SentinelOne Singularity Complete Reviews

I mainly focus on endpoint security. Customers often ask me about solutions to detect malware threats, and SentinelOne is one of the options I recommend. The main focus is detecting malware threats on endpoints.

The AI solution makes it easy for customers to detect and manage policies, as well as documents that help customers manage their platform.

I would like to have the same features such as ransomware that are available on the cloud version of SentinelOne also made available for the on-prem version because a lot of people in our region are not ready for cloud solutions.

I have been using the solution for one year.

Our clients range from small, medium, to large scale and the solution is stable for all of them. I give the stability a ten out of ten.

The solution is highly scalable. I give the scalability a ten out of ten.

The technical support is very good, and quick.

The initial SentinelOne setup is easy to set up in the environment and also easy to download the packet to install. 

We do not encounter a lot of issues with the pricing of SentinelOne. The pricing is reasonable.

The solution offers a standard licensing fee.

I give the solution a ten out of ten.

Everyone who is a client of ours gets SentinelOne by default. It provides ransomware protection, malware protection, and increased security. Those are our top-three selling points for SentinelOne when we talk to clients.

Prior to deploying Sentinel One, we had a team of staff members dedicated to ransomware prevention and malware alerts. Since deploying Sentinel One, we have been able to allow that team to focus on other proactive security measures for our clients.

The dashboard alerting is great and it has helped us out a ton.

SentinelOne has also greatly reduced incident response time, based on the toolsets and the ability to deploy it to new companies through a script. That has been very helpful. It has decreased the amount of time spent on incident response by 40 to 60 hours a month.

And when it comes to mean time to repair, while we haven't had a situation where we've had to reload an operating system or repair to that extent, we've used the 1-Click Rollback feature which saves several hours over a reload of a PC. 

The detection and response feature is really good for us. 

Also, there is a feature called Applications, and it shows all the critical applications that are on devices that may need to be reviewed.

The solution’s Static AI and Behavioral AI technologies are great when it comes to protecting against file-based, fileless, and Zero-day attacks. I would rate that aspect at eight out of 10. They have been great at detection.

The solution’s 1-Click Rollback for reversing unauthorized changes is also huge for us. That is one of the top reasons we have SentinelOne in place. For example, we had a site that had downloaded malware on a share for their sales office. It was trying to move laterally throughout the network but SentinelOne detected it. We then used the 1-Click option to remove it from the 10 or so PCs it had infected. Then we blocked it based on the information SentinelOne provided to us. That way if it happened again, it would already be blocked and wouldn't be allowed to launch.

One area of SentinelOne that definitely has room for improvement is the reporting. The canned reports are clunky and we haven't been able to pull a lot of good information directly from them.

Also, integration is almost non-existent. We would really like to see integration with ConnectWise. Within ConnectWise Automate, you're only allowed to deploy at the top-level group. Our company is dealership-focused, but if we have a parent dealership that has 10 sub-dealerships with SentinelOne, we have to treat them as one large group instead of one parent and 10 sub-groups. That's been a pain point for us. We've done some workarounds, but since there is no integration, it's tough.

I have been using SentinelOne for about two years.

We haven't had any issues, outages, or upgrades. I would rate the stability at 10 out of 10.

One of the features that we love about SentinelOne is that we don't have to buy licenses ahead of time. It just scales up as we grow. We're bringing on a client now that has 500 endpoints and I don't have to worry about contacting sales at SentinelOne and getting a PO for 500 licenses. It just scales up and we're charged based on what we use, which is awesome.

The solution is on 100 percent of our clients that we manage, and that's going to be the goal moving forward. Our sales team does not put in a contract without SentinelOne.

SentinelOne technical support has always been very quick and responsive. We haven't used them a lot. We're a technology company as well and we're able to fix the minor stuff ourselves or by looking at a knowledge base.

One of our concerns or complaints at the beginning was the lack of training, which they fixed. They allowed us to schedule our staff to do the eight hours of free training, which was great. That would have been my only complaint, but that was resolved a few months ago.

Positive

We didn't have any EDR solution in place like SentinelOne. We had Bitdefender for antivirus, but that has been removed. Our existing antivirus was failing in several ways. It wasn't detecting everything that was coming through. That was the big catalyst for the switch.

Originally, we had SentinelOne through SolarWinds, which was our previous RMM tool. And when we migrated to ConnectWise, we moved our existing licenses over.

The initial setup was straightforward. It was through our RMM. We bought licenses and we had a one-click deployment to deploy that software. And when we migrated, the gentleman who helped us was awesome. We migrated 9,000 endpoints from that RMM directly into SentinelOne, and he did a lot of the heavy lifting. We just had to check and confirm things were getting moved over.

The migration of the 9,000 agents took 10 to 14 days.

Our implementation strategy included a deployment where we would do a test phase. We picked certain endpoints at different clients and we would deploy and set it in a "listen-only" mode and see what it caught. If everything was good, we would then turn it on to regular mode. That process helped a lot in the implementation.

