SentinelOne Singularity Cloud Security Reviews

I have recently used SentinelOne Singularity Cloud Security. We also have the CrowdStrike EDR tool, which is similar to SentinelOne Singularity Cloud Security and other EDR solutions. We used the CrowdStrike tool two to three months ago.

We can check multiple types of alerts and triggers, and we can analyze these. There are many types of functions such as Kill, Quarantine, and remediate rollback types of features, which we can use for client safety.

The rollback feature is the best feature because it is only used in SentinelOne Singularity Cloud Security. We have used multiple types of EDR, but the rollback feature is unique to SentinelOne Singularity Cloud Security. When many types of attacks happen in an organization, the rollback feature deletes all types of malicious files and other malware-type files and completely cleans your system. This feature is very interesting according to me.

SentinelOne Singularity Cloud Security provides many types of features such as Kill and Quarantine, which are very interesting features for security operations. There are deep visibility features, and Purple AI is also one of the best features. It is easy for security operations and incident response. We can check log analysis with the help of deep visibility, and any types of attacks, malware, and phishing attacks are detected by SentinelOne Singularity Cloud Security. Many types of security operations can be tracked and observed with the help of SentinelOne Singularity Cloud Security.

Purple AI is one of the interesting features in SentinelOne Singularity Cloud Security. Deep visibility is one of the best features in SentinelOne Singularity Cloud Security. You can find any types of logs and any types of devices through searching portals, similar to Google search. It gives you information regarding this. With deep visibility, you can search for any name. For example, we can search for any name and check what is happening with that person's laptops, what USB is connected or disconnected, and whether the network is connected or not. This is with the help of Purple AI.

According to me, there is one thing I dislike, which is the dashboard. SentinelOne Singularity Cloud Security does not provide a custom dashboard according to our mindset. There are more types of EDR that give custom dashboards, but SentinelOne Singularity Cloud Security does not provide the custom dashboard. This is the only area for improvement.

I have been working in my current field overall for the last five years, but I have used SentinelOne Singularity Cloud Security for the last two years.

We do not observe any lagging or crashing.

There is low maintenance because it is a cloud platform. It is very low maintenance according to my experience. We can observe our organization, and it is very low maintenance for small organizations. They can easily maintain this.

Technical support is the best for my side. We can raise any ticket for help from the OEM side. It gives a 10 to 15-minute reply, and for anything that is emergency, they schedule a call and solve our problems. According to me, the technical support is good. I give them 10 out of 10 for technical support.

SentinelOne Singularity Cloud Security provides the most features compared to other EDRs, and it is easy to understand. The features are very compact in SentinelOne Singularity Cloud Security, not vast types of features. It is easy to understand for both any fresher or any experienced person. The integration part is also easy compared to other EDR solutions. Newly joined persons can also integrate this because the steps are very easy. According to me, SentinelOne Singularity Cloud Security is the best compared to other EDR devices.

It is easy. Any person newly joined or not belonging to the IT field can follow the steps very easily according to me. The integration parts do not require more types of servers and anything. It is very easy to deploy, and the installation part is also good. There is only one to two minutes installing SentinelOne Singularity Cloud Security agent in each and every endpoint. I think this is the best for SentinelOne Singularity Cloud Security.

Our organization is an MSSP, not a client. We provide the license about our client base. We manage multiple clients through the MSSP portal. We also manage and resell. We provide this license for SentinelOne Singularity Cloud Security and also we manage. There are 8 to 10,000 agents installed on our client side. We manage around 20 to 30 clients, and there are 8 to 10,000 endpoints installed with SentinelOne Singularity Cloud Security on the client side.

Overall, I give it a 10 out of 10 because SentinelOne Singularity Cloud Security is the best for me. We have used multiple types of EDR, but SentinelOne Singularity Cloud Security provides the best features for our organization and client organization to safely do any activity or go to internet sites, which is why we can give 10 out of 10.

The pricing is basically not very low and very high. It is in the middle range for easy buying for any small organization and big organization. According to me, it is the best price for the EDR. We can check multiple types of EDR, and their prices are so high, but SentinelOne Singularity Cloud Security is not. SentinelOne Singularity Cloud Security is not lesser and not more. It is in the middle range of price.

SentinelOne Singularity Cloud Security has multiple types of policies. One of them is the offensive security. There are also behavioral policies and static AI policies and suspicious policies. There are 10 to 11 types of policies. Anything that triggers the alerts belongs to these policies, which happen through behavioral analysis and offensive security analysis. There are multiple types of policies. Any alert triggered in SentinelOne Singularity Cloud Security comes with the help of these policies.

I have been using this solution overall in my career for the last two years.

There is an AI-based feature. You can create any use case according to our side. Many organizations are not using RDP tools such as AnyDesk or TeamViewer. Most organizations do not allow these features. At that time, the AI gives you the most types of generated codes. With the help of this code, you can create according to your side for creating any custom rules to keep your organization and clients secure.

I give this solution a 10 out of 10 rating.

My customer saw benefits from using SentinelOne Singularity Cloud Security as we are able to actually fix the vulnerabilities. There are many infrastructure components that need to be properly patched. We have a hybrid platform with hyper-scaler components. My customer is into hyper-scaler environments, and there are many aspects that need to be properly patched. We have plenty of cloud native applications that have been hosted in both AWS and Azure. Governing all of this requires many employees to govern it. When we implemented SentinelOne, the team was shortened from 25 people to only 15 or 16 people. This reduction occurred because of the consolidated platform and all the vulnerabilities showing up in the console have been automatically patched. The vulnerabilities automatically go to the SIEM and are patched by the application team, and the vulnerabilities in the cloud are patched by the cloud department. This was much easier because the integration with the SIEM, which was LogRhythm on premise, was much easier than Trend Micro. Trend Micro would have required syslog servers, but SentinelOne only had three or four steps and just connected to the log server. LogRhythm was able to easily fetch the logs from it.

