SentinelOne Singularity Complete Reviews

I am not an end-user of Singularity Complete. I'm a service provider. We have a complete team that focuses on handling incidents from this platform for our customers. We are an extension of their team, and they outsource these tasks to us.

Singularity has multiple mechanisms to identify threats and transform them into incidents. The solution not only detects but also prevents threats. On the investigation side, it helps our analysts analyze events to understand exactly what's happening and why these events have been generated.  

Singularity helps reduce the number of incidents generated. We can configure it to reduce false positives, but we also need to implement a SOAR platform to automate the resolution of some frequent incidents. 

Singularity Complete saves us some money because we don't need to implement any other additional solutions. SentinelOne is more powerful than an antivirus and can secure the environment without the need to implement an IPS, IDS, or a next-gen firewall. It's a good choice for a medium-sized business. The solution reduces organizational risks in terms of the continuity of activity, maintaining confidentiality, and external threats like malware and ransomware.

The most valuable feature is the rollback functionality, which is highly impactful. We can roll back deleted or compromised files. The Ranger feature is also interesting. It enables the solution to visualize the logs and assets that are not yet covered by the platform. Ranger also enables deployments and revisions. It doesn't always work, but it's effective  90 percent of the time. 

Ranger doesn't require us to deploy an agent on our architecture or integrate anything. We activate and configure it, and everything works. You can choose to visualize assets that have no agent installed so we can get full coverage of all the assets. You can also tell it to block connections to any assets that aren't covered. 

We can identify activities and sensitive connections that we can isolate from the network. We can set all our agents to not communicate with certain IP addresses or assets without the agent. For example, we can limit IoT devices, surveillance cameras, printers, etc. This functionality is critical for covering the gaps. 

SentinelOne is making a lot of moves to acquire various companies, but the roadmap isn't clear, and it is still uncertain how the new acquisitions will integrate. For example, SentinelOne recently acquired a mobile security solution, but there is no real integration between the platforms. 

We also have a SOAR platform that helps us reduce the number of incidents that our analysts must handle manually. It would be nice if Singularity Complete had native security automation and integrated mechanisms to reduce the number of false positives. 

I have used Singularity for about three years.

I rate SentinelOne support eight out of 10. SentinelOne offers excellent support.

Positive

I rate SentinelOne Singularity Complete eight out of 10 overall. It needs some improvement in some areas, such as backup functionality and performance, but it's a good solution. 

It's our main EDR solution on campus for our university. It's the main solution that we deployed to our host throughout the university.

I wasn't here for the initial implementation, however, it was to replace a previous product that we had, so we wanted to move to something cleaner, easier to use, and an overall better product.

Its basic use, which is just an EDR solution for actively hunting and killing threats, is good. It does what we had intended it to do, and that's what it does a great job of.

The main feature, its EDR capabilities, is the most valuable. It is great for security monitoring and blocking when needed. It offers good basic operations of an antivirus solution.

Singularity's ability to ingest and correlate across security solutions is good. It does not ingest as much as it gives out. Right now, for us, there is not any ingesting happening for it right now. We don't have that set up.

The interoperability with other solutions or other third-party applications has been pretty solid. It's pretty standalone by itself. We're exporting a little bit of data from it, however, and we haven't had any issues.

Our mean time to detect is good. I wouldn't have the numbers on that, however, it's relatively quick. From some of the stuff that we've done investigations on, it's within the minute. It responds when it sees something within minutes and runs through its normal process of blocking and then alerting us about whatever was done.

The response comes to us. That's a human response. It's just the detection and alerting system, and then the response falls on us, and that varies depending on workload.

The quality is obviously great. They are mature. They change, they adapt as any security tool would in response to the threats in the threat landscape.

Off the top of my head, I can't think of much that’s wrong with the product. It's a pretty solid tool from top to bottom. I've had some issues with the specific agents, however, we are moving off of that particular OS that we were having issues with. Other than that, it's been a pretty solid tool.

We had a problem on the Singularity side. So for that particular issue, I’m not sure why it didn’t work with the OS, a Windows Server. It was an issue with some of the clients connecting to the console. We’ve been working with them and haven't been able to find out a single cause of failure.

