SentinelOne Singularity Complete Reviews

The use case varies based on the customers' requirements and specific needs.

The solution's Ranger functionality offers network visibility and a defined set of capabilities, particularly in terms of discovering and understanding network structures. 

The fact that Ranger doesn't necessitate new agents, hardware, or network modifications is a crucial aspect for us. It stands out as one of the primary selling points, especially considering the intermittent nature of changes like those affecting CPO. 

With the increasing prevalence of remote processes and a shift towards cloud architectures like SASE or SSE, moving towards a single vendor for security purposes could simplify the overall process. It aided in minimizing alerts, primarily due to the behavioral analytics component, which reduces a significant amount of noise. 

It contributed to time savings for our team, particularly for the projects and tasks I predominantly handled on my own.

The solution contributed to a decrease in our organization's time to detect incidents and respond to incidents. It aided the organization in cost savings and it contributed to a reduction in our organizational risk.

One of the most valuable features resides on the endpoint, with the rollback functionality standing out as particularly noteworthy. It seamlessly integrates with other solutions, providing a high level of compatibility and effectiveness. 

The capability to ingest and correlate data across our security solutions stands out as one of the strongest features. It excels in connecting incidents to create a coherent storyline.

Improvement seems necessary, especially with the focus on enhanced support. This is particularly crucial in the analytics domain, where the existing agent falls short in comprehensive performance. Additionally, there's room for enhancement in the mobile element. Although it's in their pipeline, the current state is not optimal, especially when considering the need to install it on people's phones.

I have been using it for a year.

The stability is straightforward and solid. It's notably uncomplicated and easily manageable.

The scalability is excellent, with a high degree of flexibility and ease.

Mostly, we handled the support aspect for our clients. However, among the vendors, it's notable for being quite strong in terms of support. I would rate it eight out of ten.

Positive

The initial setup was straightforward.

When it comes to deploying the agent across machines within the environment, it's a relatively straightforward process, akin to pushing it through the system's processor. The implementation strategy is contingent on the specific cluster, taking into account factors like the proof of concept and the desired objectives. In our case, we managed the implementation independently, involving only a few people. The deployment model is highly variable and depends on the customer's preferences. They typically communicate their preferences to us, and we adapt accordingly. Some opt for in-house hosting, while others prefer a cloud-based approach. It doesn't require maintenance. 

The pricing is on the higher end, making it less suitable for small or medium-sized businesses and perhaps not the ideal fit for the public sector where budget constraints may be more pronounced. I would recommend it more as an enterprise-level product.

SentinelOne Singularity Complete was selected from a range of different providers, evaluated against other companies, and then analyzed to be the chosen product for our managed service. The capacity for innovation, ease of deployment, and streamlined management set it apart from other solutions. Additionally, its leading capability to correlate incidents into a cohesive storyline is a noteworthy aspect.

As a partner, I find them to be highly effective, especially since they are increasingly focusing on the enterprise market. Overall, I would rate it nine out of ten.

Our primary use case for the solution was covering all the endpoints, including servers. We also added the Kubernetes nodes with the CI/CD platform, which covered end-to-end features that we need to fill the required security controls.

The solution has benefited us by monitoring most of the activities to endpoints that we control over the USB and the browser monitoring. Activity monitoring was also done through the XDR platform. We had a couple of incidents where there was zero-day malware planted inside the Lenovo firmware upgrade, which we were able to capture through the auto-detection feature. 

The autonomous platform is valuable because we can separate false positives and negatives and update the database during certain types of automation.

The solution can be improved by ensuring threats are being mitigated on the platform autonomously and by considering introducing an on-premises solution with affordable pricing for government institutions.

There is not much focus on the on-premise solution as the license cap is so huge for small and medium-sized institutions.

We have been using the solution for approximately one year.

The solution is stable.

The solution is scalable and can use the facility to do the same license, which could be used for Kubernetes. So it is the same license but different scales which we have utilized. Approximately 1,000 users are using the solution.

