SentinelOne Singularity Complete Reviews

We are an MSP supporting various business verticals (including medical and pharmaceutical). Our core monitoring/deployment solution is SolarWinds RMM, through which we were recently introduced to SentinalOne. We use the bundled automation to install, patch, and monitor antimalware protection to endpoints. We are in the process of replacing Bitdefender with SentinalOne for several clients. 

Deployment is automatable through the RMM, though a little clunky to do. The provided automation was a little challenging, but once you get it configured it's quite effective. Once we got it deployed to our users, it operates seamlessly and with minimal impact on system resources. Even our clients with lower-end workstations report improved performance since switching from Bitdefender. 

After migrating, this also picked up some latent malware that was not previously detected & cleaned it immediately with almost no interaction required. I was impressed with how little this bogged down the affected system. This was in our pilot run, so I was on-site.

The fact that this runs using AI instead of heuristics provides the best protection I've seen. It has the ability to rollback a ransomware infection instantly and with minimal disruption to the user & provides robust reporting. 

I tested this by deliberately infecting an unpatched test machine with WanaCry. First of all, SentinalOne blocked the initial infection attempt. I had to put S1 into "notify only" mode on that system to actually infect the machine. Once infected, WanaCry did what it does... encrypted all the documents I had copied to the test machine and put up the background. 

We immediately got a notification on our dashboard that a system was infected. At the same time, we got a popup on the client machine notifying us of the infection, with the option to auto-repair the damage. It took less than a minute (granted, we only had about 200 MB of files on the test system) for S1 to repair the damage and put the machine back to normal with no evidence of the infection.

You also can't remove the client from the local machine without approving it within the dashboard. This is a nice feature to prevent tampering by either hapless users or even skilled threat actors. 

Set up is very labor-intensive. You have to provide multiple codes from multiple places within the S1 dashboard in order to use the provided automation, and it's different for each client (or "sites" as they call it). It very much feels like an enterprise application that has been adapted for SMBs, but not very thoroughly. It would be better if they had a "site package" similar to the one offered by SolarWinds for the RMM. You just run the package on the client machine and done. 

The stability is excellent so far. Once installed, it's "set it and forget it."

Scalability is great if you're scaling up, but scaling down may prove to be challenging.

Technical support is provided for us through SolarWinds, and they're very knowledgable.

We used Bitdefender (also through SolarWinds) previously. SentinalOne was pitched by SolarWinds a few months ago as an alternative with robust ransomware protection. Being a small MSP, a single ransomware infection at a client could spell disaster for our business. We are always looking for the latest technology, but not marginal improvements. 

The setup script provided by SolarWinds (proprietary to their RMM) was a little challenging to get going, but once it worked, it worked perfectly. Except it didn't run on Win7 systems because it uses Powershell commands from a later version than what's available on Win7.

The vendor team provided support, but we did the deployment.

We're making about seventy-five percent over the per-seat cost, and it's easy to sell at that price point.

The per-seat cost is low, but you have to commit to a certain number of licenses for a year.

We really hadn't seen EDR solutions in action before. Our decision was based primarily on the fact that it has SolarWinds integration. 

Definitely worth the money compared to heuristic solutions, especially for clients who tend to "stretch" their hardware as long as possible. The low impact and robust reporting go a long way to make this an easy sell, and the cost is excellent for the price point. 

We use the solution for endpoint threat detection. 

The tool has helped us streamline and centralize things with a single solution. We are a small organization with a handful of people managing multiple sites. It is a simple tool with an easy-to-use UI. The product has an intuitive and up-to-date GUI. 

SentinelOne Singularity Complete's most valuable feature is reporting. People with less technical knowledge can understand the things happening. 

SentinelOne Singularity Complete should focus on analytical data. Backend aggregation can make things faster in the front end. 

I have been using the product for a year. 

I have not used support yet, which is a good thing. 

SentinelOne Singularity Complete tries to go above and beyond to integrate with different vendors, which is good. It is very nice to pick a different vendor for my needs and pull in all the information I need. It is very beneficial to have a single point of activation. 

As with any tool, figuring it out has a learning curve. However, getting the information easily and quickly from the same tool is nice. It is also nice to login to a single platform instead of multiple ones, which was the case in my previous company.

SentinelOne Singularity Complete does a good job of reducing alerts. We run attack tests against our network. We can create a real-world scenario. 

The product has reduced our organizational risk. Any tool designed around security mitigates risk. 

SentinelOne Singularity Complete has centralized things and helped us save costs. It makes getting information in and out of the system easier for a small group of people. 

I like everything that the product has done as a strategic security partner. They are willing to work with other companies and are not afraid of being groundbreaking. They are working on AI. 

I rate it an eight out of ten. 

The primary use case of the solution is cybersecurity. The solution provides endpoint protection against direct threats and insider threats.