I've been using the solution for a year and a half. 

We haven't had any issues. There is nothing that's noticeable and it's never offline for long periods of time. 

It's pretty scalable. There are a few operating systems that we've had issues with. Other than that, everything else has been pretty scalable.

Technical support is super. They are very helpful and relatively quick to respond. Sometimes they take a little bit to respond, however, it's not super long. 

The company also has good online knowledge and it's pretty helpful. Usually, we'll access the database knowledge first and then go to support. 

Positive

We used CrowdStrike previously.

I was not involved in the initial setup. 

I'm not hands-on. I'm more on the management side. Basically, we make sure that they connect, and I'll handle the management once everything's set up. I'm handling monitoring. Deployment is handled by another team. We have maybe ten team members who manage deployments. 

The maintenance is minimal. It's pretty self-sufficient. We just do normal reviews. 

From my point of view, the deployment is straightforward. 

We use internal teams to handle deployment. 

I'm not sure of the pricing. That's above me. I'm a technical person. It's not my arena.

They also have this feature called Ranger. That one we don't have implemented. That's an extra fee, so we don't have it.

Overall, I'd rate the solution ten out of ten. It's been a pretty solid tool. 

I would probably recommend it over some of the other ones that I've seen only based on the ease of use. It does what it's supposed to do. It's been relatively fast and is also pretty complete from what we've seen. The product is not very difficult to learn.

We use SentinelOne Singularity Complete for the EDR piece, and we have it installed everywhere.

Singularity Complete works well with other SentinelOne solutions. We must make sure to whitelist the right binary with other tools, and that is all.

The ability to ingest and correlate data across our security operations is good. We can send all of the events to our SIEM system, or we can use Singularity Complete's built-in SIEM functionality. I believe the retention period is 14 days by default, but we purchased the additional package that allows us to store data for longer.

Ranger is a great tool that lets us see what's on our network which is extremely important. It pings other devices on the network and tells us what kind of devices they are. We're big fans of Ranger!

Ranger does not require any new agents, hardware, or network changes. It automatically starts mapping out the network, which is great for us.

Ranger helps prevent vulnerable devices from becoming compromised by alerting us to their presence. This allows us to proactively install SentinelOne on these devices, which is a very helpful tool.

SentinelOne Singularity Complete has helped improve our organization by preventing hacks and providing us with visibility into our devices through the Deep Visibility plugin that we have enabled.

It has reduced the number of alerts we receive by 80 percent. We spent the first six months tuning the workflow of different admins and users, and after that, we only received alerts that required action.

It has helped free up our staff to work on other projects and tasks. They now only receive actionable alerts, without any false positives, which saves them a few hours per week.

Singularity Complete has reduced our MTTD by 40 percent.

Singularity Complete has helped reduce our MTTR. We are alerted right away and we can access the dashboard and respond from there quickly.

I like the centralized management with the web dashboard. It allows me to quickly view incidents and see what's happening in a well-organized way. I can also easily query different points.

SentinelOne should include Ranger Pro out of the box with Singularity Complete.

I have been using SentinelOne Singularity Complete for one and a half years.

We have run SentinelOne Singularity Complete on many different machines without any stability issues.

SentinelOne Singularity Complete is scalable.

We've had nothing but fantastic things to say about the support. Our technical account manager is great, and the support staff has been very helpful. We've also been onboarded with SentinelOne Singularity Complete, and everyone from the account manager all the way down to the support engineer has been excellent.

Positive

We replaced Symantec Endpoint Security Complete with SentinelOne Singularity Complete to improve our security posture because Symantec was outdated.

The initial setup was straightforward and required six people for deployment, which took a few weeks to complete. Some teams took a little longer to figure out their deployment, but we deployed the whole system enterprise-wide within a month or two.

I would rate SentinelOne Singularity Complete nine out of ten.

SentinelOne Singularity Complete is a mature solution.

We have deployed SentinelOne Singularity Complete across multiple locations, departments, and operating systems, including Windows, Linux, and Mac. We have around one thousand endpoints.

The only maintenance required is the package updates that are released to keep the solution up to date. The cloud version is automatically updated by SentinelOne support, which manages it. The agents themselves must be updated manually which I do by clicking on them.

