SentinelOne Singularity Complete Reviews

Our primary use cases for SentinelOne are data endpoint management, document version tracking, and email security.

A concrete fact is that it allows us insight into our data and our security and helped us protect our intellectual property.

For us, the dashboard is the most valuable feature. The analytics that you can pull out of the actual tool are valuable.

Their CASB tool needs to mature. I think there are some CASB vendors out there that have a dashboard tool that's much more mature than SentinelOne. That would be the only constructive criticism that I have.

I have been using SentinelOne for more than five years now. 

I have total confidence in the stability of the solution. 

SentinelOne's scalability is very good. The solution is very flexible. 

I was extremely happy with their technical staff. The solution's tech support is top-notch. They have some really good engineers on their team.

We previously used McAfee ePO and we switched to SentinelOne just because of the customer service and the product.

The initial setup was complex, but their technical staff are professionals and were able to help us custom-tailor the package we needed. On a scale of one to five, in terms of the complexity, with one being impossible to do and five effortless, I would put SentinelOne at about a four.

Deployment was about a six-month project for us and it included a discovery period and learning about our environments. We worked with SentinelOne to learn the environments and figure out what we needed to be successful. Then, we focused on an implementation period and then just monitored it after that. It was about a month and a half for each phase of that six-month period.

We implemented it in-house but we worked directly with SentinelOne. Our experience with them was fantastic. I wouldn't want to do it without those folks again.

The ROI we saw was that for the first time we had actual dashboard data on our data usage for our cloud vendor that we chose and also for our on-premises. We purchased our servers from Dell and it allowed us to actually get a better grip on what we actually needed to buy versus what we were buying.

SentinelOne's licensing costs are reasonable. I can't provide hard numbers, but I can say that SentinelOne is a much better solution with better value and a lower cost than the McAfee ePO. 

We did not evaluate any other options before switching to SentinelOne. 

SentinelOne would be my go-to security provider. I would recommend that others go there first. They will get solicitations from McAfee and such because McAfee knows they're losing that business, but they just can't offer what SentinelOne offers.

Overall, I would give the product a nine out of ten rating. 

Everyone who is a client of ours gets SentinelOne by default. It provides ransomware protection, malware protection, and increased security. Those are our top-three selling points for SentinelOne when we talk to clients.

Prior to deploying Sentinel One, we had a team of staff members dedicated to ransomware prevention and malware alerts. Since deploying Sentinel One, we have been able to allow that team to focus on other proactive security measures for our clients.

The dashboard alerting is great and it has helped us out a ton.

SentinelOne has also greatly reduced incident response time, based on the toolsets and the ability to deploy it to new companies through a script. That has been very helpful. It has decreased the amount of time spent on incident response by 40 to 60 hours a month.

And when it comes to mean time to repair, while we haven't had a situation where we've had to reload an operating system or repair to that extent, we've used the 1-Click Rollback feature which saves several hours over a reload of a PC. 

The detection and response feature is really good for us. 

Also, there is a feature called Applications, and it shows all the critical applications that are on devices that may need to be reviewed.

The solution’s Static AI and Behavioral AI technologies are great when it comes to protecting against file-based, fileless, and Zero-day attacks. I would rate that aspect at eight out of 10. They have been great at detection.

The solution’s 1-Click Rollback for reversing unauthorized changes is also huge for us. That is one of the top reasons we have SentinelOne in place. For example, we had a site that had downloaded malware on a share for their sales office. It was trying to move laterally throughout the network but SentinelOne detected it. We then used the 1-Click option to remove it from the 10 or so PCs it had infected. Then we blocked it based on the information SentinelOne provided to us. That way if it happened again, it would already be blocked and wouldn't be allowed to launch.

One area of SentinelOne that definitely has room for improvement is the reporting. The canned reports are clunky and we haven't been able to pull a lot of good information directly from them.

Also, integration is almost non-existent. We would really like to see integration with ConnectWise. Within ConnectWise Automate, you're only allowed to deploy at the top-level group. Our company is dealership-focused, but if we have a parent dealership that has 10 sub-dealerships with SentinelOne, we have to treat them as one large group instead of one parent and 10 sub-groups. That's been a pain point for us. We've done some workarounds, but since there is no integration, it's tough.

I have been using SentinelOne for about two years.

We haven't had any issues, outages, or upgrades. I would rate the stability at 10 out of 10.