The most valuable features are Deep Visibility, Remote Script Orchestration, and Ranger.

The solution can improve by adding more granular firewall capabilities. I would like to see an interface where I can in one view change the security posture of all groups with one click. I would like to have a listing of all the groups and then apply what's relevant to all the groups at once.

I have been using the solution for one year.

The solution is extremely stable.

The solution is scalable.

The tech support is brilliant.

Positive

The initial setup is straightforward. It takes about four weeks to deploy.

The implementation was done in-house.

The ROI is good. Once you go through the stabilization phase and get to know and understand the customer's environment and configure accordingly to what the customer needs, the return is there immediately.

The license is paid annually and is competitive. There are features that are not included in the licensing cost but it does include Vigilance and STAR.

I give the solution a nine out of ten.

On average, once the implementation phase is complete the solution only requires two people to maintain it.

SentinelOne is an antivirus and an EDR platform. We are using is simply for its antivirus and EDR features.

The solution is overall very good in terms of protecting endpoints and servers from malicious activities, malware, cyber attacks, viruses, worms, and so on. It offers really good security.

The initial setup is easy.

We have been happy with the stability.

It is possible to scale the product.

There is good documentation available, and support works to help users resolve issues.

It doesn't have application control capability. Other antivirus or EDR solutions have that. I would be happy if SentinelOne added that to their platform. This is the first point.

The second point is SentinelOne should provide support for legacy open-source operating systems. For example, old versions of Oracle are not supported by SentinelOne.

The third point is that SentinelOne does not support a few platforms, including IBM AIX and UNIX-based OS. These three platforms are almost all used in all enterprises, and SentinelOne does not support them. If SentinelOne provides agents for these missing platforms, it'll be very good.

It would be ideal if they offered video support for troubleshooting issues.

I've been dealing with the solution for just over one year.

The solution is stable and reliable. We have been happy with its performance. There are no bugs or glitches, and it doesn't crash or freeze. 

I'd give it a four out of five in terms of stability.

The scalability has been very good.

There are thousands of both users and servers. Everyone uses it.

I have raised a lot of tickets, and their support is very good. However, with other members, when we have raised tickets in the past, we were able to have technical sessions through Zoom, WebEx, or Teams very easily. That's true, for example, with Microsoft, Cisco, McAfee, and Kaspersky. With SentinelOne, they are providing very good support, excellent support, however, their engineers are not very interested in providing online sessions, which is more convenient.

When you face any issue, they always provide documentation and videos - and that's very good. However, sometimes it's required that they show us how something is done. Doing some sort of video call helps with the walk-through. SentinelOne engineers, most of them, are not so much interested in doing this.

We did previously use a different solution. However, I can't speak to which product that was.

Other solutions that I usually use in other organizations were on-premises.  This one is cloud-based. The point is, when you have your antivirus or EDR solution on-prem, that's your responsibility to troubleshoot the core server and do that maintenance patch and all of those kinds of tasks. When the solution is hosted in the cloud, all of these responsibilities belong to the provider, in this case, SentinelOne. When a new patch is getting released from the vendor, normally, if we were using legacy platforms, we would have to upgrade each endpoint one by one. By using cloud-based EDRs, it can be done automatically and reduces maintenance time.

The solution is very easy to set up. It's not overly complex or difficult. 

The implementation strategy was very simple: removing the old antivirus solution and replacing that with SentinelOne.

It took us three months to migrate and deploy.

We have ten to 14 people that can handle deployment and maintenance. Only one person, however, needs to handle typical maintenance tasks. 

We handled the initial setup ourselves. We did not need any outside assistance. 

Licensing is part of the procurement team. I can't speak to the exact cost of the product.

We are a customer of SentinelOne.

SentinelOne does not have a version. SentinelOne is a centralized platform that is hosted in the cloud. It's the agent that we install on servers and clients, it has versions we are using the latest version of agents. 

The product has two deployment options, cloud deployment, and on-prem deployment. Most people prefer to use cloud deployment in the way we do.

I recommend this solution often. I'd rate the solution eight out of ten.

My advice for other companies that do not use SentinelOne is this: that everyone, every company, likely has its own antivirus solution, whether it's McAfee, Symantec, Kaspersky, and so on. These platforms provide only an antivirus solution, however. If they replace their solutions with SentinelOne, they will have two features: EPP, endpoint protection from antiviruses, and EDR, endpoint protection and response features. They will not need to install two applications, one antivirus, and one EDR, on their clients' computers; only one agent can do anything.

SentinelOne provides an amazing amount of visibility over clients and servers. Anything done on a server, on a client, with a network connection, login, logout, changes in directories, et cetera, is recorded. Using query searches, you can find what happened very easily.