I recommend completing a POC to ensure SentinelOne Singularity Complete is a good fit before moving forward.

SentinelOne Singularity is our endpoint protection solution. It protects our endpoints against malware. It's integrated with our centralized log management solutions. 

SentinelOne is helpful from an endpoint security perspective because it's a consolidated solution. We don't need any other product. SentinelOne has reduced our detection time significantly. 

We can detect suspicious behavior in near real-time. It isn't 100 percent, but I would say 99 percent of the time, it detects threats almost instantly and notifies us. The solution has reduced our risks from an endpoint perspective by about 20 percent. 

SentinelOne gives us visibility into various high-level vulnerabilities on every gateway on the network. It helps us prevent vulnerable devices from being compromised. We primarily use Singularity for its EDR functions. We're happy with that. 

Managing the alerts is a challenge. Singularity generates a lot of alerts and false positives. While it speeds up our detection time, it takes us longer to respond because we have to do a follow-up analysis to weed out the false positives. A lot of time goes into determining whether it's a genuine threat. 

I have used SentinelOne Singularity for a year or so.

SentinelOne Singularity is a stable product.

Singularity is scalable. We haven't had any issues so far. We have no plans to increase usage right now. If the number of users increases, we'll look at it. 

I rate SentinelOne support seven out of 10. The response isn't fast enough. 

Neutral

We previously used Symantec antivirus but switched to SentinelOne for its EDR features. 

Deploying SentinelOne is straightforward. Rolling out agents across the endpoints takes time, but that's because of our company's internal procedures. We can start using it once the agents are deployed across all the systems. It took around three months or so. 

We see a return in the form of increased endpoint security, but we aren't seeing cost savings or reducing the number of personnel. In fact, we need to increase resources on the SOC side because they are handling so many alerts. However, we get better visibility from the console compared to a traditional antivirus solution. 

I rate Singularity Complete four out of 10 for affordability. SentinelOne costs more than traditional antivirus solutions, but we get more out of it. It hasn't saved us any money, but it's an EDR solution, so we get a lot of value from it. 

We also looked at CrowdStrike. The decision ultimately came down to cost. SentinelOne was the cheaper option. 

I rate SentinelOne Singularity Complete seven out of 10. It's a comprehensive, innovative solution that covers many of the network features and core antivirus functionality. It's a solid solution from a coverage perspective. The only thing that needs improvement is the false positive rate. If SentinelOne can address that, it would be excellent. My advice to new users is to have a team of people trained to use and manage the solution. 

We're a construction company using SentinelOne for endpoint security with endpoint detection and response. SentinelOne covers all of our endpoints and servers. It protects everyone across the company, even those not actively using an AV.

SentinelOne's managed detection response service Vigilance Respond is convenient for companies like ours with small IT teams. If something happens on the weekend, SentinelOne steps in and resolves the issue. It's a false positive 97% of the time, but at least they're resolved instead of hanging around for us to find on Monday.

We have the Ranger feature for network scans, allowing us to pick up any new devices that show up on a network. That was especially useful for us when we shifted to working from home.

If two or more agents are in a remote network, they will scan the network and give you an inventory of the MAC addresses and device types they see. This is handy when you have a small office or someone working from home. We do not allow employees to bring their own devices, but people are plugging their company computers into their home network, exposing them to risks. The ability to report on connections in remote networks is handy.

SentinelOne's machine learning engine is purely behavioral. The engine will shut down anything that's bad, isolate the system from the network, and alert everyone. We had tremendous success with CylancePROTECT for over five years. Zero successful attacks. In 18 months in with SentinelOne, we've seen the same lack of drama. No endpoints have been compromised to the degree that it has negatively impacted our network.

Managing the false positives creates additional management overhead. The behavioral analysis engine might misinterpret real user behavior as malware. For example, a drafter was cleaning up a Revit folder and deleting 4,000 files. That looks like ransomware. The SentinelOne agent kicked his computer off the network.

We interrupted that process and then isolated his computer and the file server. It was somewhat disruptive in the middle of the day. At the same time, it was a perfect simulation of what ransomware would do, so it was reassuring that SentinelOne stepped up and said, "Nope!" 