The role of SentinelOne's secret scanning feature is very important in tightening my company's cloud hygiene. In an infrastructure where there are hybrid cloud and different vendors of cloud such as AWS and Azure, maintaining both clouds and having a resource pool with the skill set of AWS and Azure is very difficult. After implementing CSPM, I could have a vulnerability management system under one roof where I could take the misconfiguration of Azure and AWS at the same place and get it done by a limited amount of users. SentinelOne CSPM knows how AWS configuration and Azure configuration work, so I can know about it and fix it all in one place. SentinelOne has eased the process of finding vulnerabilities in each cloud platform. I have vulnerability visibility for every tenant that I have hosted in different cloud hosting platforms, and it has eased my work of fixing the vulnerabilities.

The impact and effectiveness SentinelOne had in managing cloud identities and enforcing least privilege is evident in an incident where SentinelOne helped us. There were some identities which did not have two-factor authentication. In fact, they were not even linked to our Active Directory. It turned out that the cloud infrastructure had some identities from the company which implemented that cloud. We were able to find accounts which were not supposed to exist in the cloud infrastructure because it mapped itself with the Active Directory and fetched all the users who actually need access to the AWS server. We found out that these two users were not in there, identified the anomaly, and deleted the identities from the cloud platforms.

My experience includes implementing SentinelOne Singularity Cloud Security, specifically the Cloud Singularity as a marketplace for AWS and Azure. I only have to connect the connectors from the marketplace, and as soon as I get the license, I can deploy it from the marketplace and start using it. The deployment phase was actually easy when I connected with the connectors from AWS and Azure marketplace.

I compared Trend Micro and SentinelOne Singularity Cloud Security with two POCs for both of them. SentinelOne was at the higher price end, but my customer and the management opted for it because of the integrity and the better coverage. The ease of deployment mechanism in SentinelOne is not present in Trend Micro. In Trend Micro, for each cloud platform, such as AWS, I need to have another localhost web URL to access that particular dashboard. In SentinelOne, I can manage everything under one particular URL and there are different functions to it. I can easily navigate to any dashboard that I require, so the ease of using SentinelOne was easier than Trend Micro. The better coverage and easy deployment is the second part. Trend Micro had some manual intervention required and an extra server needed to be a jump server for all the traffic to be passed. SentinelOne had both on-premise and cloud options, which was another plus point for the customer.

In Cloud Singularity, there is a cloud native application, and in that, there is CSPM. We also used to have CWSPM. In CSPM, we only used to get the vulnerabilities in the cloud configuration, just the misconfiguration. In SentinelOne CWSPM, the attack map and the graph that it created inside the dashboard gave me a better idea for myself and the management to fix the most vulnerable issues. There might be some vulnerabilities with a higher risk rate, but some CVE IDs with lesser risk rate could have caused major damage to the company's infrastructure than the CVE with the higher risk end. The attack graph which CWSPM showed in SentinelOne was the best thing I have come across because it gave me a better visibility of the whole infrastructure and what vulnerabilities can be impactful and more critical to any customer.

SentinelOne's runtime protection is lightweight. I would say it is very lightweight and it does not even feel that I am running a SentinelOne agent in the systems. Compared to Checkpoint EDR, SentinelOne is a lot better because the Checkpoint agent takes a major chunk of the RAM of the desktop. SentinelOne barely takes around 25 MB of the RAM, so it is very easy and lightweight.

Regarding SentinelOne Singularity Cloud Security advanced SIEM capabilities, we had log servers. There were only EDR part and the CSPM, and it actually created the attack graph matrix and created it as a SIEM. We have actually used it. The logs are very much in real time and the false positive was less compared to the LogRhythm ones.

I elaborate on my rating of SentinelOne support by mentioning that there was some time where the troubleshooting took a longer time. In fact, there were many meetings going on. The availability of the document on the internet is on a lesser side because as an engineer, I would want to know about the troubleshooting aspects of this particular tool. When I am facing a customer, I do not prefer to bring the vendor to every call and try to resolve it, as it takes months and months. It would be better to have a training session with the engineer on site to explain and train properly. This is not the case with SentinelOne, so this is the only thing I have a complaint about.

I do not have any other room for improvement to suggest within SentinelOne itself. However, I would really want the AI assistant for the threat hunting part to be more accessible. They have it, but they are making it licensed, so it is a bit on the higher end.

Regarding stability and availability of SentinelOne Singularity Cloud Security, it has been on and stable every time I have opened it. There are no issues for me with respect to the availability of it, so it is going good.

SentinelOne Singularity Cloud Security scalability does grow well with the growing needs of my company and my client's company. We are trying to make every other component SentinelOne so that we can have a better attack map walkthrough and have clearer visibility for where the attack can be associated with. We are trying to replace whichever security solutions are necessary to create a consolidated attack map vector which we call the Singularity, the Cloud Singularity, so that everything comes under one and we can get a better overview of all the vulnerabilities and fix it accordingly.

Regarding the level of support I am getting from SentinelOne, I would rate it a seven out of ten.

Since switching to SentinelOne, I have been able to eliminate three tools or solutions. The first was Trend Micro EDR, which SentinelOne replaced. The second one was Tenable Synapse, which we replaced with CSPM from SentinelOne. The third one was the SIEM LogRhythm.

I compared Trend Micro and SentinelOne Singularity Cloud Security.

SentinelOne CSPM also eliminates misconfiguration on its own after one approval, which is a very good thing that I actually liked about SentinelOne CSPM.

The rating of nine is because of some false positives that I found recently. There was some misconfiguration from cloud servers which I thought was not necessary. That is the one point that I reduced for. They can improve, but they are better than other solutions, which is the reason it received a nine and not a ten.