We use SentinelOne Singularity for cybersecurity. For example, ransomware protection. It protects our network against the latest cybersecurity threats, continuous monitoring, and real-time checks of our network. 

There are many things that we consider in a solution, such as how often it updates and does patches, and what issues are there in the network or on the desktop or OS. If any patch is missing, it should inform me and send me CVSS and CVSE scoring of my threat perspective.

SentinelOne Singularity has hundreds of features. The most valuable feature of the solution is the ease of use and threat control.

The training for SentinelOne Singularity should be free. The solution has a lot of features but we do not know how to use them all. The moment someone purchases the solution they should contact them and provide them with a feature session on how to use the features.

When we connect the solution to our patch management system they should explain to us how to do it. Additionally, it should be notifying me what patch is missing in my system.

I have been using SentinelOne Singularity for approximately six months.

SentinelOne Singularity is stable.

We have approximately 250 users using this solution in my organization.

I have used the support team from SentinelOne Singularity.

I rate the support from SentinelOne Singularity a four out of five.

Positive

We used two solutions for the comparison, CrowdStrike and McAfee. We did do tests before going to SentinelOne Singularity in many areas, such as ease of use, technical comparison, scanning capabilities in terms of cybersecurity perspective, and ransomware protection. Ransomware blocking is a better feature in SentinelOne Singularity.

We have a team of people who have a set of parameters that we use to scan all these tools. They perform comparisons on each and every aspect and SentinelOne Singularity scored better. 

The deployment of SentinelOne Singularity is straightforward and very easy. The whole process of deployment took four hours.

When it came to the price compared to other solutions we tested, SentinelOne Singularity gave us the price of our expectations whereas CrowdStrike could not.

First-time users of this solution should prioritize what they want to protect, and establish if they have the expertise to maintain it. The solutions don't require any high-end expertise to be deployed or maintained but a normal IT system administrator is needed to do it.

I would recommend this solution to others.

I rate SentinelOne Singularity a nine out of ten.

We use SentinelOne to secure our entire environment, including all user endpoints and servers. We are also currently testing the Deep Visibility addon. We were using a definition-based AV prior to SentinelOne, and we were getting daily/weekly infections of a variety of malware. We are a mix of PC, Mac, and Linux. We have on-premises machines and servers, as well as cloud VMs that we were wanting to protect. We wanted to purchase a Next Generation AV client that would be algorithm-based instead of definition file-based.

SentinelOne has provided amazing security. We were getting new cryptolocker variant infections several times per month and the month following our SentinelOne rollout, the numbers dropped to zero. We have not had a single infection since.

The new console is not only visually appealing and simple to use, but it allows you to customize and apply labels to different areas. I don't have a good gauge on how much money SentinelOne has saved us, but we only get a handful of security alerts in our console each day. It has freed up our security staff to perform other tasks. 

We love the API. We use it to generate robust reporting, and we also developed tools to perform agent actions remotely without needing to provide all IT staff with console access. 

The agent will now also report the location in AD. This allows you to create dynamic collections of machines in the cloud console based on their location in local AD. You can replicate your AD OU structure into the console and run deployments and reporting based on OU. It's a very powerful feature and something that was missing in our last product. 

The agent update schedule is a little sporadic, and the updates are frequent. You are definitely going to want to have a good management solution in place, such as SCCM, Intune, or Jamf in order to maintain the environment properly.

There is agent data, such as last known IP address, that is not stored historically. It would be nice if the console stored data daily, so that you could look at a timeline of events on a machine over a period of time, and currently this is not possible. You can see a snapshot of the data at the moment, but once it changes whatever was there previously is not stored. 

I have been using SentinelOne for four years.

The agent is very stable, especially the later versions of the product. Agent never crashes and consumes minimal system resources. New agent versions are constantly released (which can be slightly difficult to manage if you don't have a good endpoint third party management solution like SCCM\JAMF). Release over release both stability and features have improved and been more fleshed out. 

It is very scalable and easy to deploy over any of the standard management solutions.

Customer service and our TAM are both very good. They are responsive and have never been unable to answer a question we asked. 

We switched because or old solution flat out was not picking up infections. It was really almost rather useless. 

The initial setup is straightforward. We do not have any on-premises infrastructure. Rather, we are using sentinel one in full-cloud mode. It was really just a matter of deploying the agent to the endpoints.

Our in-house team handled the deployment.

ROI is kind of hard to quantify but we definitely do feel like we get our money worth.

The costs are really rather minimal for what you receive with the product. No real advisement here. The larger count you have, the deeper discount you will receive in your contract.

We looked at Carbon Black. SentinelOne was more economical, and the feature set was comparable so we ultimately went with it.

Be ready to dedicate a good amount of time to learn the API. To really get the most from the product you need to tap the REST API.

We are using SentinelOne Singularity Complete for an EDR platform for our clients.

