SentinelOne Singularity Complete Reviews

We use the solution for antivirus protection. We do know it does more, however, we're trying to just get the antivirus program up and working and functioning at this point.

It's allowed us to really cover all of our endpoints, including servers, Macs, and services. We're hoping to do a kiosk mode in some of these services for our labs and facilities, and we're hoping that SentinelOne can actually do that. We're going to work with them to make sure we can get that rolled out.

The fact that they have a lot of search features is very helpful. We can go into their filters and we can filter out by specific computer name, for example. We can specify if we want Macs or we want Windows computers, or if we want just laptops, or desktops. There's just a lot of versatility as to how we can look up the devices and really drill down.

The interoperability with other SentinelOne solutions and other third-party tools is good. For other third-party tools, I've used other antivirus software that doesn't have this type of interface. This gives you a lot more latitude to control the computer to basically push out updates and monitor what's going on with the endpoints immediately. It really helps with everything that you need to be on top of quickly, and it really helps that we can monitor everything in real-time.

It integrates smoothly with other solutions. We were able to push out the software and the agent to all the endpoints rather easily. There were only a few stragglers who just weren't physically on and weren't getting the endpoint, however, the rollout went pretty smoothly. The few endpoints not covered were ones that weren't turned on or not in use.

My impressions of the solution's ability to ingest and correlate across our security solutions are positive. It works really well. 

We like the fact that we actually have a dedicated person at SentinelOne that we can talk with and work with.

It's helped to reduce alerts. The alerts have really gone down. We've actually had a lot of good coverage. There really haven't been that many alerts or issues. They've actually caught a lot of issues and threats before it's even been a problem. It's really helped cut down on the amount of work that we have to do on our end for troubleshooting and the prevention of viruses or phishing attempts.

This solution helped us to free up the time for other projects and tasks for your team members. We just rolled out a new software program, and it allowed us to focus on that more rather than having to deal with virus alerts that come through from our previous virus program. They've really managed it for us and really helped us find more time to work on the projects that we really need to focus on to advance our business rather than worry about threats that are coming through. It's been quite a time saver. 

It helped to reduce our organization's mean time to detect. It's got a much nicer interface to work with, and it's really helped to have them as a working partner rather than our previous vendor which was just a little harder to get a hold of and not as easy to work with.

The mean time to respond is much quicker than what we did have. 

It has helped to reduce our organizational risks. We save a lot of hours by not having to deal with all the alerts and managing them. It has saved us many hours of work and really helped us focus on what we really are there to do rather than working on the threats that come our way.

The solution does allow us to be innovative. The product has a nice interface and is quite robust in comparison. We like the options and availability and how it allowed us to manage our endpoints.

Using the filters takes a little bit of time to get used to. There are so many. You have to scroll from side to side in the filter section to find them. It's not very user-friendly. 

Some of the options they have up top are a bit much. It is a bit daunting. It minimizes, and then you have to click on select filters for it to completely open, and then you've got a scroll to the right or scroll to the left. Even if you maximize your screen from left to right, there are still more filters to scroll through. They're not well laid out.

I haven't used the reporting feature much, however, having a little bit more options in reporting would be helpful.

I started using the solution about six months ago. 

The solution is very stable. 

We have about 400 endpoints. They are all deployed in one location.

It is a scalable product. If we need to add more endpoints, we can. That said, we have yet to scale. 

Technical support has been really good. 

Positive

We had a current vendor called Carbon Black who did our antivirus software, however, it wasn't it wasn't working as well as we would have liked. So we went with SentinelOne to give us a more complete solution.

There is just a lot of functionality on the end of SentinelOne that we just didn't have with Carbon Black, and it just made a lot more sense to go with this. Even though it was priced a little bit more.

I was involved in the deployment of the solution. The process was very simple. SentinelOne took care of most of it for us. 

SentinelOne pushed out the agent for us. 

We did not need a lot of resources in terms of staff members. We were involved in the planning yet not too much of the implementation. We're still working on covering the last few machines. 

There is some maintenance, however, they are mostly updates and those are pushed out by SentinelOne. 

We had a representative from the vendor who helped with the deployment. 

