SentinelOne Singularity Cloud Security Reviews

My company is trying to get an ISO certification by the second quarter of 2024, so we have been resolving certain security issues for the past year.

I use the solution in my company, where we have alerts coming from SentinelOne Singularity Cloud Security, especially if any security threats are there. Our company's primary concern in using the tool is to get the ISO certification. My company wants to get our infrastructure to meet ISO standards so that there won't be any issues while getting ISO certification.

With the product in my organization, I feel that we are more secure now, and our services have become better. My company gets to know if we are doing something right or wrong based on the scans that SentinelOne Singularity Cloud Security deploys. My company doesn't have to care much about security because SentinelOne Singularity Cloud Security takes care of it for us. My company also knows what all the best practices are there for each resource, which gives us a boundary of what we can do.

Most of the time, I have looked at the tool's dashboard to keep an eye on how much of my company is compliant regarding certain areas since we are eyeing ISO 22000 and ISO 22001. I just love the tool's dashboard, though I have not used it in depth. I like the dashboard mainly, and I know that all sections of ISO certification have been completed. I have not used the tool that much, but under that dashboard itself if I just click on the certification part, which states that 93 percent has been completed, it will show me the subcategories of what all things are still pending or how much percentage of it is still pending, and how many areas are yet to be resolved in relation to some of the resources. The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best features.

When I joined my organization, I saw that SentinelOne Singularity Cloud Security was already implemented. I started to use the tool's alerting features and dashboard functionalities. Considering how much I used the product, I don't see any areas in it where improvements are required since everything seems fine.

Sometimes, there are alerts that don't have proper messaging attached. The tool can improve the alerting notifications. In SentinelOne Singularity Cloud Security, the alerts also show the affected resource that has a particular issue, but sometimes, the account shows as not applicable, and it isn't very helpful since you need to know the account the tool aims to point out.

The alerting system of the product is an area that I look at and sometimes get confused about. I feel the alerting feature needs improvement.

I have been using SentinelOne Singularity Cloud Security for more than a year. My company is a customer of the solution.

My company has not experienced bugs, downtime, or any other issues in the product.

Stability-wise, I rate the solution an 8 out of 10.

It is a scalable solution. Scalability-wise, I rate the solution a 7 out of 10.

My company's tech team consists of twelve people and around ten to twelve people use the product.

I rate the technical support an 8-9 out of 10.

Positive

The solution is deployed using the cloud services offered by AWS.

SentinelOne Singularity Cloud Security regularly sends us messages on Slack for cloud security monitoring if it finds a certain security threat. If the area revolving around the security threat is something my company wants to look into, we just quickly check the product to see if there is a quick fix, and if there are no solutions, then we find a way to deal with it. A person from our company's team regularly tries to fix all the issues raised by SentinelOne Singularity Cloud Security so that it is ISO compatible, and right now, my company is close to achieving it.

Speaking about the issues my company was trying to resolve by implementing SentinelOne Singularity Cloud Security in our environment, I would say that whatever issues the tool has raised till now are related to certain policies that we might not have implemented in our IAM. There should only be certain roles that can access certain resources. The aforementioned area consists of the types of issues my company is currently trying to resolve so that we stay up to the mark. In my company, we don't have any regular threats that come up, but they are mainly used in regard to policies.

Considering how much I have used it to date, I can say that it is an easy-to-use product. However, I have not used the product in-depth, so I can't comment much about it.

If I assess the evidence-based reporting for helping prioritize and solve important cloud security issues, I would say that the concerns raised by the product are valid ones, and it is important to deal with them. Though I am not sure what the question entails, I feel that the issues raised by the product are proper, and they should be resolved before actually implementing its features.

I think it is very important for the solution to include proof of exploitability in evidence-based reporting. You have to know what things might go wrong if an issue is not resolved, and it makes it easier for us to assess key issues and to decide which areas should be taken into priority, considering what potential issues might crop up in the long run or short term. In general, SentinelOne Singularity Cloud Security is a quite helpful tool.

The most valuable feature of the tool in terms of real-time threat detection stems from the alerts my company receives via Slack. I think the alert feature is something I have majorly looked into, but I haven't explored many of SentinelOne Singularity Cloud Security'd features.

Whether the compliance monitoring capabilities of the tool have benefited our organization or not is something that we will get to know soon via its results in the next two or three months. My company is very close to getting ISO certification with SentinelOne Singularity Cloud Security's help. I think if it gave our company a demo compliance feature, it could be helpful.

The product's UI is good if I speak about the impact of its ease of use on security operations. The UI is very easy to navigate. Basically, I was able to navigate through the tool's dashboard. Overall, the tool's UI structure looks good.

My company has rarely had to deal with an incident involving a false positive with SentinelOne Singularity Cloud Security in place, and I believe that it happened at the end of the previous year. After that, my company didn't need to deal with any false positives. With SentinelOne Singularity Cloud Security, the chances of seeing a false positive are rare.

In terms of risk posture, after going through the recommendations provided by SentinelOne Singularity Cloud Security during the implementation phase, I feel that my solution has helped my company get better and more secure because now we are less vulnerable to attacks. Overall, I think that the product is good for improving an organization's risk posture. In my company, we don't have any doubts about using the product since everything feels right with it.

