We primarily use the solution for security.
Cyber threats are growing. I have some other colleagues from other companies that have had some attacks. For us, SentinelOne or EDR solution was something appropriate.
We primarily use the solution for security.
Cyber threats are growing. I have some other colleagues from other companies that have had some attacks. For us, SentinelOne or EDR solution was something appropriate.
It's pretty easy to implement.
It gives you good visibility of any threats or vulnerabilities that you might have on your network.
It's very simple to use, and user-friendly as well.
I don't know how complicated it would be, however, a patch solution should be included inside of this. If we find a vulnerability, we should also be capable of patching the PC right away.
Some reports could be better. Sometimes you need to search inside of SentinelOne to get some information. Only then could one be done.
A daily report would be helpful.
I've been using the solution for six months.
The software looks to be okay right now. It is very stable. I have no complaints regarding that.
It is very scalable. Most of the software that is on-demand is scalable.
We have about 350 licenses for the solution right now. If the company grows, we will increase usage.
We use the SUP team that is provided by the provider of SentinelOne. However, I've never directly dealt with them.
Previously we had an antivirus. That was Kaspersky. However, we didn't have an EDR solution. It can't be really compared.
Of course, with Kaspersky, now, with what's happening in Ukraine, there has been a break in trust.
The implementation process is quite straightforward. It's not complex at all.
The deployment process took a maximum of a month. That said, we were doing very slowly since there were some computers that we knew would not have any attacks on it. However, there were others that were using acquisition data. We needed to install it and maybe wait a week to ensure everything conformed, and after that, we patched the rest.
Maybe five or six people are maintaining. However, no one really has to worry about it full-time. Really, only one to two people would be required.
We did a third-party integration. Another company is hosting SentinelOne.
Since we are a French company in France, we partnered with a company called Arrange which is our vendor. We did some quotes and found they have a reasonable price for this kind of technology. SentinelOne offers one of the best software quotes and has excellent reviews and everything.
The licensing is done per device.
I'm not directly involved in the licensing process and can't speak to the exact costs.
This is an on-demand product. We are always on the latest version.
I'd rate the solution eight out of ten. It's a good product. We like working with it.
Everyone who is a client of ours gets SentinelOne by default. It provides ransomware protection, malware protection, and increased security. Those are our top-three selling points for SentinelOne when we talk to clients.
Prior to deploying Sentinel One, we had a team of staff members dedicated to ransomware prevention and malware alerts. Since deploying Sentinel One, we have been able to allow that team to focus on other proactive security measures for our clients.
The dashboard alerting is great and it has helped us out a ton.
SentinelOne has also greatly reduced incident response time, based on the toolsets and the ability to deploy it to new companies through a script. That has been very helpful. It has decreased the amount of time spent on incident response by 40 to 60 hours a month.
And when it comes to mean time to repair, while we haven't had a situation where we've had to reload an operating system or repair to that extent, we've used the 1-Click Rollback feature which saves several hours over a reload of a PC.
The detection and response feature is really good for us.
Also, there is a feature called Applications, and it shows all the critical applications that are on devices that may need to be reviewed.
The solution’s Static AI and Behavioral AI technologies are great when it comes to protecting against file-based, fileless, and Zero-day attacks. I would rate that aspect at eight out of 10. They have been great at detection.
The solution’s 1-Click Rollback for reversing unauthorized changes is also huge for us. That is one of the top reasons we have SentinelOne in place. For example, we had a site that had downloaded malware on a share for their sales office. It was trying to move laterally throughout the network but SentinelOne detected it. We then used the 1-Click option to remove it from the 10 or so PCs it had infected. Then we blocked it based on the information SentinelOne provided to us. That way if it happened again, it would already be blocked and wouldn't be allowed to launch.
One area of SentinelOne that definitely has room for improvement is the reporting. The canned reports are clunky and we haven't been able to pull a lot of good information directly from them.
Also, integration is almost non-existent. We would really like to see integration with ConnectWise. Within ConnectWise Automate, you're only allowed to deploy at the top-level group. Our company is dealership-focused, but if we have a parent dealership that has 10 sub-dealerships with SentinelOne, we have to treat them as one large group instead of one parent and 10 sub-groups. That's been a pain point for us. We've done some workarounds, but since there is no integration, it's tough.
