 25%.

SentinelOne Singularity Cloud Security reduces our mean time to remediate. Previously, it would take me around 20 minutes to understand what was happening, but SentinelOne Singularity Cloud Security gives me clarity about what I have to do a lot quicker.

The dashboard is intuitive in terms of design and functionality. Additionally, it gives me an email for all the findings that are open. I get this data every month, so I do not need to check the dashboard. 

Furthermore, at every point, it provides documentation that offers overall information on how to resolve issues, what points to check, and more. It offers a checklist, which is very helpful. 

They can add more widgets to its dashboard. A centralized dashboard with numerous metrics would improve user understanding.

I have used the solution for around two to three years.

It is stable. I would rate it a nine out of ten for stability.

It is scalable. I would rate it a nine out of ten for scalability. 

It is being used at multiple locations and regions. In my team, 14 users are there.

I would rate their support a ten out of ten.

Positive

I did not use any similar solution previously. 

We have a hybrid deployment model. The initial setup is very simple. It probably took two to three days.

Its maintenance is managed by SentinelOne. We do not have a look into maintenance.

It is a good product to get data from a security point of view. I would definitely recommend this product to others. It offers maximum security and scalability. It is easy. I can just open SentinelOne Singularity Cloud Security and get the data.

I would rate SentinelOne Singularity Cloud Security a ten out of ten.

We have multiple applications in our AWS cloud environment. We have a private environment, and we do not disclose it to the Internet. We have configured multiple security alerts, such as for any incoming traffic from a public IP address.

We have also set up SentinelOne Singularity Cloud Security alerts for key rotation of security credentials for the accounts.

SentinelOne Singularity Cloud Security helps us to reduce the security overhead. We do not have to manage every small thing manually. They are taken care of by SentinelOne Singularity Cloud Security.

We use vulnerability scanners for our AWS servers. If there is any vulnerability, we get a report on that. We close those open security points. I do not know the exact name of the scanners, but they work great.

We rarely get false positives. We usually get real-time, accurate data. Sometimes there is a mismatch between the actual data and the data we get from SentinelOne Singularity Cloud Security, but that is negligible. It happens once in a thousand times.

SentinelOne Singularity Cloud Security has reduced our mean time to remediate. It has saved about 60% of our time. It has helped us with that.

It has also reduced our mean time to detect. The time savings depend on the use case. On average, it saves ten to fifteen minutes per use case.

We do not use it at a large level for Infrastructure as Code scanning, but it saves us time. We do not have to click on the features in the GUI. We have set up some scripts with the Infrastructure as Code feature. We run them to generate reports and get the required output.

The Infrastructure as Code feature has helped us. We can integrate SentinelOne Singularity Cloud Security with our cloud tools. It helps with the development part. For example, Lambda is an AWS feature. It is a code environment. We can directly connect these two. It helps with the run time of the processes.

We mostly use alerts. That has been pretty good. If we use the alert system from Amazon, it is much costlier to us, so we use SentinelOne Singularity Cloud Security.

SentinelOne Singularity Cloud Security's interface is quite good. It is beginner-friendly. If someone has even a little bit of idea about cloud security, they can learn it very easily.

I do not know if it is possible, but in AWS Cloud, there are multiple features or services, and if they can collaborate with them, it would be helpful. The Infrastructure as Code service available in SentinelOne Singularity Cloud Security and the services available in AWS cloud security can be merged so that we can get the security data directly from AWS cloud in SentinelOne Singularity Cloud Security. This way, all the data related to security will be in one single place. Currently, we have to check a couple of things on SentinelOne Singularity Cloud Security, and we have to validate that same data on the AWS Cloud to be sure. If they can collaborate like that, it will be great. It will be an amazing tool.

My organization has been using SentinelOne Singularity Cloud Security for one and a half years, but I have been using it for the past three to four months for cloud security.

