SentinelOne Singularity Complete Reviews

First and foremost, we use SentinelOne Singularity Complete for endpoint detection and response in our company. We do not have any antivirus anymore. We have SentinelOne for the endpoint detection, response, and defense mechanism. This is our primary use case. 

We also have other use cases. I work predominantly in vulnerability management. I sometimes work in the SOC. For vulnerability management, we use it in a number of different ways. We sometimes use it to see which applications and versions are running on systems. We use it for an inventory of applications. We do not use it for vulnerability detection. We have another tool for that, which I believe is more dedicated to technical vulnerabilities. I know there has been some investment in this area, but at the moment, we are not using it for that. 

We also use it for running scripts and automating tasks on systems. In fact, I have been doing a lot of that recently. They have developed their automation and remote ops part, which has been fantastic for us. I have been updating a lot of applications using the scripts that I have deployed with SentinelOne. I love that part of the tool. It makes life a lot easier. 

I sometimes also use it to determine where we may not have other pieces of software on systems. For example, we use a vulnerability tool that runs on an agent. I can use SentinelOne to see whether all of the systems on which we have SentinelOne also have our vulnerability tool agent. If a system does not have it, we can deploy a script from SentinelOne to add the agent. 

We also use Ranger, so we can identify other systems on our network that do not necessarily have SentinelOne agents. That can be quite useful sometimes. Because of Ranger, we have seen a lot of systems that we did not already know about. 

As a part of the endpoint detection response, we ingest logs through our central SIEM. We have a hybrid Security Operations Center. The first line is done by a third party. They have access to the SIEM, and all of the SentinelOne data is ingested into that. When there is an incident or when SentinelOne detects an incident, it gets flagged to the Security Operations Center, and then we start to investigate that incident. Most of the time, if it is a SentinelOne-related incident, we will log in to SentinelOne and use it to investigate the incident. We look at the logs on the endpoint and try to establish whether it is a genuine incident or a false positive, what happened on the system, and why we are getting these alerts.

We use the Ranger functionality. It provides network and asset visibility. It is quite important for us. If we did not have another tool that is doing similar, it would have been extremely important, but we do have a vulnerability management tool that is very similar. It is quite good that it does that automatically out of the box, whereas we have to configure our vulnerability scanning solution to do something like this. The ability to have visibility of the network where we do not necessarily have SentinelOne deployed is very important.

Ranger requires no new agents, hardware, or network changes. This is important for us. It has an advantage over our vulnerability management tool because we have to deploy scanners with our vulnerability management tool, whereas we do not have to deploy anything for SentinelOne Ranger, so in that way, it is a better solution in helping us.

Ranger is very effective in helping to prevent vulnerable devices from becoming compromised. For example, we used Ranger and identified some systems in our data center that we could just log on to. It was not very difficult to get on to those devices. Therefore, it would not have been difficult for anyone else to get on those devices. We did not necessarily have the permission to do so, but we found a way to do that. We managed to get those devices secured, and therefore, increase the security of our systems. That kicked off from Ranger, and that is a good use case.

Singularity Complete has helped free up our staff for other projects and tasks. For example, with automation, I have been able to patch some of our systems, which has freed up time for our help desk team. They do not have to patch some of the systems. It has also been helpful for deploying some of our agents for our other tools. If we deploy through SentinelOne using the script, that frees up our team's time.

Singularity Complete has helped reduce our organizational risk. The previous solution we had was signature-based, so for endpoint detection, it has to know a certain kind of attack before it can detect it or even block it. Because Singularity Complete is more looking at the behavior of running processes and how these processes interact with other processes on the system, it has helped to reduce the risk. We are not relying on static detection signatures. We have got real-time detection. Singularity Complete can detect things that may be the first-ever attack in the world, and we get notified about it. It does reduce the risk.

I work in vulnerability management, and for me, at the moment, its automation is most valuable. For the SOC team, incident visibility would be most valuable, but for me, it is automation.

In automation, if we could schedule when we run the task and on which systems we want to run the task, it would improve automation.

I have been using this solution for two and a half years. I have been using it since I joined this company. 

We have not had any issues with it. It has always worked for me.

It is quite scalable. I do not see anything holding it back in that regard.