We have about 75 people in our company using SentinelOne. The main roles among them are about 60 percent help desk, which is view-only; 20 percent client-side, which is reporting and view-only; and the rest are our engineering level where they have the ability to do rollbacks and fix certain issues that are coming in. There is very little maintenance involved with the solution, maybe a handful of hours a month. We have it set up to auto-update. Prior to that, we had to set up our script to download the most recent version, but that's all been replaced now with automation. Maintenance on the actual system is very minimal.

In the past, we had to purchase licenses in advance, so if we hit our license limit, we could not expand until we got a signed agreement in place with the sales rep after the back-and-forth. That meant if a client had ransomware and they had 200 agents, we couldn't deploy right away if we were up against our limit. So we always had that balancing act of figuring out if we were close to our limit and whether we needed to buy more licenses? We ended up paying for licenses we didn't need because we had to buy them in packages of 100.

We now pay based on usage. They do an audit once a quarter and calculate any overages. We pay a set amount quarterly, based on our licenses in use, and then they true-up the figure. Right now we have 12,800 agents with SentinelOne on them. We charge our clients monthly, so it would be really difficult for us to write a check to SentinelOne, in advance, for a full year's worth, at that level. It's been great for us to have the quarterly payments.

We looked at CylancePROTECT in addition to SentinelOne. We liked the pricing better and the contract options better with SentinelOne. The deployment also seemed to be easier. In addition, SentinelOne detected things that others missed. We did a few quick trials of other solutions, but SentinelOne seemed to be the best in terms of detection. For example, we did a test with Mimikatz and SentinelOne detected it immediately, whereas some of the others bypassed or didn't see it at all.

And when we talked to the ConnectWise sales rep—because ConnectWise was integrated with Cylance at that point, and SentinelOne was not—the rep told us that they were actually dropping Cylance and moving to SentinelOne over the next year for integration, which was a big factor for us.

My advice would be to implement SentinelOne immediately. It is one of the top things that we've implemented and it has saved us countless hours. It's really hard to quantify the savings, but if a client were to get ransomware, it could involve weeks of several team members working around the clock to get them back up and running. Since we've implemented this, we haven't had to do that in an environment where we had experienced having to do so previously.

The biggest thing I've learned from using SentinelOne is that there are a lot more attacks out there than a typical antivirus will display. Regular antivirus, rather than an EDR-type platform, gives people a false sense of security because there are a lot of processes running in the background that the typical antivirus solution is not equipped to catch. It was eye-opening when we started deploying this at clients, locations where we felt we had very good peace of mind in terms of what was happening. SentinelOne started detecting things left and right that were completely unable to be seen prior.

We utilize SentinelOne Singularity Complete to manage the endpoints, including workstations on both Windows and Mac platforms. This enables us to detect any anomalous behavior and threats on these workstations. Essentially, it empowers us to safeguard our enterprise, effectively replacing our conventional antivirus solution.

We aimed to bolster our security and achieve more comprehensive coverage, which is why we adopted SentinelOne Singularity Complete.

Singularity Complete's interoperability with third-party tools is good. The integration with the Singularity AI-SIEM platform enables us to collect logs from various other platforms and consolidate them into a single console. This greatly facilitates swift issue diagnosis and identification, making it an advantageous perspective.

We have recently begun using the ingestion and correlation functionalities of Singularity Complete. Currently, we are in the process of integrating it with our existing networking equipment, namely Palo Alto and Fortinet. Our objective is to ingest specific data from these sources and derive meaningful insights from the collected information. The integration processes are quite straightforward and user-friendly. It seems that any challenges we are facing might be attributed to configuration issues on our side, which we need to improve upon.

Singularity Complete has assisted us in consolidating our security solutions. With Singularity Complete, we now have a centralized platform for monitoring alarms. We are gradually phasing out the other solutions we had in place.

It has enabled us to gain more confidence and autonomy. The solution is comprehensive as it effectively manages both workstations and threats. Consequently, it significantly reduces the burden of dealing with operational issues and reacting to problems. This approach eliminates the need for excessive proactivity, as we trust the platform to handle these tasks on our behalf. Thus, we no longer need to spend time searching for threats, as the platform efficiently performs this task for us.

It helped reduce false positives. We fine-tuned the solution by creating some exclusions that have reduced the number of alerts.

Singularity Complete has freed up two to three hours per week of our staff's time to work on other projects and tasks.

Singularity Complete has reduced our MTTD by around five hours and has reduced our MTTR by around three hours on average.

It has indirectly helped save costs because we spend less time having to deal with configuration and proactively configuring alarms and alerts.

Singularity Complete has reduced our organizational risk by around 40 percent.

It is now a toss up between the AI-SIEM platform and the the rollback feature. There were instances when some workstations detected infections, and having the rollback feature proved to be incredibly valuable.

Native integration with the mobile console is an area that can be improved.

I'd like to see more operations with the XDR platform.