I can't speak to the exact numbers in terms of ROI. However, other programs do not have as much support and in that sense, support, along with savings, has provided some form of ROI. 

My understanding is the pricing is reasonable. 

We evaluated other options as well. We looked at Norton, McAfee, and Avast, which were built-in. We went with this product based on the support we would get and the fact that they were personable and easy to work with. We have a dedicated customer service rep that we can talk with about any issues.

We do not use the Ranger feature at this time. We would need to upgrade if we wanted to use that, apparently. So we just decided not to go with that.

The quality is good. I like the way it works and the amount of options it has. However, it has so many options and functionalities you need to really figure out how it works. It takes care of a lot of things for you. You can just set it and forget it. 

They are great as a strategic security partner. They worked closely with us and were good at explaining the layout and how the solution would work. They are very helpful.

I'd recommend the solution for users looking for antivirus or endpoint management. It's got great features for both small and large companies. I'd talk with SentinelOne about a company's individual needs. They are quite flexible.  

I'd rate the solution eight out of ten. 

Our company serves as resellers and solution engineers for our enterprise customers. We deploy and support the solution in customer environments. 

The XDR capability is quite good and offers advantages such as its real-time detection that is superior to CrowdStrike. I hear that face detection capabilities have also been added. 

The dashboard should include troubleshooting because it can have problems. 

Sometimes, the XDR does not configure its policies for data security on time. 

The XDR should include ECI compliance, multiple data securities, and the load balancer for network firewalls under one umbrella. It would be beneficial to buy a salient solution that does everything. 

The cloud side could be improved to include security, advanced integrations with other products, storage accounts, monitoring, and support. 

The solution should include USB blocking for specific machines. 

I have been using the solution for one year. 

The solution is stable with no issues. 

The solution is scalable. 

The technical support is half and half. They offer good support but response time is slow. Sometimes, you have to contact multiple engineers to get good information and that is a challenge. 

Neutral

We deploy the solution for customers. 

The solution's XDR is superior to CrowdStrike. 

I am satisfied with the solution and rate it an eight out of ten. 

We primarily use the solution for security purposes. 

It's an easy tool and it offers a different experience. It is a new generation product.

The initial setup was easy.

It's stable and reliable.

The product can scale as needed.

While I'm sure improvements are necessary, there isn't one specific area I've found to be lacking. 

Security could always be better. It always needs to be adjusted to keep up with what's happening. 

I've been using the solution for two years. 

We haven't had any issues with stability. It's reliable. there are no bugs or glitches and it doesn't crash or freeze. 

It's scalable. We are using management software on the cloud. Therefore, if we want to install 1,000 agents, it doesn't impact our business now. We can scale and it's got a central implementation method for agents.

Technical support has been very good and we are quite pleased with them. 

Positive

We actually use regular antivirus solutions as well, such as Sophos and McAfee.

It's a simple, straightforward setup. It is not overly complex or difficult. 

We have a small IT team and have found that we just need to have one person managing the product. 

We deployed it using an outside resource.

I cannot speak to the exact cost. Our managers buy the licenses. That said, it is my understanding that we are using the subscription model and pay for it yearly. I'm not sure if there are any other ancillary fees beyond that.

I'm a customer and end-user. 

I'm not sure which version of the solution I'm using. 

I'd rate the solution eight out of ten. It's a good overall product. 

We deploy SentinelOne Singularity Complete as an EDR on our customers' endpoints for real-time monitoring and incident response.

SentinelOne Singularity Complete has reduced our alerts by up to 15 percent.

SentinelOne Singularity Complete has enabled our staff to redirect their time toward other projects and responsibilities. We do not have a dedicated SOC team, but we utilize SentinelOne to manage security incidents. The incident volume is manageable for our team to handle, and we do not require full-time staff solely dedicated to security tasks. Instead, we rotate incident management and response responsibilities among our team members.

SentinelOne Singularity Complete has reduced our MTTD and MTTR. The initial and immediate response required to collect foreign evidence or logs is handled by SentinelOne. This provides us with the locations or parts where the infection spread and where the incident originated, which helps us in troubleshooting or at least getting a vague idea of where to start. We can then dive into the threat setting to see what kind of information we can gather from the logs. So, I would say that SentinelOne has assisted us in this way. Additionally, we have Proofpoint in our environment because we use it as a backup defense.