One of the features that we love about SentinelOne is that we don't have to buy licenses ahead of time. It just scales up as we grow. We're bringing on a client now that has 500 endpoints and I don't have to worry about contacting sales at SentinelOne and getting a PO for 500 licenses. It just scales up and we're charged based on what we use, which is awesome.

The solution is on 100 percent of our clients that we manage, and that's going to be the goal moving forward. Our sales team does not put in a contract without SentinelOne.

SentinelOne technical support has always been very quick and responsive. We haven't used them a lot. We're a technology company as well and we're able to fix the minor stuff ourselves or by looking at a knowledge base.

One of our concerns or complaints at the beginning was the lack of training, which they fixed. They allowed us to schedule our staff to do the eight hours of free training, which was great. That would have been my only complaint, but that was resolved a few months ago.

Positive

We didn't have any EDR solution in place like SentinelOne. We had Bitdefender for antivirus, but that has been removed. Our existing antivirus was failing in several ways. It wasn't detecting everything that was coming through. That was the big catalyst for the switch.

Originally, we had SentinelOne through SolarWinds, which was our previous RMM tool. And when we migrated to ConnectWise, we moved our existing licenses over.

The initial setup was straightforward. It was through our RMM. We bought licenses and we had a one-click deployment to deploy that software. And when we migrated, the gentleman who helped us was awesome. We migrated 9,000 endpoints from that RMM directly into SentinelOne, and he did a lot of the heavy lifting. We just had to check and confirm things were getting moved over.

The migration of the 9,000 agents took 10 to 14 days.

Our implementation strategy included a deployment where we would do a test phase. We picked certain endpoints at different clients and we would deploy and set it in a "listen-only" mode and see what it caught. If everything was good, we would then turn it on to regular mode. That process helped a lot in the implementation.

We have about 75 people in our company using SentinelOne. The main roles among them are about 60 percent help desk, which is view-only; 20 percent client-side, which is reporting and view-only; and the rest are our engineering level where they have the ability to do rollbacks and fix certain issues that are coming in. There is very little maintenance involved with the solution, maybe a handful of hours a month. We have it set up to auto-update. Prior to that, we had to set up our script to download the most recent version, but that's all been replaced now with automation. Maintenance on the actual system is very minimal.

In the past, we had to purchase licenses in advance, so if we hit our license limit, we could not expand until we got a signed agreement in place with the sales rep after the back-and-forth. That meant if a client had ransomware and they had 200 agents, we couldn't deploy right away if we were up against our limit. So we always had that balancing act of figuring out if we were close to our limit and whether we needed to buy more licenses? We ended up paying for licenses we didn't need because we had to buy them in packages of 100.

We now pay based on usage. They do an audit once a quarter and calculate any overages. We pay a set amount quarterly, based on our licenses in use, and then they true-up the figure. Right now we have 12,800 agents with SentinelOne on them. We charge our clients monthly, so it would be really difficult for us to write a check to SentinelOne, in advance, for a full year's worth, at that level. It's been great for us to have the quarterly payments.

We looked at CylancePROTECT in addition to SentinelOne. We liked the pricing better and the contract options better with SentinelOne. The deployment also seemed to be easier. In addition, SentinelOne detected things that others missed. We did a few quick trials of other solutions, but SentinelOne seemed to be the best in terms of detection. For example, we did a test with Mimikatz and SentinelOne detected it immediately, whereas some of the others bypassed or didn't see it at all.

And when we talked to the ConnectWise sales rep—because ConnectWise was integrated with Cylance at that point, and SentinelOne was not—the rep told us that they were actually dropping Cylance and moving to SentinelOne over the next year for integration, which was a big factor for us.

My advice would be to implement SentinelOne immediately. It is one of the top things that we've implemented and it has saved us countless hours. It's really hard to quantify the savings, but if a client were to get ransomware, it could involve weeks of several team members working around the clock to get them back up and running. Since we've implemented this, we haven't had to do that in an environment where we had experienced having to do so previously.

The biggest thing I've learned from using SentinelOne is that there are a lot more attacks out there than a typical antivirus will display. Regular antivirus, rather than an EDR-type platform, gives people a false sense of security because there are a lot of processes running in the background that the typical antivirus solution is not equipped to catch. It was eye-opening when we started deploying this at clients, locations where we felt we had very good peace of mind in terms of what was happening. SentinelOne started detecting things left and right that were completely unable to be seen prior.