I have been using SentinelOne Singularity Complete for one year.

I would rate the stability of Singularity Complete a ten out of ten.

I would rate the scalability of Singularity Complete a nine out of ten.

The technical support is of high quality, strong, and responsive.

Positive

We previously used ESET but we were often missing threats and not finding out until after the fact.

The initial setup is straightforward. We collected several samples for each department, and subsequently, we distributed them to ensure their functionality among the users in different departments. After conducting the necessary tests, we proceeded to implement the final version.

Two individuals were engaged in the deployment: a Cyber Hunter and an administrator.

The implementation was completed in-house.

We have observed a return on investment through the time saved managing our workstations and addressing threats. This has provided us with additional time to dedicate to operational projects.

The pricing was very similar in terms of its competitors, but I believe SentinelOne's capability and willingness to attract new business allowed us to save some extra money. I think the pricing aligns well with the market. They encountered competition, so their pricing was slightly more adaptable. That's where we gained an advantage from it.

We evaluated CrowdStrike and Microsoft Defender. We didn't find microsoft Defender to be a strong enough technology. CrowdStrike was more expensive, while SentinelOne offered a combination of good technology and affordability.

I would rate SentinelOne Singularity Complete ten out of ten.

SentinelOne is ahead of the curve. They are certainly leading the way. When we consider the kinds of integrations being developed and the AI integrated into the platform, it's evident that they are the latest entrants to the market. This current position enables them to be more innovative in their approach.

SentinelOne Singularity Complete is extremely mature at this level.

We have 50 end users based out of multiple locations. A lot of our users work from home. Singularity Complete is deployed on laptops, workstations, and our servers.

The maintenance is minimal and is overseen by one person.

We're very satisfied with SentinelOne as a strategic partner. They've given us what we need, and we see a long-term future relationship with them.

Planning the rollout is crucial because we need to effectively manage the changes with the users. Therefore, meticulous planning of the rollout, organized by department, ensures a seamless transition and allows us to anticipate any potential issues. Adopting a staggered approach, rolling it out per department, is likely the most effective strategy for deploying Singularity Complete.

We use it for protection and endpoint detection across our entire customer base because we are a managed service provider. It is also for endpoint protection of our internal machines. 

We have Linux, Mac, and Windows. It has essentially replaced our antivirus solutions. It is our full endpoint detection. We then work in and partner with our outside XDR and our SOC. We interface SentinelOne identifications and alerts into the SOC so that they can manage those for us.

It is very strong in terms of the ability to ingest and correlate across our security solutions. They have added cloud capabilities. Some of that is through acquisitions, but a lot of it is native. It allows us to bring in data from everywhere, analyze what we need to analyze, and make sure that we are as secure as we can possibly be. When we have SentinelOne running in an environment, it always makes us feel more comfortable. We require it for every one of our customers. They may have a license elsewhere, but regardless of that, we essentially say that if they are coming on and going to be a customer of ours, we are going to remove whatever they have, and they are going to SentinelOne just because it is a far superior product that we have tested and evaluated.

With SentinelOne, we have not consolidated security solutions, but we have reduced our TCO because we do not have to support customers utilizing other endpoint protection solutions. We simply would not work with other solutions. We enforce SentinelOne to be the only endpoint protection solution that is monitored or managed by us. That obviously has helped our TCO in terms of the knowledge base and being able to support and protect our clients, but we have not reduced any applications or vendors that we work with because we stuck with SentinelOne from day one.

We have used the Ranger functionality a little bit. It provides network and asset visibility. It lets us see everything else that may be on the network that we may not already have an idea of. Just by having an agent in the environment, it lets us see additional switches that may have vulnerabilities or new machines that may pop up on the network that we are unaware of. There is a large benefit to that, for sure.

The fact that Ranger requires no new agents, hardware, or network changes is crucial to it being effective because a lot of different solutions out there require you to have something else running on the network to be able to perform the functions of Ranger. However, the way they designed SentinelOne, we can essentially have the regular SentinelOne singularity agent installed on a machine out there and enable the Ranger functionality on the agent. It will then do the work for us. Rather than having an additional appliance or an additional software service running in the environment to capture the information that we are looking for, we get it from Ranger. Ranger can help to prevent vulnerable devices from becoming compromised, but we have not used it this way.

SentinelOne Singularity Complete without a doubt has helped reduce alerts. With the policies that we enable across the board for our customers through SentinelOne Singularity Complete, we can onboard new clients, and as we onboard them, we are able to quickly and easily protect their environment without filtering through a ton of random alerts that are typically false positives when you are onboarding a new customer. That, to me, has been a huge benefit to having SentinelOne and reducing our overhead to manage the new customers that we are bringing on.

SentinelOne Singularity Complete has helped free up our staff for other projects and tasks by reducing the false positives that we get for our existing customers and when we onboard new ones. It obviously allows us some engineering time to be focused elsewhere. We have been able to do more automation and tie in other protection solutions into SentinelOne, such as our XDR with our SOC.