I have been using SentinelOne for about two years.
We haven't had any issues, outages, or upgrades. I would rate the stability at 10 out of 10.
One of the features that we love about SentinelOne is that we don't have to buy licenses ahead of time. It just scales up as we grow. We're bringing on a client now that has 500 endpoints and I don't have to worry about contacting sales at SentinelOne and getting a PO for 500 licenses. It just scales up and we're charged based on what we use, which is awesome.
The solution is on 100 percent of our clients that we manage, and that's going to be the goal moving forward. Our sales team does not put in a contract without SentinelOne.
SentinelOne technical support has always been very quick and responsive. We haven't used them a lot. We're a technology company as well and we're able to fix the minor stuff ourselves or by looking at a knowledge base.
One of our concerns or complaints at the beginning was the lack of training, which they fixed. They allowed us to schedule our staff to do the eight hours of free training, which was great. That would have been my only complaint, but that was resolved a few months ago.
Positive
We didn't have any EDR solution in place like SentinelOne. We had Bitdefender for antivirus, but that has been removed. Our existing antivirus was failing in several ways. It wasn't detecting everything that was coming through. That was the big catalyst for the switch.
Originally, we had SentinelOne through SolarWinds, which was our previous RMM tool. And when we migrated to ConnectWise, we moved our existing licenses over.
The initial setup was straightforward. It was through our RMM. We bought licenses and we had a one-click deployment to deploy that software. And when we migrated, the gentleman who helped us was awesome. We migrated 9,000 endpoints from that RMM directly into SentinelOne, and he did a lot of the heavy lifting. We just had to check and confirm things were getting moved over.
The migration of the 9,000 agents took 10 to 14 days.
Our implementation strategy included a deployment where we would do a test phase. We picked certain endpoints at different clients and we would deploy and set it in a "listen-only" mode and see what it caught. If everything was good, we would then turn it on to regular mode. That process helped a lot in the implementation.
We have about 75 people in our company using SentinelOne. The main roles among them are about 60 percent help desk, which is view-only; 20 percent client-side, which is reporting and view-only; and the rest are our engineering level where they have the ability to do rollbacks and fix certain issues that are coming in. There is very little maintenance involved with the solution, maybe a handful of hours a month. We have it set up to auto-update. Prior to that, we had to set up our script to download the most recent version, but that's all been replaced now with automation. Maintenance on the actual system is very minimal.
In the past, we had to purchase licenses in advance, so if we hit our license limit, we could not expand until we got a signed agreement in place with the sales rep after the back-and-forth. That meant if a client had ransomware and they had 200 agents, we couldn't deploy right away if we were up against our limit. So we always had that balancing act of figuring out if we were close to our limit and whether we needed to buy more licenses? We ended up paying for licenses we didn't need because we had to buy them in packages of 100.
We now pay based on usage. They do an audit once a quarter and calculate any overages. We pay a set amount quarterly, based on our licenses in use, and then they true-up the figure. Right now we have 12,800 agents with SentinelOne on them. We charge our clients monthly, so it would be really difficult for us to write a check to SentinelOne, in advance, for a full year's worth, at that level. It's been great for us to have the quarterly payments.
We looked at CylancePROTECT in addition to SentinelOne. We liked the pricing better and the contract options better with SentinelOne. The deployment also seemed to be easier. In addition, SentinelOne detected things that others missed. We did a few quick trials of other solutions, but SentinelOne seemed to be the best in terms of detection. For example, we did a test with Mimikatz and SentinelOne detected it immediately, whereas some of the others bypassed or didn't see it at all.
And when we talked to the ConnectWise sales rep—because ConnectWise was integrated with Cylance at that point, and SentinelOne was not—the rep told us that they were actually dropping Cylance and moving to SentinelOne over the next year for integration, which was a big factor for us.
My advice would be to implement SentinelOne immediately. It is one of the top things that we've implemented and it has saved us countless hours. It's really hard to quantify the savings, but if a client were to get ransomware, it could involve weeks of several team members working around the clock to get them back up and running. Since we've implemented this, we haven't had to do that in an environment where we had experienced having to do so previously.