The most valuble feature of SentinelOne Singularity Complete is the recovery and zero-day detection.

SentinelOne Singularity Complete could improve by having DNS filtering. Other competitor solutions have this feature.

I have been using SentinelOne Singularity Complete for approximately one year.

We have approximately 1,000 people using this solution. We have plans to increase our usage.

The scalability of SentinelOne Singularity Complete is great.

We do the implementation of the solution in-house.

I have previously used BitDefender.

The initial setup of SentinelOne Singularity Complete is easy. For exciting clients, the deployment of the solution can be done in minutes.

I have received a return on investment using SentinelOne Singularity Complete.

We've used SentinelOne Singularity Complete capability to enhance our offering and, therefore, be able to leverage that to increase our pricing.

For our use case, the solution is affordable. There are not any hidden fees.

We evaluated Sophos, Carbon Black, and CloudStrike before choosing SentinelOne Singularity Complete.

I rate SentinelOne Singularity Complete a nine out of ten,

In comparison to CrowdStrike, they use a lot of ICANN fees in the UI. But this isn't a problem for me because I am already familiar with CrowdStrike's interface and navigation panel. I still don't use the hamburger mini version of CrowdStrike because I am used to the old panels.

The rollback issue isn't marketed by CrowdStrike. I'm certain of it. We can, however, do it indirectly. If you want to do rollback in craft with RTR over Windows shadow copies, there is a workaround. 

This is an argument I occasionally use against SentinelOne. If you use rollback, your system has already been infected. CrowdStrike claims, that they don't do this, they are not a backup solution, and they don't allow any ransomware to work in their systems. 

By the way, rollback is a plus in the eyes of customers.

If CrowdStrike can do it with a single click, it will be a great turn of events.

The ability to get queries by pressing the "tab" button is a plus for SentinelOne.

SentinelOne makes it more difficult to define users.

It is difficult to manage users in SentinelOne.

There are many defining roles. It is granular, but it is also complicated. It is more granular than CrowdStrike, but it is not preferred because you have to check hundreds of roles. It's a challenge.

This user assignment feature would be more efficient. It would be fantastic if they could design it.

In comparison to CrowdStrike, EDR is less detailed. CrowdStrike provides more information about an adversary than SentinelOne.

Having a good EDR is a huge plus. In my opinion, it earns two points. The number will be nine if they can expand it with a more detailed one. 

I could complain about SentinelOne's pricing right now, but I am sure CrowdStrike is using its own staff to provide its clients with a complete solution. Being expensive is a little more reasonable than you think. 

Most people want to know why CrowdStrike is more expensive than other options.

CrowdStrike can assist you with their technical personnel, and CrowdStrike is the only provider who can assist you with their own threat hunters. SentinelOne is not currently doing this.

I have been using SentinelOne for three weeks.

I deployed it on my computer. I am testing it and trying to evaluate what is missing between the two products. I would like to see both of their advantages and disadvantages, which are not written. I am trying to gain real-life experience with these products. I have a lab. 

On these virtual machines, I have at least ten vendors. Some are legacy antiviruses, while others are next-generation antiviruses. I have worked with a variety of brands. These labs are being used for comparison.

I use automatic updates. As a result, it's most likely the most recent version.

The thing is, I can't say a thing about it because I need to digest a lot of data and launch a lot of attacks on SentinelOne, which I haven't done much of. Two or three assaults.

It was successful in prevention and detection, but I need to try some other methods to see if I can bypass SentinelOne.

This solution is currently being used by only two people. Myself and one of my teammates.

Not right now because things will be different in the real world, but we are only two computers with SentinelOne. So we didn't have that kind of experience right now.

When compared to CrowdStrike, the initial setup is more complex.

It only took me 10 minutes to install it on two PCs.

At this time it is only a trial. After the trial period, I am going to purchase two licenses from SentinelOne. To make comparisons too and continue investigating both products.

We simply want to compare in real-life conditions CrowdStrike, SentinelOne, Microsoft, and other legacy antiviruses such as McAfee, Micro, and so on.

If you are running an enterprise business, you should definitely go with CrowdStrike, but if you are on a tight budget, you could look into SentinelOne, but CrowdStrike is the better option. If you can stretch your budget.

If you need next-generation antivirus and EDR solutions or if your budget is limited, you can consider SentinelOne, but if you can increase your budget or convince your management to increase your budget, CrowdStrike would be ideal.

I am simply checking. I am not a customer. I am not a partner. I'm a CrowdStrike partner. I am only using it for my own needs. Because people frequently inquire about the differences between other brands and CrowdStrike. 

People come to me for CrowdStrike assistance. And I have to explain the key differences between the two products. And BattleKart does not accurately reflect the information. When compared to BattleKarts, the real-time experience is more valuable.

I would rate SentinelOne a seven out of ten.