SentinelOne Singularity Complete Reviews

SentinelOne Singularity Complete is an endpoint protection solution that my company deployed on all workstations and servers to protect against ransomware, malware, and other types of infection.

SentinelOne Singularity Complete has saved us too many times to count. The most recent save happened shortly before 1:30AM.  A user had downloaded a ransomware payload that tried to detonate in the middle of the night when no one was was awake to even notice.  I woke up the next morning with a notification email from SentinelOne telling me that it had discovered the infected file and removed it before it could do any damage.  I was beyond thankful.

What I like best about SentinelOne Singularity Complete is its web-based admin interface, which allows me to go into the platform, look at the entire organization, particularly all of the sentinels or endpoints, and manage everything from there. For example, if someone is infected, I can manage the whole operation and process from the admin panel.

I also find SentinelOne Singularity Complete beneficial in its interoperability with other SentinelOne solutions and third-party applications. This helps the solution stand out.

The ability of SentinelOne Singularity Complete to ingest and correlate across security solutions is also a great feature.

The solution has not reduced any of the alerts for my company, but I'm happy to see when the alerts come through on the platform. As for the mean time to detect, SentinelOne Singularity Complete helped reduce it by ninety percent.

I noticed the mean time to respond has been reasonably quicker after using SentinelOne Singularity Complete, plus the organizational risk has been reduced.

In terms of quality and maturity, SentinelOne Singularity Complete has been around for a while and is a trusted solution. I have a colleague who works for another organization that was hit with ransomware, and the consulting company working with his team recommended SentinelOne Singularity Complete as one of the changes to implement immediately so from that standpoint, I truly enjoyed hearing that knowing that my company is also a SentinelOne Singularity Complete customer.

As a strategic security partner, I found the solution great, primarily because all of its features work well.

Update: SentinelOne Singularity Complete now works much more efficiently inside of Google Chrome.  The lag times are gone and I'm able to navigate without issue.

----------------------------------
SentinelOne Singularity Complete takes up a lot of memory in Google Chrome, which sometimes causes it to lag, so this is an area for improvement. The solution could be improved by increasing its efficiency within the web browser.

Another area for improvement in SentinelOne Singularity Complete is technical support, particularly the response time when dealing with non-critical issues.

We've been using SentinelOne Singularity Complete for over two years now.

I didn't experience crashing and downtime from SentinelOne Singularity Complete, so I find it stable.

For my company's use, SentinelOne Singularity Complete is great and has no issues scalability-wise.

The technical support provided for SentinelOne Singularity Complete is a seven out of ten because the team takes longer to deal with non-critical support issues. Response time could be faster.

My company was looking for a solution encompassing a wide range of protection, and SentinelOne Singularity Complete matched what the company was looking for. The company used another product, particularly Webroot, and then moved to this solution.

Moving to SentinelOne Singularity Complete was my company's decision as it had more features, was more advanced and was more suitable for an enterprise application. Hence, the solution was ultimately a better fit when compared to Webroot.

I was involved in the initial deployment of SentinelOne Singularity Complete, which was very straightforward.

SentinelOne Singularity Complete was implemented in-house. I did it all by myself.

Anytime my company doesn't get infected with ransomware, there's ROI from SentinelOne Singularity Complete, as being infected with ransomware is pretty costly.

I find the licensing cost for SentinelOne Singularity Complete fair.

I evaluated CrowdStrike.  They would not sell me the lower number of licenses that I needed at the time and priced them out of competing against SentinelOne.

I've never used the Ranger functionality of SentinelOne Singularity Complete.

In my company, SentinelOne Singularity Complete has a hybrid deployment.

From a maintenance perspective, I have to ensure the solution is working and looks good, but I only have to go in and check occasionally. In SentinelOne Singularity Complete, the upgrade is automated.

My rating for SentinelOne Singularity Complete is nine out of ten.

I'd tell others looking into SentinelOne Singularity Complete that it provides complete protection and has yet to fail my company, so it's a solution that I recommend. I'd tell others to go with SentinelOne Singularity Complete.

My company is a SentinelOne customer.

Our primary use cases involve Endpoint Detection and Response and Extended Detection and Response.