The biggest thing I've learned from using SentinelOne is that there are a lot more attacks out there than a typical antivirus will display. Regular antivirus, rather than an EDR-type platform, gives people a false sense of security because there are a lot of processes running in the background that the typical antivirus solution is not equipped to catch. It was eye-opening when we started deploying this at clients, locations where we felt we had very good peace of mind in terms of what was happening. SentinelOne started detecting things left and right that were completely unable to be seen prior.
We are a solution provider and this is one of the products that we implement for our clients.
Sentinel One is being deployed as a replacement for any antivirus solution. In our case, we use it to primarily prevent ransomware and other malware from entering networks or computers, as they're deployed across the entire world now, in this new post-COVID environment.
We no longer have the luxury of the corporate firewall protecting everyone equally. This means that having SentinelOne on each box is providing a solution where we stop the badness before it can spread.
This is a cloud-based platform that we use in every capacity you can imagine. We use it on cloud components in both Azure and Amazon.
We have tested SentinelOne's static AI and behavioral AI technologies and it performs well. We actually put a laboratory together and we tested SentinelOne against CrowdStrike, Cylance, and Carbon Black side by side. We found that the only product that stopped every instance of ransomware we placed into the computers in the test lab, was SentinelOne. As part of the testing, we used a variety of actual ransomware applications that were occurring, live on people's systems at the time.
My analysts use SentinelOne's storyline feature, which observes all OS processes. They're able to utilize the storyline to determine exactly how the badness got into the network and touched the computer in the first place. That allows us to suggest improvements in network security for our clients as we protect them.
The storyline feature offers an incredible improvement in terms of response time. The deep visibility that is given to us through the storyline is incredibly helpful to get to the root cause of an infection and to create immediate countermeasures, in an IT solution manner, for the client. Instead of just telling them a security problem, we are able to use that data, analyze it, and give an IT solution to the problem.
SentinelOne has improved everybody's productivity because the design of the screens is such that it takes an analyst immediately to what they need next, to make the proper decision on the next steps needed for the client.
The most valuable feature varies from client to client but having absolute clarity of what happened and the autonomous actions of SentinelOne are what most people find the most assuring. The fact that it stops everything and lets you analyze it with great detail, including how it occurred, to improve your overall security infrastructure to prevent such an attack from occurring in the future, is really important to clients because it's almost like a security advisor or a security operation center in the tool itself.
When an event occurs, it gets stopped, and then they have a way to look into that data to find ways to improve the security of their network or what risk factors they need to tend to within the company through education or other means. For example, they may be constantly clicking on the wrong links or the wrong attachments in phishing emails.
Our people constantly use the Ranger functionality. The first thing we do is look for unprotected endpoints in the environment. This is critical because SentinelOne should be placed on everything in the environment for maximum protection. The second way we use it is if a printer or a camera or a thermostat is being used as a relay for an attack, through a weakness in that product, we are able to let them know exactly what product it is. The other advantage of Ranger is that it lets us put a block into the firewall of SentinelOne that's on every Windows computer, and we can stop the communications from the offending internet of things product to every system on the network with just a few clicks.
It's incredibly important to us that Ranger requires no new agents, hardware, or network changes. If you think about it, we're in the middle of an incident response every day. We have between 60 and 80 incident responses ongoing at any time, and having the ability to deploy just one agent to do everything we need to advise clients on how to improve their security and prevent a second attack, is incredibly important. It was a game-changer when Ranger came to fruition.
Various clients, depending on their business practices, are heavily in the IoT. Some are actually the creators of IoT and as they put new products on the air for testing, we're able to help protect them from external attacks.
As a cloud-based product, there is a minimum number of licenses that need to be purchased, which is unfortunate.
I have been using SentinelOne personally, on and off, for approximately three years.
SentinelOne is very stable and the agent rarely fails. The only time I've seen an agent fail is normally on a compromised system. The fact that it even works to protect a compromised system in the first place is amazing, but that's the only time that we actually see the failure of an agent. Specifically, it can happen when there's a compromise to the box prior to loading SentinelOne.
On a pristine new load of a workstation or server where it has no compromises and no malfeasance exists, the SentinelOne agent is incredibly stable and we rarely have any issues with the agent stopping in function. I will add that in this respect, the fact that the agent cannot be uninstalled without a specific code gives us higher stability than others because even a threat actor can't remove or disable the agent in order to conduct an attack against the network. It's a unique feature.