My impression of SentinelOne as a strategic security partner is very positive.

In terms of support, for a lot of support requirements, I go through the engineering team. They are very knowledgeable about Singularity Complete, but I did contact SentinelOne's support team recently in July. There was a particular vulnerability that Microsoft had already caught. Microsoft Defender had a setting that would automatically block the vulnerability. I raised the question to SentinelOne support asking whether SentinelOne has the same ability to block the vulnerability. It took me a few times to get them to understand what I was asking, and they could not confirm 100% that it was blocked. They just said that their solution does block vulnerability attempts, but they did not specifically do this particular one. Unfortunately, that interaction was not entirely positive. Overall, I would rate them a seven out of ten.

My company had an endpoint solution previously, but I was not with this company before they had Singularity Complete. They already had Singularity Complete when I got here. It was replacing the previous endpoint solution, so I cannot say whether Singularity Complete reduced our alerts or mean time to detect than the previous solution.

I was not involved in its initial deployment. I am with the engineering team. I have deployed SentinelOne on some systems, so I know the process, but I was not involved in deploying it or rolling it out company-wide.

It is in the cloud, but we have SentinelOne agents deployed on our systems. These agents report the data back to the cloud, which gives us the ability to see all of that data.

In terms of maintenance, the team that maintains it performs agent updates. They can be pushed automatically, but our engineering team has decided to not push the updates automatically because they could potentially break something or may not be fully compatible with a current version of, for example, macOS. There is some maintenance in that regard. There is also maintenance in terms of relieving some aged SentinelOne nodes. We might remove those. I would not necessarily call it maintenance, but when we set up particular alerts, we may maintain those alerts based on our requirements at the time. It may be the vulnerability being escalated in the wild, or we might want to set up some sort of detection that can basically detect or indicate any compromise. We maintain all of those rules.

I do not know much about the pricing. What I do know is that the person who negotiates most of the pricing is quite a hard bargainer. In that regard, he often says that he managed to get a very good deal. When we first looked at replacing our old system with Singularity Complete, its price was definitely a big factor. Back then, Singularity Complete was fairly new to the marketplace. We got quite a good deal as an early adopter. They have honored that and respected that we were an early adopter, and I feel we are still getting a very good price.

It is definitely worth considering. It is definitely up there with the best of them now. A few years ago, it probably was not. It was in the early stages, but now, it gives us everything that we need today. They invest heavily in the platform. That is important as well. If you buy it today, in a year or two, you will get a lot more features for your money.

It is quite mature now. Over the two and a half years that I have been using it, there have been numerous feature enhancements. As a basic endpoint detection response, it is very mature, and it now has other features, such as the Ranger functionality and automation, on top of it. It is a very mature offering now.

When it comes to integrations, I do not know about any tools that I have used with Singularity Complete. We just bought Wiz.io for our company, and I understand that SentinelOne links to Wiz.io. I have not personally used it, but I will be using it soon. From what I understand, it is going to be quite useful because if we detect an incident or an alert on a cloud system that Wiz.io manages and has visibility of, we can then get more information about that cloud system. For example, it could say, "We detected that this vulnerability attempt has been made, or one of the exploit attempts has been made on your system." We then get all of this information from Wiz.io which says, "Actually, the system is not vulnerable to that vulnerability." At that point, we would think that we do not need to worry as much, but we are going to see the investigations. 

In terms of its ability to ingest and correlate across our security solution, we do not necessarily ingest into Singularity Complete, but we ingest Singularity Complete into our central SIEM. It is very difficult to ingest data into that SIEM.

Overall, I would rate SentinelOne Singularity Complete an eight out of ten.

We use SentinelOne Singularity Complete as the antivirus for our computers.

We wanted a solution that could maintain the protection of our computers so we implemented SentinelOne Singularity Complete.

SentinelOne Singularity Complete is a lightweight application with a quick threat response.

Singularity Complete has helped reduce our alerts with prompt responses.

Singularity Complete has freed up several hours of our staff's time each week, allowing them to focus on other projects. They no longer need to manually monitor hundreds of computers, as they now have a single dashboard to manage them.

It has reduced our MTTD through prompt action taken against the vulnerability or threat.