My positive experience with SentinelOne lies in its comprehensive version, allowing for rollback and replay of events, which is especially useful for EDR. The strength of behavior-based solutions like SentinelOne, CrowdStrike, CyberArk, and others lies in their ability to reveal the consequences of opening a file. Witnessing the impact of a virus gaining control over a computer or understanding the ramifications of opening a file adds a layer of insight.

It stands out for its seamless interoperability with other SentinelOne products and tools, facilitated by REST interfaces. This integration is particularly potent when connecting SentinelOne as an endpoint solution to firewalls like Fortinet, allowing the firewall to receive insights from SentinelOne clients. In today's landscape, where file transfers often occur through encrypted channels, traditional firewalls face challenges in inspecting these streams effectively. SentinelOne's endpoint security addresses this by analyzing downloaded files in their decrypted form, providing a crucial layer of protection. The bidirectional information flow between the firewall and endpoint security, enabled by SentinelOne's REST API, empowers proactive threat prevention and detection, contributing to a robust cybersecurity posture.

Utilizing SentinelOne has significantly reduced the number of alerts for us. We might have experienced more false positives and missed potential attacks without it. Its alert system is efficient, with a low rate of false positives compared to other solutions I've heard about. Managing alerts is straightforward, and the platform allows for creating white lists to handle false positives, such as those related to old printer drivers. The administration is user-friendly, offering features like multi-factor authentication for secure connections to the console and automatic updates within the SentinelOne interface.

It has proven to be a time-saver for our staff, significantly reducing the likelihood of falling victim to various cyber threats. By addressing the spectrum of attacks, from initial malware infiltration to potential worst-case scenarios like Active Directory compromise, SentinelOne has played a pivotal role. It effectively diminishes the probability of becoming a target for attacks that exploit stolen passwords, infiltrate the company's IT infrastructure, and escalate privileges, ultimately leading to severe consequences such as a randomized Active Directory.

The platform is user-friendly, easy to administer, and aligns well with GDPR requirements, which is crucial for us. What makes SentinelOne stand out is its speed and efficiency, consuming minimal computing resources. It operates by checking data only when it's accessed, synchronizing with the process that opens the data which is well-designed and effective.

I don't actively use SentinelOne's Ranger functionality because we haven't implemented it university-wide. While we've employed it in specific cases, my experience with it is limited. However, it provides valuable insights into past events, allowing you to trace the history of a virus download or malware activity. For instance, you might discover that a virus was downloaded two weeks ago using the Safari web browser, saved to the computer, and later opened with Excel, triggering certain actions before SentinelOne intervened. The ability to roll back such ransom actions is a valuable capability provided by SentinelOne.

It primarily operates on local machines, monitoring processes, and not always providing detailed insights, relying on external information to determine the nature of a file. This limitation becomes apparent in more complex scenarios, such as analyzing or assessing the content of files at the byte level, especially in cases involving files like Excel, where there may be some difficulty in discerning potential issues. They should consider incorporating a cloud-based service where users can upload suspicious links, documents like Excel sheets, or ambiguous files to observe their behavior in a sandbox environment. Currently, with SentinelOne, the process involves setting up a separate network and machine for this purpose, requiring users to upload the file and monitor its behavior on the dedicated machine. Offering a free and accessible service like this would be a noteworthy enhancement to their product, providing users with a convenient and efficient way to analyze potentially harmful content.

I have been working with it for four years.

I would rate its stability capabilities ten out of ten.

I would rate its scalability abilities nine out of ten.

I am highly satisfied with their technical support; it is truly excellent. I would rate it ten out of ten.

Positive

Comparatively, SentinelOne has certain drawbacks, particularly when measured against CrowdStrike. CrowdStrike offers a free sandbox at hybrid-analysis.com, allowing the examination of links and downloaded files on a virtual machine. This proves especially valuable in assessing potential phishing emails. Uploading the file or link to hybrid-analysis.com provides a detailed analysis, complete with screenshots of what transpires on the virtual machine. This includes actions like the opening of links, prompting CEO impersonation attempts, and other background information. While SentinelOne may lack these specific features, its advantage lies in being an all-encompassing solution, whereas CrowdStrike functions primarily as a managed service, which may not align with specific preferences.

The initial setup was straightforward.