It was not a malicious process running that was detected. It was simply behavior he shouldn't have done. Now, our drafters know to co my team when they're going to do some file cleanup. The false positives are just inherent in just the large amount of poorly written software that's out there. Any competent antivirus is going to have a behavioral, heuristic engine looking at what's actually being done.

It might be something bad done by the software you use. We used a machine learning engine for five years. The Wire Hauser Corporation builds subpar software because they're supposed to be building lumber products. It triggered a false positive, that's about the only negative for any modern AV is just false positives.

In the future, I would like to see SentinelOne implement integrated patch management. It would be great to manage endpoint patching through SentinelOne. We're on our third patch manager in three years because they are lackluster. It would be nice to have a new patch management tool.

I have been using Sentinel One for about a year and a half.

SentinelOne is stable and constantly improving. Today I did a demo of a new acquisition they made for Active Directory. Ranger is the product that scans networks. This is a new product from a company they bought.

They do automated scans of your Active Directory infrastructure to identify fixable problems and anyone trying to take advantage of the unfixable problems. They're improving their core product while adding new functionality and products that I'm interested in.

SentinelOne is highly scalable. I know folks with 10 times the number of endpoints we have, and they're pleased with it. One fellow I know has 4,000 endpoints under management.

I rate SentinelOne support nine out of 10. I wish our other vendors had tech support as good as SentinelOne. I can only think of one other vendor that possibly has better tech support, but the vast majority of software companies have sub-par tech support. Little goes wrong, but get a quick turnaround time when something comes up. 

Positive

We were using CylancePROTECT, one of the early innovators in machine learning next-gen AV. Then they added on an EDR component called  CylanceOPTICS. CylancePROTECT was an outstanding product for us. It was extremely low overhead and highly efficient. It crushed it in the proof of concept and did an excellent job for us.

Blackberry acquired the solution in 2019, the last year of our three-year agreement. It was awful. Development essentially stopped. All of the intelligent people started leaving. I found out that some went to SentinelOne. It was clear my worst fears were realized: that Blackberry was going to screw up yet another good thing.

I had prior experience with this kind of antivirus, so I thought setting up SentinelOne was very straightforward. We stood up three different products in the course of 60 days to do this test. I didn't think there was anything unusual or unexpected about setting it up. It's perfectly understandable if you know what you're doing.

We have automated tools for deploying software. The biggest problem was getting the old endpoint solution off and the new endpoint solution parked on top of it. We had a 30-day window to get it all done for 250 endpoints.

My IT group has four people, including me, but it's not hard to manage or deploy. It fits right within our normal imaging endpoints, so it's super-low overhead.

We did the deployment in-house. I'm paranoid. I wouldn't let anybody touch our security software.

We pay $30,000 a year for 275 endpoints. We're growing, so I plan to buy another 75 endpoints. There is still a year and a half left in my three-year subscription, so I'm going to increase my endpoint count by 30 percent.

I'm buying midterm. We're a little over our licensing right now—less than 10%—but we'll correct our device count and plan for future growth. We pay for additional managed detection and Ranger network scanning.

We started doing proofs of concept for a short list of candidates in October 2020 when things calmed down a little bit. In addition to SentinelOne, we were looking at Sophos Intercept X, and CrowdStrike Falcon, which I assumed would win the bake-off. I had every expectation that Falcon was going to be our new endpoint. SentinelOne was kind of a startup. CrowdStrike Falcon was number three. Our second choice would've been Sophos Intercept X.

We left behind traditional AVs like Symantec and Norton Antivirus in 2016. It's awful stuff. We would've been good with Intercept X or Falcon, but SentinelOne has just proven to be the right choice for what we're doing. I hope they don't get bought.

I rate SentinelOne 10. It's an excellent next-gen AV with none of the signature-update nonsense. It'll kill anything that does something bad, which sometimes is an Adobe product, etc. False positives are expected in that situation, but it's not a problem.

If you're considering SentinelOne, devote time, money, and staff to a thorough proof of concept. If you don't test your use cases, You will regret it. Just assume it's going to be an exit project to do an endpoint security selection. Ignore Gartner's and the press. Don't pay attention to the big analysts. Read the peer reviews and the community feedback. 