It has also reduced our MTTR through quick notifications that allow us to respond within minutes.

Singularity Complete has helped us reduce our organizational risk.

The management dashboard is the most valuable feature.

The most difficult part of using Singularity Complete is logging in, as they often update the management console. I don't know if our accounts become disassociated or what the deal is, but if we don't log in within a certain amount of time, we have to go through a password reset or account reset process.

I have been using SentinelOne Singularity Complete for around five years.

SentinelOne Singularity Complete is stable with no downtime.

SentinelOne Singularity Complete is scalable.

The technical support team is prompt.

Positive

The price is fair for what we are getting.

I would rate SentinelOne Singularity Complete nine out of ten.

SentinelOne is very mature. It's a lightweight application that does not waste a lot of resources, and the quality is definitely good.

Singularity Complete is a self-sustained standalone application that updates to the cloud. Every computer checks in and updates as needed.

I manage our future application deployments and ensure that Singularity Complete is automatically pushed out and kept up to date.

SentinelOne is a good overall security partner.

It's always worth testing out different solutions and finding the one that works for each organization. But as far as SentinelOne Singularity Complete goes, it's been an easy process for our organization and I recommend it to others.

We mostly use SentinelOne to protect our computers and know which users are logging in.

SentinelOne gives the end-user and our IT staff a level of security, knowing that when they're downloading something, talking to a client, or looking at email, their computer is secure. And if, God forbid, they click on the wrong link or download the wrong item, SentinelOne will step in and block anything from happening.

The simplicity of the solution is key. There's only one portal to look at. I don't have to jump around to a couple of programs or combine multiple programs into one. It provides ease of management for me and my team.

And with Singularity, I don't have to worry as much about scanning. It has taken some of my daily activities away, such as system scans, identity scans, and making sure that everything is updated. Also, I now don't have to manually update anything on the laptops for security. The fact that SentinelOne can do that automatically has given me time back in my day.

It saves us at least a couple hours a week, and more if we need to do a full upgrade. If we're doing a full upgrade and have to update every SentinelOne client or any endpoint protection, it could take a day to touch every computer. Now, it takes five minutes to make a policy and push it. It all depends on what the day's workload is, but it definitely saves us time.

In terms of reducing alerts, that did not happen at the beginning, but now that we have it fine-tuned, I don't get as many false alerts. It has really dialed itself in to know what issues to look for. We're not getting spammed with insignificant stuff anymore. It definitely took some time to figure out the alert system and how to make the emails work for us. But now that we have it running, I know that when I get a notification that it's a real one.

And it has reduced our mean time to detect because I don't have to detect. It does it for me. And similarly, for our mean time to respond, it's definitely quicker because I get the email notification right away, and it becomes a priority in our ticketing queue from the notification. Once that comes in, someone on my team stops what they're doing and looks at the alert set. Nothing will sit on the network for long now with it scanning all the time.

It has reduced our organizational risk.

The alerting features are the most valuable. We know that when something goes wrong, we get alerted instantly. That gives us a leg up. Even before the user knows what's happening, we're being alerted to step in and stop anything catastrophic from happening.

I would like to see a better mobile app so that I could look through my phone at the alerts and not have to go to the website. They should make it a little more mobile-accessible.

We have been using SentinelOne Singularity for about a year and a half.

There have been no issues at all.

Scaling is easy. It's not hard to expand it at this point.

When I contacted their technical support, the experience was okay. They fixed the issue. It was just a matter of getting to the right person.

I would rate SentinelOne highly as a strategic security partner. For any issues we had, they have been responsive, talking to the vigilance team and high-level teams. Again, it always comes down to finding the right person. It takes time to get to the right person, but once we get there, it's fine. They are able to help with our needs.

Positive

We previously used Sophos. We switched to Singularity because it's simpler, easier to use, and rated higher.

When looking at the quality and maturity of Singularity, it's a great program. Depending on what program you are coming from, there might be a little learning curve, but once you get past that, it's easy to use, and it becomes very intuitive after some time.

It took some time to figure out how to make the deployment work, to get it on everyone's computers, and to get the organization to fully adopt it, but it really wasn't hard in the long run now that we have it deployed.

There is no maintenance involved on our end. I can push policies during the day to upgrade the clients.