If someone is considering and evaluating SentinelOne Singularity Cloud Security, I want to advise them to opt for SentinelOne because if you want integrity and faster driven insights on your whole infrastructure, you should really opt for SentinelOne because it has ease of access, easy deployment, and you would require only fewer engineers to deploy it because it is not a big Checkpoint level complex integrity that you have to do in SentinelOne. I gave this review an overall rating of nine out of ten.

SentinelOne Singularity Cloud Security is an EDR product that we utilize. We operate as an MSSP and provide services to 25 to 30 customers. We manage SentinelOne Singularity Cloud Security with 30 to 40 people and have installed the agent on a total of 8,000 to 10,000 endpoints across our client side. Our team of 30 to 40 people continues to use it.

The most valuable features of SentinelOne Singularity Cloud Security are the deep visibility, real-time monitoring, and real-time threat detection. These features benefit both our customers and our organization significantly.

We have reduced client response time to 10 to 15 minutes. Early response prevents client infections and the kill and quarantine features are the most important in SentinelOne for reducing attacks.

SentinelOne Singularity Cloud Security has helped streamline our security operations because it is a fast tool. The threat detection time has improved and there are more features available, such as deep visibility, which allows us to check raw logs and user connectivity. We can check user activity per second, and this information helps customers make purchasing decisions.

One area for improvement is that the dashboards are not customizable. You cannot create dashboards according to your understanding as they are default dashboards in SentinelOne. Other tools such as CrowdStrike and Splunk allow you to create dashboards based on the number of incidents that happened and what types of alerts you can watch, allowing multiple changes according to your needs. SentinelOne does not provide these types of features, so I believe it could improve in this area.

I have been using SentinelOne Singularity Cloud Security for the last 2 to 2.5 years.

I rate the technical support a 10 out of 10 because we can raise any ticket to OM and they respond very quickly, typically within 10 to 15 minutes.

We have used CrowdStrike for approximately 7 to 8 months, around one year. The main difference between them is that CrowdStrike generates alerts on a slower basis, while SentinelOne Singularity Cloud Security detects alerts on machines quickly, catching them faster than other devices. The kill and quarantine feature, along with the rollback feature, is the best in SentinelOne.

We checked CrowdStrike multiple times and while both have their merits, the process of SentinelOne Singularity Cloud Security is superior for our needs. We installed test malicious files on two endpoints and SentinelOne Singularity Cloud Security detected alerts multiple times faster than CrowdStrike.

SentinelOne Singularity Cloud Security is neither cheap nor cost-inefficient; it is in the middle range. While there are more expensive EDR tools available, SentinelOne Singularity Cloud Security is not very costly. It is easy for an organization to purchase for helping the client side.

The solution was purchased through a partner project.

The built-in integrations are straightforward. Smaller franchises can also integrate it in a short time, as you can install the agent on one endpoint in a maximum of two to three minutes. The integration level is easy and smaller organizations can manage it.

We have used Purple AI for threat investigation because with Purple AI, you can use deep visibility. It allows you to check how many people are using tools such as AnyDesk and RDP by creating queries that can be pasted into deep visibility. This gives us details of whether agents are installed or not. Unlike deep visibility alone, Purple AI provides the command to help us run queries and trace multiple activities effectively.

There are a total of 11 types of engines in SentinelOne Singularity Cloud Security. These engines generate multiple alerts, enabling us to analyze them easily and trace the types of alerts and their footprint, aiding in effective scanning and monitoring.

Drift detection impacts our ability to detect unexpected processes or behaviors because the engine generates alerts based on 11 types of engines, which we can analyze and raise to the client in about 10 to 15 minutes. For instance, when detecting a malicious executable that appears harmful, we recommend to clients to delete them from their sites and we can also kill and quarantine these threats.

I would recommend SentinelOne Singularity Cloud Security to other users because there are many types of features available and it is compact in its offerings. Although many EDR solutions have numerous features, SentinelOne Singularity Cloud Security provides a compact feature set that is easy to understand, even for newcomers. Additionally, its full disk scan features, installation, and uninstallation are quick, taking a maximum of two to three minutes, and the integration is also reasonable for small MNCs and organizations on a budget.

I have IT experience of about 2.5 years from my first company job and we have been using SentinelOne Singularity Cloud Security for the last 2.5 to 3 years. I rate this solution 10 out of 10 from an overall perspective.

The purpose of using SentinelOne Singularity Cloud Security is for endpoint security. We have deployed its agents on our client side to catch and quarantine any malicious script or malicious file identified, then we identify and quarantine it at the point of attack to safeguard our clients.

Although we can identify IOCs from SentinelOne Singularity Cloud Security, we provide quite a good vulnerability assessment report to our clients.

We are working with SentinelOne Singularity Cloud Security and we are providing MDR services to our clients.

The best features in SentinelOne Singularity Cloud Security are that it is user friendly and its user interface is very easy to understand. The biggest benefit that customers often mention is that its automation and threat detection are very impressive compared to other XDR solutions. Its auto-remediation rule feature and setup provide a very fast response, and the rollback capability outperforms many different solutions.

SentinelOne Singularity Cloud Security detects threats in real-time scenarios. At the point it detects any threat or malicious script running in the background, it notifies us so we can take action accordingly. If it is malicious, then we report it to the client. If it is a false positive, then we take action accordingly and fine-tune it by making appropriate changes in the rule.

It does help save time because as it is detecting in real time, it is very reliable. The average detection and response time is 15 minutes. We can take very quick action if any alert has been generated. Our average SLA is 15 minutes only. We respond very quickly; the moment SentinelOne Singularity Cloud Security detects any threat, we take action on it.

Creating a customized dashboard would have been better. There are default dashboards created on SentinelOne Singularity Cloud Security that we are using particularly, and it could have been better if we could customize them.

It sometimes produces a high number of false positive alerts. The resource consumption including CPU and disk usage gets very high at that point. It can work on reducing false positives as well.