The deployment of Singularity Complete involved some consultation, as we collaborated with a partner who facilitated the onboarding process with SentinelOne. While the partner occasionally provides support, larger issues are infrequent, and overall, the deployment has been relatively smooth. We have implemented it across various locations. There is some maintenance involved in managing Singularity Complete.

It's challenging to quantify precisely, but the implementation of Singularity Complete has significantly reduced organizational risks. Currently, we employ it on critical systems, constituting approximately fifty percent of our infrastructure.

Creating separate groups for various types of computers, like Windows servers and clients, enables efficient management and customization of security configurations tailored to specific needs. Overall, I would rate it ten out of ten.

We deploy SentinelOne Singularity Complete as an EDR on our customers' endpoints for real-time monitoring and incident response.

SentinelOne Singularity Complete has reduced our alerts by up to 15 percent.

SentinelOne Singularity Complete has enabled our staff to redirect their time toward other projects and responsibilities. We do not have a dedicated SOC team, but we utilize SentinelOne to manage security incidents. The incident volume is manageable for our team to handle, and we do not require full-time staff solely dedicated to security tasks. Instead, we rotate incident management and response responsibilities among our team members.

SentinelOne Singularity Complete has reduced our MTTD and MTTR. The initial and immediate response required to collect foreign evidence or logs is handled by SentinelOne. This provides us with the locations or parts where the infection spread and where the incident originated, which helps us in troubleshooting or at least getting a vague idea of where to start. We can then dive into the threat setting to see what kind of information we can gather from the logs. So, I would say that SentinelOne has assisted us in this way. Additionally, we have Proofpoint in our environment because we use it as a backup defense.

The real-time alerts, deep visibility, and threat-hunting modules are the most valuable features.

I am particularly interested in the new app vulnerability module that is included with the Singularity Complete edition. We are currently evaluating its capabilities to determine its suitability for our needs.

Given that SentinelOne is primarily a host-based intrusion prevention system, I would appreciate it if they would consider providing a comprehensive vulnerability assessment report that goes beyond just application vulnerabilities. Currently, the scope of the vulnerability assessment seems limited, and I don't believe it adequately covers the full spectrum of vulnerabilities that may exist on endpoints. This is a capability that I feel SentinelOne is still lacking, and it's the reason why users still need to rely on other tools for certain isolated cases. If SentinelOne could provide this functionality, it would eliminate the need to look beyond their solution for vulnerability assessment. Apart from the vApp component of Singularity Complete, I believe SentinelOne is already excelling in other areas. However, this is one area where I believe they could introduce additional features to make SentinelOne a truly comprehensive security solution.

I would like to generate a vulnerability assessment report that leverages the national vulnerability database or, if possible, calculates the CDSS score by conducting an endpoint assessment using the SentinelOne agent that is already deployed and resides on endpoints 24/7. I prefer not to deploy additional applications solely for information gathering, as the SentinelOne agent provides ample data for this purpose.

I have been using SentinelOne Singularity Complete for three years.

I would rate the stability of SentinelOne Singularity Complete nine out of ten.

I would rate the scalability of SentinelOne Singularity Complete nine out of ten. I have not encountered any issues when deploying for our clients.

The technical support is generally good, but there are instances when they need to consult with the development team before providing a resolution, which is understandable. However, there have been occasional issues with the IVR system not functioning properly.

Positive

I have experience using Cisco Nexus and the Nmap Scripting Engine to identify vulnerabilities and strengthen security postures. I have also used Wazuh, primarily for its comprehensive PCIBSS SOC and GDPR compliance reports, which provide detailed vulnerability listings and mitigation strategies. I believe this focus on compliance is crucial as cybersecurity standards become increasingly mandatory for businesses.

We discontinued using Wazuh because we were unwilling to pay $25,000 annually for a product that provided only CIS benchmark support, a basic vulnerability report, and essentially replicated capabilities we already possessed. I believe a Nexus subscription would be a more cost-effective alternative, costing only a quarter of Wazuh's price while still fulfilling our vApp exercise logging requirements. I am capable of conducting vulnerability assessments, applying patches, re-scanning for vulnerabilities, and proceeding to penetration testing. Our primary goal is to provide vApp capabilities to our clients, and that is where we are seeking a solution. If SentinelOne offered this functionality, we would not need to explore alternative options. However, since SentinelOne lacks this crucial capability, we must seek solutions elsewhere.