The real-time alerts, deep visibility, and threat-hunting modules are the most valuable features.

I am particularly interested in the new app vulnerability module that is included with the Singularity Complete edition. We are currently evaluating its capabilities to determine its suitability for our needs.

Given that SentinelOne is primarily a host-based intrusion prevention system, I would appreciate it if they would consider providing a comprehensive vulnerability assessment report that goes beyond just application vulnerabilities. Currently, the scope of the vulnerability assessment seems limited, and I don't believe it adequately covers the full spectrum of vulnerabilities that may exist on endpoints. This is a capability that I feel SentinelOne is still lacking, and it's the reason why users still need to rely on other tools for certain isolated cases. If SentinelOne could provide this functionality, it would eliminate the need to look beyond their solution for vulnerability assessment. Apart from the vApp component of Singularity Complete, I believe SentinelOne is already excelling in other areas. However, this is one area where I believe they could introduce additional features to make SentinelOne a truly comprehensive security solution.

I would like to generate a vulnerability assessment report that leverages the national vulnerability database or, if possible, calculates the CDSS score by conducting an endpoint assessment using the SentinelOne agent that is already deployed and resides on endpoints 24/7. I prefer not to deploy additional applications solely for information gathering, as the SentinelOne agent provides ample data for this purpose.

I have been using SentinelOne Singularity Complete for three years.

I would rate the stability of SentinelOne Singularity Complete nine out of ten.

I would rate the scalability of SentinelOne Singularity Complete nine out of ten. I have not encountered any issues when deploying for our clients.

The technical support is generally good, but there are instances when they need to consult with the development team before providing a resolution, which is understandable. However, there have been occasional issues with the IVR system not functioning properly.

Positive

I have experience using Cisco Nexus and the Nmap Scripting Engine to identify vulnerabilities and strengthen security postures. I have also used Wazuh, primarily for its comprehensive PCIBSS SOC and GDPR compliance reports, which provide detailed vulnerability listings and mitigation strategies. I believe this focus on compliance is crucial as cybersecurity standards become increasingly mandatory for businesses.

We discontinued using Wazuh because we were unwilling to pay $25,000 annually for a product that provided only CIS benchmark support, a basic vulnerability report, and essentially replicated capabilities we already possessed. I believe a Nexus subscription would be a more cost-effective alternative, costing only a quarter of Wazuh's price while still fulfilling our vApp exercise logging requirements. I am capable of conducting vulnerability assessments, applying patches, re-scanning for vulnerabilities, and proceeding to penetration testing. Our primary goal is to provide vApp capabilities to our clients, and that is where we are seeking a solution. If SentinelOne offered this functionality, we would not need to explore alternative options. However, since SentinelOne lacks this crucial capability, we must seek solutions elsewhere.

The deployment is straightforward. We have scripts to do the automatic installation while onboarding. The deployment takes no more than ten minutes.

I would rate SentinelOne Singularity Complete eight out of ten. I've been using the solution for three years now. It's been generally reliable, but certain capabilities are needed in today's environment that are lacking.

Our clients primarily utilize Office365, we also assess Microsoft Defender for 365 to ascertain if it might be a more viable option, especially if clients intend to enroll with Intune and MDM. This option would be more cost-effective as it is already included within their existing licenses.

Most of our clients are small to medium-sized businesses. This is why the logs and the number of endpoints are not very high. So, unless we specifically require the use of Ranger, we don't need it. However, cybersecurity compliance standards are becoming increasingly stringent. As a result, we are looking into obtaining a solution that can help us perform at least the vulnerability assessment and patching tasks, along with complaint handling.

SentinelOne is an innovative cybersecurity solution. In terms of reputation, SentinelOne excels, particularly in passing third-party and independent audits. Having SentinelOne in our environment gives us the confidence to say that our EDR capabilities are well-managed. So, in that regard, SentinelOne is outstanding. Feature-wise, while SentinelOne's patch and new feature releases aren't always perfect, I would rate them an eight out of ten.

SentinelOne is a well-established product in the market. The addition of new features and modules to the existing platform is a significant step forward. The positive reviews of the product further reinforce its value.