The tool has reduced the mean time to detect risks since, with the use of the tool, it has become faster as it is now done automatically. In my company, I operate in a very small team where we don't have a specific person or department giving us insights about a particular tool. The tool has reduced the mean time to detect risks by more than 50 percent. My company never scanned our own infrastructure until SentinelOne Singularity Cloud Security did. Until my company had it in mind that we wanted to get an ISO certification, we never scanned our infrastructure.

The mean time required to remediate is an area that has improved a lot. My company has never tried to resolve any issues since we have never detected any problems. The mean time to remediate has improved by more than 50 percent.

The product can make the collaboration between cloud security application developers and AppSec teams better. In my company, we only have one team, and we don't have a few departments.

The product has helped my company save a lot of engineering time because we don't have to put up physical resources to do many things, as they are managed automatically. In my company, we just have to employ one engineer to resolve everything. My company doesn't actually have to spend time detecting issues and then solving them as the tool solves them for us.

I have not integrated the tool with the existing solutions in my company's infrastructure or workflows. I use it as a standalone product in my company.

The product is used in just one location.

I don't think that the product requires any maintenance. I don't think that my company does any maintenance for SentinelOne Singularity Cloud Security.

I recommend the product to those who plan to use it. I think the tool has a very good alerting system. The tool also gives a proper description of resources and alerts. I think that the tool is very good for meeting the certification compliance requirements.

I rate the overall tool a 9 out of 10.

We use SentinelOne Singularity Cloud Security to secure our IT infrastructure and fix vulnerabilities. For example, it tells us if our resources have been inappropriately made public. We provision our infrastructure on AWS and GitHub. SentinelOne Singularity Cloud Security finds vulnerabilities across our entire network and secrets in our GitHub repositories. It also helps us manage our cloud configurations and security groups. 

SentinelOne Singularity Cloud Security is integrated with Metabolic, Opsgenie, and Slack for notifications. It's also integrated with our security team. They are using a script to correlate the data from SysTrack. 

When I joined the organization, we didn't have this kind of security tool in our infrastructure. SentinelOne Singularity Cloud Security helps us secure any resources that were mistakenly made public and other vulnerabilities. Initially, we were primarily focused on projects, not on the security side, but we were dealing with some system vulnerabilities that hackers could exploit, like publicly accessible resources. The detection is highly granular. It gives you small vulnerabilities and very new types. 

The SentinelOne Singularity Cloud Security team will help you reduce false positives quickly. When we first used SentinelOne Singularity Cloud Security, false positives were high, so we contacted the team. They did some testing and modifications, and the problem was solved in one or two days. 

The mean detection time has drastically reduced. The detection time varies depending on what we're scanning. When we're scanning GitHub, it takes 7 to 10 minutes. On the cloud platforms, it depends on resource availability. It takes 10 minutes on the high end, but the mean is about 1 or 2. Overall, it has been reduced by about 10 percent. 

The remediation time is up to us. SentinelOne Singularity Cloud Security just detects it, but it gives us an assessment and recommendations, making it easier to resolve. When we fix a vulnerability for a particular resource, the issue will not occur again. 

SentinelOne Singularity Cloud Security can integrate all your cloud accounts and resources you create in the AWS account, We have set it up to scan the AWS transfer services, EC2, security groups, and GitHub. Using SentinelOne Singularity Cloud Security's evidence-based reporting, we can rank the severity of issues as critical, high, medium, etc. Having the ability to prioritize security issues is crucial for any organization. 

One good thing about SentinelOne Singularity Cloud Security is that it gives you a consolidated view of compliance and vulnerabilities. We can follow SentinelOne Singularity Cloud Security's guidance and comply with those use cases. When you get an alert, they explain how to resolve those issues. 

The user interface is excellent because we see everything in a single panel and can manage all the operations from one portal. It's integrated with Slack, so we can coordinate on the open tickets. We can also mute notifications. The interface is straightforward and easy to use. Anyone can use it.

The offensive security engine is a helpful feature in cases like when a developer leaves some API element exposed, and we can view the potential exploit path. It's helpful when we are deploying any AWS account or service because all our systems depend on AWS.  When the service is initially deployed, we can see what happens and get all the details about anything that depends on it. 

When you find a vulnerability and resolve it, the same issue will not occur again. I want SentinelOne Singularity Cloud Security to block the same vulnerability from appearing again. I want something like a playbook where the steps that we take to resolve an issue are repeated when that issue happens again. 

We have used SentinelOne Singularity Cloud Security for more than 2 years.

I rate SentinelOne Singularity Cloud Security 9 out of 10 for stability. We've never had any glitches. 

We've had no issues with scalability. We've onboarded about 6 or 7. There is no digital investment. You can integrate multiple accounts from various providers. 

The support team was valuable during the initial stages. SentinelOne Singularity Cloud Security contacted us every three weeks. They checked our infrastructure and reviewed all the issues that we were incorporating into the system. They took direct responsibility for the system and could solve queries quickly.