Our team has had a good experience with customer service and support.

Neutral

The initial setup was straightforward. Our team has also done an equally simple upgrade. It took approximately 24-48 hours.

I would say that there could be better ROI if we tend to use more than 500 licenses under a multi-cloud solution. But it would not be the same for an on-premise solution. 

The license for the solution is quite expensive, but it is cheaper than CrowdStrike. However, if you consider specific organization requirements, it has covered them all, so we might move to CrowdStrike after evaluating three years. Then, we assess the kind of tool in line with our requirements and implement the latest and the best tool in the quadrant, and currently, in Cambodia, CrowdStrike and TrendMicro are more popular.

I rate the solution a seven out of ten. The solution is good but can be improved by ensuring threats are being mitigated on the platform and considering reducing the license cap for an on-premises solution.

Our company serves as resellers and solution engineers for our enterprise customers. We deploy and support the solution in customer environments. 

The XDR capability is quite good and offers advantages such as its real-time detection that is superior to CrowdStrike. I hear that face detection capabilities have also been added. 

The dashboard should include troubleshooting because it can have problems. 

Sometimes, the XDR does not configure its policies for data security on time. 

The XDR should include ECI compliance, multiple data securities, and the load balancer for network firewalls under one umbrella. It would be beneficial to buy a salient solution that does everything. 

The cloud side could be improved to include security, advanced integrations with other products, storage accounts, monitoring, and support. 

The solution should include USB blocking for specific machines. 

I have been using the solution for one year. 

The solution is stable with no issues. 

The solution is scalable. 

The technical support is half and half. They offer good support but response time is slow. Sometimes, you have to contact multiple engineers to get good information and that is a challenge. 

Neutral

We deploy the solution for customers. 

The solution's XDR is superior to CrowdStrike. 

I am satisfied with the solution and rate it an eight out of ten. 

We outsourced the operation to a partner, a supplier, and they have managed those services. If the product does identify some abnormal behavior, our supplier is informed, and our main IT division or group IT division is informed. They correct the machine, and they do whatever they need to do.

Nowadays, there is a lot of malware and various other malicious threats. Our system is an internal system. There might be a firewall there, however, malware can still get through an email. However, this solution is very good at detecting abnormal behavior. They act very fast and quarantine machines well. 

We find that having an endpoint protection solution allows us to adapt and react faster. 

I can put something on my pen drive and get the solution to scan it and see if there are any issues. They can identify and block without affecting any core sections. 

The solution is easy to set up.

It's stable.

The solution works quite well and I don't have many notes for improvement. 

The solution can use up a lot of resources when scanning. It would be ideal if it was lighter. 

We find the initial setup does take some time, as you have to do a lot of whitelisting. We'd like the process to be faster. 

I've used the solution for a while. It's been more than two years. 

The solution is pretty stable. I'd rate it seven out of ten. It's pretty reliable. 

You can scale the solution. However, you do have to pay more to expand as you need to purchase more licenses. At this point, we get additional blocks of licenses when we need them. We do not upgrade one license at a time. 

We have about 5,000 clients on the solution currently.

I do not have much experience with technical support.

We also have Microsoft Defender. They are two different products. We use Defender on our machines and workstations, however, not for endpoint security reasons. 

IT installed the solution on my machine. 

That said, my understanding is the initial setup is not overly complex. At first, however, we had to do some whitelisting. You need to perform a few operations, and we had to reinstall the OS, install a backup, and handle whitelisting. While it takes time, it's not hard. 

I'm not sure of the exact pricing of the solution. That's handled by a different team.

We have an IT department that may look at other options, depending on the use case. They've looked at, for example, Sophos, however, they found SentinelOne to be more suitable for us. 

I'm an end-user and not very technical.

While the solution is cloud-based, there's an on-prem server, and that is for the administration of our nodes. Mainly, the subscription is controlled by the cloud.

I'd rate the solution seven out of ten. Depending on the use case and if it makes sense for the company, I'd recommend the product.

