SentinelOne Singularity Complete Reviews

We are a Dutch distributor working for Infinigate, a company specializing in distributing security solutions across Europe. One of our vendors is SonicWall. 

The instant rollback for Windows support is a nice feature.

Certificate distribution is quite easy, for example, using BitBucket SSL Inspection in conjunction with the firewall. More and more web traffic is via HTTPS, everybody is sending encrypted data, which needs to be decrypted for security purposes, then delivered. The integration of SentinelOne and the SonicWall Capture Client makes certificate distribution easy, which is needed for a SSL security setup.  

The 365 management and analytics from the cloud is another great feature.

It would be good to see some small tools to test files or hashes that are a potential threat, I know there are already products offering this.

We have been distributing this solution to our clients for two to three years.

The stability is fine, I haven't heard about any serious issues. 

Within the cloud, the solution is as scalable as required. The CapEX is quite low and you can scale this solution for thousands of users. 

Within our company, we use a Sophos product, as we have been working with them for 25 years and have a more established relationship. 

The initial setup of this solution is straightforward. As soon as you install it, the policy is sent from the cloud, and perhaps some certificates, and you are up and running, so that's relatively easy. I would rate the setup experience a four out of five, as there is always room for improvement.

When I open my browser, and I'm behind the SonicWall firewall without Capture Client my browser will tell me that I cannot browse the internet until I install the client. Then there is a button in the browser to install it, I click on it as a user, and after a few minutes, I'm up and running. Now I can browse again, but with a client, so it's pretty easy.

As a distributor, we advise our resellers and they sell it to their end customers, so most of the time the resellers implement. I often give demos and training, where I show them how to do it. From a distributor role, most of the installations are done by our resellers.

The CapEX is very low because you don't have to buy any management tools or install them on your hardware. It's all based in the cloud and comes with cloud advantages. 

Just buy the Capture Client and buy the installer itself in a license of 100,000, or whatever is needed. You don't need to invest in any management tools because they are already installed, and maintenance from the client will keep everything up and running. 

I would rate this solution an eight out of ten.

I would advise people to consider this solution, because the combination of SentinelOne and SonicWall Capture ATP is very powerful. I would also advise people to have a look at the Capture Client and test the differences with other AVs.

SentinelOne has a patented feature with a Sandboxing technique, they have four Sandboxing techniques. They also have an AI technique, machine learning from SonicWall, and millions of sensors around the world to detect threats and zero-day attacks. This corroboration of security threat data shared by everyone makes the solution a powerful security engine. As Capture ATP also works on the firewall, it's not only their AV clients who are feeding the machine learning and the threat data, but also their firewalls.

We have the solution deployed on-premises and, for the last year, on the cloud as well. We have two systems.

Over the last year of Corona, we provided a lot of laptops to our workers to work at home. But because they're not connected, at first, to our network, they can't connect to the SentinelOne instance on-premises. We wanted something that would protect them when they're on the internet, and not only after they connected to our network. That is why we got the system that is in the cloud, to protect all the company laptops.

We don't have a lot of incidents because ours is a very closed network. We don't connect directly to the internet. So SentinelOne is only a barrier between us and the emails or between us and the files that go into our network. 

Three years ago, one of our employees got an email from someone and opened a file. It was ransomware. It started to infect the disks and I didn't know if it had started to encrypt the network routes. I stopped the computer, but I didn't know if another computer had also been infected. I waited for a company that was giving us support for those kinds of things. They got the disk and they started to check and analyze it. After four hours—and that was very quick, by their standards—I got the first analysis. If I had had SentinelOne the whole thing would have taken between 10 seconds and one minute. And then there was the cost of the SLA that we paid to the support company for that kind of support. A four-hour SLA costs a lot of money; the basic SLA is eight hours.

It has cut the response times to nothing. When we have an incident, we get an email in seconds and I can respond in a second to any threat. Even if it's a false alarm, I get the alarm immediately. For example, when we started to work from home, I accidentally installed a program that writes to the MBR partition in the laptop. It wanted to write to the MBR partition and SentinelOne stopped the file and it saved me from having to install the whole computer again. So it not only protects against threats but against mistakes. It's like having a big brother sitting behind you who protects you.

When you pay for a system like SentinelOne, along with the other systems that we have, we're less dependent on a SOC.

The solution gives me peace of mind when it comes to the reliability of the computers on our system. We can work through the internet, as has been happening recently with half of the company working from home, and I know that I have a system that has my back, that protects me. I know it does because I have tested it.