SentinelOne Singularity Complete has reduced our mean time to detect (MTTD) without a doubt. We get alerts regularly from the console that get notified to our SOC and also internally. We are able to respond to those very quickly. In fact, on average, about 90% to 95% of the time, SentinelOne Singularity Complete automatically remediates the solution based on how it is set up with our policies. Therefore, we do not have to do anything other than verify that it was a legitimate threat that was blocked.

Our mean time to respond (MTTR) is a lot faster than what we experienced with other solutions in the near past. It is almost immediate. It sees the process kick off. It remediates it 90% to 95% of the time, and even when it does not remediate it, it alerts us immediately. We are not waiting for a weekly scan or a daily scan that the other solutions typically use because it is all in real-time with the Singularity agent.

SentinelOne Singularity Complete has helped reduce our organizational risk. It is one of those solutions that lets us sleep easier at night when we have it on a machine. Security, in general, is not set-it-and-forget-it. It is not a single layer. You have to have multiple layers. We have other solutions that we partner with SentinelOne to try and make the environment as secure as possible, but SentinelOne is definitely the starting point. It gets us protected, and it makes our lives easier with the device. We feel more confident that the device is secure from everyday end users who do not necessarily know the difference between a fake or a phishing email that has a fake Adobe or Word Document attached to it that they are going to download and try to run. It definitely makes our life easier, and in my role, it helps me sleep a little better at night knowing that all of our machines are protected by that, both internally and across the board of our customers.

The ability to quickly and easily identify threats on our machines is valuable. The fact that it protects the environment as a whole is also valuable. They have the ability to identify network nodes, and they have Ranger as a component of the solution that allows us to see the whole picture. We can see on what we have SentinelOne and on what we do not. There is always that concern that you protect what you know, but items can be brought into the network that you are unaware of because you are not sitting at every customer location every day or every office every day, so the ability to quickly identify anything new on the network has been a huge benefit to the application. It is something that they have added over time. It has been huge for us.

Interoperability with other SentinelOne solutions and other third-party tools is an area where you can run into some issues. Because of the way the agent works, there are sometimes things that are blocked or prevented from happening that are not identified as a threat, and therefore, not alerted in the console. Sometimes, we do have to dig through the logs, run tests, and adjust the whitelisting or exclusions to make sure that other applications will run properly. It is very effective, and it protects our environment like no other solution that we have ever worked with or tested. It is very strong, but you have to get in and look at the visibility reports and the information in the system, in the console, and on the dashboard to really identify if something is being blocked and causing a performance issue for a customer or on a machine. They have the flexibility there, but it can be a little frustrating at times to find the needle in the haystack until you get used to the console and understand how it works. So, there are times when it can impede the ability of an application. The way I typically look at that is that the application developer or whoever developed the app is probably using some functionality that is not standard, and that is why SentinelOne is effectively not allowing it. The only issue there is that we do not always know that SentinelOne is not allowing it. It could be impeding the traffic for an application or a database connection, but we do not know that initially. It does not flag that as a threat or block anything, so there is no alert.

They have device and network control that they have added over time. It allows you to take over control of the firewall through the network control, and you can block and manage CD-ROMs and USB devices. One thing that I always thought would be beneficial for device control is the ability to enforce encryption on USB and external hard drives. You do not have to have a separate agent to handle any of that even if it is just tying into BitLocker on Windows devices or BitLocker To Go capabilities. To me, that would be a huge benefit to the product so that there is no other application, and you do not have to privately manage BitLocker settings for USB devices or external hard drives.

Lastly, it would be very beneficial to have a solid SentinelOne agent for mobile devices that easily ties into the existing endpoint dashboards.  With the proliferation of mobile and email threats that are exploited on mobile devices having a centralized console for managing these endpoints would be crucial in the future.

Between my current organization and prior organization, I have been using SentinelOne for close to 12 years.

We have not had any incidents where we have had to contact them for an emergency. There were no ransomware outbreaks and no major attacks or threats running through our environment, so I have not had to deal with that level of support. Typically, we reached out to their support when we had a question on interoperability or we were seeing some weird effects or an agent upgrade not wanting to push from the dashboard properly. For the most part, their support is pretty strong. The turnaround time is usually pretty good. We had only one ticket that had to be escalated above the initial tier 1 support. They get prioritized based on criticality, and even that ticket was closed within eight calendar days. To me, it was not a critical issue. I did not think it was an issue, but it took eight days. That was well within the expected time frames. I would rate their support a nine out of ten.

Positive

In the past, I have used Trend Micro. This was prior to endpoint detection times. It was more than nine years ago. I used Trend Micro, Kaspersky, Norton, and McAfee. I have also used ESET and Malwarebytes. Typically, we were using those in layered approaches. We put ESET and Malwarebytes on the same machine because they served different purposes, but I have not used those in nine or ten years.