The deployment is straightforward. We have scripts to do the automatic installation while onboarding. The deployment takes no more than ten minutes.

I would rate SentinelOne Singularity Complete eight out of ten. I've been using the solution for three years now. It's been generally reliable, but certain capabilities are needed in today's environment that are lacking.

Our clients primarily utilize Office365, we also assess Microsoft Defender for 365 to ascertain if it might be a more viable option, especially if clients intend to enroll with Intune and MDM. This option would be more cost-effective as it is already included within their existing licenses.

Most of our clients are small to medium-sized businesses. This is why the logs and the number of endpoints are not very high. So, unless we specifically require the use of Ranger, we don't need it. However, cybersecurity compliance standards are becoming increasingly stringent. As a result, we are looking into obtaining a solution that can help us perform at least the vulnerability assessment and patching tasks, along with complaint handling.

SentinelOne is an innovative cybersecurity solution. In terms of reputation, SentinelOne excels, particularly in passing third-party and independent audits. Having SentinelOne in our environment gives us the confidence to say that our EDR capabilities are well-managed. So, in that regard, SentinelOne is outstanding. Feature-wise, while SentinelOne's patch and new feature releases aren't always perfect, I would rate them an eight out of ten.

SentinelOne is a well-established product in the market. The addition of new features and modules to the existing platform is a significant step forward. The positive reviews of the product further reinforce its value.

The maintenance revolves around moving to the next stable version. Our standard practice is to always test the version before rolling it out. Therefore, internally, we generally update all the endpoints as soon as we have identified the next stable version. This is the only maintenance that is required, as we are using the cloud version.

SentinelOne is a reliable tool that we rely on. However, when it comes to strategic solutions, we need a tool that can provide us with the capabilities to have a broader discussion with the company's management. I'm not sure if SentinelOne can export reports that could be presented to upper management. If we are seeking management approval for a security budget, we can't simply base our conversation on an EDR solution. We need to address a wider range of security concerns as well. Another drawback of SentinelOne is its lack of support for SysLog from network devices. This is a limitation that often leads people to consider integrating SentinelOne with other solutions, such as a SIEM. My feedback is that if I have to deploy SentinelOne and pay $70,000, I would expect it to provide comprehensive capabilities so that I don't need to look for additional solutions. Otherwise, it becomes tough for technicians and the company as a whole to manage multiple solutions for different security modules.

We use SentinelOne Singularity Complete to protect all of our servers and cloud workloads, whether they are on-premises or hosted in the cloud.

We were transitioning from our legacy antivirus protection system, which required a lot of overhead to maintain, ensure they were up to date, and verify their performance. It also tended to hurt system performance. We therefore sought to move to a modern EDR solution that did not rely on that type of outdated technology. We migrated to SentinelOne, which gave us better protection without the adverse consequences of legacy AV products.

SentinelOne Singularity Complete is deployed on workstations, data centers, servers in the public cloud, and all of our mobile devices, which are very numerous.

The integration between SentinelOne and IBM QRadar, our security operation center SIEM, is important and works extremely well. It means that if there are any alerts on the SentinelOne platform, they will be sent to QRadar, where a stack analyst will review them. This allows us to start working on incidents quickly, without having to have people continuously monitoring the SentinelOne console. Another benefit of the integration is that it makes it easy to deploy new or upgraded versions of the SentinelOne software to all of our endpoints and servers. We simply notify the data center run by the customer success team, and they take care of the deployment. This eliminates the need for IT overhead to keep everything up to date, which is important from a governance perspective.

The integration with other SentinelOne products and third-party tools is very good.

SentinelOne Singularity Complete's ability to ingest and correlate data from our other security solutions is good. If we look at a diagram of our security operation systems, we can see that the SIEM is at the center of everything. All other products, such as SentinelOne, Chain, patch management, and abnormal security for email, feed into the SIEM, which is where the stack measures everything. Therefore, SentinelOne does not integrate with other solutions directly, but rather through the SIEM.