The primary use case is as an endpoint detection and response software. Basically, it is an enhanced antivirus, anti-malware, and anti-ransomware solution. It protects from ransomware attacks and other types of cyber attacks. It protects the endpoint from malicious actions.

Protection from cyber attacks is the feature we find the most valuable.

It's a stable product.

We find the solution to be scalable.

Technical support is good. 

The pricing is not too high.

It has a pretty simple user interface and is user-friendly.

They need to improve how we install the software. For the agent of SentinelOne in the endpoint, it's not an automated process. We have to download it and then upload it on the endpoint. That is something that can be made simple. The uploading of the software in the endpoint, if that can be done publicly, would be great. The setup should be available publicly. The agent installation should all be done in the cloud.

I've been using the solution for more than a year.

The solution is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. 

The solution scales well. You can expand it as needed. 

We are a small organization and have around 200 to 250 people on the solution. 

The management is outsourced, and I find they are doing a very good job. We are satisfied with how we are able to get help if we need it. 

This is the first EDR solution we used. We did not have another solution in place beforehand. We only used basic antivirus software previously.

The initial setup is annoying since you have to download the agent and then upload it to the endpoint. 

For maintenance, basically, I'm the admin for SentinelOne. Also, there is a different organization altogether to whom we have outsourced the management of SentinelOne. They have their own employees. Their particular team would be working for our organization. They are an SoC organization, and they work 24/7 for various clients. We are one of their clients.

The pricing is reasonable. 

I'm not sure of the exact costs, as those are managed by a different team.

I'm a client and end-user. 

The solution is pretty easy to implement and administrate. We have not tried to integrate it with other solutions. While the pricing is reasonable, it's a bit more than typical antivirus software. That said, it has advanced functionalities that make the price worthwhile. Therefore, I would rate it nine out of ten. 

It runs continuously and uses AI to look for any suspicious activity. If it does determine that there is a virus or something going on that shouldn't be happening, it not only stops the process but also completely logs the whole function. It tells you in a map version how the attack happened and how it was stopped. It is brilliant. In the past, for example, if I had the same problem in Webroot, I would've had to submit the case to Webroot for viewing so that they could, as a human, literally determine what the cause was, but by that time, it is way too late, whereas, this is the real-time protection.

It protects your machine, and it does an excellent job using AI to determine an attack and stop the attack. Its most powerful feature is prevention, and it can unwind ransomware activity as well. So, it is a really useful product in that sense.

There is the ability to SSH into a machine even if the machine has been disconnected from the network. When a real hazard happens, SentinelOne disconnects it from the internet so that no more transactions can occur, but I still have access to the machine. One of the bigger benefits is that no harm could be done because there is no communication with the internet, but I still have the ability to go in, restart a machine, do some investigations, and make some things happen.

One of the things they could do is extend the product range to include Android and iPhone so that you could have the app on your phone as well. There is probably something going on there with that, but that's something that they're lacking at the moment. For instance, if I was to have to recommend a client to protect their phone, I'd have to recommend Norton or something else. I don't have an answer within the SentinelOne solution.

I have been using this solution for close to three years.

It is perfect. I've seen very few problems related to the app. It is not using too much of the PC's power. It does not make PCs slower. So, I find it the best of both worlds. You reduce the impact of the product on the user, but at the same time, thoroughly protect the user, no matter what he does.

You can certainly have thousands of SentinelOne users. We have 250 users. In terms of our plans to increase its usage, I provide IT as a service. So, as I add clients, I always add licenses for those clients.

Their support is very good. I would rate them a five out of five.

Positive

It was straightforward. It probably took me a week to get 250 machines converted.

It can be done in-house very easily. You probably need one staff member that knows how to implement it, and after that, it pretty much runs itself. It requires very little maintenance.

It is not sold as a consumer product. It is only sold based on the number of licenses. So, as an MSP, you're probably going to pay about three and a half dollars per license, per month to have SentinelOne.