There isn't a single valuable feature, it's the whole engine and system. It's working online in  real-time and gives us alerts, on-click. We chose SentinelOne because in the millisecond that I clicked on the file, I got a block-alert.

SentinelOne's Static AI and Behavioral AI technologies are among the most effective for protecting against attacks because they analyze not only the file's surface, but the behavior of the file. When I described to my manager what I was going to buy, I described a system that analyzes file behavior. If you open a calculator, calc.exe, you know it's going to open calc.exe, and maybe open service X or Y, but it won't go to the internet, to an IP, and spread something. When you analyze the behavior or reaction of each file that works on your PC, it's something else. It's a different level of EDR.

When there is an incident, the solution's Storyline feature gives you a timeline, the whole story, what it began with, what it opened, et cetera. You have the whole picture in one minute. You don't need someone to analyze the system, to go into the logs. You get the entire picture in the dashboard. The Storyline feature has made our response time very fast because we don't need to rely on outside help. We see the whole picture in front of us, from the beginning to the end. We can see, with the click of a button, if that file ran on more computers, not only one or two, and how it spread to other computers. We can see the whole tree and we can immediately respond. We don't need to wait for analysis.

The UI is very clear. You don't need to look for something or to dig to understand where it is. It's all in front of your eyes.

All they need to do to improve it is for it to grow further. The hackers don't sleep. If the hackers don't sleep, the solution continually needs to be updated. They need to keep ahead of the hackers.

I have been using SentinelOne for two years.

It has never gone down. In two years I haven't had any software or hardware problems.

The scalability is driven by demand. If I need to buy 100 licenses, I can buy 100 licenses. We started with 50 and now we have 200 on-premises and 100 on the cloud.

In terms of expanding our usage, we have a SCADA network. It is our operational network. That network is 100 percent disconnected from the outside world. It's not connected to any network, not to IT and not to the internet. We use a regular antivirus there. We plan on deploying SentinelOne to support that and to remove the old antivirus.

Prior to using Sentinel one we were using McAfee Endpoint Security. We switched because I understood that the systems that are only checking file signatures don't work anymore.

We installed it, in the beginning, on-premises on our computer inside the network, and the installation was done with an integration company. Every three or four months we upgrade because our location is not connected to the internet directly.

The on-premises deployment took something like a week to get it deployed to everyone, but the installation itself was very quick, half a day. Then, to see what should be put in the blacklist or what to exclude took about two weeks. The deployment was done by me and the IT manager.

The cloud version was very simple, no problem. Things were done automatically.

The integrator we used was DnA-IT. They only did the installation for the first implementation.

Now that we are going back to the workplace, I will start to work with them on an hourly basis, and we'll learn about all the features from them. They have good guys who know what I need and what we're going to do. I am one person who supports 400 people, so I need the time to sit with the system and to learn it. The system has a lot of features that we don't use or that we don't understand how to use because we haven't had a lot of time in the past year to research them and sit with the company to teach us. We work with the basic features, things like the blacklist and the USB restrictions. The integrator will show us how to use the more advanced features. I'm starting to think that if we can implement all the features from SentinelOne, I will be able to cut the antivirus that we are paying for.

We also use DnA-IT for support. If necessary, they open a ticket with SentinelOne.

It's cost-effective. The price of 100 licenses that I need in the cloud is cheaper than one Bitcoin I would need to pay in the case of ransomware. It's already paying for itself.

The pricing is very fair for the solution they provide.

Aside from the standard licensing fee, the only other costs are for the hardware, because we use Hyper-V on-premises.

I don't remember the names of the other solutions we tested because it was more than two years ago. At that time, SentinelOne was a very young, small, Israeli company with a new product. We were using another startup on our OT network and I asked them if they knew of a good EDR company and they told me there's a little company like ours, our friends, check them out. We also checked two other companies.

We did a penetration test on some solutions. A company that we work with on pen testing planted malware in Excel files, in a macro. We tested how each of the solutions alerted us on the macro and about what it was doing. SentinelOne alerted us at the moment I clicked on the mouse. When I got the popup alert from SentinelOne, I said, "That's it."

In the other software that we checked, there was a little delay because the software got the file, transferred it to the cloud, waited for the cloud to handle the file, and then got the answer back. It took about half a minute or a minute. But in half a minute or a minute, an attack can destroy half of the network. In fact, one of the others didn't detect it at all.

My advice is check out SentinelOne. See how the system works in a real-time attack. Only when you see how it works in real life, in real time, will you understand the ROI of the system. Simulate an attack, simulate a file, simulate that file changing something, and see how it works. I can say to my manager, "I have McAfee installed on my system, I'm safe," and they'll check the checkbox and move on, without understanding what they are doing. I need to sleep well at home and I can do so by knowing I have a system that has my back. That is what SentinelOne is.