In the three years since we began using SentinelOne Singularity Complete, we have not had a major security incident. We have observed malware entering browsers through websites, but SentinelOne has always dealt with it effectively. Therefore, we see the benefits of the platform in the absence of any significant events. As long as SentinelOne Singularity Complete continues to operate quietly, we are happy with its performance.

SentinelOne Singularity Complete alerts when it should, and those alerts are sent to the SIEM. I don't approach EDR or SentinelOne from the perspective of wanting to reduce alerts, because I want those alerts. I rely on peripheral systems like SentinelOne to always tell the SIEM anything it needs to know. So, I'm not approaching this from an alert minimization perspective. Instead, I approach it from this perspective: If we have a high, medium, or low alert, it's up to us to decide how we're feeding our highest rate and mediums, but we don't need to feed in the lowest alerts because we don't see the benefit of that. It's up to us to make that judgment. And obviously, our high and medium alerts will be smaller, and our lows will be higher. It's up to the customer to decide how much they want to send over to the team.

SentinelOne Singularity Complete has helped free up our staff time around one day per week.

SentinelOne Singularity Complete helps reduce our MTTD.

SentinelOne Singularity Complete has reduced our MTTR by 25 percent. It is a more reliable product, so we receive alerts and respond to them more quickly than we did with the previous product.

SentinelOne Singularity Complete has reduced our organizational risks by five percent.

The most valuable aspect of SentinelOne Singularity Complete is the protection it provides. We get endpoint protection without the IT team workloads and the negative impact on end-user rotation servers. This is because of the way SentinelOne has implemented the technology.

One of my criticisms of SentinelOne is the Ranger functionality. If Ranger were part of the core product, we would be able to identify endpoints or servers that need to be protected with our licenses. However, to get Ranger, we need to buy more licenses, which doubles our costs. I would like to have Ranger, but I challenge the way that SentinelOne licenses it. I believe that Ranger should be a core part of the product. If we run Ranger today and find that 100 devices on our network are not protected by SentinelOne, we would then need to add on those 100 licenses to cover them.

The licensing model is too complex, whether we agree with all parts of it or not. Everything is now offered as a service, so the console and the licensing model can be improved to make things easier, especially when updating new versions of the software.

I have been using SentinelOne Singularity Complete for three years. 

SentinelOne Singularity Complete is stable.

SentinelOne Singularity Complete is highly scalable.

We are happy with SentinelOne's technical support.

Neutral

We previously used a legacy solution. The migration over to SentinelOne Singularity Complete was relatively trouble-free.

Once all testing was complete, the deployment was straightforward. Eight part-time employees completed the deployment in three months.

The only return on investment we can point to with any EDR is that we have not been attacked.

SentinelOne Singularity Complete is reasonably priced. Compared to other products I've used in the past, such as CrowdStrike, it is significantly less expensive. I can easily find evidence of this price difference, so I believe that SentinelOne is a fairly priced product.

I would rate SentinelOne Singularity Complete eight out of ten.

SentinelOne Singularity Complete is a mature solution of the highest quality.

We have deployed SentinelOne Singularity Complete worldwide in airlines from Australia, throughout Europe, and across Africa in a complex environment.

We have 4,500 endpoints and around ten active users.

The maintenance level for SentinelOne Singularity Complete is relatively low.

SentinelOne is good as a security partner. They do exactly what we expect of them and it protects us.

I would always conduct a proof of concept for these types of products, as each environment is different. Even though SentinelOne Singularity Complete works well, a POC should always be done.

We have deployed SentinelOne Singularity Complete on all of our internal employee workstations. It is our endpoint solution for extended detection and response and all of the components within that scope.

We implemented SentinelOne Singularity Complete to help us address our cybersecurity challenges, mitigate threats to our machines and organization, and protect our data.

SentinelOne Singularity Complete integrates well with other third-party solutions, such as Palo Alto Networks, which we use for VPNs, and Zscaler, which we use for content filtering. The fact that it is not an invasive program is great. Therefore, staying in alignment with what SentinelOne is currently doing with the platform is something I would definitely recommend. Something to avoid when choosing an endpoint protection solution is resource consumption. People develop a bad reputation for a product when they detect it impeding their workflow. So, as long as SentinelOne can avoid this, they are on the right track.