Positive

Previously, we were using the native tools of each cloud provider. For example, we used GuardDuty on the AWS.

Deploying SentinelOne Singularity Cloud Security is straightforward. You can onboard new AWS accounts in five to 10 minutes, and it will start scanning very quickly. They give you a script to run on AWS. You can enroll your accounts based on the template, and it starts collecting data. We onboarded six or seven accounts. It hardly took any time. It's a SaaS solution so we don't need to maintain it. We only need to do the onboarding. 

I rate SentinelOne Singularity Cloud Security 7 out of 10. SentinelOne Singularity Cloud Security isn't a unique solution. Other solutions have the same features, but I like SentinelOne Singularity Cloud Security because it's simpler to use. It doesn't require any maintenance and the scalability is good. However, I think other solutions can give the same level of detail and insight. 

We use SentinelOne Singularity Cloud Security to identify cloud security misconfigurations, ensuring compliance with Cloud Security Posture Management and Cloud Workload Protection Platform best practices, as well as relevant regulations in India. We also integrate SentinelOne Singularity Cloud Security with our GitHub repositories that store our hard-coded secrets.

We renewed our contract with SentinelOne Singularity Cloud Security for another year because it's extremely easy to use. The user-friendly UI, along with its integration with Jira and the ability to consume alerts through Slack, make it a valuable tool for our team.

Evidence-based reporting facilitates addressing complaints related to mandatory controls. SentinelOne Singularity Cloud Security offers an option for high-alert items to be kept publicly available if we're confident we have appropriate controls implemented.

SentinelOne Singularity Cloud Security's agentless vulnerability scanning has identified a significant number of vulnerabilities.

SentinelOne Singularity Cloud Security's evidence-based reporting, particularly its proof of exploitability, is highly valuable. For example, their recommendations significantly reduce investigation time and allow us to easily research vulnerabilities using tags. This targeted approach helps stakeholders prioritize and address critical vulnerabilities efficiently through the dashboard.

We utilize the offensive security engine, but fortunately, it doesn't detect many vulnerabilities. It primarily identifies publicly known patch versions and the exposure of the SMTP service. On the other hand, I would rate the ASM functionality an eight out of ten.

IaC scanning has been effective in identifying code-level issues whenever infrastructure as code is scanned.

SentinelOne Singularity Cloud Security automatically populates and maps our network, identifying any misconfigurations within the first two hours of deployment.

It has reduced false positives by around 90 percent.

Our mean time to detection has been improved, especially for critical areas. Our mean time to remediation has been improved as well.

SentinelOne Singularity Cloud Security has improved our risk posture by providing visibility into our cloud infrastructure.

SentinelOne Singularity Cloud Security improved the collaboration between the cloud security application developers and the app security team.

It helped our developers save time.

SentinelOne Singularity Cloud Security offers an intuitive user interface that lets us navigate quickly and easily. Additionally, its identification feature allows us to customize rules and configurations in the cloud.

IaS scanning identifies misconfigured code within GitHub repositories. This represents a "shift left" approach to security.

Customized queries should be made easier to improve SentinelOne Singularity Cloud Security. 

I have been using SentinelOne Singularity Cloud Security for one and a half years.

While SentinelOne Singularity Cloud Security is stable for around 90 percent of the time, there are occasional glitches in the UI. However, as a security tool, our primary focus is on the results it delivers, rather than the aesthetics of the dashboards themselves.

Scaling SentinelOne Singularity Cloud Security is easy. We recently integrated with AWS and it went well.

We regularly contact the technical support team about some UI glitches. We provide them with feedback on these glitches regularly. Additionally, we would like to see some new features added to Jira when creating tickets. We've also been in touch with the technical support team about this.

The technical support team's responses are good and have been improving.

We've noticed a decline in their response times lately. This could be due to the recent acquisition of SentinelOne Singularity Cloud Security by SentinelOne. Previously, their response times were much faster.

Positive

The initial deployment was straightforward.

Deploying SentinelOne Singularity Cloud Security is a quick process that involves creating a dedicated service account, granting the necessary roles to the service account, and attaching the service account to SentinelOne Singularity Cloud Security.

The total deployment time took around 15 minutes.

The implementation was completed in-house.

The features included in SentinelOne Singularity Cloud Security justify its price point. The agent-level monitoring for Kubernetes clusters is particularly valuable and could support a modest price increase.

Our evaluation of Prisma Cloud and Trend Micro on an open-source platform for identifying misconfigurations yielded a high number of false positives, limiting its effectiveness. We chose SentinelOne Singularity Cloud Security based on the price and the ease of use.

The setup and cleanup need to be done first to get things organized. This makes SentinelOne Singularity Cloud Security a much easier option than the other products we evaluated, which were all very complex. So, we won't be jumping straight to CWP. Instead, we'll focus on securing our perimeter. We believe SentinelOne Singularity Cloud Security can solve this issue, and the support we received during the proof of concept was also very positive. Considering all these factors, we decided to go with SentinelOne Singularity Cloud Security. 

I would rate SentinelOne Singularity Cloud Security nine out of ten.

SentinelOne Singularity Cloud Security does not require maintenance.