By implementing SentinelOne Singularity Complete, we were not necessarily trying to solve a problem. We wanted to try and find a best-of-breed solution that was more effective than legacy AV because legacy AV is based on somebody getting hit by the virus, and then it allows the fingerprint to be used to block hashes, etc. Somebody has to get hit, and then everybody else can benefit from that. That was the old model, and we wanted to go next-gen. We wanted to make sure that we were using something that could be as protective as possible on zero-day outbreaks. After reviewing many of the solutions out there, we felt like SentinelOne was the best of the breed. That is justified year over year, and that is why we have continued to stay with them both in my last organization and this one. When you review different reports that are out there every year, SentinelOne is the leader year after year.

It has helped us save a lot of soft dollar costs. I do not know if they offer it to everybody, but we have the ransomware insurance policy from SentinelOne that provides us a certain amount of reimbursements per endpoint should there actually be a ransomware outbreak. In all our time, we never had to use it because there simply has not been a ransomware outbreak on a single one of the machines that has SentinelOne properly installed on it.

We buy the licensing in bulk. From a pricing standpoint, because we buy in bulk, we get very good pricing. Based on its functionality and capabilities, it is well worth the price. I do not think it is at all expensive based on what you get in the solution. We use the complete up to the core. Our pricing is probably a little bit more than somebody who is on the core. In general, it is well worth what you get for the price you pay.

Overall, I would rate SentinelOne Singularity Complete a nine out of ten.

We use SentinelOne Singularity Complete to protect our environment.

SentinelOne Singularity Complete has helped us reduce the number of alerts we receive. I was attacked three times, and each time I received an alert. There were a lot of good features in SentinelOne that we were not aware of until we contacted them after we were hacked. SentinelOne took the role of fast response protection and took action.

SentinelOne Singularity Complete has freed up our staff's time to work on other tasks and projects. I made many changes to my department this year, including migrating all of my servers from on-premises to the cloud. With Singularity Complete, I was able to protect my cloud servers immediately and shut down my on-premises. I was also able to receive notifications of changes to IP addresses and users, which are common changes that occur during a migration. Sentinel was able to alert me every time there was a change.

In terms of service, SentinelOne has very great service. They respond immediately as soon as we open a ticket. I got attacked last year, and they were able to help me resolve my issues. So I got a fast response. Of course, we paid for it, but in terms of professionalism and support, they were extremely professional, and they have a lot of professional people working for them.

The most valuable feature is the quick response to attacks.

The SentinelOne portal is not user-friendly, which is one of its drawbacks. We have to search for options to disable and enable protection. We have to go through it on our own to find the options we need to add or remove notifications. SentinelOne did not tell us about these options until we encountered problems and had to contact them. We were not well informed. When we first implemented the solution all the options were turned off and we did not know that we had to navigate through and turn on what we required.

The MTTD has room for improvement. I was attacked last year and did not receive an alert from SentinelOne Singularity Complete until 24 hours after the attack occurred.

I have been using SentinelOne Singularity Complete for two years.

SentinelOne Singularity Complete is stable and we have not encountered any issues.

I would rate SentinelOne Singularity Complete's scalability an eight out of ten.

We do not have a support package, so we pay per use, which is expensive. However, they are very professional and follow up well. They took charge immediately, found a solution immediately, and blocked the ransomware attack. They also gave us details on what to do next. Two to three days later, they called my department back and followed up with the system administrator to make sure everything was okay. Overall, I am satisfied with their service.

Positive

I previously used Microsoft Defender and Sophos. SentinelOne is a much better solution than Defender and has a quicker response time to alerts and attacks than Sophos.

The initial deployment was straightforward. Implementing SentinelOne was not complicated, and more user-friendly than the others.

The deployment was completed by myself and one admin.

i did,it is OkiOk and unfortuantely was not a good experience thats i move to another reseller and it is ESI which also did have a good experience with their sale person at the end.

of course, when it comes to any security solution there is always a good return on this investment especially in our current situation and all the threats that we receive daily and attacks.

SentinelOne Singularity Complete is expensive compared to Microsoft but not Sophos. However, it is worth the price for its quick response and immediate remediation options.

i did evaluate Sophos, i didnt find a big difference but i felt more comfortable with sentinel one.

I would rate SentinelOne Singularity Complete nine out of ten. SentinelOne is one of the best security solutions I have worked with. I would rank it in the top three best platforms for security.

SentinelOne Singularity Complete is an aggressive and accurate security solution.

No maintenance is required except for updates that we push out to all end users.

For organizations that want an aggressive security partner, I recommend SentinelOne Singularity Complete.

Although SentinelOne Singularity Complete is expensive, I have no qualms about investing more money in the security of my department and data. I would definitely recommend SentinelOne Singularity Complete. It gives me peace of mind knowing that my data is safe.

SentinelOne Singularity Complete is an endpoint protection solution that my company deployed on all workstations and servers to protect against ransomware, malware, and other types of infection.