It ingests and correlates data across all of our security solutions. It is a modern solution that I am extremely satisfied with.

SentinelOne Singularity Complete has helped us consolidate our security solutions. It is an extended detection and response solution that provides us with detection and response capabilities, as well as heuristic-based protection. It is a very modern endpoint protection solution. I think it is very competitive with other software such as Trend Micro.

SentinelOne Singularity Complete is a modern endpoint protection solution that addresses the cybersecurity needs of the organization realistically and from a compliance perspective. Since I joined the team a year ago, I have seen the benefits.

SentinelOne Singularity Complete reduces the number of alerts because it is an easy-to-manage solution without thousands of data sources. When we do receive alerts, Singularity Complete provides concise and actionable information.

SentinelOne Singularity Complete is a manageable solution that scales and does not require a dedicated person to handle it.

I am satisfied with SentinelOne Singularity Completes MTTD.

SentinelOne Singularity Complete helps reduce the MTTR because it provides actionable steps when something is detected. It also helped us reduce our organizational risk. It uses modern techniques to identify threat actors and helps us maintain compliance. As a large international company involved in governance, it is important to us that Singularity Complete reduces our organizational risk. 

SentinelOne Singularity Complete does not consume many resources compared to the competition, like McAfee. The external drive scanning is great.

I am not a fan of the UI and feel it has room for improvement.

Heuristic analysis can always be improved. Many companies need to work on this. So, I think the sooner SentinelOne, for example, can get ahead of the curve on that, the sooner we can count on it as a realistic enterprise solution.

I have been using SentinelOne Singularity Complete for over one year.

SentinelOne Singularity Complete is one of the most stable solutions we have in our stack.

SentinelOne Singularity Complete is scalable.

The few times I have used the technical support it has been a good experience.

Positive

I would rate SentinelOne Singularity Complete eight out of ten.

Although we can use a multifaceted approach with different products, this has both advantages and disadvantages. For example, if one product fails, the entire system does not. However, it would be an advantage if SentinelOne offered other tools, such as VPN and encryption. SentinelOne Singularity Complete is a cutting-edge, modern solution that offers a multifaceted approach to XDR. It is not outdated like many other programs. As long as SentinelOne continues to innovate and evolve in the cybersecurity landscape, it will remain a leading solution.

One of the things that really impressed me about SentinelOne Singularity Complete compared to other solutions was their commitment to taking cybersecurity practitioners seriously. This is anecdotal, as I met some of the most technical professionals working at their booth at Black Hat, while many other booths were staffed by sales representatives. As a practitioner, the fact that I can't ask many sales representatives very technical questions is not a good reflection on the company. SentinelOne was different. I was able to have very technical discussions with their staff, which shows that they take their approach very seriously.

SentinelOne Singularity Complete is at the forefront of cybersecurity protection. I consider it a great solution option, and I strongly recommend comparing it to other offerings. I believe it will stand up well against the competition.

We are a Fortune 500 company, and SentinelOne Singularity Complete is deployed on tens of thousands of endpoints.

SentinelOne Singularity Complete is a set-and-forget solution when it comes to maintenance.

I have good impressions of SentinelOne as a strategic security partner.

Organizations should research any solution before implementing it. The price of one product may make sense for some organizations but not others. Apply the same due diligence to any solution that will affect the organization's overall security posture.

I am not an end-user of Singularity Complete. I'm a service provider. We have a complete team that focuses on handling incidents from this platform for our customers. We are an extension of their team, and they outsource these tasks to us.

Singularity has multiple mechanisms to identify threats and transform them into incidents. The solution not only detects but also prevents threats. On the investigation side, it helps our analysts analyze events to understand exactly what's happening and why these events have been generated.  

Singularity helps reduce the number of incidents generated. We can configure it to reduce false positives, but we also need to implement a SOAR platform to automate the resolution of some frequent incidents. 

Singularity Complete saves us some money because we don't need to implement any other additional solutions. SentinelOne is more powerful than an antivirus and can secure the environment without the need to implement an IPS, IDS, or a next-gen firewall. It's a good choice for a medium-sized business. The solution reduces organizational risks in terms of the continuity of activity, maintaining confidentiality, and external threats like malware and ransomware.