Although integration is not my part, we can integrate it into any cloud platform or any other product. We feel it is very straightforward to integrate any other products with it.

I have been using the solution for the past almost two years, deploying it in multiple client tenants.

SentinelOne Singularity Cloud Security is a very stable solution. We have not experienced any downtime as of now. It is very reliable.

SentinelOne Singularity Cloud Security is very scalable. We can scale up and scale down as per our requirement. It depends upon what we need and what we have to deploy in our client. If our client is a bigger organization, then we scale up as per our requirement.

I would rate the support a 10 out of 10.

We have used other products for the same solution as SentinelOne Singularity Cloud Security, for SOAR and different other products. Other products are especially difficult to understand first of all. SentinelOne Singularity Cloud Security is much more reliable and an easy-to-learn tool. We can rely on it for security purposes. It catches any incident that happens, and we have several examples in our infrastructure. Recently, some ransomware happened on our client's side, but SentinelOne Singularity Cloud Security identified the source from where the attack originated and reported it to the client.

However, the client's problem was that they did not take any real-time action on it; therefore, the attack happened. There are different examples where SentinelOne Singularity Cloud Security has been very useful and captured these events well, compared to other products we are using that could not capture them, but SentinelOne Singularity Cloud Security did.

We can rely on it when it comes to security purposes.

We are a team of six to eight people working with different roles and responsibilities.

The costing is not that expensive compared to other solutions. They are very aggressive regarding the pricing module compared to what Microsoft and other CrowdStrike are providing. This is quite a bit better than any client could ask for. We can scale up and scale down, and its cost depends upon the per device basis, or in simple terms, per agent we have deployed at the endpoints.

These are enterprise businesses.

Maintenance means we have to get connected with the OEM from time to time to patch any updates. If SentinelOne Singularity Cloud Security has any newer version, then we have to stay connected with the OEM.

We can use public cloud, private cloud, or hybrid cloud. We can deploy through AWS.

SentinelOne Singularity Cloud Security does streamline operations. We can deploy use cases as per our need. We can add any custom rule on our client's requirement. It depends on the requirement.

We scan our client's endpoints from time to time on the servers, desktops, or laptops. By doing so, the scanning sometimes generates quite a higher amount of false positive alerts. However, the scanning helps us identify if there are any vulnerabilities or exploits in the desktop, laptop, or server. There is a drawback in that it does generate a high number of false positives, but it is great from a security perspective because we get to scan every bit of file in the server, laptop, or desktop at any endpoint.

For AI workloads, we have been using Purple AI in SentinelOne Singularity Cloud Security. Although I have had limited experience with it, it gives us different features including a co-pilot feature wherein we can use a pull-down menu to identify based on the IOCs present in our client's endpoint with retrieval time. The retrieval time is very fast compared to other features it has, and the co-pilot feature is certainly faster compared to other features. I have had hands-on experience with Purple AI only.

I would give this solution an overall rating of 9 out of 10.

I am currently using the cloud security posture management capabilities. We are managing multiple cloud platforms, including AWS, Azure, and GCP. I need a consolidated security posture management across all of my cloud platforms.

We are managing multiple cloud workload profiles. For example, someone has mistakenly configured 0.0.0.0 access, and some misconfiguration has occurred. I want to get that update immediately, otherwise people may use that flaw and attack us. This misconfiguration detection will help us in eliminating missed configurations or configurations that our people have mistakenly implemented. That is my major use case. Additionally, I will get the consolidated asset inventory. These three purposes are what I am using Cloud Security Posture Management for.

The offensive security particular solution works by going through logs and seeing the logs on everything. It will provide complete visibility related to false positive and true positive information. That provides more visibility on the technical front. For example, if you are creating a use case on a SIM and that particular use case is not matching your end-to-end information related to our environment, it will not throw the alert. If you implement the offensive security, it will straight away point out that particular issue in that incident because the alert was triggered by that event.

Secret scanning is our automated scanning. We do not want to do the manual effort, and we do not want to create any automation during production. The moment you do this, the secret scanning will work because it is runtime scanning.

Mean time to detection and mean time to respond is a critical aspect. Most of the incidents sometimes will not be detected if you are not configured properly. The MTTR is very important. That is the reason we have mentioned that to eliminate the misconfiguration part, we need Cloud Security Posture Management. Because if someone has created an account opening 0.0.0.0, and then someone has opened the 'all all' access in the cloud instance itself, then anybody can come and penetrate my cloud workload and destroy it. In that scenario, I want to get a proper, proactive approach. The moment someone has made a mistake, I have to immediately respond. Then only can I protect. To eliminate the manual mistake and misconfiguration, this particular tool does the immediate alert so that we can prevent our cloud workloads based on the priority and based on the alert triggers. We can eliminate the alerts and incidents.

There is one concern related to SentinelOne Singularity Cloud Security platform. They claim it as an AI-based integration that will provide runtime protection. The moment it comes to the runtime protection, if someone is using an existing tool, this particular tool does not scan because we need to achieve it. For example, I have a CrowdStrike EDR in my console, on my VM, I have it installed. This particular runtime also has to be protected. Most of the runtime protection has to be implemented in a proper manner. For that reason, we are doing the scanning on an immediate basis. The first time, this particular runtime protection is not working. For example, I am trying that for the first time, and it is not getting the protection part. It is not working. If I try that particular trial again, only after that is it getting one more runtime protection. It is detection, and then it is getting the protection also.

We were using SentinelOne Singularity Cloud Security as an endpoint security platform to get threat intelligence regarding malware and threats.

We have an MDR platform, and we are using it as a log ingester for log collection and then we are deploying webhooks for incident response.

Power Queries are useful in deep threat hunting and deep visibility.