Right now, we have 54 analysts managing approximately 300,000 endpoints at any one time, globally. We operate 24/7 using SentinelOne.
The technical support team is probably the fastest in the industry at responding, and they do care when we have to call them or send them an email due to a new issue that we've discovered. Most of the time, the problem is the operating system that we're dealing with is not regular, but they're still very helpful to us when it comes to protecting that endpoint.
I would rate their customer server a nine out of ten. I could not give anybody a ten. They are a continuous process improvement company and I'm sure that they are constantly trying to improve every aspect of customer service. That is the attitude that I perceive from that company.
Primarily in the last year, the number one solution clients had, in cases where we replaced it, was probably Sophos. Next, it was CrowdStrike, and then Malwarebytes. The primary reason that these solutions are being replaced is ransomware protection.
Almost every client that I get involved with has been involved in a ransomware case. They've all been successfully hacked and we can place it onto their boxes, clean them up, along with all of the other malware that everyone else missed, no matter who it was. SentinelOne cleans up those systems, brings them to a healthy state, and protects them while we are helping them get over their ransomware event. This gives them the peace of mind that another ransomware event will not occur.
Personally, of the EDR tools, I have worked with Cylance, Carbon Black, and CrowdStrike. I've also worked with legacy antivirus solutions, such as McAfee and Symantec. However, this tool outshines all of them. It has ease of use, provides valuable information, and protects against attack. The autonomous nature of SentinelOne combined with artificial intelligence gives us the protection we cannot experience with any other EDR tool today.
The initial setup is very straightforward. SentinelOne has incredibly helpful information on their help pages. They are probably the fastest company that I know of in the entire EDR space for responding to a client's email or phone call when you need to do something new or complex.
We have covered everything from Citrix networks to more complicated systems that work by utilizing the Amazon and Azure cloud to spin up additional resources and spin down resources. We were able to protect every one of those assets with it. The agent is easy to load and configure and the library allows us to quickly pivot on a new client and get their exclusions in fast enough to not impede business as we're protecting them.
When we were at a point of 50 clients, which is an average of 10,000 endpoints, we needed four analysts using Cylance. When we switched to SentinelOne for that same protection, the 50 clients could be covered by two analysts. We dropped our need for analysts in half.
The average cost of a security incident involving ransomware is a minimum of $50,000 USD, and this is something that SentinelOne can prevent.
The product has a rollback feature, where you can take a machine that's been attacked and partially damaged, and you can roll it back to a previously healthy state. That saves endless hours of system administrators' time rebuilding systems. That alone can reduce the cost of an incident from $50,000 down to $20,000. There is a cost because you still have to determine exposure and other factors with an incident response to determine if the threat actor has taken any data, things like that, but on the damage to the equipment, with the rollback feature and the restoration features built in the SentinelOne, and the fact that it stops everything but the most sinister lateral movements today, just means that an incident never has to occur.
This means that there is a great return on investment for a lot of companies. Another important thing to mention is that they don't lose people. Approximately 60% of businesses that are hit with a ransom attack go out of business within six months. If SentinelOne is preventing those incidents from occurring, that return on investment is worth almost the value of the entire company in some cases.
It is difficult to put an exact number on something like that, but the lack of pain and suffering of the employees of the company, because they didn't have to go through an incident response, and the lack of expense for the company to hire lawyers and professional companies to come in and help them during an incident, as well as their increased insurance costs of having an incident is also another factor.
Overall, it's difficult to judge but it's a true factor in the return on investment of owning SentinelOne and utilizing it to protect your environment.
The pricing is very reasonable. Unfortunately, because it's a cloud-based product, it has a minimum count for licensing, but other than that, I've found their pricing to be incredibly reasonable and competitive with tools that are very similar.
Considering the invaluable nature of SentinelOne's autonomous behavior, I don't believe anyone else can measure up to that. That makes it an incredible bargain when compared to the cost of an incident for any company.
There are organizations such as MITRE and ESET Labs that have been doing testing that is similar to what we did three years ago. We just look at those results for the same truth that we discovered in the beginning, and the product continues to improve its performance.
I have been a proponent of SentinelOne for many years. When I learn about somebody who has been hacked and wants to have protection against problems such as ransomware occurring, this is the one solution that I recommend.