We did it in-house. The implementation was done by me and four other guys.

We did have training, but they didn't help with the deployment. They just showed us how to use the program itself.

The pricing is reasonable. It may be a little high, but it's on par with everything out there.

I wish the more users you have, the better the price would be.

We looked at CrowdStrike.

We have SentinelOne deployed through Intune, but we use the cloud login to work on any alerts or events that pop up. When new SentinelOne updates are available, we log into the cloud portal, make a new batch, and just send out the update automatically to all 400 clients that we have. If any events or errors show up, we go through the normal process. We let the vigilance team look at them, remove the computer from the network if need be, isolate it, and do our normal due diligence on what the error or the event is telling us.

We're very happy with the SentinelOne platform, so we haven't looked at anything else recently.

We use it at our enterprise to protect all of our endpoints. We needed an EDR tool, and this product was one of the top options that we looked at at the time.

We definitely get a lot more insights into incidents. When we get an alert, we can go a lot deeper into the information and investigate.

The deep visibility is really important for us. With it, we can really look deep into some of the incidents.

Singularity's interoperability with other SentinelOne is okay. It does an okay job. We can tie it into some of our other tools. 

The solution's ability to ingest and correlate across our security solutions is okay. We can tie it into messaging solutions so that we can get alerts directly rather than logging into the console. 

It reduces alerts. There are not a lot fewer false positives. I'm not sure the percentage it has reduced, however in comparison to before, it is definitely less. 

The product does save a lot of time and we are able to get to tasks and respond quicker. It's helped reduce our mean time to respond.

It's helped us save costs in some areas. It would be based on hours saved. While the solution itself is a little more expensive, operationally, it helps us reduce costs. 

We did use the Ranger functionality. However, there was some scanning going on and it caused a lot of noise, so we had to disable it.

The remote console is currently an add-on. Having the remote console without having to pay a huge fee would be ideal. They could reduce the cost a lot.

There was an issue a few months ago where the agent kept getting shut off, however, now there's a newer agent and that's not happening anymore. 

I've used the solution for almost two years now. 

The stability has gotten better and better over the last two years.

The solution is deployed across 2,000 machines in four properties. 

It can scale well. We keep deploying it further and it works. 

Technical support does a good job. I've never had to work with support a ton. They do a decent job. 

Positive

We had previously used a few solutions, including FireEye and Endgame. We left Endgame when they got bought out shortly after we bought them and it felt stagnant. 

The deployment was pretty straightforward. We deployed it originally in a reduced state until we had an outline for a majority of machines when we could protect the environment better. 

We had two or three staff members who handled the deployment. 

There is some maintenance required. We do have to monitor and fix agents and occasionally update the product. There are two to three people who perform occasional maintenance duties. 

We set up the product ourselves. 

We have witnessed an ROI, although I can't speak to the exact number or percentage. 

I don't have any visibility on the pricing. 

We did evaluate other options. We looked into CrowdStrike and SentinelOne and maybe one other option, however, it wasn't considered very long. We demoed CrowdStrike and went with SentinelOne as it was more user-friendly and had a better flow. CrowdStrike felt thrown together and was hard to navigate. 

SentinelOne's ability to be innovative is good. They've done a good job. Over the last two years, the product has continued to improve, change, and add valuable features. 

The quality of the product is good. It feels mature and is well-developed. I don't have any concerns with its technology. 

They are a good strategic security partner. They are a growing company and one of the leading EDR tools in the space. 

I'd rate the solution nine out of ten. I would recommend it to others. 

Initially, we had only detection and response on each endpoint where we installed the agent. Now, we are expanding from detection and response to action. For example, if it finds something on the endpoint, it will not only detect and report it, but it will also respond and block it or isolate the endpoint.

It's all about protecting our endpoints and devices, including servers, Windows and Mac machines, whether laptops or desktops.

As a security guy, I don't need to have a VMware or Windows expert help me deploy this environment because it's purely cloud-based.

We had Trend Micro with an on-prem server from which we were pushing updates on a daily basis. We have connectivity between our head office and regional offices, but if that connection was overutilized, those updates would not be pushed in a timely manner. Now we don't have that issue. A laptop, for example, just pulls the updates automatically, and they don't need to come through a congested connection.