Our main use cases are endpoint protection, EDR, and automated threat response for users and servers. We also use it for ransomware protection, threat hunting, and incident investigations. One thing that helped us a lot is the single-agent approach, because we don’t need multiple tools or agents installed on every machine.

It reduces complexity and makes deployment and updates much easier across different entities. The automated isolation of compromised endpoints has also saved a lot of manual effort. Overall, we use it to improve detection, response, and visibility on all endpoints with minimum overhead.

SentinelOne has had a very positive impact on our security posture. We see threats being stopped in real time without waiting for manual action. This has reduced the stress on our team and lowered the number of incidents we need to handle directly.

The automatic isolation and remediation really helped us shorten response time. The ransomware rollback feature also gives peace of mind, especially in critical environments.

We now have much better visibility into what actually happened during an attack, which helps with investigations and closing gaps. Overall, it has saved us time and improved our confidence against modern threats.

The best feature for us is the autonomous response. We don’t have to wait for a security analyst—SentinelOne isolates the device, kills the malicious process, and stops lateral movement automatically. The ransomware rollback capability is also something we really value because it gives confidence that even if something slips through, we can undo the damage.

The visibility and forensic details are excellent; it actually tells a story of what happened instead of just showing alerts. This helps our investigations and audits a lot.

Performance-wise, the agent is lightweight, and deployment was very smooth across different entities. Overall, the combination of prevention + response + forensics in one platform has been the biggest advantage for us.

SentinelOne works very well overall, but there are a few areas that could improve. The reporting and dashboards could be more customizable, especially for audit and compliance needs. Sometimes the UI feels a bit complex when you’re trying to drill down quickly.

More built-in analytics and ready-made reports would help a lot. Also, alert tuning could be simpler, because in some cases we still get false positives that require manual review.

It would also be great to see more visibility into identity-related attacks in future releases. Overall, nothing critical, but these improvements would make the platform even stronger.

We have been using SentinelOne Singularity Complete for roughly four years in our production environment.

It is a very stable solution.

It is a scalable solution. Everyone is using this solution in our organization, with almost 2000 users. It's mandatory for us to install this EDR solution on all the inputs.

Customer support has been generally good for us, and most questions are handled properly. The platform is stable, so we don’t need support very often. For normal issues, the response time is fine.

However, for complex cases—especially agent-related problems—we sometimes need remote assistance, and that level of support is not included in the basic subscription. In those situations, the resolution can take longer. Overall, support is helpful but could improve in advanced troubleshooting.

Positive

Yes, we previously used Trend Micro. We switched to SentinelOne because we wanted stronger detection capabilities, faster automated response, and better visibility into advanced threats. SentinelOne’s AI-based approach and single-agent design were important factors for us, along with the ability to automatically isolate and remediate incidents without relying completely on manual action.

The initial setup was straightforward. We use the SaaS model, cloud-based solution, and console on cloud, so it's very straightforward. I rate the setup a 4.8 out of five, and I would give it a five if they added application control.

Yes, we have seen clear ROI after moving to SentinelOne. The biggest saving has been the reduction in manual investigation and remediation time. Since most incidents are handled automatically, our team spends less time reacting and more time on proactive work.

We also avoided several potential ransomware impacts, which in itself protects us from large financial and operational losses. The single agent and tool consolidation also reduced the need for multiple products and maintenance efforts.

Overall, the time saved, lower incident impact, and improved security confidence clearly justified the investment.

Pricing is okay and costs almost the same as Trend Micro. We have a partnership with SentinelOne, and it costs about $30 to $35 per user per year.

We also evaluated Malwarebytes and CrowdStrike before choosing SentinelOne. Malwarebytes was simple to use but it didn’t provide the same level of autonomous response or forensic depth that we needed. CrowdStrike was strong in detection, but overall SentinelOne offered better rollback, a single-agent approach, and more automation.

In the end, SentinelOne gave us a more complete platform for prevention, response, and investigation rather than just detection. The balance of features, automation, and usability was the main reason we selected it.

I rate this solution a ten out of ten. SentinelOne is the next-generation EDR solution. Once it is installed, no action is required from the end user. It's machine learning and AI integrated, and 95% of threats are blocked. It's a great product.

I am an MSP and provide service on behalf of SentinelOne.