The SentinelOne team is open to suggestions. They listen to the analysts and managers that are using their product and they innovate constantly. The improvements to the SentinelOne agent have enhanced its ability to catch everything and anything that comes in, including the detection of lateral movement attacks, which are the worst-case scenario.
When an unprotected agent penetrates the firewall and attacks a network, that unprotected asset has no protection on it so that the hacker can do whatever they want from that box with no impedance. But, the detection of it attacking from a lateral basis has been improved immensely over the last three years.
The improvement in the exclusions library has been phenomenal to help us get the new systems on the air with the new software. It allows the end-user to almost seamlessly get SentinelOne loaded and operational without impacting their business, which is incredibly helpful.
SentinelOne is working on something right now in the Ranger space that is going to allow us to remotely load endpoints that need the SentinelOne protection through the Ranger portion of the application. This is going to significantly improve the security of all of our clients, whether they be in long-term care or short-term incident response, it will help us protect them better. It's a significant improvement to our ability to protect the client.
Of all the products on the market today, I can say that they are the ones that I trust the absolute most to protect my clients.
I would rate this solution a ten out of ten.
We have been growing, but we are still a pretty small team. We have integrated it with our other software, and we are getting logs out of it. We go into threat hunting and do a deep watch. We go in there, see those logs, and make more sense of things. It has been a real help.
In terms of its deployment model, we have private companies. It is mostly on-prem, but each plant is a little bit different. Anything and everything that touches our corporate environment gets it.
For the most part, it gives us time to react by getting things off the network and getting that account locked down for a minute. We can let a member of our team take a look at it and move on from there instead of letting something fly under the radar and letting the incident take place or continue to happen. We can put the spotlight on the incident, make someone take a look at it, and then we can get going.
The integrations I have been working with work great. They do exactly as advertised, and they have been helping me with my threat hunting and seeing what is out there. There are always things lurking in the weeds that you just do not know about, so being able to have that correlation and more insights is always helpful.
Singularity Complete has helped free up our staff for other projects and tasks. It is a small team. I am more of a one-man SOC. A lot of the incidents either come through me or someone else on the team if I am not there for vigilance, so being able to dive down and get an issue resolved quickly is helpful. I can then go back to another incident. Usually, they come in batches, so being able to go to the next one or go back to working on a major project has helped a great bit.
Singularity Complete has not helped to reduce alerts. To my knowledge, it stayed about the same. We have fewer false positives, but there are some other ones that I would rather look into. They are more on the identity side. Now that we have Singularity Identity, I am intrigued by what we will see there in terms of weird logins and other things. Now that we have the integration set up, I will get some alerts from there to go track down.
Singularity Complete has helped reduce our organizational risk. When you get these new tools, you see everything that is wrong, and then you are like, "Oh, man," but at least we are seeing them and fixing them. In that sense, it has helped to reduce risks. I do not have the metrics, but we have been able to tackle some vulnerabilities and issues that have been big known ones.
Singularity Complete would help our organization save on its costs if we were not trying to expand so much. We are into manufacturing, and we grow a lot by mergers and acquisitions, so anywhere we can get security funding is a great point. It has helped us identify some things that we can do without. We can either reduce or eliminate those other tools and cascade down, so overall, it has reduced costs.
The Microsoft integrations are most valuable right now. One that I still have in the testing is putting user accounts into the high risk and letting our policies on that take place, and then have SentinelOne put it into network isolation as well until an incident is resolved.
There could be more integrations with more software. We have been looking at Palos and getting those put into the data lake. If there was a native integration for that, that would help a lot. They can just continue adding more integrations with these big brands and software security products.
I have been with the company for two years, and it has been there since the time I have been there, so I can only say two years at most.
I would rate it a ten out of ten in terms of stability. It is great in terms of stability and agents working as long as you do your due diligence and you do not leave it there to run just like every other product. If you leave it there with no attendance, it is going to do what it does, but if you are in there, doing your due diligence and making sure things are set, it is great. Auto updates are something I know that was implemented. That has been super helpful, so if you are doing what you need to do, it is a ten out of ten.
I would rate it a ten out of ten in terms of scalability, especially because we have Ranger deployed. If we need to or if we have a merger, we can get them to put SentinelOne on a couple of devices for us and give us creds so that we can deploy to the rest from there in case they cannot get us in the SCCM or whatever else they are using.