Overall, it has reduced our risk by 50 to 60 percent.

It is purely cloud-based, meaning you don't need to have something installed, such as a server on-prem. You have cloud management and can access it from anywhere, with integration with SSO, with one click. It's also very lightweight. It provides granular control as it is cloud-based, and there is no on-prem hardware or software to manage.

It protects against malware, suspicious activities, and suspicious people on the endpoint itself. The endpoint can be a user machine, a server, or an IoT device.

Another feature I like is that when there are indicators of compromise, such as hash files, IP addresses, or domain names, you can add them straight away with one click, and, boom, everyone will have them blocked right away.

The detection is very good and very fast. Once we install it, files or malicious software that are installed on the system are quarantined or deleted right away. The response is also fast.

We have many old machines with outdated software that have been compromised, with malicious software installed on them. It detects all these issues, including that the software is not updated and that they have all these malicious files. It helps us identify those endpoints. All those machines are sent to be upgraded and to have things removed or installed—whatever actions are needed. And for servers that are running software for the business and that can't be upgraded on-the-fly, isolated, or shut down right away, we create an isolated network for them and give access only to the particular users who need them.

Since SentinelOne Hologram was an Attivo Networks product acquired by Microsoft, I have to install a different agent on endpoints for that product. It would be better if the same SentinelOne agent could be used for both the EDR and deception technology. I don't want to have to install an additional agent on all 5,000 of our endpoints. If the SentinelOne EDR agent could be used for both Hologram and SentinelOne, that would be ideal.

It's been a year since we started using this product. We recently extended it to XDR for instant response. We have expanded with SentinelOne EDR.

It is very stable. So far, we haven't faced an issue.

The scalability is a nine out of 10.

The support is excellent.

As a strategic security partner they are a nine out of 10.

Positive

We tried CrowdStrike. The issue with it was that it was not compatible with older iOS and Windows OSes. We have some old servers in our data center that are now undergoing a migration process. On top of that, we have some Windows machines that are running on Windows 8, and it did not support them. We had to switch to SentinelOne since it supports those clients. CrowdStrike is also a very expensive solution.

Trend Micro is not smart; sometimes it's unable to detect malicious files.

SentinelOne is faster. It scans and detects issues and vulnerabilities on endpoints in real time. That's the main thing you look for when it comes to EDR.

The initial deployment was straightforward and simple for us. We just needed to install the agent on the end-user machines, open communication to their cloud URLs through our firewalls, and do some initial configuration on the console with help from their team.

We have a hybrid structure, not only on-prem. We have services running in the cloud as well as on-prem. We have multiple locations across regions and in different countries.

It's not difficult to maintain since it's purely on the cloud. If there are updates, they notify us. That is the maintenance activity. They update our services. Once all the environments move to the cloud, we won't need to worry about maintenance anymore. It depends on the vendor; there's nothing much to do on our end. They push any end-user updates, or they make them available to us and we push them out from the console.

It was not done in-house. We worked directly with SentinelOne support. They provided trial versions for two to three months and assigned SentinelOne engineers to help deploy it on some machines as a PoC. There were three or four people involved in total, including their engineers. After that PoC we bought the product.

We have a SOC solution as well, and we are trying to integrate playbooks. With the SIEM solution, we are able to run multiple playbooks without issues. Using our proxy gateway and detection technology, we have pretty good options to create playbooks without any hard configuration.

The quality and maturity of the solution are excellent. I would recommend SentinelOne.

SentinelOne Singularity is our endpoint protection solution. It protects our endpoints against malware. It's integrated with our centralized log management solutions. 

SentinelOne is helpful from an endpoint security perspective because it's a consolidated solution. We don't need any other product. SentinelOne has reduced our detection time significantly. 

We can detect suspicious behavior in near real-time. It isn't 100 percent, but I would say 99 percent of the time, it detects threats almost instantly and notifies us. The solution has reduced our risks from an endpoint perspective by about 20 percent. 

SentinelOne gives us visibility into various high-level vulnerabilities on every gateway on the network. It helps us prevent vulnerable devices from being compromised. We primarily use Singularity for its EDR functions. We're happy with that. 