Do the heavy lifting with a proof of concept. If you think you're spending too much time on it, you're probably not spending enough. It's so important. Treat picking a product like you would any other big project.

SentinelOne Singularity Complete is an endpoint protection solution that my company deployed on all workstations and servers to protect against ransomware, malware, and other types of infection.

What I like best about SentinelOne Singularity Complete is its web-based admin interface, which allows me to go into the platform, look at the entire organization, particularly all of the sentinels or endpoints, and manage everything from there. For example, if someone is infected, I can manage the whole operation and process from the admin panel.

I also find SentinelOne Singularity Complete beneficial in its interoperability with other SentinelOne solutions and third-party applications. This helps the solution stand out.

The ability of SentinelOne Singularity Complete to ingest and correlate across security solutions is also a great feature.

The solution has not reduced any of the alerts for my company, but I'm happy to see when the alerts come through on the platform. As for the mean time to detect, SentinelOne Singularity Complete helped reduce it by ninety percent.

I noticed the mean time to respond has been reasonably quicker after using SentinelOne Singularity Complete, plus the organizational risk has been reduced.

In terms of quality and maturity, SentinelOne Singularity Complete has been around for a while and is a trusted solution. I have a colleague who works for another organization that was hit with ransomware, and the consulting company working with his team recommended SentinelOne Singularity Complete as one of the changes to implement immediately so from that standpoint, I truly enjoyed hearing that knowing that my company is also a SentinelOne Singularity Complete customer.

As a strategic security partner, I found the solution great, primarily because all of its features work well.

SentinelOne Singularity Complete takes up a lot of memory in Google Chrome, which sometimes causes it to lag, so this is an area for improvement. The solution could be improved by increasing its efficiency within the web browser.

Another area for improvement in SentinelOne Singularity Complete is technical support, particularly the response time when dealing with non-critical issues.

We've been using SentinelOne Singularity Complete for over two years now.

I didn't experience crashing and downtime from SentinelOne Singularity Complete, so I find it stable.

For my company's use, SentinelOne Singularity Complete is great and has no issues scalability-wise.

The technical support provided for SentinelOne Singularity Complete is a seven out of ten because the team takes longer to deal with non-critical support issues. Response time could be faster.

Neutral

My company was looking for a solution encompassing a wide range of protection, and SentinelOne Singularity Complete matched what the company was looking for. The company used another product, particularly Webroot, and then moved to this solution.

Moving to SentinelOne Singularity Complete was my company's decision as it had more features, was more advanced and was more suitable for an enterprise application. Hence, the solution was ultimately a better fit when compared to Webroot.

I was involved in the initial deployment of SentinelOne Singularity Complete, which was very straightforward.

SentinelOne Singularity Complete was implemented in-house. I did it all by myself.

Anytime my company doesn't get infected with ransomware, there's ROI from SentinelOne Singularity Complete, as being infected with ransomware is pretty costly.

I find the licensing cost for SentinelOne Singularity Complete fair.

I've never used the Ranger functionality of SentinelOne Singularity Complete.

In my company, SentinelOne Singularity Complete has a hybrid deployment.

From a maintenance perspective, I have to ensure the solution is working and looks good, but I only have to go in and check occasionally. In SentinelOne Singularity Complete, the upgrade is automated.

My rating for SentinelOne Singularity Complete is nine out of ten.

I'd tell others looking into SentinelOne Singularity Complete that it provides complete protection and has yet to fail my company, so it's a solution that I recommend. I'd tell others to go with SentinelOne Singularity Complete.

My company is a SentinelOne customer.

We use SentinelOne Singularity Complete to protect our environment.

SentinelOne Singularity Complete has helped us reduce the number of alerts we receive. I was attacked three times, and each time I received an alert. There were a lot of good features in SentinelOne that we were not aware of until we contacted them after we were hacked. SentinelOne took the role of fast response protection and took action.