It is easy to use, but it works best when you have established organizational practices in place. If you feel this is critical, don't hesitate to address it directly. Integrating SentinelOne Singularity Cloud Security is straightforward, so there's no need to worry about that. It's a ready-made solution that can be integrated with just a click. You can then address the specific issues you find most important. Ideally, integrate all your relevant sources during onboarding, such as GitHub or any cloud accounts you use. This ensures you capture everything from the start and get the best possible results.

We use Singularity Cloud Security to monitor our infrastructure and ensure it meets all security and compliance standards. The solution helps us maintain and strengthen our security posture. Singularity covers our AWS environment, Kubernetes clusters, and some of our GitHub repositories.

Our organization is growing steadily, so our infrastructure is expanding, and we're managing more technical resources. Singularity Cloud Security helps us track our resources so that we don't get lost in the overwhelming volume of things and ensures we follow best practices. The solution gives us better visibility into our resources and enables faster resolution. 

Another advantage of Singularity is compliance. I work in the payments industry, where regulations are strict.  Maintaining everything and ensuring all the resources meet compliance standards is challenging, but Singularity Cloud Security enables us to do that while saving a lot of time. 

Singularity has helped us reduce false positives, but it has also introduced some. Still, it's significantly less than many of the other tools we use. If we deal with fewer false positives, the technicians have more bandwidth to work on real issues. We don't need to spend time on the analysis and can focus on fixing the vulnerabilities and ensuring compliance. 

The solution has improved our security posture considerably. In the finance industry, we can't function if we aren't compliant. The better our security posture is, the more compliant we are. By reducing vulnerabilities, we have eliminated risk factors in our systems.

Our remediation time is shorter. It's easier to identify vulnerabilities. We don't need to do much analysis before fixing vulnerabilities. About 90 percent of the time, we can identify the correct problem instantly and begin remedying the finding. It has saved a lot of time. It takes us only one or two days to remedy critical issues, whereas it previously took two weeks. Our mean detection time has dropped from about a week to one or two days.

The solution has given us a lot of insight into cloud security. It shows us some best practices that many people in the company do not know. Singularity finds those weak spots and educates us on the latest best practices to follow. The next time we deploy changes to our infrastructure, we change our policies and designs based on the recommendations. 

Singularity Cloud Security's UI is clean, simple, and easy to use. When I started using it, I found it easy to learn what things are. Everything is explained in detail. It's always up to date with the latest technologies, such as AWS Kubernetes. They keep on top of trends with new features and updates.

The solution has a mapping feature that allows me to write my own queries and better understand my resources. It also offers some help with security controls on their end, suggesting best practices that you can use to write custom queries or standards. We have the flexibility to customize our infrastructure based on our needs. 

Singularity's evidence-based reporting rates my alerts so I can see which ones to prioritize and identify the critical vulnerabilities. It provides a highly detailed description of each vulnerability and the resolution steps. I can triage all the findings from one place and apply different filters based on my preferences.

The offensive security engine is another major feature. We use it for our infrastructure and machines to see if we have an exposure or liability. It takes some time, but the vulnerability reports are highly accurate. It saves us some time because we don't need to verify all the vulnerabilities. We just have to go fix them.

The detection time could be better. It takes a long time to scan. I'm not sure how long other tools take for the same amount of scanning, so I cannot compare it with other tools, but it takes us half a day to a full day to complete the scan. I want to get the reports faster so we can start fixing the problems. 

The proof of exploitability is another area for improvement. While I have all the information to troubleshoot the problem, it isn't detailed enough for an administrator. It has sufficient information for a general user, but an administrator would like to know all the ins and outs of the vulnerabilities that have been reported. 

I would like to see the map feature improve. It's good, but it isn't fully developed. It lets us use custom resources and policies but does not allow us to perform some actions. I would also like more custom integration and runtime security for Kubernetes.

We have used Singularity Cloud Security for about eight months. 

I haven't seen any major stability problems. There are some minor issues but they are rare. Overall, it has been a smooth experience.

Singularity is scalable. It has one UI that can be integrated easily with multiple backends, so we have all the data in one place and we can do whatever we want with it. 

I rate SentinelOne support eight out of 10. Their support team is proactive. It has been a while since I connected with them. They helped me with all my questions quickly. It was an excellent experience. 

Positive

I have worked on other infrastructure-as-code tools and other tools for various functions that Singularity performs, such an AWS Inspector, but now we use Singularity for most of it. 

The initial setup is not a very complex process. Because of the large number of resources, we have so many places where we need to integrate the solution repeatedly. It's easy to set up new places or add integrations. The initial setup took two to four weeks. That was how long it took to go back and forth and cover everything. 

We did a PoC first, which wasn't very hard. Our deployment team consisted of three or four people. The vendor team was very helpful when they deployed everything on our infrastructure. They helped us set up all the necessary permissions. 

The return on investment has been good. Singularity offers a lot of flexibility to focus on different aspects because it gives us a lot of information and helps us maintain the observability of all our resources. That is something that we value because of the sheer volume of resources we have. We couldn't do that manually or using some other tools. 

I rate SentinelOne Singularity seven out of 10. It's a solid product and I recommend checking it out. It has some excellent features, observability, metrics, etc. It's very cool.