I would advise others to go for it. It is great. As an MSP, the peace of mind it gives me is really significant. While the cost of SentinelOne is higher than Webroot, the reality is that the peace of mind and the knowledge that you are probably not going to get a complete attack, simply because SentinelOne stepped in and stopped it, is worth every penny.

I would rate it a ten out of ten. It is absolutely fantastic.

Our primary use cases for SentinelOne are data endpoint management, document version tracking, and email security.

A concrete fact is that it allows us insight into our data and our security and helped us protect our intellectual property.

For us, the dashboard is the most valuable feature. The analytics that you can pull out of the actual tool are valuable.

Their CASB tool needs to mature. I think there are some CASB vendors out there that have a dashboard tool that's much more mature than SentinelOne. That would be the only constructive criticism that I have.

I have been using SentinelOne for more than five years now. 

I have total confidence in the stability of the solution. 

SentinelOne's scalability is very good. The solution is very flexible. 

I was extremely happy with their technical staff. The solution's tech support is top-notch. They have some really good engineers on their team.

We previously used McAfee ePO and we switched to SentinelOne just because of the customer service and the product.

The initial setup was complex, but their technical staff are professionals and were able to help us custom-tailor the package we needed. On a scale of one to five, in terms of the complexity, with one being impossible to do and five effortless, I would put SentinelOne at about a four.

Deployment was about a six-month project for us and it included a discovery period and learning about our environments. We worked with SentinelOne to learn the environments and figure out what we needed to be successful. Then, we focused on an implementation period and then just monitored it after that. It was about a month and a half for each phase of that six-month period.

We implemented it in-house but we worked directly with SentinelOne. Our experience with them was fantastic. I wouldn't want to do it without those folks again.

The ROI we saw was that for the first time we had actual dashboard data on our data usage for our cloud vendor that we chose and also for our on-premises. We purchased our servers from Dell and it allowed us to actually get a better grip on what we actually needed to buy versus what we were buying.

SentinelOne's licensing costs are reasonable. I can't provide hard numbers, but I can say that SentinelOne is a much better solution with better value and a lower cost than the McAfee ePO. 

We did not evaluate any other options before switching to SentinelOne. 

SentinelOne would be my go-to security provider. I would recommend that others go there first. They will get solicitations from McAfee and such because McAfee knows they're losing that business, but they just can't offer what SentinelOne offers.

Overall, I would give the product a nine out of ten rating. 

We are mainly using it to replace a product we used before for antivirus. My specific use case for SentinelOne is threat hunting. I'm a security professional in our organization, doing offensive security. I do pen tests and analysis, and I'm hunting for intruders in our network. That's the context in which I'm using SentinelOne.

We're using two parts of SentinelOne right now. The first one is the antivirus and that has improved our company in that we have been able to find about 25 percent more malware on our machines than the old solution did, and that's remarkable because we are a bigger company and we used a big solution from a big player in the market. Finding 25 percent more is a really big increase. 

In addition, previously we were not able to collect all the actions from our clients in the field, and search, systematically, through what they are doing and see if there is an intruder. It's the first time that is possible for us, with SentinelOne.

In terms of incident response time, it's too early to provide real numbers because we haven't finished the rollout around the world in our company. But from the trend I have seen, I would estimate we are saving about 20 percent in response time, compared to our old antivirus solution.

When talking about mean time to repair, our old solution had some problems on several clients, which resulted in having to completely restore the client. That is something we haven't had with SentinelOne, up until now. It's also difficult to estimate because we don't have it on every machine. The old product was on about 5,000 machines and I now have SentinelOne on 2,500 machines, so it's not a completely fair comparison. But if you need a number, it has also been reduced by 20 percent.

In addition, it has increased analyst productivity in our company. My main job is to analyze many of the malware threats and, again, penetration testing. But the connection to virus total is a very helpful thing and I am using it heavily. That reduces the payload I have to analyze manually and the amount of malware I have to execute in sandboxes. It has probably reduced my workload by about 50 percent. That's really great.