I manage the incident logs from SentinelOne for our clients.

We integrated the SysLog server with SentinelOne without any issues.

SentinelOne Singularity Complete saves clients time by offering a comprehensive security solution that combines automatic detection, machine learning, behavior monitoring, and zero-day attack protection, all in one place, compared to traditional on-premise solutions.

SentinelOne Singularity Complete significantly reduced the number of alerts.

SentinelOne Singularity Complete freed up three of our people to focus on other tasks.

The most valuable features of SentinelOne Singularity Complete are machine learning because it saves us time, device control for data privacy, and the token. 

SentinelOne Singularity Complete needs to improve the integration capabilities with SIEM.

I have been using SentinelOne Singularity Complete for eight months.

SentinelOne Singularity Complete is extremely stable.

SentinelOne Singularity Complete is scalable.

Cloud deployment for this project was a simple process. With two people involved, it only took one hour to activate the tenant and configure everything.

I would rate SentinelOne Singularity Complete nine out of ten.

SentinelOne Singularity Complete stands out as a mature security solution. Its robust threat detection, data loss prevention, and machine learning capabilities all point to its effectiveness.

My company leverages SentinelOne Vigilance and SentinelOne Singularity Complete for managed SOC.

SentinelOne Singularity Complete, together with SentinelOne Vigilance, is an EDR tool, with capabilities such as these, which I found valuable: the dashboard that shows you all the information and the power to either manually or automatically quarantine issues or threats in the environment.

SentinelOne Vigilance is one of the feature sets of SentinelOne Singularity Complete as a whole, and my company found SentinelOne Singularity Complete a little bit easier to use and flexible; plus, it had several feature sets.

I've not been using SentinelOne Singularity Complete for a long time to have a lot of feedback on its areas for improvement, as my team is still learning the tool, but what comes to mind is the need for it to give more straightforward directions or communication about detection or what has been detected.

We officially deployed SentinelOne Singularity Complete, including its feature set SentinelOne Vigilance, about three months ago.

SentinelOne Singularity Complete has been very stable, so it's an eight out of ten for me, stability-wise.

SentinelOne Singularity Complete is a scalable solution, which is one of the reasons why my company uses it.

I found the technical support for SentinelOne Singularity Complete excellent, especially in terms of communication. Support is nine out of ten for me.

Positive

We previously used Atos as our SIEM tool and wanted to replace it with a newer technology, so we're now using SentinelOne Singularity Complete.

I'm involved in deploying SentinelOne Singularity Complete, and I found the process straightforward. My company is still going through with the deployment because of the ninety-day deployment model.

I have people in my team assisting with SentinelOne Singularity Complete implementation.

I've seen ROI from SentinelOne Singularity Complete within a month after deploying the solution, mainly after my company started getting different alerts, which I was happy about.

I found the pricing for SentinelOne Singularity Complete reasonable, which is one of the reasons my company went with it.

SentinelOne Singularity Complete requires just a little bit of maintenance, as my team has to update agents and do some finetuning, but not too much.

My rating for SentinelOne Singularity Complete as a solution is eight out of ten.

My advice to people looking into using SentinelOne Singularity Complete is to ask for sample reports and processes to understand how SentinelOne would let you do it.

The company I work with is a SentinelOne customer.

We use it as an Enterprise EDR solution for threat detection, anti-malware, and security investigations.

SentinelOne Singularity Complete has greatly enhanced our security posture. We feel that our endpoints are more secure. We are in the know of what is happening within our company from a security perspective. We are confident in the ability to detect untrue positives. It has also helped us in achieving industry certifications such as SOC 2.

SentinelOne Singularity Complete has absolutely helped reduce our organization's mean time to detect. There has also been an impact on our mean time to respond. With the integrations that we have set up with Splunk and other products, we are able to respond to incidents as soon as they alert us.

We have a couple of integrations with it. They are alright. I am not blown away by its integration capability.

SentinelOne Singularity Complete has not helped reduce alerts. If anything, we create more alerts with it. We are able to fine-tune the product to reduce noise and alerts, but without it, we would not have any alerts. It is the piece of software that provides that alerting capability for us.

SentinelOne Singularity Complete has not helped free up staff. In a way, it creates work for us, but that is the purpose of the product.

The deep visibility and the ability to perform security investigations and assess our endpoint security posture are the most valuable features.