We use SentinelOne Singularity Cloud Security to check for misconfigurations and vulnerabilities in new infrastructure or applications we deploy on AWS. All of our accounts are integrated. When we deploy new services, it highlights any misconfiguration or lack of encryption. We return to our applications and try to fix the issues immediately. The company has about 25 SentinelOne Singularity Cloud Security users across three teams and five cloud environments, including production. SentinelOne Singularity Cloud Security covers all five. 

SentinelOne Singularity Cloud Security saves us time finding misconfigurations and encryption issues. It helps us troubleshoot why data is not encrypted or why it's sitting idle for a long time. We previously had a separate team investigate the environment for security issues, like public IPs or anything like that. SentinelOne Singularity Cloud Security saves us time equivalent to a whole team. It reduces the time spent on these tasks by about 30 percent. It has reduced our remediation time by around 10 percent.

Another benefit is security compliance. It gives us the security reports, and we implement the recommendations according to best practices provided by the team. We were around 60 percent compliant when we started. Our SentinelOne Singularity Cloud Security security compliance score is now 99.4 percent. 

Recently, we were migrating a database from on-prem to AWS. After we successfully migrated it, SentinelOne Singularity Cloud Security discovered that it was using default ports and that no audit or error logs were enabled. It highlighted that issue within 30 minutes. Before we went live, we reconfigured all the databases, and SentinelOne Singularity Cloud Security helped us. 

The most valuable feature is SentinelOne Singularity Cloud Security's feedback about the severity and impact of a misconfiguration and the best practices for resolving it. It's helpful to anyone who's using the tool. Even if you're unfamiliar with the issue, SentinelOne Singularity Cloud Security will give you a detailed description of everything that went wrong and how to fix it. 

If your account is integrated, SentinelOne Singularity Cloud Security's evidence-based reporting gives you an alert with the severity. Before you go live or pass it off to the other teams, so you know all the issues and misconfiguration in your infrastructure. You can fix it before passing it to the other team, and you are confident you are using the best practices. It reports weekly on the number of issues discovered and how many tickets we've closed. 

The proof of exploitability is critical. There are a few scenarios where I need to explain the misconfiguration to the team. Before SentinelOne Singularity Cloud Security, I had to provide the evidence and screenshots to demonstrate the misconfiguration on our end, but now SentinelOne Singularity Cloud Security takes care of all that, saving me time. As someone leading a team, I spend half as much time on these tasks.  

It separates the issues, dividing cloud-based misconfigurations from container-based or web-based ones, so we can forward them to the appropriate team. This separation is required for organizations that have multiple teams.

SentinelOne Singularity Cloud Security is easy to use. After one login, you can understand everything. The console UI is very user-friendly.

When we get a new finding from SentinelOne Singularity Cloud Security, I wish we could get an alert in the console, so we can work on it before we see it in the report. It would be very useful for the team that is actively working on the SentinelOne Singularity Cloud Security platform, so we can close the issue the same day before it appears in the daily report.

We have used SentinelOne Singularity Cloud Security for nearly 3 years. 

I rate SentinelOne Singularity Cloud Security 9 out of 10 for stability. 

I rate SentinelOne Singularity Cloud Security 9 out of 10 for scalability. 

I rate SentinelOne Singularity Cloud Security support 8 out of 10. 

Positive

Before SentinelOne Singularity Cloud Security, we were using AWS GuardDuty. We adopted SentinelOne Singularity Cloud Security because we established a dedicated team for security compliance. 

SentinelOne Singularity Cloud Security is a cloud-based platform, and the setup was pretty straightforward. They provided all the necessary documentation, and we had a call with the SentinelOne Singularity Cloud Security team to help us get started. The deployment was fast—it took less than 20 minutes. Four people were involved, including the SentinelOne Singularity Cloud Security team. After deployment, it requires no maintenance. It's good to go once you set it up. 

You can expect a decent return on investment from SentinelOne Singularity Cloud Security. It's better to use tools like SentinelOne Singularity Cloud Security to improve security and compliance. I estimate the ROI is around 25 percent. 

I rate SentinelOne Singularity Cloud Security 9 out of 10. I would recommend SentinelOne Singularity Cloud Security to anyone. It saves time, makes your environment more secure, and improves compliance. SentinelOne Singularity Cloud Security helps with audits, ensuring that you are following best practices for cloud security. You don't need to be an expert to use it and improve your security.

Singularity Cloud Workload Security gave us the visibility we needed and freed up time to do other tasks. It narrows down the false positives that we got with the previous solution.

We use Singularity Cloud Workload Security to detect threats and protect our assets. We look at the threats that come in and whether they're being blocked. We use Singularity Cloud Workload Security as an anti-malware threat management product.

Our previous product took a lot of man hours to manage. Once we got Singularity Cloud Workload Security, it freed up our time to work on other tasks.

We had a couple of issues with the solution's deployment. We had to deploy the agent, and sometimes there were issues. It feels like we're battling a version of the software when we have to deploy an agent over another agent. It would be really helpful if the solution improves its agent deployment process.