Their support is great. Keith Fields and Mitch Milligan are always there. They have been super helpful. I knew Keith before Mitch was even part of our account. I have been working with Keith for a little bit, and he has been super insightful on different things that I did not know the tool could do or quicker ways to do things. Mitch has also been super helpful in getting us set up.
We just bought Singularity Identity, and Keith, Mitch, and Paul have been there to give us those meetings on what we need. They really understand what our business is, and they look into our console to help us out at times as well. It has been great. I would rate their support a ten out of ten.
Positive
It was already in place when I joined the organization. We run Defender as well. It is like a dual-stack. We have E5 for other reasons, and we use it because it is already there, but our team has gone for SentinelOne. We have had other people, especially the research teams, who want to use their own agent, but we are so comfortable with SentinelOne's abilities and what we have set up to keep us secure that we have looked away from those other SIEMs who want their agent. We have looked away from other software in the realm of MDR that may not work with SentinelOne. It is a staple piece for us that would be a hard buy to remove.
It works great. One thing I wish I had done more in college is hands-on with EDR agents. I went to Purdue for the cybersecurity network engineering major. They had classes and labs for forensics, but one thing we did not get too much hands-on was EDR. I believe they lived in the world of Microsoft for their operations there. Since I have been working here, Singularity Complete has been a great product. We are expanding. We have gone into these other modules and platforms, and we have always had a great experience.
It is a mature solution. It has been here longer than ten years. I graduated from college in 2021 and from high school in 2017. It has been around longer than I have known cyber practices. It is a good one. Always do your research and compare, but it is definitely a top one. I believe it is up there on the Gartner's Quadrants as well. It is up there for a reason.
We will use it more as we get more tools and integrate it. Currently, some of the things are still in beta. I am not leveraging it to its full capability because things are either in testing or we are looking at the software that is going to be connected. From what I have seen and based on the demos and how the beta is going, I have to give it a ten out of ten.
We use it at our enterprise to protect all of our endpoints. We needed an EDR tool, and this product was one of the top options that we looked at at the time.
We definitely get a lot more insights into incidents. When we get an alert, we can go a lot deeper into the information and investigate.
The deep visibility is really important for us. With it, we can really look deep into some of the incidents.
Singularity's interoperability with other SentinelOne is okay. It does an okay job. We can tie it into some of our other tools.
The solution's ability to ingest and correlate across our security solutions is okay. We can tie it into messaging solutions so that we can get alerts directly rather than logging into the console.
It reduces alerts. There are not a lot fewer false positives. I'm not sure the percentage it has reduced, however in comparison to before, it is definitely less.
The product does save a lot of time and we are able to get to tasks and respond quicker. It's helped reduce our mean time to respond.
It's helped us save costs in some areas. It would be based on hours saved. While the solution itself is a little more expensive, operationally, it helps us reduce costs.
We did use the Ranger functionality. However, there was some scanning going on and it caused a lot of noise, so we had to disable it.
The remote console is currently an add-on. Having the remote console without having to pay a huge fee would be ideal. They could reduce the cost a lot.
There was an issue a few months ago where the agent kept getting shut off, however, now there's a newer agent and that's not happening anymore.
I've used the solution for almost two years now.
The stability has gotten better and better over the last two years.
The solution is deployed across 2,000 machines in four properties.
It can scale well. We keep deploying it further and it works.
Technical support does a good job. I've never had to work with support a ton. They do a decent job.
Positive
We had previously used a few solutions, including FireEye and Endgame. We left Endgame when they got bought out shortly after we bought them and it felt stagnant.
The deployment was pretty straightforward. We deployed it originally in a reduced state until we had an outline for a majority of machines when we could protect the environment better.
We had two or three staff members who handled the deployment.
There is some maintenance required. We do have to monitor and fix agents and occasionally update the product. There are two to three people who perform occasional maintenance duties.
We set up the product ourselves.
We have witnessed an ROI, although I can't speak to the exact number or percentage.
I don't have any visibility on the pricing.
We did evaluate other options. We looked into CrowdStrike and SentinelOne and maybe one other option, however, it wasn't considered very long. We demoed CrowdStrike and went with SentinelOne as it was more user-friendly and had a better flow. CrowdStrike felt thrown together and was hard to navigate.