For me, the most valuable feature is the Deep Visibility. It gives you the ability to search all actions that were taken on a specific machine, like writing register keys, executing software, opening, reading, and writing files. All that stuff is available from the SentinelOne console. I'm able to see which software is permanent on a machine, and how that happened, whether by registry keys or writing it to a special folder on the machine. That's threat-handy. Deep Visibility has found threats we did not know were lingering on endpoints, but I am not allowed to speak further about this issue.

Because we are a bigger company, we are doing a step-by-step rollout. We don't have all countries fully in production, where "fully in production" means that SentinelOne is the only antivirus product on the machine. So in some countries we just have it reporting and not quarantining. For example, in China we have SentinelOne completely up and running, and there the Behavioral AI analysis is one of the reasons the antivirus is so effective. To be honest, we have to white-list some stuff which behaves weird but is really needed and not harmful to us.

The Behavioral AI recognizes novel and fileless attacks and responds in real-time and it does so really well. That is one of the things that has really brought us forward. It completely changes how we work with our antivirus solution. The previous product just gave us the information that the software had blocked something, while in SentinelOne we really see what was going on. We see the complete path of execution for a given malware: how it got on the machine and how it got executed. And then, SentinelOne stops it. It gets executed but then gets stopped, and that's something completely different from a pattern-based antivirus.

Another great benefit comes from the fact that SentinelOne doesn't rely on pattern updates. For some machines we have at customer sites, which are not reachable by internet or VPN, we have better protection than before because you don't need to update the SentinelOne agent every day to get the actual pattern from it. The Behavioral AI gives you protection even if you don't update the client. That's a great benefit for us at customer sites.

When it comes to the Storyline feature, as a penetration tester, I'm doing threat hunting. Every time malware gets executed on a machine, it's something I have to investigate. Normally we block it very early, on our proxy servers, for example, for all our users. Seeing how the malware got executed shows me the kinds of security holes we have are on our proxy servers. That's very important for strengthening some portions of our defense in other places.

The solution’s distributed intelligence at the endpoint is pretty effective, but from time to time I see that the agent is not getting the full execution history or command-line parameters. I would estimate the visibility into an endpoint is around 80 percent. There is 20 percent you don't see because, for some reason, the agents don't get all of the information.

Another area that could be improved is their handling of the updating of the agent. It is far from optimal. The agent changes often and about 5 percent of our machines can't be automatically updated to the newest agent. That means you have to manually uninstall the agent and install the new agent. That needs to be improved.

I have been using SentinelOne for about a year. Because we have been using it for a long time, we have several versions in production but we tend to use the most recent. The version we are using mainly is 4.5.2.136.

We literally haven't hit a minute of downtime. It's pretty stable and I haven't even given its stability a thought.

In the beginning, I saw that Deep Visibility was really fast. Then, with more and more agents reporting their daily work to the console at SentinelOne, I noticed a decrease of response time with the console. But what's really great is that they updated the console rapidly and the response time got better and better. Now I like the response time. There are ups and downs in the console response times, and in how fast the agents are reporting, but I have the feeling that SentinelOne monitors that and reacts if it gets too slow. Of course it's a trade off for SentinelOne between response times and costs. But right, it's more than we need.

In terms of expanding our usage, there's another very interesting product called Ranger. Right now we feel it's too expensive, but it might be interesting in the next two or three years. For now, we just want to finish our rollout.

My overall experience with their technical support has been positive.

SentinelOne does not provide equal protection across Windows, Linux, and Mac OS, but it's the first antivirus solution we have had in our company which provides any antivirus protection for all these very relevant operating systems. None of our previous antivirus solutions were on Linux and on Mac. That is really helpful for us because we have it all under one hood.

This is the first time we have used an antivirus software as a service and it was the easiest set up I have ever had in my life, and I have been doing this stuff for many years. The console was set up by SentinelOne, literally in 20 minutes. The deployment of the agent took me five minutes for the first machines and they reported within those five minutes. That was the fastest ramp-up I've ever seen.