I have been using Singularity Cloud Workload Security for over a year.

I haven't heard from our team about any stability issues with Singularity Cloud Workload Security. Singularity Cloud Workload Security is more stable than our previous solution.

Singularity Cloud Workload Security handles anything we throw at it. The scalability is good.

When we have an issue, an online engineer from their group helps us resolve it within an hour or two. I haven't heard anything negative about the solution's support from our team.

Positive

I was involved in the selection and the proof of concept process. I wasn't on the call for the installation, but I overheard our two engineers involved in the solution's installation. The solution's deployment was pretty quick, and they installed it in one day.

We implemented the solution with an in-house team.

Singularity Cloud Workload Security's licensing and price were cheaper than the other solutions we looked at. One product was a little bit cheaper, but its functionality and the overall product weren't as good as Singularity Cloud Workload Security. One of the vendors' prices was almost double what we would get thus far. Talking to their engineer and salesperson put our minds at ease when we got it. We knew they would be there for support, and they have been really good.

I'd ask users to take a good look at Singularity Cloud Workload Security because it brings a lot of value to the table. For its price, the solution does a good job compared to some other solutions.

Singularity Cloud Workload Security’s automated remediation works great.

The solution’s real-time detection and response capabilities work great for us. It frees up time, unlike our previous solution, where we had a lot of false positives. 

It's granular, and you can take a deeper dive into something if you need to. You can analyze and get a verdict. It's easier to narrow it down and pinpoint it with more detail.

The solution helped reduce our organization’s mean time to detect. Singularity Cloud Workload Security is quicker than our previous solution. We are a small group of just five people, and we have to do instantaneous detection to stop things from coming in quickly. We like that part a lot.

The solution helped reduce our organization’s mean time to remediate. It lets us analyze an incident, report the status quicker, and escalate it quicker than our previous solution.

Singularity Cloud Workload Security helped free up SOC staff to work on other projects. It probably freed up 10 to 15 hours a week. Before, we spent a couple of hours a day sifting through events and trying to see if they were false positives. The solution freed up a lot of time.

We have seen an impact on our organization's productivity using Singularity Cloud Workload Security. With the freed-up time, we're able to do a lot of other work. We use other products and look at phishing emails. It frees up our time to study more than we did in the past.

I would have users look at their visibility across their environment. The solution's quick response to threats, ability to act on them, automated incident response, and forensic investigation capabilities are really good. The solution provides you with 24/7 threat monitoring detection.

We work eight hours a day when we have someone on call. It's nice to know someone else is also looking at our events. They're there to dive in with us when we need them to help increase our team. Even though they're not on our team, they're there to help us.

Overall, I rate Singularity Cloud Workload Security a nine out of ten.

We are a relatively smaller organization of roughly 250 people. We utilize SentinelOne for patch management, vulnerability assessments, and remediation. So whenever one of our users has an issue on their machine, we get an immediate notification to let us know what that intrusion, infection, malware, whatever it might be, where it is, what file may have caused it, and then we can immediately take action. 

There are also default settings for ensuring the software that SentinelOne installs on all our client machines. The latest agent is up to date everywhere. They have a couple more insights, however, that's our main use case.

The big thing for us was just having optics on vulnerabilities, being able to ensure that we have a secure way to get month-over-month assessments of our security stats, and ensuring that there's something in place that can make sure that we're secure. We also wanted something that could keep up with current demands without having any sort of interference or impact on the user's end.

The biggest thing for us is the level of minimal intrusion on our user's experience. The previous EDR we were using, Sophos, was not ideal. Whenever an update came out, there would be different things that were affected. At one point, an update from Sophos had completely disabled public Wi-Fi for our users. And when dealing through their message boards, dealing with their support, they, unfortunately, did not have a resolution other than disabling security elements of their software. With SentinelOne, we have not seen a single instance of that. You can get down to the user level of tweaking different elements of their security system. You can even quickly add exclusions based on rules. Being able to tailor to our users and making sure that our users don't feel like something is running on their machine is the biggest advantage.

The remote shell and the remediation are the two that really stand out as valuable features. The remote shell function that it offers is something that I use almost daily. It allows us to quietly and discreetly sign in on a user's computer, but only as admin. It prevents any sort of security issues or security risks to a user, which would be probably our favorite. 

The remediation is really nice as it gives a very clear understanding of where a file came from. For example, in our use of it, there are a couple of files that we had that we didn't even know that we had. There was software that no one was aware was installed on these machines more than three years ago; we actually learned about that software once SentinelOne was installed. The level of optics it gives you is just incredible.

With that software, as soon as we installed SentinelOne, there were a couple of different applications and software that were immediately flagged as tracking user information and things like that. We found out that there was actually some sort of remote surveillance software that the past iteration of the IT team had installed and tested that just never got removed. We ended up tracking down the vendor for that and getting their assurance that that was no longer being used.