The maintenance revolves around moving to the next stable version. Our standard practice is to always test the version before rolling it out. Therefore, internally, we generally update all the endpoints as soon as we have identified the next stable version. This is the only maintenance that is required, as we are using the cloud version.

SentinelOne is a reliable tool that we rely on. However, when it comes to strategic solutions, we need a tool that can provide us with the capabilities to have a broader discussion with the company's management. I'm not sure if SentinelOne can export reports that could be presented to upper management. If we are seeking management approval for a security budget, we can't simply base our conversation on an EDR solution. We need to address a wider range of security concerns as well. Another drawback of SentinelOne is its lack of support for SysLog from network devices. This is a limitation that often leads people to consider integrating SentinelOne with other solutions, such as a SIEM. My feedback is that if I have to deploy SentinelOne and pay $70,000, I would expect it to provide comprehensive capabilities so that I don't need to look for additional solutions. Otherwise, it becomes tough for technicians and the company as a whole to manage multiple solutions for different security modules.

We use SentinelOne Singularity Complete to protect all of our servers and cloud workloads, whether they are on-premises or hosted in the cloud.

We were transitioning from our legacy antivirus protection system, which required a lot of overhead to maintain, ensure they were up to date, and verify their performance. It also tended to hurt system performance. We therefore sought to move to a modern EDR solution that did not rely on that type of outdated technology. We migrated to SentinelOne, which gave us better protection without the adverse consequences of legacy AV products.

SentinelOne Singularity Complete is deployed on workstations, data centers, servers in the public cloud, and all of our mobile devices, which are very numerous.

The integration between SentinelOne and IBM QRadar, our security operation center SIEM, is important and works extremely well. It means that if there are any alerts on the SentinelOne platform, they will be sent to QRadar, where a stack analyst will review them. This allows us to start working on incidents quickly, without having to have people continuously monitoring the SentinelOne console. Another benefit of the integration is that it makes it easy to deploy new or upgraded versions of the SentinelOne software to all of our endpoints and servers. We simply notify the data center run by the customer success team, and they take care of the deployment. This eliminates the need for IT overhead to keep everything up to date, which is important from a governance perspective.

The integration with other SentinelOne products and third-party tools is very good.

SentinelOne Singularity Complete's ability to ingest and correlate data from our other security solutions is good. If we look at a diagram of our security operation systems, we can see that the SIEM is at the center of everything. All other products, such as SentinelOne, Chain, patch management, and abnormal security for email, feed into the SIEM, which is where the stack measures everything. Therefore, SentinelOne does not integrate with other solutions directly, but rather through the SIEM.

In the three years since we began using SentinelOne Singularity Complete, we have not had a major security incident. We have observed malware entering browsers through websites, but SentinelOne has always dealt with it effectively. Therefore, we see the benefits of the platform in the absence of any significant events. As long as SentinelOne Singularity Complete continues to operate quietly, we are happy with its performance.

SentinelOne Singularity Complete alerts when it should, and those alerts are sent to the SIEM. I don't approach EDR or SentinelOne from the perspective of wanting to reduce alerts, because I want those alerts. I rely on peripheral systems like SentinelOne to always tell the SIEM anything it needs to know. So, I'm not approaching this from an alert minimization perspective. Instead, I approach it from this perspective: If we have a high, medium, or low alert, it's up to us to decide how we're feeding our highest rate and mediums, but we don't need to feed in the lowest alerts because we don't see the benefit of that. It's up to us to make that judgment. And obviously, our high and medium alerts will be smaller, and our lows will be higher. It's up to the customer to decide how much they want to send over to the team.

SentinelOne Singularity Complete has helped free up our staff time around one day per week.

SentinelOne Singularity Complete helps reduce our MTTD.

SentinelOne Singularity Complete has reduced our MTTR by 25 percent. It is a more reliable product, so we receive alerts and respond to them more quickly than we did with the previous product.

SentinelOne Singularity Complete has reduced our organizational risks by five percent.

The most valuable aspect of SentinelOne Singularity Complete is the protection it provides. We get endpoint protection without the IT team workloads and the negative impact on end-user rotation servers. This is because of the way SentinelOne has implemented the technology.