The most valuable feature is the rollback functionality, which is highly impactful. We can roll back deleted or compromised files. The Ranger feature is also interesting. It enables the solution to visualize the logs and assets that are not yet covered by the platform. Ranger also enables deployments and revisions. It doesn't always work, but it's effective  90 percent of the time. 

Ranger doesn't require us to deploy an agent on our architecture or integrate anything. We activate and configure it, and everything works. You can choose to visualize assets that have no agent installed so we can get full coverage of all the assets. You can also tell it to block connections to any assets that aren't covered. 

We can identify activities and sensitive connections that we can isolate from the network. We can set all our agents to not communicate with certain IP addresses or assets without the agent. For example, we can limit IoT devices, surveillance cameras, printers, etc. This functionality is critical for covering the gaps. 

SentinelOne is making a lot of moves to acquire various companies, but the roadmap isn't clear, and it is still uncertain how the new acquisitions will integrate. For example, SentinelOne recently acquired a mobile security solution, but there is no real integration between the platforms. 

We also have a SOAR platform that helps us reduce the number of incidents that our analysts must handle manually. It would be nice if Singularity Complete had native security automation and integrated mechanisms to reduce the number of false positives. 

I have used Singularity for about three years.

I rate SentinelOne support eight out of 10. SentinelOne offers excellent support.

Positive

I rate SentinelOne Singularity Complete eight out of 10 overall. It needs some improvement in some areas, such as backup functionality and performance, but it's a good solution. 

We use SentinelOne Singularity Complete as an endpoint protection solution. It is our primary endpoint protection solution for our workstations and servers for protection from any kind of threats that may appear on those systems.

We have some localized virtual machines that it is running on. We do not have any cloud workloads.

SentinelOne Singularity Complete is pretty good in terms of being able to fine-tune the alerting that you get. It is better than other solutions that are super noisy to the point that it is difficult to drill down. If you get an alert of something that is actionable, it is better than getting one alert and then getting five others right behind it. This solution is pretty good at not being noisy.

Luckily, I do not spend a ton of time with SentinelOne Singularity Complete unless there is an alert or a potential breach, but that just does not happen very often. Email security is the front door of protection, and that takes the brunt of any kind of security concerns. Luckily, most things are not hitting our network right now.

SentinelOne Singularity Complete is pretty good at picking up things that are not necessarily malicious and alerting me that somebody or something is using something that needs attention. That happens instantaneously. It is pretty quick.

SentinelOne Singularity Complete is as fast as we can ask. I can see the alert and get on it. It does not take very long, so I am not sure how we can improve more when it comes to our time to respond. We are a small enterprise. It does not take us too long to respond to things.

Being able to keep track of the endpoints and the data that is available from the endpoints is valuable. We can see the patch levels, whether Windows endpoints are active or inactive, and who is the last user that was logged on. We get a lot of granular information that is valuable even when we are not talking from a security standpoint.

The agent update is not the most intuitive process, but I understand why they do it. We have a pretty vertical 64-bit environment for Windows. That is pretty much all we have, but we get alerts for things like the new Linux endpoint or things that do not apply to us. That is probably the only thing that I do not like. There may be some way to turn that off so that I do not get endpoint update alerts from platforms that are not applicable to our system, enterprise, or network.

We have had it for a couple of years now.

I have not had any issues related to downtime, uptime, or responsiveness of their infrastructure. I have not seen any reports where something was not working the way it was supposed to.

They would far outpace the scale of what we would be looking at.

I contacted their technical support at the very beginning when I was rolling things out, but it was not a major issue. It was just about me getting up to speed with how they do things. I do not have a negative impression of how that interaction went.

SentinelOne is a good partner. I had a few other technical support questions, and they answered them pretty quickly. They were pretty minor things, and they were always pretty quick to respond. 

Positive

We were using another solution previously. It was long ago. We were using Berkeley, which was bought by Alert Logic. The Berkeley product was pretty good, but when they were bought by Alert Logic, I did not like the way they did things. It was complicated. It was not intuitive. Their sales program was a little shady. We got locked into a contract that was not intentional. It was not a great experience. They have a product that is not a direct competitor to SentinelOne. We tried it, and it was super noisy for alerts. If I tried to clear all the alerts in the system, I would not have time for anything else. We were not necessarily looking for it, but because of the platform that we were on, we tried the other offerings that were included in the platform, and it just was not a good fit.