SentinelOne Singularity Cloud Security maps any threat or incident with all the applicable MITRE ATT&CK techniques and also provides behavioral detection. This would be useful when an endpoint has a zero-day threat involved in the incident, as it will have better detection because of the behavioral detection engine and dynamic detection engine. The mapping of the MITRE ATT&CK techniques provides deep understanding of what the threat actor is trying to do.

Meantime threat response is quite fast. There is no doubt about that. The reason we are migrating to Defender from SentinelOne Singularity Cloud Security is not because of the cost or features. It is just a managerial decision taken in order to save money as we are already having some other tooling with different licensing. There is no doubt that the MTTR and MTTD are quite great in SentinelOne Singularity Cloud Security and it is quite effective in detecting threats and responding to incidents effectively.

SentinelOne Singularity Cloud Security has a dynamic and behavioral detection engine which examines the files based on their behavior and tries to map it with the MITRE ATT&CK techniques. Even if there is a zero-day threat, it would be able to detect it because of its behavioral detection capabilities.

Pricing is on the higher side. I would rate it at seven or eight.

The price is high, and of course it could be lower. The market is changing and SentinelOne Singularity Cloud Security has a very good competitor in Microsoft Defender. SentinelOne Singularity Cloud Security should innovate more and come up with features which clearly justify the purchase if someone is already having Microsoft Defender inbuilt with Microsoft 365 licensing. Suppose my organization is moving to Defender because they already have Microsoft Defender in E5 licensing and opted for it in order to save money that was being spent on SentinelOne Singularity Cloud Security. SentinelOne Singularity Cloud Security should come up with innovative and new features that justify organizations staying with SentinelOne Singularity Cloud Security and not opting for a Defender-solution.

I would not say the functionality was missing. However, for example, Defender provides correlations from an identity perspective. In SentinelOne Singularity Cloud Security, the identity module was available, but it needed to be purchased separately and did not come with the base licensing.

SentinelOne Singularity Cloud Security should include the identity module in their base subscription so that their value gets increased. Nowadays the threats are evolving and moving towards identity-based attacks. If a customer has to purchase an identity module of SentinelOne Singularity Cloud Security separately, they will get hesitant because their competitor, Microsoft Defender, is providing that for free in their base subscription. SentinelOne Singularity Cloud Security must work on their subscription pricing in order to stay relevant in the market.

I have been working with SentinelOne Singularity Cloud Security for five years.

Stability is a benchmark at ten, and I would rate it at eight.

Scalability is also eight because it can be easily scaled up if more endpoints need to be covered. They just have to have the agent installed on them and the license should have that many seats.

The technical support is acceptable, and I would rate it at eight.

In the company where I work as a security engineer, we used to have SentinelOne Singularity Cloud Security in our environment, but the company has decided to migrate to Microsoft Defender. The reason is managerial, not technical. The migration is in process and we will soon stop using SentinelOne Singularity Cloud Security and use Microsoft Defender instead.

The deployment is much justified as it is a cloud-based setup.

SentinelOne Singularity Cloud Security is a separate endpoint security technology. It does not come or integrate with other platforms such as email platforms or cloud platforms. Because it is a separate technology, the deployment is not particularly tough.

If you want a comparative score, it will not be good because Microsoft Defender is coming as a free offering in the Microsoft E5 licensing. Whichever organization is having E5 licensing of Microsoft Office 365 is literally getting Defender for free. If they were using SentinelOne Singularity Cloud Security or CrowdStrike and are already having Microsoft E5 licensing, then this move will save a lot of money from their security budget. SentinelOne Singularity Cloud Security has aggressive pricing, but they will get an equivalent product or maybe better in the Windows environment. If they use Microsoft Defender, they will get correlation from Microsoft Defender for Identity, for cloud, for cloud apps, for endpoints, and Microsoft Entra ID and Active Directory. Threat intelligence and correlation would be better because most organizations are using Microsoft Office 365, so they will get two things if they use Microsoft Defender.

The first benefit is that they would not have to spend a lot of money on an endpoint security tool separately, because they will get the Defender endpoint security suite for free as they already have the E5 licensing. It comes with E5 licensing, so no additional money. Suppose an organization is spending ten thousand dollars on SentinelOne Singularity Cloud Security; if they were having Microsoft 365 E5 licensing, they would just straight save ten thousand dollars. The spending will come from ten thousand dollars to directly zero, as the license is already included in E5.

The second thing is that the threat intelligence will be enriched due to Microsoft Office 365 having various products such as Entra ID and Azure resources. Microsoft Defender integrates by default with all those Microsoft toolings, so the threat intelligence would be much enriched as compared to SentinelOne Singularity Cloud Security.

In the company where I work, we are migrating from SentinelOne Singularity Cloud Security to Defender.

I am using it, but it will soon go away from the organization where I work.

Microsoft Defender is the alternate solution.

My recommendation depends upon the budget, client expectation, and their existing security stack.

Ranger is a module in SentinelOne Singularity Cloud Security which scans all the network and determines the OS, whatever devices there are, their OS, and their versions.

Integration is acceptable, neither easy nor tough.

I would rate this review at eight overall.

Our use case for SentinelOne Singularity Cloud Security is to use it for endpoint detection to safeguard our client's infrastructure, so we have deployed the use case as per our client recommendations. We are not a customer, partner, or reseller; we work as an MSSP and provide services for our clients.

In my scenario, the best features of SentinelOne Singularity Cloud Security are that it gives a very quick response and has rollback capability. The benefit for my customer is that it is fully autonomous where mostly everything is automated, and the threat detection engine operates on a real-time basis, so it is almost fully automated and that is the major capability that SentinelOne Singularity has.

Since implementing SentinelOne Singularity Cloud Security, it has detected alerts in real-time, which obviously has affected our client's security, so we can rely on that very much.

The impact on our MTTR for incident investigations has been quite positive because the investigation feature shows us detections in the UI only, as it detects threats in real scenarios, so it is much more reliable.