SentinelOne's ability to be innovative is good. They've done a good job. Over the last two years, the product has continued to improve, change, and add valuable features.
The quality of the product is good. It feels mature and is well-developed. I don't have any concerns with its technology.
They are a good strategic security partner. They are a growing company and one of the leading EDR tools in the space.
I'd rate the solution nine out of ten. I would recommend it to others.
Initially, we had only detection and response on each endpoint where we installed the agent. Now, we are expanding from detection and response to action. For example, if it finds something on the endpoint, it will not only detect and report it, but it will also respond and block it or isolate the endpoint.
It's all about protecting our endpoints and devices, including servers, Windows and Mac machines, whether laptops or desktops.
As a security guy, I don't need to have a VMware or Windows expert help me deploy this environment because it's purely cloud-based.
We had Trend Micro with an on-prem server from which we were pushing updates on a daily basis. We have connectivity between our head office and regional offices, but if that connection was overutilized, those updates would not be pushed in a timely manner. Now we don't have that issue. A laptop, for example, just pulls the updates automatically, and they don't need to come through a congested connection.
Overall, it has reduced our risk by 50 to 60 percent.
It is purely cloud-based, meaning you don't need to have something installed, such as a server on-prem. You have cloud management and can access it from anywhere, with integration with SSO, with one click. It's also very lightweight. It provides granular control as it is cloud-based, and there is no on-prem hardware or software to manage.
It protects against malware, suspicious activities, and suspicious people on the endpoint itself. The endpoint can be a user machine, a server, or an IoT device.
Another feature I like is that when there are indicators of compromise, such as hash files, IP addresses, or domain names, you can add them straight away with one click, and, boom, everyone will have them blocked right away.
The detection is very good and very fast. Once we install it, files or malicious software that are installed on the system are quarantined or deleted right away. The response is also fast.
We have many old machines with outdated software that have been compromised, with malicious software installed on them. It detects all these issues, including that the software is not updated and that they have all these malicious files. It helps us identify those endpoints. All those machines are sent to be upgraded and to have things removed or installed—whatever actions are needed. And for servers that are running software for the business and that can't be upgraded on-the-fly, isolated, or shut down right away, we create an isolated network for them and give access only to the particular users who need them.
Since SentinelOne Hologram was an Attivo Networks product acquired by Microsoft, I have to install a different agent on endpoints for that product. It would be better if the same SentinelOne agent could be used for both the EDR and deception technology. I don't want to have to install an additional agent on all 5,000 of our endpoints. If the SentinelOne EDR agent could be used for both Hologram and SentinelOne, that would be ideal.
It's been a year since we started using this product. We recently extended it to XDR for instant response. We have expanded with SentinelOne EDR.
It is very stable. So far, we haven't faced an issue.
The scalability is a nine out of 10.
The support is excellent.
As a strategic security partner they are a nine out of 10.
Positive
We tried CrowdStrike. The issue with it was that it was not compatible with older iOS and Windows OSes. We have some old servers in our data center that are now undergoing a migration process. On top of that, we have some Windows machines that are running on Windows 8, and it did not support them. We had to switch to SentinelOne since it supports those clients. CrowdStrike is also a very expensive solution.
Trend Micro is not smart; sometimes it's unable to detect malicious files.
SentinelOne is faster. It scans and detects issues and vulnerabilities on endpoints in real time. That's the main thing you look for when it comes to EDR.
The initial deployment was straightforward and simple for us. We just needed to install the agent on the end-user machines, open communication to their cloud URLs through our firewalls, and do some initial configuration on the console with help from their team.
We have a hybrid structure, not only on-prem. We have services running in the cloud as well as on-prem. We have multiple locations across regions and in different countries.
It's not difficult to maintain since it's purely on the cloud. If there are updates, they notify us. That is the maintenance activity. They update our services. Once all the environments move to the cloud, we won't need to worry about maintenance anymore. It depends on the vendor; there's nothing much to do on our end. They push any end-user updates, or they make them available to us and we push them out from the console.
It was not done in-house. We worked directly with SentinelOne support. They provided trial versions for two to three months and assigned SentinelOne engineers to help deploy it on some machines as a PoC. There were three or four people involved in total, including their engineers. After that PoC we bought the product.