There should be Terraform support for console administration. Dynamic tagging would be also useful. 

The auto-upgrade capability should be improved.

I have been using SentinelOne Singularity Complete for two years at this company. My company has been using it longer than that.

Its stability is pretty good. I like the stability of their agent.

It is extremely scalable.

Their technical support is pretty good. I would rate them an eight out of ten.

Positive

I was not here when they bought this solution, but I know why we bought the tool. We replaced another EDR solution, and then we used it as our enterprise EDR solution for ransomware prevention, threat hunting, and security investigations. We were using CrowdStrike previously. SentinelOne Singularity Complete also saved us money. It is very competitive compared to CrowdStrike.

I have used a couple of EDR solutions. SentinelOne Singularity Complete is less mature than CrowdStrike, but it is definitely one of the top players in the industry.

SentinelOne Singularity Complete has not helped reduce our organizational risk. It is about the same as CrowdStrike in this aspect.

We have it on our laptops and the cloud, so our setup is hybrid. I am in charge of deployment, and it is as simple or complex as any other solution. 

It requires maintenance on our end.

We have a team, but I do most of the work. I am in charge of it.

It is hard to define the ROI. It does not save us money, but it prevents security breaches. In the grand scheme of things, it is definitely worth investing in. 

Its pricing is competitive. 

It has competitive pricing and great support. It is a complete solution.

As a strategic security partner, they collaborate with us quite a bit on our overall posture. They constantly have webinars and education sessions for us to deepen our security knowledge and how to use their product. They have assisted us on various PoCs for different offerings that they have and different services they offer. They help us to understand how each of those components integrates into our overall security posture. We did a PoC of the Ranger functionality.

I would rate SentinelOne Singularity Complete a seven out of ten.

Our company is a platinum partner and uses the solution to provide endpoint protection for customers. 

A few new customers require the on-premises solution but others use the cloud technology. 

The solution offers excellent detection and integration capabilities. 

Integrations talk to other security vendors and share data with the help of the API. No other product offers this functionality. 

The solution is a bit costly for some customers. 

DLP support would be a good addition. Currently, there are multiple vendors and agents on endpoints. The solution looks at data from a specific documentation view so it would be beneficial to use that same documentation to look at DLP. 

I have been using the solution for six years. 

The solution is stable so I rate it a nine out of ten. 

The solution is very easy to scale. Scalability is the best and the GUI itself is very fast with no issues. A customer with 10,000 clients still gets fast responses. 

Technical support is very good and helpful in getting results. 

The turnaround time for solving bugs or finding workarounds for customers is quick. 

The setup is simple and the solution can be deployed using any tool. Vendors can also remotely deploy the solution.

If the solution is set up properly with the right policies and processes in place, then it won't require too many maintenance resources. Customers can also utilize the solution's NDR service instead of staffing that position. One technician can easily handle ongoing maintenance.  

We implement the solution for customers. 

The pricing is comparable with other vendors but some customers find it a bit costly. There is a bit of pricing flexibility with the solution, but initial quotes can surprise customers. 

I rate pricing a six out of ten. 

The solution stands out because has excellent detection and integration capabilities. In my opinion, the solution is better than Microsoft, CrowdStrike, and Palo Alto. 

Customers are very happy with deployments and stick with the solution year after year.

I rate the solution a nine out of ten. 

Our company serves as resellers and solution engineers for our enterprise customers. We deploy and support the solution in customer environments. 

The XDR capability is quite good and offers advantages such as its real-time detection that is superior to CrowdStrike. I hear that face detection capabilities have also been added. 

The dashboard should include troubleshooting because it can have problems. 

Sometimes, the XDR does not configure its policies for data security on time. 

The XDR should include ECI compliance, multiple data securities, and the load balancer for network firewalls under one umbrella. It would be beneficial to buy a salient solution that does everything. 

The cloud side could be improved to include security, advanced integrations with other products, storage accounts, monitoring, and support. 

The solution should include USB blocking for specific machines. 

I have been using the solution for one year. 

The solution is stable with no issues. 

The solution is scalable. 

The technical support is half and half. They offer good support but response time is slow. Sometimes, you have to contact multiple engineers to get good information and that is a challenge. 

Neutral

We deploy the solution for customers. 

The solution's XDR is superior to CrowdStrike. 

I am satisfied with the solution and rate it an eight out of ten.