Managing the alerts is a challenge. Singularity generates a lot of alerts and false positives. While it speeds up our detection time, it takes us longer to respond because we have to do a follow-up analysis to weed out the false positives. A lot of time goes into determining whether it's a genuine threat. 

I have used SentinelOne Singularity for a year or so.

SentinelOne Singularity is a stable product.

Singularity is scalable. We haven't had any issues so far. We have no plans to increase usage right now. If the number of users increases, we'll look at it. 

I rate SentinelOne support seven out of 10. The response isn't fast enough. 

Neutral

We previously used Symantec antivirus but switched to SentinelOne for its EDR features. 

Deploying SentinelOne is straightforward. Rolling out agents across the endpoints takes time, but that's because of our company's internal procedures. We can start using it once the agents are deployed across all the systems. It took around three months or so. 

We see a return in the form of increased endpoint security, but we aren't seeing cost savings or reducing the number of personnel. In fact, we need to increase resources on the SOC side because they are handling so many alerts. However, we get better visibility from the console compared to a traditional antivirus solution. 

I rate Singularity Complete four out of 10 for affordability. SentinelOne costs more than traditional antivirus solutions, but we get more out of it. It hasn't saved us any money, but it's an EDR solution, so we get a lot of value from it. 

We also looked at CrowdStrike. The decision ultimately came down to cost. SentinelOne was the cheaper option. 

I rate SentinelOne Singularity Complete seven out of 10. It's a comprehensive, innovative solution that covers many of the network features and core antivirus functionality. It's a solid solution from a coverage perspective. The only thing that needs improvement is the false positive rate. If SentinelOne can address that, it would be excellent. My advice to new users is to have a team of people trained to use and manage the solution. 

We utilize SentinelOne Singularity Complete as our EDR. The solution has replaced our previous solutions, Trend Micro and Symantec antivirus.

The Symantec agent we had before would require almost a reboot every time you would make a change, an agent update, or even sometimes in definitions. None of them were as comprehensive as SentinelOne Singularity Complete regarding threat detection and response. I don't believe any of them had any of the rollback features that are available through SentinelOne.

Overall, having more coverage and confidence in our antivirus is part of our decision to choose SentinelOne Singularity Complete. The other consideration was cost. We were going to upgrade to a more comprehensive threat protection solution either way. We were also looking at CrowdStrike then, and SentinelOne beat it by pricing while offering the protection we were looking for.

The solution's in-place upgrades have been very helpful. Another valuable feature is the ability to set policy exclusions on different scope levels, such as at the site or across all sites. Having the API access and documentation for the API is very valuable. If we needed a feature that didn't already exist in the SentinelOne console, we could cook it up ourselves and have it run whenever we wanted.

I feel like SentinelOne is very locked away from being able to be sold to smaller businesses to self-manage. We did have to jump through a lot of hoops to purchase SentinelOne and have control over it because, most of the time, you're forced to go through a reseller. In our experience, the reseller also wanted to manage it for us.

Unless it's a managed detection and response, that's not adding as much value as adding access outside of our organization that we may not necessarily want. The ability to have more direct purchasing for smaller groups and smaller businesses would be great. However, I understand if that's not part of what SentinelOne wants and is not lucrative for their bottom line.

I have been using SentinelOne Singularity Complete since June 2021.

My only issue with the solution's technical support so far is that we can only communicate via email tickets, not phone calls. However, we've still been able to resolve the majority of issues. Their response time is pretty fair. I wish there were more abilities to conduct a remote session because there are a lot of situations where I will have to get walked through some instructions.

Then I have to give feedback saying that an instruction is unavailable, or I can't do this because this device is in this situation or this mode. There may have to be three or four back-and-forth messages before we can proceed to the next step because it isn't an interactive remote session. It is just email communications with a delay every time, which adds to some frustration.

Suppose there's something that's concerning to us that we really wanted to make sure wasn't a false negative as a threat. While we were worried about it, we would just have to wait for responses and be unable to communicate with anybody.

Neutral

SentinelOne Singularity Complete's initial setup is straightforward.

We did not use an integrator, reseller, or consultant for the solution's deployment. I have had some experience with SentinelOne in the past. We just read through some of the documentation and asked a couple of questions. There was also some information on what other administrators have done to implement the solution.