The real-time detection and response capabilities overall are great. I've never used anything that was as fast as this. The software that we used to use, Sophos, was comparable, however, it had a noticeable impact on the user. The bigger thing for me is that there isn't an impact on my end users. When we are actually running a scan, let's say, if we find that there's an impact, it's very quick. We've tested it by throwing malicious software onto our test machines just to see how quickly SentinelOne actually picks it up. And it's literally within seconds. When you actually do a scan, you can scan your higher fleet, and it's done relatively quickly as long as those machines are powered on. And it will act the second that those machines power on and connect to the Internet again to get that signal.  I've never used anything as quick, personally. 

The forensic visibility into the Linux terminal is not something we use as we actually don't use any Linux machines ourselves, so I couldn't speak to that. As far as visibility goes, we're primarily a Mac organization, and we have ten percent of our users on PC. As far as Mac goes, the visibility is fantastic. Same with the PC side of things. 

The historical data record, from what they had shown us in the demo, looks pretty incredible. We thankfully have not suffered an attack that required historical data. 

In terms of our mean time to detect, I don't think we ever had it. Since we're a small organization, we haven't had any real issues with genuine malware attacks. I can't speak to a scenario where while we were on Sophos, we experienced one. When we've had security audits that have tried to pen test for us, we have not had any issues with SentinelOne whatsoever. Every time that we've attempted to see how accurate and how quickly it can detect an infection or intrusion, it's being caught immediately.

The same is true for mean time to remediate. Any remediation that we do, for example, as soon as we block off a file, the automatic remediations are nice. In the event that we want to have something behave differently on another machine, we can quickly change that once we see it in any incident log. Setting those permanent rules is very helpful since, if you know something's malicious, chances are you don't want it showing up anywhere else.

The product has helped free up your SOC staff to work on other projects or tasks. The work that we used to have to do with our previous provider in going through our vulnerability assessments on a monthly basis and in trying to track down the install path of different applications was a headache and a half. With SentinelOne, the application management, and vulnerability assessments, are easy. You can see directly to the file path. It cuts a significant enough time out of our day.

It's had a positive impact on our overall productivity. Being able to dig through and find applications faster has drastically cut down our vulnerability position. When we first started using Singularity, we were somewhere in the thousands. Within the first month of having used it for our vulnerability assessments, we were down to just 1600, and now we're sitting well under the 500 mark when it comes to critical vulnerabilities. It's been very drastic and exponential at that. Now, any time a vulnerability does pop up, it's very quick and easy for us to track down where it is and take immediate action.

The interoperability with third-party solutions is fine. We don't currently use Kubernetes in our organization, however, we do utilize a VPN and it has no issues with adapting to that VPN. We also utilize different storage, including cloud storage accounts. There are no issues there either.

They've been fantastic at supporting innovation. We've had their support; they're always very responsive and very quick to give us the right advice on how we can execute what we're looking to do. Making sure that you have access to the necessary system without interrupting your user and without your user feeling at risk of their privacy being invaded is huge.

Currently, we would have to export our vulnerability report to an .xlsx file, and review it in an Excel spreadsheet, and then we sort of compile a list from there. It would be cool if there was a way to actually toggle multiple applications for review and then see those file paths on multiple users rather than only one user at a time or only one application at a time.

I've been using the solution for nine to ten months. 

I've had no stability issues at all. We have not experienced any performance decreases.

As far as deploying to more devices, there's not a problem with scaling at all. We've automated in our MDM so any device that we start in our MDM automatically installs SentinelOne, and those devices immediately show up. If we spin up a new device on Mac OS, it shows within the set the SentinelOne console within seconds.

Their support has been fantastic. They are quick to respond. 

I've never had an issue with their support. What little time I did have one scenario where it was not something that they could help with, they'd been able to provide us with all the articles and information necessary to act on it on our own, which is really all you can ask for.

Positive

We were previously using Sophos. The biggest issue that we had with them was the fact that we were a fully remote company, so a lot of our users would be traveling for client meetings or even traveling abroad for client meetings. Reliance on a secure public WiFi solution is a very big deal for us. When it comes to users on a VPN, Sophos with MacOS's more recent updates would completely cut off Wi-Fi - which was very difficult for us to work around as a remote company. Thankfully, with multiple different tests in multiple different scenarios, we've never had that issue with SentinelOne. 

The other big thing is the capability to remove a device from the network. In the event that a significant intrusion or malware, malware, ransomware, whatever it might be, is detected the ability to just isolate that one user from internet access is huge. You would hope that that's how an EDR would behave instead of completely removing all internet no matter what.

The initial setup was pretty straightforward. Our organization uses Kagi MDM. And in using that MDM solution, it was very easy for us to just quickly put together an automated installer and deploy it. 

We have multiple different groups of users, including PC and Mac. With the smaller percentage of PC users, we were able to just change the group ID in the installer, and that ensured that they were placed into the proper place for their groups. Being able to tweak and ensure that from the back end within the SentinelOne console, we could ensure that everything is set up the way we want it to be once that user gets that package installed, makes life a lot easier. You don't need to worry about signing on with a user and changing any of those settings. The installer package that they get is going to be everything that they need. Once that installs, that's it. It was very seamless. If anything, removing Sophos was the hardest part of the installation process.

We were able to deploy using a team of three people. Hypothetically, one person could do it alone as long as they are well versed in MDM.