SentinelOne Singularity Complete has saved us too many times to count. The most recent save happened shortly before 1:30AM.  A user had downloaded a ransomware payload that tried to detonate in the middle of the night when no one was was awake to even notice.  I woke up the next morning with a notification email from SentinelOne telling me that it had discovered the infected file and removed it before it could do any damage.  I was beyond thankful.

What I like best about SentinelOne Singularity Complete is its web-based admin interface, which allows me to go into the platform, look at the entire organization, particularly all of the sentinels or endpoints, and manage everything from there. For example, if someone is infected, I can manage the whole operation and process from the admin panel.

I also find SentinelOne Singularity Complete beneficial in its interoperability with other SentinelOne solutions and third-party applications. This helps the solution stand out.

The ability of SentinelOne Singularity Complete to ingest and correlate across security solutions is also a great feature.

The solution has not reduced any of the alerts for my company, but I'm happy to see when the alerts come through on the platform. As for the mean time to detect, SentinelOne Singularity Complete helped reduce it by ninety percent.

I noticed the mean time to respond has been reasonably quicker after using SentinelOne Singularity Complete, plus the organizational risk has been reduced.

In terms of quality and maturity, SentinelOne Singularity Complete has been around for a while and is a trusted solution. I have a colleague who works for another organization that was hit with ransomware, and the consulting company working with his team recommended SentinelOne Singularity Complete as one of the changes to implement immediately so from that standpoint, I truly enjoyed hearing that knowing that my company is also a SentinelOne Singularity Complete customer.

As a strategic security partner, I found the solution great, primarily because all of its features work well.

Update: SentinelOne Singularity Complete now works much more efficiently inside of Google Chrome.  The lag times are gone and I'm able to navigate without issue.

----------------------------------
SentinelOne Singularity Complete takes up a lot of memory in Google Chrome, which sometimes causes it to lag, so this is an area for improvement. The solution could be improved by increasing its efficiency within the web browser.

Another area for improvement in SentinelOne Singularity Complete is technical support, particularly the response time when dealing with non-critical issues.

We've been using SentinelOne Singularity Complete for over two years now.

I didn't experience crashing and downtime from SentinelOne Singularity Complete, so I find it stable.

For my company's use, SentinelOne Singularity Complete is great and has no issues scalability-wise.

The technical support provided for SentinelOne Singularity Complete is a seven out of ten because the team takes longer to deal with non-critical support issues. Response time could be faster.

Positive

My company was looking for a solution encompassing a wide range of protection, and SentinelOne Singularity Complete matched what the company was looking for. The company used another product, particularly Webroot, and then moved to this solution.

Moving to SentinelOne Singularity Complete was my company's decision as it had more features, was more advanced and was more suitable for an enterprise application. Hence, the solution was ultimately a better fit when compared to Webroot.

I was involved in the initial deployment of SentinelOne Singularity Complete, which was very straightforward.

SentinelOne Singularity Complete was implemented in-house. I did it all by myself.

Anytime my company doesn't get infected with ransomware, there's ROI from SentinelOne Singularity Complete, as being infected with ransomware is pretty costly.

I find the licensing cost for SentinelOne Singularity Complete fair.

I evaluated CrowdStrike.  They would not sell me the lower number of licenses that I needed at the time and priced them out of competing against SentinelOne.

I've never used the Ranger functionality of SentinelOne Singularity Complete.

In my company, SentinelOne Singularity Complete has a hybrid deployment.

From a maintenance perspective, I have to ensure the solution is working and looks good, but I only have to go in and check occasionally. In SentinelOne Singularity Complete, the upgrade is automated.

My rating for SentinelOne Singularity Complete is nine out of ten.

I'd tell others looking into SentinelOne Singularity Complete that it provides complete protection and has yet to fail my company, so it's a solution that I recommend. I'd tell others to go with SentinelOne Singularity Complete.

My company is a SentinelOne customer.

Our primary use cases involve Endpoint Detection and Response and Extended Detection and Response.

My positive experience with SentinelOne lies in its comprehensive version, allowing for rollback and replay of events, which is especially useful for EDR. The strength of behavior-based solutions like SentinelOne, CrowdStrike, CyberArk, and others lies in their ability to reveal the consequences of opening a file. Witnessing the impact of a virus gaining control over a computer or understanding the ramifications of opening a file adds a layer of insight.

It stands out for its seamless interoperability with other SentinelOne products and tools, facilitated by REST interfaces. This integration is particularly potent when connecting SentinelOne as an endpoint solution to firewalls like Fortinet, allowing the firewall to receive insights from SentinelOne clients. In today's landscape, where file transfers often occur through encrypted channels, traditional firewalls face challenges in inspecting these streams effectively. SentinelOne's endpoint security addresses this by analyzing downloaded files in their decrypted form, providing a crucial layer of protection. The bidirectional information flow between the firewall and endpoint security, enabled by SentinelOne's REST API, empowers proactive threat prevention and detection, contributing to a robust cybersecurity posture.