There are three IT security guys who are concerned with information security in our company. Normally I don't do antivirus stuff. My colleagues are information security officers as well and don't care about antivirus. But I got this project to roll it out it all over the world because I'm one of the technical guys who is capable of doing it. So strictly speaking, I'm doing it alone—one person for 5,500 computers. But at least we have people in every time zone who are capable of using the SentinelOne console, more or less. Altogether, there are six people in our company who actually access the solution, including me.

We had an implementation strategy. Because we had a major pain point in China, we started rolling it out there. Because it's in a completely different time zone and the people are completely different in their mindset, this was one of the critical areas for us. It worked like a charm. I installed 230 machines within five days, and then I recognized that SentinelOne was finding so much more than our old antivirus solution that I started to really do a rollout plan. 

As part of that plan, we always install SentinelOne side-by-side with our old solution, and that works great. They say, "Don't ever have two antivirus solutions on one computer," but that's not true for SentinelOne. You can configure both and they work together. In the first step, SentinelOne is on the machine, just reporting to the console. That way, I see which software gets executed, software that SentinelOne might find problematic, and I do whitelisting or blacklisting, depending on the software. Once I don't get much software that I have to whitelist, I put the client into a kill and quarantine mode and every software gets removed automatically. Once the agent is in kill and Quarantine mode, the old antivirus solution is uninstalled. That's how we do it, country-by-country.

The time it took was affected by the Coronavirus. As a result of that, many of the machines were not onsite and many of the people weren't online, or were only on VPN. I don't distribute SentinelOne by VPN because people at home normally don't have a big bandwidth and I didn't want to stress it even more. I kept in mind that they were covered by our old solution, so there was no big need to really push it forward. But the 2,500 machines we have installed took six months.

SentinelOne gives their customers access to the SentinelOne API and that made it possible for me to write software for the deployment of SentinelOne. I'm speaking to the company to get permission to publish this software as open source. That might help many other companies that are facing the same problems I have in rolling it out all over the world.

It would be easier to calculate ROI if we had already rolled it out to every machine, because the number I have to compare it with is for the complete installation on all machines. My feelings say "Yes, we have seen ROI," but I don't really have good numbers that I could give you.

There are no fees other than their standard licensing fees.

We compared five products. We had a matrix with weights and the requirements we needed from a new antivirus solution. We did three proofs of concept and SentinelOne won it easily.

It was difficult to compare them because we had one other product that worked with artificial intelligence as well, but with a completely different mechanism. We also had three traditional antivirus products based on patterns, and it was really difficult to compare the features of SentinelOne with the competitors. That was the reason we decided to do a POC.

The biggest lesson I have learned is that SentinelOne is an antivirus product which gives you, on the one hand, all information you could dream of if you need to analyze software or malware, especially, on the machine. On the other hand, it's simple and fast and easy to use, and that's something I really appreciate.

We have been playing around with the solution's ActiveEDR technology, to get an idea of what is possible. We have not gotten so far that we use it for building KPIs and the like. But we have noticed it and it seems it could be a big game-changer for us, but I can't really provide much information on that topic.

While I really use Storyline right now, I'm the only one who does so in our company. I'm not sure if we will use it in our company on a large scale. That's the other side of this product. We don't have many people who are able to work with the information you get out of the module from SentinelOne.

We don't use the rollback feature, we just use quarantine right now. We haven't had any outbreak of cryptoware encrypting files. So as of now, we haven't needed it. That might change in the future.

I would rate SentinelOne a 10 out of 10, and I don't give 10s easily. I really love how simple and effective the product is. I really love the visibility it gives me into the endpoint. I really love that they open their product to the customer to enhance it with custom-made software, giving you the APIs to program it. Those are all things competitors don't have.

I really feel like the software has made my life easier. As I said before, my workload for malware analysis dropped by 50 percent. That's why I'm really thankful and really appreciate the product. I would say to everyone, at least give it a try. For our company, it really fits.