We are a system integrator. We are a SentinelOne partner, and we provide Singularity Complete to our customers.

Singularity Complete has helped to reduce alerts. There is about 50% reduction. It automatically generates alerts and can also solve a problem.

It has reduced the mean time to detect (MTTD). It has real-time detection, and it has been very good so far.

The mean time to respond (MTTR) has been reduced. We can respond to an incident in 10 to 15 minutes.

Singularity Complete saves costs for our customers. Its automation helps save money. There is a reduction in the operational costs.

It reduces the risk for the organization. They have an AI engine to detect new threats, such as Zero-day threats.

It is a robust solution. It provides great visibility. It scans and shows the vulnerabilities in our devices.

It is complicated to do certain tasks.

I have been working with Singularity Complete for about one year.

It is stable. Our customers have not had any issues.

I have not used their support so far.

I have worked with Symantec and one more solution for endpoint protection. Singularity Complete has an AI engine. There is no need to download anything.

It is very easy to deploy. It takes about a week.

We are a partner of SentinelOne. We are happy with SentinelOne as our strategic security partner. 

I would rate SentinelOne Singularity Complete a ten out of ten.

The use case varies based on the customers' requirements and specific needs.

The solution's Ranger functionality offers network visibility and a defined set of capabilities, particularly in terms of discovering and understanding network structures. 

The fact that Ranger doesn't necessitate new agents, hardware, or network modifications is a crucial aspect for us. It stands out as one of the primary selling points, especially considering the intermittent nature of changes like those affecting CPO. 

With the increasing prevalence of remote processes and a shift towards cloud architectures like SASE or SSE, moving towards a single vendor for security purposes could simplify the overall process. It aided in minimizing alerts, primarily due to the behavioral analytics component, which reduces a significant amount of noise. 

It contributed to time savings for our team, particularly for the projects and tasks I predominantly handled on my own.

The solution contributed to a decrease in our organization's time to detect incidents and respond to incidents. It aided the organization in cost savings and it contributed to a reduction in our organizational risk.

One of the most valuable features resides on the endpoint, with the rollback functionality standing out as particularly noteworthy. It seamlessly integrates with other solutions, providing a high level of compatibility and effectiveness. 

The capability to ingest and correlate data across our security solutions stands out as one of the strongest features. It excels in connecting incidents to create a coherent storyline.

Improvement seems necessary, especially with the focus on enhanced support. This is particularly crucial in the analytics domain, where the existing agent falls short in comprehensive performance. Additionally, there's room for enhancement in the mobile element. Although it's in their pipeline, the current state is not optimal, especially when considering the need to install it on people's phones.

I have been using it for a year.

The stability is straightforward and solid. It's notably uncomplicated and easily manageable.

The scalability is excellent, with a high degree of flexibility and ease.

Mostly, we handled the support aspect for our clients. However, among the vendors, it's notable for being quite strong in terms of support. I would rate it eight out of ten.

Positive

The initial setup was straightforward.

When it comes to deploying the agent across machines within the environment, it's a relatively straightforward process, akin to pushing it through the system's processor. The implementation strategy is contingent on the specific cluster, taking into account factors like the proof of concept and the desired objectives. In our case, we managed the implementation independently, involving only a few people. The deployment model is highly variable and depends on the customer's preferences. They typically communicate their preferences to us, and we adapt accordingly. Some opt for in-house hosting, while others prefer a cloud-based approach. It doesn't require maintenance. 

The pricing is on the higher end, making it less suitable for small or medium-sized businesses and perhaps not the ideal fit for the public sector where budget constraints may be more pronounced. I would recommend it more as an enterprise-level product.

SentinelOne Singularity Complete was selected from a range of different providers, evaluated against other companies, and then analyzed to be the chosen product for our managed service. The capacity for innovation, ease of deployment, and streamlined management set it apart from other solutions. Additionally, its leading capability to correlate incidents into a cohesive storyline is a noteworthy aspect.

As a partner, I find them to be highly effective, especially since they are increasingly focusing on the enterprise market. Overall, I would rate it nine out of ten.

Our primary use case for the solution was covering all the endpoints, including servers. We also added the Kubernetes nodes with the CI/CD platform, which covered end-to-end features that we need to fill the required security controls.

The solution has benefited us by monitoring most of the activities to endpoints that we control over the USB and the browser monitoring. Activity monitoring was also done through the XDR platform. We had a couple of incidents where there was zero-day malware planted inside the Lenovo firmware upgrade, which we were able to capture through the auto-detection feature. 