Utilizing SentinelOne has significantly reduced the number of alerts for us. We might have experienced more false positives and missed potential attacks without it. Its alert system is efficient, with a low rate of false positives compared to other solutions I've heard about. Managing alerts is straightforward, and the platform allows for creating white lists to handle false positives, such as those related to old printer drivers. The administration is user-friendly, offering features like multi-factor authentication for secure connections to the console and automatic updates within the SentinelOne interface.

It has proven to be a time-saver for our staff, significantly reducing the likelihood of falling victim to various cyber threats. By addressing the spectrum of attacks, from initial malware infiltration to potential worst-case scenarios like Active Directory compromise, SentinelOne has played a pivotal role. It effectively diminishes the probability of becoming a target for attacks that exploit stolen passwords, infiltrate the company's IT infrastructure, and escalate privileges, ultimately leading to severe consequences such as a randomized Active Directory.

The platform is user-friendly, easy to administer, and aligns well with GDPR requirements, which is crucial for us. What makes SentinelOne stand out is its speed and efficiency, consuming minimal computing resources. It operates by checking data only when it's accessed, synchronizing with the process that opens the data which is well-designed and effective.

I don't actively use SentinelOne's Ranger functionality because we haven't implemented it university-wide. While we've employed it in specific cases, my experience with it is limited. However, it provides valuable insights into past events, allowing you to trace the history of a virus download or malware activity. For instance, you might discover that a virus was downloaded two weeks ago using the Safari web browser, saved to the computer, and later opened with Excel, triggering certain actions before SentinelOne intervened. The ability to roll back such ransom actions is a valuable capability provided by SentinelOne.

It primarily operates on local machines, monitoring processes, and not always providing detailed insights, relying on external information to determine the nature of a file. This limitation becomes apparent in more complex scenarios, such as analyzing or assessing the content of files at the byte level, especially in cases involving files like Excel, where there may be some difficulty in discerning potential issues. They should consider incorporating a cloud-based service where users can upload suspicious links, documents like Excel sheets, or ambiguous files to observe their behavior in a sandbox environment. Currently, with SentinelOne, the process involves setting up a separate network and machine for this purpose, requiring users to upload the file and monitor its behavior on the dedicated machine. Offering a free and accessible service like this would be a noteworthy enhancement to their product, providing users with a convenient and efficient way to analyze potentially harmful content.

I have been working with it for four years.

I would rate its stability capabilities ten out of ten.

I would rate its scalability abilities nine out of ten.

I am highly satisfied with their technical support; it is truly excellent. I would rate it ten out of ten.

Positive

Comparatively, SentinelOne has certain drawbacks, particularly when measured against CrowdStrike. CrowdStrike offers a free sandbox at hybrid-analysis.com, allowing the examination of links and downloaded files on a virtual machine. This proves especially valuable in assessing potential phishing emails. Uploading the file or link to hybrid-analysis.com provides a detailed analysis, complete with screenshots of what transpires on the virtual machine. This includes actions like the opening of links, prompting CEO impersonation attempts, and other background information. While SentinelOne may lack these specific features, its advantage lies in being an all-encompassing solution, whereas CrowdStrike functions primarily as a managed service, which may not align with specific preferences.

The initial setup was straightforward.

The deployment of Singularity Complete involved some consultation, as we collaborated with a partner who facilitated the onboarding process with SentinelOne. While the partner occasionally provides support, larger issues are infrequent, and overall, the deployment has been relatively smooth. We have implemented it across various locations. There is some maintenance involved in managing Singularity Complete.

It's challenging to quantify precisely, but the implementation of Singularity Complete has significantly reduced organizational risks. Currently, we employ it on critical systems, constituting approximately fifty percent of our infrastructure.

Creating separate groups for various types of computers, like Windows servers and clients, enables efficient management and customization of security configurations tailored to specific needs. Overall, I would rate it ten out of ten.

We deploy SentinelOne Singularity Complete as an EDR on our customers' endpoints for real-time monitoring and incident response.

SentinelOne Singularity Complete has reduced our alerts by up to 15 percent.

SentinelOne Singularity Complete has enabled our staff to redirect their time toward other projects and responsibilities. We do not have a dedicated SOC team, but we utilize SentinelOne to manage security incidents. The incident volume is manageable for our team to handle, and we do not require full-time staff solely dedicated to security tasks. Instead, we rotate incident management and response responsibilities among our team members.

SentinelOne Singularity Complete has reduced our MTTD and MTTR. The initial and immediate response required to collect foreign evidence or logs is handled by SentinelOne. This provides us with the locations or parts where the infection spread and where the incident originated, which helps us in troubleshooting or at least getting a vague idea of where to start. We can then dive into the threat setting to see what kind of information we can gather from the logs. So, I would say that SentinelOne has assisted us in this way. Additionally, we have Proofpoint in our environment because we use it as a backup defense.

The real-time alerts, deep visibility, and threat-hunting modules are the most valuable features.