That has worked well, and things have been pretty smooth sailing since the implementation. I've been pretty happy in that regard, and it wasn't a big pain to replace our existing antivirus solution. Two other guys were involved in the solution's deployment, but I was heading up the task.

We have not seen a return on investment with SentinelOne Singularity Complete because we have not used it. It has just added costs for us that we're not taking advantage of.

SentinelOne Singularity Complete's pricing is not terrible. It's not enough to make us want to move away from using SentinelOne. The solution's pricing is not too bad for what it's offering, like the documentation that comes with it. I feel like it should be an optional add-on for people who may not be using things to integrate or may not want to integrate things.

We have used very little of SentinelOne Singularity Complete's interoperability with other solutions. It has looked like it has been nice because we have been scoping out the use of a managed detection and response and have SentinelOne Singularity Complete plugin with other solutions for log output. There hasn't really been anything we wanted to use that SentinelOne was incompatible with.

I believe SentinelOne Singularity Complete is very capable of ingesting and correlating across our security solutions. I don't think I've seen any solutions that would necessarily outperform it. It's done everything that we've needed it to. Again, we have not used it extensively.

SentinelOne Singularity Complete has not helped us consolidate our security solutions, but that's our choice. We like going into the console and seeing everything within there and the dashboards we already have access to.

I can't say that I think SentinelOne Singularity Complete has helped reduce alerts. We would like to use SentinelOne to correlate our alerts so we're getting alerts from multiple different areas to see what matches up there. Currently, we still have an ad hoc solution where we're looking at different sources for that information because we don't have it all trusting each other yet.

Overall, for supply chain attacks, we're hesitant to give access to other products to our SentinelOne. We just don't want to put all our eggs in one basket, but that's more of a mindset problem than a functionality problem.

SentinelOne Singularity Complete has helped free up our staff for other projects. The solution's automation functionality, notifications, alerts, additions with its API, and custom tools to do what we want have helped me not to have to go in and manually check for things. For example, SentinelOne says they do not need to do static file scans other than when you first install the agent.

Our compliance requires that we still have static agent scans on a regular basis, preferably daily. You can launch those from within the console, but it's not viable for me to log in to the console daily and initiate that. Since there's no ability to schedule that in the future, that was best done with the API script that runs automatically and can give us feedback on how it went.

I believe SentinelOne Singularity Complete has helped reduce our organization's mean time to detect. We get some good context within there of what the threat was. Most of the time, it has pretty good notes regarding what it got flagged for if it's behavior-based, but some static file threats don't show the indicators.

We do not know what to do with some threats or understand what it is. We've been told we would need to get the SentinelOne vigilance or managed detection and response to fill that gap. We have been looking at managed detection and response but haven't put it in place yet.

SentinelOne Singularity Complete has helped reduce our organization's mean time to respond from our previous antivirus solutions. The solution gave us some more context than we had and also the ability to isolate each endpoint. If an endpoint looks scary and we don't know what it's doing exactly, we can cut off all of its internet access except SentinelOne until we feel it's a clean endpoint. SentinelOne Singularity Complete has helped reduce our mean time to respond by 20 minutes.

Singularity Complete has helped reduce our organizational risk. There have been multiple things that could have potentially been an incident, and they were stopped in their tracks by the solution. For that, we've been able to demonstrate the solution's value to our leadership in terms of keeping it.

SentinelOne Singularity Complete has not helped our organization save on its costs. SentinelOne Singularity Complete isn't optional and was forced onto us from the licensing. We didn't really get a choice on whether we wanted those extra features, but we had to pay for the SentinelOne Singularity Complete add-on, which is just a blanket cost.

If it was up to us, we might not have chosen it, but it was not. We don't use many of the features, and many of the things we like are within the basic SentinelOne license.

We earlier used SentinelOne Complete, and then we used SentinelOne Complete with Singularity. There hasn't been a great improvement since we've done that. We haven't used many of its features or had any guidance on recommendations that would be helpful to put into place without having to buy anything else.

Most of the time, if we wanted to use anything in the marketplace, we would have to start paying for something we don't already have or integrate with something we aren't using.