I have not faced any downtime. If they have any kind of maintenance, they let us know via email a week or two before. The maintenance is usually done once a quarter, and it is done out of business hours, so we do not have any concerns about that.

I would rate it a seven out of ten for scalability. If they can collaborate with AWS services as well, it can be a 10 out of 10.

I have contacted them quite a few times. They are pretty good. They are within their SLAs. I have never raised a support case with a very high severity. For the cases I raised, they have an SLA of about 24 hours, and they always meet that SLA.

I always get a perfect answer in the reply. If I have some major issue and I am unable to understand that via email, they also come on a Teams or Webex call. They provide a good service. I would rate them a nine out of ten.

Positive

It is a cloud deployment. I believe they have an on-premise option as well,  but we are not using that. We are completely on the cloud.

I was not involved in its deployment. Its deployment was done by the organization about a year and a half ago. I only manage operations, and I have been here only for about three months.

It does not require any maintenance as such. In the infrastructure code part, we update the code, but I am not sure if that comes under maintenance.

You should be a little familiar with cloud security. Otherwise, you might face a few difficulties in accessing the SentinelOne Singularity Cloud Security console. If you are a little familiar, it will be very easy for you. A completely new user without a technical background can get a bit confused by the naming conventions in the GUI.

I would recommend SentinelOne Singularity Cloud Security to others. Overall, I would rate SentinelOne Singularity Cloud Security an eight out of ten.

As a financial institution, we rely on SentinelOne Singularity Cloud Security as our single source of truth for both CSVM and CWPP data. SentinelOne Singularity Cloud Security provides us with essential security benchmarks, including those for Kubernetes deployments and CSVMs. It also allows us to monitor our overall cloud security posture and identify vulnerabilities for remediation. SentinelOne Singularity Cloud Security serves as a centralized platform for all our cloud security metrics.

We rely on SentinelOne Singularity Cloud Security for all our reporting needs. It serves as a comprehensive tool for vulnerability management, ISC management, and reporting on hard-coded secrets. Additionally, it functions as a source for vulnerability identification.

The security engine provides a large vulnerability database. While it's not exhaustive, it's a valuable resource due to its significant size and well-organized data. This database allows for effective security management and vulnerability identification.

I would rate SentinelOne Singularity Cloud Security's meant time to remediation abilities a 10 out of 10.

SentinelOne Singularity Cloud Security helps the collaboration between our cloud security app developers and AppSec team.

The user interface is well-designed and easy to navigate. Our security team relies on it for several tasks. They can use it to retrieve Jira tickets and assign them to the appropriate teams for resolution. This functionality helps them identify and address vulnerabilities efficiently.

I'm not convinced that SentinelOne Singularity Cloud Security's features offer significant value for our SecOps team. While it might be useful for stakeholders and management to have a tool that aligns with business goals and provides insights, we could potentially achieve this with open-source CSPM tools. In its current state, I don't see SentinelOne Singularity Cloud Security directly addressing our specific needs.

While agentless vulnerability scanning is a positive feature, SentinelOne Singularity Cloud Security lacks the ability to effectively group and customize the provided metrics. This creates a significant limitation, as we cannot easily create the specific metrics that are most useful for our needs. For example, if we want to group a specific set of metrics by a particular label or namespace, there is no straightforward way to do so within SentinelOne Singularity Cloud Security. The UI offers visualizations for the provided metrics, but it lacks the functionality to segregate and customize them. This inability to create user-defined metrics is a major drawback of SentinelOne Singularity Cloud Security.

SentinelOne Singularity Cloud Security helped reduce the number of false positives in the previous version of SentinelOne Singularity Cloud Security 1.0. Users reported a high volume of false positives with the newer version, and it wasn't clear how SentinelOne Singularity Cloud Security 2.0 would address this issue. Additionally, users have to manually mute many false positives in SentinelOne Singularity Cloud Security 2.0, which is a significant drawback.

I would rate SentinelOne Singularity Cloud Security's mean time to detect ability a 6 out of 10.