SentinelOne Singularity Complete has freed up our staff's time to work on other tasks and projects. I made many changes to my department this year, including migrating all of my servers from on-premises to the cloud. With Singularity Complete, I was able to protect my cloud servers immediately and shut down my on-premises. I was also able to receive notifications of changes to IP addresses and users, which are common changes that occur during a migration. Sentinel was able to alert me every time there was a change.

In terms of service, SentinelOne has very great service. They respond immediately as soon as we open a ticket. I got attacked last year, and they were able to help me resolve my issues. So I got a fast response. Of course, we paid for it, but in terms of professionalism and support, they were extremely professional, and they have a lot of professional people working for them.

The most valuable feature is the quick response to attacks.

The SentinelOne portal is not user-friendly, which is one of its drawbacks. We have to search for options to disable and enable protection. We have to go through it on our own to find the options we need to add or remove notifications. SentinelOne did not tell us about these options until we encountered problems and had to contact them. We were not well informed. When we first implemented the solution all the options were turned off and we did not know that we had to navigate through and turn on what we required.

The MTTD has room for improvement. I was attacked last year and did not receive an alert from SentinelOne Singularity Complete until 24 hours after the attack occurred.

I have been using SentinelOne Singularity Complete for two years.

SentinelOne Singularity Complete is stable and we have not encountered any issues.

I would rate SentinelOne Singularity Complete's scalability an eight out of ten.

We do not have a support package, so we pay per use, which is expensive. However, they are very professional and follow up well. They took charge immediately, found a solution immediately, and blocked the ransomware attack. They also gave us details on what to do next. Two to three days later, they called my department back and followed up with the system administrator to make sure everything was okay. Overall, I am satisfied with their service.

Neutral

I previously used Microsoft Defender and Sophos. SentinelOne is a much better solution than Defender and has a quicker response time to alerts and attacks than Sophos.

The initial deployment was straightforward. Implementing SentinelOne was not complicated, and more user-friendly than the others.

The deployment was completed by myself and one admin.

SentinelOne Singularity Complete is expensive compared to Microsoft but not Sophos. However, it is worth the price for its quick response and immediate remediation options.

I would rate SentinelOne Singularity Complete nine out of ten. SentinelOne is one of the best security solutions I have worked with. I would rank it in the top three best platforms for security.

SentinelOne Singularity Complete is an aggressive and accurate security solution.

No maintenance is required except for updates that we push out to all end users.

For organizations that want an aggressive security partner, I recommend SentinelOne Singularity Complete.

Although SentinelOne Singularity Complete is expensive, I have no qualms about investing more money in the security of my department and data. I would definitely recommend SentinelOne Singularity Complete. It gives me peace of mind knowing that my data is safe.

It's good for log management and security and is integrated with other solutions. It offers automatic response and remediation.

It's helped us filter for security issues. This product can organize and visualize incidents for us. It's helped a lot with remediation and mitigation.

The XDR is very useful. The agent that collects data from servers is pretty effective.

The interoperability with other SentinelOne solutions or third-party solutions is quite helpful.

Our impressions of the solution's ability to ingest and correlate across our security solutions is perfect. We're satisfied with its capabilities in this regard. 

It's helped us consolidate our security solutions a bit. 

The Ranger functionality helps provide visibility. We're provided with security mapping for applications and can see end-to-end traffic. We also don't need to add agents or hardware or make network changes. It's easy to use. The Ranger functionality 10% helps prevent vulnerable devices from becoming compromised. 

It's reduced our alerts by about 80%.

We have been able to free up staff time as it's not that time-consuming.

It's helped us reduce our mean time to detect as we can now see issues in real time. It's also helped with our mean time to respond.

We've been able to reduce organizational risk by 70% using this solution. 

I'd like to see us be able to take action on one platform for items such as security variation, security orchestration, automation, and response (SOAR). 

I've been using the solution for 3 years.

The stability of the solution has been good. 

The solution is scalable. 

I've never escalated questions to technical support in the past. 

I have used Splunk as well. SentinelOne is easier to use and integrate. 

The initial setup was easy for this solution. 

While I cannot quantify it or share any data, we have seen an ROI from using this solution. 

I don't have any visibility on pricing or licensing. 

The solution's ability to innovate is very good. It's quite mature.

I'd recommend the solution to others. 

I would rate the solution 8 out of 10.