I am particularly interested in the new app vulnerability module that is included with the Singularity Complete edition. We are currently evaluating its capabilities to determine its suitability for our needs.

Given that SentinelOne is primarily a host-based intrusion prevention system, I would appreciate it if they would consider providing a comprehensive vulnerability assessment report that goes beyond just application vulnerabilities. Currently, the scope of the vulnerability assessment seems limited, and I don't believe it adequately covers the full spectrum of vulnerabilities that may exist on endpoints. This is a capability that I feel SentinelOne is still lacking, and it's the reason why users still need to rely on other tools for certain isolated cases. If SentinelOne could provide this functionality, it would eliminate the need to look beyond their solution for vulnerability assessment. Apart from the vApp component of Singularity Complete, I believe SentinelOne is already excelling in other areas. However, this is one area where I believe they could introduce additional features to make SentinelOne a truly comprehensive security solution.

I would like to generate a vulnerability assessment report that leverages the national vulnerability database or, if possible, calculates the CDSS score by conducting an endpoint assessment using the SentinelOne agent that is already deployed and resides on endpoints 24/7. I prefer not to deploy additional applications solely for information gathering, as the SentinelOne agent provides ample data for this purpose.

I have been using SentinelOne Singularity Complete for three years.

I would rate the stability of SentinelOne Singularity Complete nine out of ten.

I would rate the scalability of SentinelOne Singularity Complete nine out of ten. I have not encountered any issues when deploying for our clients.

The technical support is generally good, but there are instances when they need to consult with the development team before providing a resolution, which is understandable. However, there have been occasional issues with the IVR system not functioning properly.

Positive

I have experience using Cisco Nexus and the Nmap Scripting Engine to identify vulnerabilities and strengthen security postures. I have also used Wazuh, primarily for its comprehensive PCIBSS SOC and GDPR compliance reports, which provide detailed vulnerability listings and mitigation strategies. I believe this focus on compliance is crucial as cybersecurity standards become increasingly mandatory for businesses.

We discontinued using Wazuh because we were unwilling to pay $25,000 annually for a product that provided only CIS benchmark support, a basic vulnerability report, and essentially replicated capabilities we already possessed. I believe a Nexus subscription would be a more cost-effective alternative, costing only a quarter of Wazuh's price while still fulfilling our vApp exercise logging requirements. I am capable of conducting vulnerability assessments, applying patches, re-scanning for vulnerabilities, and proceeding to penetration testing. Our primary goal is to provide vApp capabilities to our clients, and that is where we are seeking a solution. If SentinelOne offered this functionality, we would not need to explore alternative options. However, since SentinelOne lacks this crucial capability, we must seek solutions elsewhere.

The deployment is straightforward. We have scripts to do the automatic installation while onboarding. The deployment takes no more than ten minutes.

I would rate SentinelOne Singularity Complete eight out of ten. I've been using the solution for three years now. It's been generally reliable, but certain capabilities are needed in today's environment that are lacking.

Our clients primarily utilize Office365, we also assess Microsoft Defender for 365 to ascertain if it might be a more viable option, especially if clients intend to enroll with Intune and MDM. This option would be more cost-effective as it is already included within their existing licenses.

Most of our clients are small to medium-sized businesses. This is why the logs and the number of endpoints are not very high. So, unless we specifically require the use of Ranger, we don't need it. However, cybersecurity compliance standards are becoming increasingly stringent. As a result, we are looking into obtaining a solution that can help us perform at least the vulnerability assessment and patching tasks, along with complaint handling.

SentinelOne is an innovative cybersecurity solution. In terms of reputation, SentinelOne excels, particularly in passing third-party and independent audits. Having SentinelOne in our environment gives us the confidence to say that our EDR capabilities are well-managed. So, in that regard, SentinelOne is outstanding. Feature-wise, while SentinelOne's patch and new feature releases aren't always perfect, I would rate them an eight out of ten.

SentinelOne is a well-established product in the market. The addition of new features and modules to the existing platform is a significant step forward. The positive reviews of the product further reinforce its value.

The maintenance revolves around moving to the next stable version. Our standard practice is to always test the version before rolling it out. Therefore, internally, we generally update all the endpoints as soon as we have identified the next stable version. This is the only maintenance that is required, as we are using the cloud version.

SentinelOne is a reliable tool that we rely on. However, when it comes to strategic solutions, we need a tool that can provide us with the capabilities to have a broader discussion with the company's management. I'm not sure if SentinelOne can export reports that could be presented to upper management. If we are seeking management approval for a security budget, we can't simply base our conversation on an EDR solution. We need to address a wider range of security concerns as well. Another drawback of SentinelOne is its lack of support for SysLog from network devices. This is a limitation that often leads people to consider integrating SentinelOne with other solutions, such as a SIEM. My feedback is that if I have to deploy SentinelOne and pay $70,000, I would expect it to provide comprehensive capabilities so that I don't need to look for additional solutions. Otherwise, it becomes tough for technicians and the company as a whole to manage multiple solutions for different security modules.