One of my criticisms of SentinelOne is the Ranger functionality. If Ranger were part of the core product, we would be able to identify endpoints or servers that need to be protected with our licenses. However, to get Ranger, we need to buy more licenses, which doubles our costs. I would like to have Ranger, but I challenge the way that SentinelOne licenses it. I believe that Ranger should be a core part of the product. If we run Ranger today and find that 100 devices on our network are not protected by SentinelOne, we would then need to add on those 100 licenses to cover them.

The licensing model is too complex, whether we agree with all parts of it or not. Everything is now offered as a service, so the console and the licensing model can be improved to make things easier, especially when updating new versions of the software.

I have been using SentinelOne Singularity Complete for three years. 

SentinelOne Singularity Complete is stable.

SentinelOne Singularity Complete is highly scalable.

We are happy with SentinelOne's technical support.

Neutral

We previously used a legacy solution. The migration over to SentinelOne Singularity Complete was relatively trouble-free.

Once all testing was complete, the deployment was straightforward. Eight part-time employees completed the deployment in three months.

The only return on investment we can point to with any EDR is that we have not been attacked.

SentinelOne Singularity Complete is reasonably priced. Compared to other products I've used in the past, such as CrowdStrike, it is significantly less expensive. I can easily find evidence of this price difference, so I believe that SentinelOne is a fairly priced product.

I would rate SentinelOne Singularity Complete eight out of ten.

SentinelOne Singularity Complete is a mature solution of the highest quality.

We have deployed SentinelOne Singularity Complete worldwide in airlines from Australia, throughout Europe, and across Africa in a complex environment.

We have 4,500 endpoints and around ten active users.

The maintenance level for SentinelOne Singularity Complete is relatively low.

SentinelOne is good as a security partner. They do exactly what we expect of them and it protects us.

I would always conduct a proof of concept for these types of products, as each environment is different. Even though SentinelOne Singularity Complete works well, a POC should always be done.

It runs continuously and uses AI to look for any suspicious activity. If it does determine that there is a virus or something going on that shouldn't be happening, it not only stops the process but also completely logs the whole function. It tells you in a map version how the attack happened and how it was stopped. It is brilliant. In the past, for example, if I had the same problem in Webroot, I would've had to submit the case to Webroot for viewing so that they could, as a human, literally determine what the cause was, but by that time, it is way too late, whereas, this is the real-time protection.

It protects your machine, and it does an excellent job using AI to determine an attack and stop the attack. Its most powerful feature is prevention, and it can unwind ransomware activity as well. So, it is a really useful product in that sense.

There is the ability to SSH into a machine even if the machine has been disconnected from the network. When a real hazard happens, SentinelOne disconnects it from the internet so that no more transactions can occur, but I still have access to the machine. One of the bigger benefits is that no harm could be done because there is no communication with the internet, but I still have the ability to go in, restart a machine, do some investigations, and make some things happen.

One of the things they could do is extend the product range to include Android and iPhone so that you could have the app on your phone as well. There is probably something going on there with that, but that's something that they're lacking at the moment. For instance, if I was to have to recommend a client to protect their phone, I'd have to recommend Norton or something else. I don't have an answer within the SentinelOne solution.

I have been using this solution for close to three years.

It is perfect. I've seen very few problems related to the app. It is not using too much of the PC's power. It does not make PCs slower. So, I find it the best of both worlds. You reduce the impact of the product on the user, but at the same time, thoroughly protect the user, no matter what he does.

You can certainly have thousands of SentinelOne users. We have 250 users. In terms of our plans to increase its usage, I provide IT as a service. So, as I add clients, I always add licenses for those clients.

Their support is very good. I would rate them a five out of five.

Positive

It was straightforward. It probably took me a week to get 250 machines converted.

It can be done in-house very easily. You probably need one staff member that knows how to implement it, and after that, it pretty much runs itself. It requires very little maintenance.

It is not sold as a consumer product. It is only sold based on the number of licenses. So, as an MSP, you're probably going to pay about three and a half dollars per license, per month to have SentinelOne.