As far as the application itself is concerned, there was no need for maintenance. You can control everything from the console. When there is a new agent to install you receive a notification when you log in to the management console. You can control when that update gets deployed to your organization. You can break it up into different groups within your organization. For ourselves, we always test on a smaller number of users. And then once we see stability, we deploy to the rest. That's what little maintenance is involved. It's a drastic improvement versus other solutions that I've used.

We were able to do the initial setup completely in-house. We were able to do that on our own. We were able to very, very quickly deploy SentinelOne to pretty much our entire fleet.

Our ability to get in and review our vulnerability stance, whether daily, monthly, weekly, or whatever it might be, has drastically improved over our prior provider. Our users have less of a performance drain when attempting to use it. That's always huge when it comes to EDR. It pretty much checks every single box for us. It's the one software in our stack that we are happiest with.

For us, the pricing is very fair. They were willing to meet our price point. With very little negotiation involved, we just let them know what we could pay and they were willing to meet us at slightly above what we paid with Sophos, which was still very fair for what we were looking at. 

We reviewed quite a few solutions. The big selling point for this product was that they were willing to work with us on a price point as a smaller organization. That was a huge reason for us actually going with them. The fact that they were willing to work with us as far as the pricing goes was the main reason that we ended up going with them. It was nice to see that they work with the little teams.

We're a customer and end-user.

We thought something as good as SentinelOne would be out of the question for an organization of our size. We assumed it would be something that's suited to larger organizations - money, obviously, being the main concern. However, the fact that they were willing to work with us changed that. Seeing that they're willing to work with smaller organizations is cool. I like that they actually give back to the tech sector that way.

I'd rate the stability ten out of ten.

I'd advise new users that they're going to need to invest a little bit of time upfront in order to make sure that their organization is set up for proper deployment. We probably spent about a week or two configuring everything and getting it to work the way we wanted. However, after that initial investment of time, the maintenance that you have to do is pretty minimal.

We currently use Cloud Native Security for cloud security posture management, leveraging both the CWP module and the authentication security tab. While we regularly utilize these features, we're planning to onboard the cloud detection and response module, along with the ISIS scanning functionality.

We implemented Cloud Native Security as a secondary control measure to complement our existing security posture. In our Prisma Cloud environment, we have a detection score threshold set at 70 or above. As Cloud Native Security was a new entrant in the market, we wanted to evaluate its capabilities. Fortunately, Cloud Native Security's unique features and policies proved valuable. For instance, Cloud Native Security detected an alert when a developer accidentally committed VS Code files to a public GitHub repository. This helped us promptly remove the VS code from GitHub.

Cloud Native Security is easy to use.

The feature that has been most effective in threat detection for our cloud environment has been the cloud visual attack tab.

Our cloud security is managed by Intel and Azure Entra. We download a report from them and send it to our team to address any identified issues.

I appreciate that Cloud Native Security incorporates evidence of exploitability into their reports, making them more reliable.

Cloud Native Security's offensive security engine excels at validating potential exploit paths and prioritizing the most critical vulnerabilities. This enables us to proactively identify and address these risks, ultimately strengthening our security posture.

Cloud Native Security has helped reduce our false positives. We can investigate and mute any false positives so they don't appear going forward.

Cloud Native Security helps us actively identify threats, ultimately improving our security posture.

Cloud Native Security has reduced our mean time to detect by 10 percent.

Cloud Native Security facilitates collaboration between our cloud security application developers and AppSec teams. This collaboration is further enhanced by a shared console that provides visibility into all active tickets. This transparency helps to reduce redundant requests, saving time.

Cloud Native Security offers a valuable tool called an offensive search engine. This tool has been helpful for us. It allows us to search for vulnerabilities and provides evidence directly on the screen. Additionally, Cloud Native Security offers a feature called Graph Explorer. This feature allows us to drill down into specific resources, search for them on the console, and view details such as open security rules and graph features.

While only 5 percent of our workload resides on the Google Cloud Platform, we would still like Cloud Native Security to be configured with automatic remediation capabilities for GCP.

In Prisma, there's a dedicated tab for managing high and medium-severity alerts. This allows us to easily enable or disable specific policies based on our current needs. With Cloud Native Security, we can't selectively enable or disable alerts based on our specific use case.

I have been using Cloud Native Security for six months.

I would rate the stability of Cloud Native Security 7 out of 10.

The only downtime we had was when switching from V1 to V2 but it was smooth.

I would rate the scalability of Cloud Native Security 8 out of 10.

The technical support is good.

Positive

For the past three years, Prisma Cloud has been our go-to security solution. Recently, we've added Cloud Native Security to our toolkit to further strengthen our security posture.

The initial deployment was straightforward. First, we onboarded the UAT account. Then, we added our product support account and other accounts. We then tested the UAT environment accounts. The entire deployment took one week to complete. Two people were involved in the deployment.   

I would rate Cloud Native Security 9 out of 10.

Our primary cloud security monitoring solution is Prisma Cloud by Palo Alto Networks, with Cloud Native Security as a secondary control measure.

We have 19 users overall in our cloud security team that utilize Cloud Native Security.

The only maintenance required is for updates.

I would recommend Cloud Native Security to others.