I feel there is room for improvement in SentinelOne Singularity Cloud Security, particularly in creating custom dashboards since it only has a default dashboard feature, and a capability for creating custom dashboards would help us a lot as analysts. Additionally, there is a high number of false positive alerts when new clients come, as the default use cases are only enabled for that client, resulting in resource consumption and increased CPU utilization, which could be improved in the future.

I have been using SentinelOne Singularity Cloud Security for more than a year.

As for stability, I find it very much stable since we have not experienced any downtime for more than a year, and if we ever do, we connect with OEM customer support, getting a quick response for whatever the issue may be. I would rate the stability of SentinelOne Singularity Cloud Security a 10 because as of now we have not faced any stability issues.

SentinelOne Singularity Cloud Security is very much scalable, as it charges on a per-endpoint basis, allowing us to scale up or down depending on any requirements. I would rate its scalability an eight.

I would rate the technical support for SentinelOne Singularity Cloud Security a 10.

It is easy to deploy SentinelOne Singularity Cloud Security.

I have not been part of integration but know that it is very easy; we just install the agent on any endpoint.

SentinelOne Singularity Cloud Security saves a significant amount of time because it detects in real-time and is fully automated, thus allowing us to detect and respond to any threats efficiently compared to other solutions for SIM and SOAR products.

Although I am not the person responsible for pricing, I know that SentinelOne pricing depends on how many endpoints the client is using, and it is discussed on a per-device basis.

Compared to other vendors, I would say the reliability of SentinelOne Singularity Cloud Security is higher; we can rely on it very much as the detection and remediation features are very quick, and it is much easier to grasp even for beginners due to its user interface and rollback capabilities, keeping SentinelOne at a top tier compared to other solutions.

Our mean time to response, every time a malware or any malicious file is detected in an endpoint, the alert is generated, and as analysts, we take a response accordingly, so we try to respond to the alert as soon as 15 minutes for our client. Although SentinelOne automatically quarantines malicious files, our purpose as analysts is just to raise the alert with our client.

I would say the MTTR has reduced by about 50%. For MTTD, I would say it detects files in real-time, so as soon as the file is detected, it gives us an alert in real-time, so I would say about 80-90%.

For overall scanning, we conduct activities to check for any unknown devices that should not be present. During scanning, a higher number of alerts are generated, which is expected, but we can rely on scanning as it is crucial to check every endpoint or desktop.

SentinelOne Singularity Cloud Security's unified platform experience has helped streamline our security operations significantly because the threat detection and the incidents we manage daily, including checking hash and other factors, are greatly aided by the platform.

We are using it as an XDR, not for cloud, so I cannot provide a specific reduction amount for MTTR in cloud incident investigation. We have SentinelOne Singularity Cloud Security deployed in an on-prem model.

There are around five to six members managing more than 15 or 16 clients with SentinelOne Singularity Cloud Security. In our organization, many specialists work with SentinelOne Singularity Cloud Security; we are a large team working in SOC and SOAR, sharing the same infrastructure, totaling more than 40 members. Our clients are mostly medium-sized businesses.

SentinelOne Singularity Cloud Security does require maintenance, such as basic updates and patching for new versions.

I would advise anyone looking to implement SentinelOne Singularity Cloud Security to choose it if they want a very reliable product because it is fully automated and very reliable, and it is the best option within the price range everyone is looking for. I give this review an overall rating of 10.

I have worked on two use cases for this product regarding its major purposes. One is that end-users want to check posts in their multi-cloud environment, where they have AWS, Azure, and Google Cloud. They were asking for multiple security checks based on compliances across each platform, as AWS has its own compliance checks and Azure has its own compliance checks, but they needed to verify if configurations comply with standards such as NIST or MITRE. That was the major concern for the team. They have many compliances because they were operating projects around the world, so they had to comply with GDPR, HIPAA, and CERT-In, and in Australia they also have some projects with additional compliance requirements. For that reason, they looked for this product, and I was able to analyze all their environments. I was able to integrate their AWS accounts, Azure accounts, and Google accounts to SentinelOne Singularity Cloud Security. I was able to showcase how it provides security ratings of each instance or each container. I was also able to showcase misconfigurations, such as instances where a particular configuration was given on a temporary basis but was not removed afterward. I was able to identify these issues and make them aware of them. I was also able to provide fixes and references to fixes using SentinelOne Singularity Cloud Security.

The biggest benefit of SentinelOne Singularity Cloud Security is that it has a good AI-based analytics engine that helps with the detection part by providing full visibility. I was able to see all the configurations that were made, all the permissions that were being given on IAM roles, user role-based access, and everything in SentinelOne Singularity Cloud Security on a granular basis and across multiple cloud environments.

From the customer and end-user point of view, they were able to have visibility throughout their cloud infrastructures, whether on AWS, Azure, or GCP. They were able to get complete visibility and identify the loopholes present in their cloud infrastructure solutions.

Regarding built-in integrations in the product, the integration part can be improved by having more third-party vendors because SentinelOne Singularity Cloud Security is much more focused on premium vendors and premium OEMs. Most customers will be using common platform vendors, but some will be using customized solutions or SMB-level customers may be utilizing custom or new vendors. If possible, they can improve their API integrations with all other platforms. To provide a small example, in the South or APEX region, SonicWall is one of the key players in providing network security, but SentinelOne Singularity Cloud Security does not have any integrations for SonicWall. Also, with Zoho, there is not much of an integration part that the end-user would expect.

The main improvement needed is the integration part with other third-party vendors. Also, they can support multiple platforms and provide support for multiple platforms in terms of features.