While Cloud Security Posture Management tools offer valuable functionality, selling a product solely based on open-source CSPM solutions can be challenging. To differentiate themselves, SentinelOne Singularity Cloud Security should focus on two key areas: security and workload protection within the CI/CD pipeline. Firstly, SentinelOne Singularity Cloud Security needs to provide robust security features beyond basic CSPM capabilities. This could involve advanced threat detection and mitigation functionalities. Secondly, workload protection within the CI/CD pipeline is crucial. Here, SentinelOne Singularity Cloud Security should offer insightful metrics that are well-organized and allow for user customization. This means providing granular control over metric segmentation. Users should be able to define their own metrics and choose how they want them aggregated. Ideally, SentinelOne Singularity Cloud Security should allow users to import custom metrics and create custom segregations based on their specific needs, such as namespaces or custom levels. For example, if SentinelOne Singularity Cloud Security gathers metrics from Kubernetes clusters, users should be able to define their own metrics alongside the pre-defined ones and organize them into relevant categories. This level of customization allows stakeholders to focus on the metrics that matter most to them, potentially reducing the overwhelming volume of data from thousands of records to a more manageable set of hundreds. In conclusion, SentinelOne Singularity Cloud Security should prioritize UI improvements and offer advanced data segregation capabilities to truly stand out in the marketplace. This will empower users to tailor their security posture management experience to their specific needs.

SentinelOne Singularity Cloud Security's current documentation could be improved to better assist customers during the cluster onboarding process. Providing comprehensive documentation with clear and abundant examples would greatly enhance the user experience for new customers. This would empower them to set up their clusters efficiently and effectively.  

I have been using SentinelOne Singularity Cloud Security for 1.5 years.

SentinelOne Singularity Cloud Security seems to be stable, with no reported crashes. However, there's also not a lot of traffic going through the service. It's unclear exactly what SentinelOne Singularity Cloud Security does internally.

There aren't many users who actively add technical details to run SentinelOne Singularity Cloud Security's tools. Additionally, it seems we don't actively incorporate new features. Ideally, clients should share proper answer keys so we can identify if their app crashes.

If we could onboard more users, we could potentially gain access to more resources. However, a recurring issue is missing data. Clients sometimes provide extensions, but clicking on them reveals no information. This lack of data is a significant drawback, even though the system itself seems stable.

SentinelOne Singularity Cloud Security is scalable and supports multiple tenancies with no drawbacks.

As a mature organization, we expect a higher level of service from our technical support providers. Unfortunately, we've found that the responses from SentinelOne Singularity Cloud Security's technical support team have been repetitive and not particularly helpful, especially considering the cost of their services. 

Neutral

The initial deployment is straightforward.

It doesn't take more than 30 minutes to deploy SentinelOne Singularity Cloud Security into an organization using any cloud platform.

One person can complete the deployment. 

SentinelOne Singularity Cloud Security's primary advantage is its ability to consolidate multiple tools into a single user interface, but, beyond this convenience, it may not offer significant additional benefits to justify its price.

I would rate SentinelOne Singularity Cloud Security 5 out of 10.

Our organization primarily relies on our internal scanning tool for IaC security. While many industry tools utilize open-source IaC scanning solutions under the hood, we haven't found significant value in adopting SentinelOne Singularity Cloud Security's specific IaC offering. This solution might be more beneficial for organizations lacking dedicated SecOps teams, but its additional cost is a factor to consider.

It should transition from an agent-based system to an agentless one. This is crucial because many industry tools are moving in this direction, and SentinelOne Singularity Cloud Security should follow suit. They should also introduce more features, improve security compliance, and place greater focus on Kubernetes, RBAC systems, and visualization. If they do choose to maintain an agent-based system, they should significantly improve their metric collection capabilities. This would be beneficial because currently, customer response times seem to be slow. By addressing these requirements, SentinelOne Singularity Cloud Security can ensure continued growth.