I would advise others to go for it. It is great. As an MSP, the peace of mind it gives me is really significant. While the cost of SentinelOne is higher than Webroot, the reality is that the peace of mind and the knowledge that you are probably not going to get a complete attack, simply because SentinelOne stepped in and stopped it, is worth every penny.

I would rate it a ten out of ten. It is absolutely fantastic.

We use SentinelOne to collect logs and data. We will connect it to other tools and places in the future.

It is easy to collect and retain logs with SentinelOne. When you need to compare information, the data is available. It also has the possibility to configure information. It integrates well with all the other solutions we use. 

The only concern we have is that there are a few features that were not readily available. We use a lot of application files that didn't have a connection.

We would also like to see integration with other tools that have to collect the logs.

Although Microsoft claims the use of building artificial intelligence to correlate events, we have actually had a couple of events that should have logs but did not. The solution is not at the same level in terms of building artificial intelligence.

SentinelOne can do a better job of not only creating corrective action based on the correlation. For example, someone was trying to repeatedly change their password. What they didn't realize was that they weren't connected correctly.

I have been using SentinelOne for six months.

SentinelOne is a stable product.

Scalability is based on the measure. There is no limitation regarding scalability if you pay for the upgrades.

Technical support is good. When you need help from Microsoft, there is a long list of resources to help understand the issues.

Positive

The initial setup is straightforward as we have contracts with Microsoft Office Supplies, commodities, defender, and Active Directory.

I would rate the ease of initial setup of SentinelOne a five out of five. It is easy.

Our company used a third party that provided the utility. 

This solution is less expensive than its competitors. You might need to buy additional space depending on how much they are willing to provide. I would rate the pricing a five out of five.

We selected SentinelOne because it was less expensive than the competitors. We also saw the speed of evolution with Microsoft, so it can be involved theoretically when compared to Splunk.

We also chose SentinelOne because of the balance between features. It is stable and has enough choices. Being with Microsoft, we felt confident that the solution would evolve.

If you are considering SentinelOne, you should consider the cost of storage. Otherwise, the product is easy to deploy. You either need to have your own security operating center or hire someone that will use Sentinel or the secondary service. For you to consume the data, you may have had an internal security center or Sentinel.

With SentinelOne you have to invest extra cost. You have to always think of how much it will cost you to delay a response by a couple of days. If the incident is going to cost two days of revenue for the organization, that is much more than the cost of the solution.

I would rate SentinelOne an eight out of ten because of the price point and the features you get. 

We use the solution for anti-malware, policy enforcement, and blocking USBs, for example. It's used for detection in general, and for protection and threat blocking.

The solution is very straightforward to set up. 

The features are great. It is excellent for detection and device blocking.

The network control has been useful, as well as the firewall control. 

The solution is both stable and scalable. 

The inventory is a good feature. However, it's not up to date. The delay in updating inventory is ten minutes. If it can be improved, it will help a lot. 

For the general IT management, there is a need to correlate the software version from inventory with the CVE information. For example, we have the CVE, however, it doesn't take into account the current version. We need it to stay up to date with the latest version. 

I've used the solution for less than one year.

The solution is quite stable. It's reliable. There are no bugs or glitches. 

The product can scale very well. 

We have less than 50 people on the solution currently. We are using it in a smaller environment.

We do have plans to increase usage in the future. We are, in fact, still deploying it. So the department is not finished yet.

We get technical support from the vendor. 

I've also used Microsoft Defender.

It offers an easy implementation process. It's not overly complex or difficult. Setting everything up on the cloud is simple. The deployment was done in a matter of days. In the end, it took less than a week. We had two people handle the deployment process. 

We did have some outside assistance. They helped with half of the process. 

We found the ROI to be quite high. However, it would vary, depending on the contract. It's a good investment. I'd give it a five out of five.

I cannot speak to the exact pricing. That said, it's very reasonable. I'd rate it five out of five in terms of affordability. There are cheaper options; however, it is quite affordable. We pay a yearly licensing fee. 

We are a customer and end-user. We deal with a SentinelOne partner. 

I can't speak to which version we are using.

Whether or not the solution would work for an organization depends on the environment and other factors. That said, we are very satisfied with the product overall. 

I'd rate the solution ten out of ten.