Response time can be improved because not all things are perfect in every product, whether CrowdStrike or Trend Micro. In some cases, I have felt that the response time could have been better. Regarding response to an attack or incident, in most cases, SentinelOne Singularity Cloud Security has helped me and has also provided a good reactive approach. Even if the endpoint gets compromised, there is rollback functionality. If it provides rollback, it would be able to provide the rollback functionality based on other platforms, such as Linux and Mac platforms. This would allow me to achieve something that no other competitive product is giving. Regarding response time, it can be improved.

I have been working with SentinelOne Singularity Cloud Security for the past one and a half years.

I would say support is excellent. I would give them a rating of 9.5 to 10 because they are providing prompt support, and in my experience, I have never encountered a junior person or someone without knowledge coming into support from SentinelOne. In the support part, they are doing a great job.

Positive

It needs some time to install. For the complexity, I would give around six or seven on a scale of ten, where ten is more complex and zero is simple.

In some cases, SentinelOne Singularity Cloud Security is better than Trend Micro. In detection and visibility control, it is much better than both Trend Micro and Fortinet. Fortinet is just now evolving and has entered the market, but I do not see many references for this particular CNAPP solution.

From the customer and end-user point of view, they were able to have visibility throughout their cloud infrastructures, whether on AWS, Azure, or GCP. They were able to get complete visibility and identify the loopholes present in their cloud infrastructure solutions. My overall rating for this product is eight out of ten.

Our current organization operates in an AWS-centric environment with SentinelOne Singularity Cloud Security. We use everything on AWS, and all our resources require vulnerability detection and dependency issue management. Those detections are straightforward, and any tool can identify vulnerabilities. However, SentinelOne Singularity Cloud Security provides an extension on top of basic detection. Any CNAP currently in the market can tell you about vulnerabilities, but how to detect them and whether an attack is continuously happening on our traditional systems—and how to stop them at that moment—is critical. Runtime vulnerability checks are very important for us and help significantly with Kubernetes workflows as well as cloud infrastructure level operations.

We have extensively used the Kubernetes security features in SentinelOne Singularity Cloud Security, specifically the KSPM. We followed that with cloud work through what is called Cloud Workload Protection. Because we receive substantial data from AWS, the CWP has provided us with good information around what is going wrong. When attacks happen, we understand what to do and how to identify our system's vulnerabilities before they are exploited, ensuring things work properly without any security issues.

In my use case with SentinelOne Singularity Cloud Security, what I have used extensively is for Kubernetes and other infrastructure components.

Runtime protection is exceptional. The initial setup of SentinelOne Singularity Cloud Security is one of the best available. I have never had an easier integration than this, as everything is cloud-managed.

The positive impact I have observed is that runtime issues, which SentinelOne Singularity Cloud Security solves, are very good. Many times with Kubernetes and infrastructure that have numerous vulnerabilities, those issues can only be caught at the runtime level. SentinelOne Singularity Cloud Security provides the best runtime protection I have seen. I have not faced any problems, and regarding the engineering aspect, I have not been worried about this. That is a very good thing.

When it comes to the maturity of SentinelOne Singularity Cloud Security, it is not currently at the level of more established solutions. For example, we previously used CrowdStrike, which has been established for ages. CrowdStrike had an incident with an agent issue that was catastrophic, and despite that, people did not unsubscribe. CrowdStrike has something called Falcon that helped us in great ways before. Investigation is easier with SentinelOne Singularity Cloud Security—you can go through the screen and check everything, whereas with CrowdStrike it was more of a headache. However, the ecosystem is more mature at CrowdStrike compared to SentinelOne Singularity Cloud Security. There are not many users that need this in the market, and the CNAP market is very large. SentinelOne is specifically targeting AWS-first companies and is not extending its solution to Azure or GCP, which might help potentially.

We have been using SentinelOne Singularity Cloud Security for one and a half years now, following an incident with CrowdStrike where we experienced a complete blue screen crash. After that issue, we switched to SentinelOne Singularity Cloud Security.

We have never faced any outage or problem with SentinelOne Singularity Cloud Security. All the SLAs are in place. I don't think we have specific metrics to measure this, but if it had been down, we would have known. We have always received reports and have created a pipeline using a monitoring tool called Signoz that fetches everything from the SentinelOne report and provides that information to Slack every day at 8:00 a.m. IST. This has helped us identify any ongoing vulnerability and has never failed since its one-time setup. SentinelOne Singularity Cloud Security operates consistently, and that is how a product should work—you should not have to worry about it.

We have not faced any scalability issues with SentinelOne Singularity Cloud Security, and since our organization is not large, this is acceptable.

I do not communicate often with technical support regarding SentinelOne Singularity Cloud Security because our VP of Engineering handles that. My work focuses on the integration aspect. I am an end user in terms of how the solutions are working, and vulnerability catching happens in the code. If something goes wrong during infrastructure deployments, I need to investigate what happened and assess the problem. I need to check how things are looking and whether we have the visibility we need or if any threat hunting is happening, which is something very important.

Before choosing SentinelOne Singularity Cloud Security, we were using CrowdStrike, and we also evaluated Wiz. Wiz was acceptable, but compared to SentinelOne Singularity Cloud Security, their pricing was higher. They also provide similar features and are known better because they have something called agentless cloud visibility, which would have been a better opportunity for us to adopt, but their costing is very high. We opted for the runtime aspects instead.

My organization is small in terms of the scale of use cases with SentinelOne Singularity Cloud Security, so we did not have any issues. Even with CrowdStrike previously, it was also performing well. However, due to constraints regarding our customers who specifically asked us not to proceed with it, we had to move to SentinelOne Singularity Cloud Security.

The installation of SentinelOne Singularity Cloud Security was straightforward. First, we onboarded through AWS by connecting our AWS account from the SentinelOne console. We had to configure some privilege issues, and policies had to be configured beforehand. We created a cross-account IAM role before integrating SentinelOne, which helped ensure that SentinelOne could run on multi-cloud environments. After that, we enabled CloudTrail integration and configured some AWS configurations. Then we proceeded to Security Hub and enabled GuardDuty. We started the agent asset discovery, which helped us deploy the provided solution quickly.