I would say SentinelOne Singularity Complete is pretty mature, and there's a good amount of documentation of details. I would say it's much more mature right now than a year and a half ago when it was introduced. I looked into it then and said there's nothing that looks useful to us here.

Now, there are actually many more applications and things to integrate with it that we didn't have access to before. We're still not using a lot of it. As far as recommending it to somebody else or another company, I am confident that it will plug into all the major utilities and tools you may want.

SentinelOne Singularity Complete requires maintenance, but it's not bad. We need to go into the console and initiate updates for select devices when there are updates available. We need to ensure that we stay within supported and not end-of-life releases of SentinelOne. After those select devices have been tested out and we know there are not many issues with them, I will go ahead and release those to all the other devices we manage in the rolling phases.

That's not too much work. I would not classify it as maintenance, but when detection comes up while using the platform, that works well when we need to check that out. We haven't necessarily caught something that needed to be caught.

I am impressed with what they're doing both for detections for our endpoints and also for the security world at large. A while back, they headed up some of the investigations and publications about the supply chain attack for 3CX software, which was something that we had used and were impacted by. However, thanks to SentinelOne, we did not have any fallout from that attack.

Overall, I rate SentinelOne Singularity Complete an eight out of ten.

We used SentinelOne because we needed a tool that would add extra visibility into the environment. We also wanted something that was easier to use than our existing product so we switched to SentinelOne.

Deep Visibility is a valuable feature. It lets us search across the environment and correlate things much more easily than we could have previously.

The learning curve was a little steep. The solution gives training we can go through, but we have to pay for that. We ended up paying for it so we could get everybody ramped up. The product must enable easier onboarding for less familiar or less formally trained people. It would've helped us adopt it quickly.

I have been using the solution for three months.

We had no stability issues.

The product is on a cloud-hosted instance. It can be integrated into everything that we use. It seems highly scalable.

Support is good. The support team is quick to respond and quick to resolve. We can't ask for anything more.

Positive

The product is cloud-based. The initial deployment was straightforward. We were able to rip and replace and do it all faster than our onboarding team had expected. It was done within a month.

We had the standard onboarding services, but we did all the lifting ourselves. It required four people from our side. Apart from agent upgrades, the tool doesn't need any major maintenance.

We currently see returns in getting our technicians' and engineers' time back.

The pricing makes sense to us. The pricing model is simple. It was easy to move forward from our previous products to the new bundle.

We've been using the tool mostly with third-party applications through Singularity Marketplace. Integrating it with our Microsoft environment has been helpful and convenient. The product is robust in ingesting and correlating across our security solutions. It is doing its job without us having to check it.

Previously, we had a few different endpoint solutions on a single asset. The product helped us rip and replace multiple solutions with one. We did a POC on Ranger but didn't go with it. The solution hasn't reduced any alerts, but it has at least given us more actionable data. We need to do tuning because we're so early in the adoption.

The tool has certainly saved the staff's time. It's able to correlate data a lot better and bring it all onto a single pane of glass, which helps save time. It's hard to quantify right now because we're so early in the adoption. We're definitely able to see more bandwidth for other projects. SentinelOne has helped reduce our mean time to detect.

We have seen the most improvements in our organization’s mean time to respond. We would have had to balance between different solutions or portals to correlate data. Now, the tool is just bringing everything into one place. Taking action within the solution has helped us respond and resolve. Our mean time to respond has been reduced by more than half.

We were using multiple products. We replaced them with SentinelOne. Getting a better solution for the same price was a no-brainer for us. Singularity Complete has helped reduce our organizational risk. The solution's quality is top-tier. The maturity was as good as our current solutions. It was easy to make the choice to move over.

SentinelOne is closely aligned with what the actual responders need to do. It seems like the vendor is building tools and solutions for people in the thick of it, which is a big reason why we went with their product. They are making tools for those who need to use them.

If someone were to evaluate or do a proof of concept, the bigger their initial POC, the better. We found some oddities after expanding the initial POC, which would have been nice to work through before the deployment. The vendors set up a capture-the-flag type of event that really helped us learn the environment, where to go for what, and how to use the tools. I highly recommend having everybody go through the capture-the-flag trial they set up.

Overall, I rate the tool a ten out of ten.