SentinelOne is a much more robust platform than Berkeley or Alert Logic in terms of endpoint protection. In terms of the ability to be innovative, SentinelOne provides tools. If we had stronger security requirements, they have other tools that we could utilize, such as Ranger. 

The portal is cloud-based, but the agents are on-prem.

I was involved in its deployment. I am a one-man IT shop. It was pretty straightforward. You get the agent that you want to install, and there is a code that you put in that locks it to your portal. It installs pretty easily.

It requires very little maintenance. Occasionally, I check to make sure that the agent version is pushed out because that is not automatic. I get to choose when the agent gets pushed out. If there is an update, I update them when I want to.

We did not need any help at all. It was just me. 

We do not put a price on security, but we have to choose between different products that are on the market. We are constantly evaluating other products every year. Endpoint protection is not something with which there is a huge opportunity cost by moving from one vendor to the next. Our security stack is not so integrated with SentinelOne. If, for some reason, they were not the best option, we could move to another option fairly easily. The fact that we are sticking with SentinelOne is a testament that it is not broken. It is still working for us. It gives us good peace of mind about the product line, where it is going, and the protection that it provides.

It is very competitive with other solutions that are on the market. At least the last time we renewed, it was very competitive.

I try to stay abreast of different platforms. I reached out to SentinelOne, and they put me in touch with a reseller, so I went out and found it. 

The biggest thing was how well SentinelOne ranked versus the other platforms. There was also a cost-benefit of a solution like SentinelOne. We thought it would be effective for endpoint protection.

It certainly was a cost-effective solution as compared to some of the other endpoint protection solutions that were available at the time. I would not have gone with SentinelOne if it was not a good value.

It is a very robust platform. It is a great candidate to serve small business environments. They do not target small businesses. They do not market it to small business environments with 50 users or less, but being a little more technically-minded, I wanted something that was enterprise-ready. Even though our environment is small, it was a good fit for us.

It did not require a lot of in-place support from the integrator or the reseller, but they did provide a large amount of presale decision-making help in terms of what I was getting into and what they could provide. That was very helpful. Talking to an integrator or a reseller so that you can put a person to the discussion is helpful.

In terms of integrations, we have looked into some of the integrations, such as with Mimecast. We have had some interest in that, but we have not utilized any of those third-party integrations. We also looked at the possibility of using some things with log management and being able to have a single source of how protected we are across the enterprise, but we have not yet pulled the trigger on anything like that.

Overall, I would rate SentinelOne Singularity Complete a nine out of ten.

I use SentinelOne Singularity Complete as our next-generation antivirus on our endpoint. I review detected malware and verify whether it is legitimate or a false positive. Additionally, we can control endpoints, such as correlating them or blocking specific activities on any endpoint. We also have visibility into what is happening, including what is installed, being installed, or uninstalled on endpoints.

SentinelOne Singularity Complete can help reduce alerts, but we must first add exclusions based on our existing features to keep the false positive rate low.

SentinelOne has helped our staff save time investigating and handling incidents.

It has helped reduce our MTTD and our MTTR.

The hunting feature is most valuable for detecting malicious or suspicious activity.

The way Singularity Complete handles blocking external mass storage is annoying because it is so difficult to unblock single endpoints. We can only add a general rule to block everything, and we cannot add any exceptions. Additionally, Singularity Complete uses different names for endpoints other than the actual actions that will happen or be taken, such as quarantining a device. This is also confusing, as the wording used by Singularity Complete is slightly different from other endpoint security solutions and can be difficult at the start.

I have been using SentinelOne Singularity Complete for almost three months.

Singularity Complete is stable.

Singularity Complete is extremely scalable.

Technical support is super helpful. 

Positive

The price of Singularity Complete compared to some of its competitors is competitive.

I would rate SentinelOne Singularity Complete eight out of ten.

SentinelOne Singularity Complete has room to grow, but it is overall very good. It is a mature software product with an awesome UI. There are many options and actions available. 

No maintenance is required from our end.

SentinelOne Singularity Complete is a straightforward, stable solution that is easy to learn.