For Kubernetes, each step was straightforward. We had one EKS cluster where we deployed a SentinelOne Kubernetes component via Helm chart. The admission policy of the controller had to be configured at that point, and we enabled the KSPM scanning. The onboarding aspect was something I completed extensively, and I remember the steps involved. It was very straightforward, I did not face many issues, and the documentation was appropriate and to the point.

I am not the right person to provide details about the cost aspect of SentinelOne Singularity Cloud Security because the company has already integrated it. I evaluated the solutions and provided a report, but the costing aspect is handled by the cost analysis or FinOps team. From articles I have read, SentinelOne Singularity Cloud Security appears fairly priced, but when dealing with many vulnerabilities, the runtime cost becomes somewhat high. However, I do not have much exposure to the pricing aspect.

As we are a smaller firm and need significant automation, we opted for SentinelOne Singularity Cloud Security. I would rate this solution a solid nine out of ten. Everyone has some room for improvement, but a nine is something I consider very good.

I have been using SentinelOne Singularity Cloud Security for the last two years.

My main use case for SentinelOne Singularity Cloud Security is Cloud Security Posture Management, cloud data security, and unified visibility.

A specific example of how I use SentinelOne Singularity Cloud Security for cloud data security management is with cloud object storage such as Amazon S3.

I continuously monitor and audit my environment for misconfigurations as part of my main use case for SentinelOne Singularity Cloud Security.

The best features SentinelOne Singularity Cloud Security offers in my experience are cloud Open-Sip Security Engine and a very tight expert path, as well as AI-powered runtime protection. This feature provides clear evidence of exploitability, allowing security teams to focus on fixing critical issues rather than chasing noise and false positives. It uses behavioral AI to detect ransomware, zero-day exploits, fileless attacks, and NDR attacks.

For visibility, SentinelOne Singularity Cloud Security has a Singularity Data Lake, where telemetry from cloud workload endpoints identifies into a single repository for rapid querying and analysis. It also has Graph Explorer, which visually maps the relationships between cloud assets, endpoints, and identities to help analysts understand the blast radius and root cause of the incident. It correlates related events into a single storyline, providing full historical context for deeper forensic analysis.

SentinelOne Singularity Cloud Security positively impacts my organization by reducing alert fatigue and decreasing false positives. The platform allows security analysts to focus strictly on actionable, verified risk rather than manual triage. It also provides faster response times, helping my organization see a reduction in mean time to respond and mean time to detect. It includes autonomous resolutions and eliminates blind spots, providing unified visibility across multi-cloud environments, endpoints, and enterprise risk, reducing the likelihood of major security incidents.

In terms of improvement for SentinelOne Singularity Cloud Security, users and industry analysts identify several areas where the platform can be enhanced, including administrative setup experience and operational tuning and performance.

The user interface of SentinelOne Singularity Cloud Security is quite good. I do not have any additional improvements needed for SentinelOne Singularity Cloud Security that I have not already mentioned.

I have been working in my current field for two years.

SentinelOne Singularity Cloud Security is very stable.

SentinelOne Singularity Cloud Security's scalability is quite good, as it is very scalable.

I rate the customer support for SentinelOne Singularity Cloud Security a ten out of ten.

I observe an approximate 88% reduction in mean time to respond as a specific metric around the reduction in false positives and response times.

I chose a rating of ten out of ten for SentinelOne Singularity Cloud Security because of its autonomous threat detection and response, comprehensive visibility, operational efficiency, and lightweight performance. It also demonstrates proven industry leadership.

SentinelOne Singularity Cloud Security's unified platform experience has helped streamline my security operations, functioning as a single pane of glass. My users appreciate having one source of truth for endpoints and cloud workloads, such as virtual machines and containers across AWS and other clouds. It has verified exploit paths, not just listing vulnerabilities but identifying which ones are actually reachable and exploitable by an attacker, helping my team focus only on high-priority risks.

I use Purple AI for threat investigations, and it is a game-changer.

SentinelOne Singularity Cloud Security's runtime protection is quite good in terms of adaptability to new and unknown threats compared to other solutions I have used.

It is significant for my team to have built-in integrations that unify various aspects of cloud security, resulting in superior threat detection and faster response, along with improved operational efficiency and security posture.

Drift detection significantly impacts my organization's ability to detect unexpected process behavior in containerized environments by reducing response times. The system can automatically share information and responses across different aspects to improve incident response time significantly. The automation of tasks and built-in integration enables automated compliance audit and risk remediation, reducing manual efforts and human error in managing security configurations.

SentinelOne Singularity Cloud Security drastically reduces the mean time to remediate for cloud incidents by shrinking investigation and response time from hours to seconds or minutes. The platform offers an autonomous AI-driven approach.

We measure the time savings in terms of SecOps operations achieved through SentinelOne Singularity Cloud Security by focusing on metrics, where automation reduces manual investigation and expedites incident response time. My organization frequently achieves significant efficiencies, with some customers achieving a 95% reduction in mean time to detect and an 88% reduction in mean time to respond. The reduction of false positives by using AI contextualized alerts allows teams to spend less time investigating non-malicious findings. The verified exploit paths feature helps my team prioritize vulnerabilities with a critical exploitable route, reducing time spent patching non-critical issues.

I advise others looking into using SentinelOne Singularity Cloud Security to prioritize the visibility feature, utilize the AI-driven Purple AI for cross-environment threat analysis, and adopt a least-privilege IAM model to maximize the security impact.

SentinelOne Singularity Cloud Security is a recognized Singularity Cloud system and a premier cloud-native application protection platform, heavily emphasizing autonomous and AI-driven protection over manual, policy-based detections. I rate this product ten out of ten.