We have a SOC solution as well, and we are trying to integrate playbooks. With the SIEM solution, we are able to run multiple playbooks without issues. Using our proxy gateway and detection technology, we have pretty good options to create playbooks without any hard configuration.
The quality and maturity of the solution are excellent. I would recommend SentinelOne.
SentinelOne Singularity is our endpoint protection solution. It protects our endpoints against malware. It's integrated with our centralized log management solutions.
SentinelOne is helpful from an endpoint security perspective because it's a consolidated solution. We don't need any other product. SentinelOne has reduced our detection time significantly.
We can detect suspicious behavior in near real-time. It isn't 100 percent, but I would say 99 percent of the time, it detects threats almost instantly and notifies us. The solution has reduced our risks from an endpoint perspective by about 20 percent.
SentinelOne gives us visibility into various high-level vulnerabilities on every gateway on the network. It helps us prevent vulnerable devices from being compromised. We primarily use Singularity for its EDR functions. We're happy with that.
Managing the alerts is a challenge. Singularity generates a lot of alerts and false positives. While it speeds up our detection time, it takes us longer to respond because we have to do a follow-up analysis to weed out the false positives. A lot of time goes into determining whether it's a genuine threat.
I have used SentinelOne Singularity for a year or so.
SentinelOne Singularity is a stable product.
Singularity is scalable. We haven't had any issues so far. We have no plans to increase usage right now. If the number of users increases, we'll look at it.
I rate SentinelOne support seven out of 10. The response isn't fast enough.
Neutral
We previously used Symantec antivirus but switched to SentinelOne for its EDR features.
Deploying SentinelOne is straightforward. Rolling out agents across the endpoints takes time, but that's because of our company's internal procedures. We can start using it once the agents are deployed across all the systems. It took around three months or so.
We see a return in the form of increased endpoint security, but we aren't seeing cost savings or reducing the number of personnel. In fact, we need to increase resources on the SOC side because they are handling so many alerts. However, we get better visibility from the console compared to a traditional antivirus solution.
I rate Singularity Complete four out of 10 for affordability. SentinelOne costs more than traditional antivirus solutions, but we get more out of it. It hasn't saved us any money, but it's an EDR solution, so we get a lot of value from it.
We also looked at CrowdStrike. The decision ultimately came down to cost. SentinelOne was the cheaper option.
I rate SentinelOne Singularity Complete seven out of 10. It's a comprehensive, innovative solution that covers many of the network features and core antivirus functionality. It's a solid solution from a coverage perspective. The only thing that needs improvement is the false positive rate. If SentinelOne can address that, it would be excellent. My advice to new users is to have a team of people trained to use and manage the solution.
It is used in my customer's companies. It handles incident management, firewall implementation, and device control.
The most valuable feature is the rollback.
Remediation is great.
The ranger feature for work devices is most useful.
The reporting part is awesome.
It is easy to deploy the product.
It should not limit itself to EDR. I need some other solutions to integrate into it. It should give us more visibility by integrating other solutions with it.
I want some other solutions like email security. Email security should also integrate with it to get more visibility on it.
Agent upgrades might cause some issues. Most of the time, an agent gets removed after it is not communicating with the server. After every three months, it will get automatically removed. That might cause an issue.
The solution is expensive. It is costlier than Trend Micro and Palo Alto XDR.
I've used the solution for around six months.
The solution is stable. We've found the performance to be good. It's light. There are no bugs or glitches.
We have 1500 users on the solution right now. It is pretty scalable.
With technical support, I've got an immediate response, and when I log a ticket, I get good assistance.
I had worked on Palo Alto XDR as well. However, the remediation is not so good. There is no option with the rollback as well. That might cause data loss during a ransomware attack.
I'm also aware of the Trend Micro solution.
It's easy to set up and has a very lightweight agent. It's very easy to deploy.
The time it takes to deploy all depends upon the number of uses, the number of clients, which machines are there, et cetera. In the Ranger, you have options. If you have advanced features for deployment, Ranger deployment, it is easy.
The solution is a bit pricey and they should look at the costs involved. You have to pay extra for certain features, such as the Ranger feature. Everything should be included in the subscription.
We are partners.
It's a good solution as compared to others. In terms of MML features, it is fine.
I'd rate it eight out of ten.