The autonomous platform is valuable because we can separate false positives and negatives and update the database during certain types of automation.

The solution can be improved by ensuring threats are being mitigated on the platform autonomously and by considering introducing an on-premises solution with affordable pricing for government institutions.

There is not much focus on the on-premise solution as the license cap is so huge for small and medium-sized institutions.

We have been using the solution for approximately one year.

The solution is stable.

The solution is scalable and can use the facility to do the same license, which could be used for Kubernetes. So it is the same license but different scales which we have utilized. Approximately 1,000 users are using the solution.

Our team has had a good experience with customer service and support.

Neutral

The initial setup was straightforward. Our team has also done an equally simple upgrade. It took approximately 24-48 hours.

I would say that there could be better ROI if we tend to use more than 500 licenses under a multi-cloud solution. But it would not be the same for an on-premise solution. 

The license for the solution is quite expensive, but it is cheaper than CrowdStrike. However, if you consider specific organization requirements, it has covered them all, so we might move to CrowdStrike after evaluating three years. Then, we assess the kind of tool in line with our requirements and implement the latest and the best tool in the quadrant, and currently, in Cambodia, CrowdStrike and TrendMicro are more popular.

I rate the solution a seven out of ten. The solution is good but can be improved by ensuring threats are being mitigated on the platform and considering reducing the license cap for an on-premises solution.

Our primary use case for SentinelOne is antivirus and malware protection. 

I found the detection the most valuable. 

There is room for improvement with the management interface. It could be more user friendly. 

I have been using SentinelOne for less than a year but more than six months. 

SentinelOne is a stable solution. 

SentinelOne is a scalable solution. We have some 300 people using it in our organization and plan to increase usage as the company grows. Every machine we roll out gets that product.

We used Trend Micro before we switched to SentinelOne. We made the switch because SentinelOne is not signature-based, it's an AI solution. 

The initial setup was straightforward. It entails simple installers and we deployed it through policies. We deployed it as a package on all PCs and servers and it took two weeks.

Deployment can be done in-house with one technical person. 

I recommend it. It just works. 

My primary use case for this solution to protect my clients and sites that I support from malware and ransom ware. It is installed on the end point clients and servers as a client and then it clean and protects after a reboot. As a managed service provider we found it instrumental at preventing viruses and especially preventing ransom ware. We went from 30% ransom ware infections to zero. The software stops the infection before it executes.

It has saved hundreds of hours fixing destroy and encrypted computers. In the old days even if you restored the files Windows was still damaged. This stops the software from executing.

The valuable feature of this solution is the ability for it to stop a virus or ransom ware. It uses a SOC for active monitoring and AI software that watches where you go and what gets executed. If it sees danger I get alerted and the machine is frozen. If the SOC believes it to be a virus the machines network card is frozen or the machine is automatically returned to the state before the file was executed and the file is erased. If it's safe the machine is auto unfrozen. I can go in look at the logs, verify if it's a false positive and unfreeze the machine. If I believe it is a virus I can return the machine to before the file got executed. Erasing any damage. If I believe it's a false positive I can mark it benign and re execute the file. So far it's stopped four ransomware cases from getting through, so it's doing a good job.

I think communication and documentation could be improved in the solution. When you get a virus alert, there's not a lot of upfront training to let you know how to resolve a situation when it occurs. The first couple of times you're flailing a little bit until you get it sorted. I would probably also suggest that the interface could use a little bit of help. It's a little hunt and peck. 

For additional features, I'd like to see the ability to control it on a cell phone. It would be great if I could have it in the palm of my hand so that if I get a false positive, I can just look at the dashboard on my phone.

I've been using this solution for seven months. 

The solution seems super stable, although you do get some false positives, especially when it encounters a new piece of software. But the SOC is able to quickly whitelist and adopt to the new software fairly quickly.

The solution is scalable. I'm able to put it both in a script and I can see it being able to be deployed in a large environment as well as a small one. I have 285 end points and the roles are anywhere from financial traders to insurance agents. All employees have access to the solution, it's actually turned into my main route for antivirus end protection and the product doesn't require any maintenance except for when it finds a virus.

I've used technical support a few times and it's very good. They're very responsive and they alert you very quickly when there's an issue. They lean heavier on protection, which can sometimes be a problem. A lot of times, by the time I'm logged in to look at it, they've already figured out that it's a false positive and they mark it and whitelist it and put the machine back online. All that can take less than a couple of seconds.

I've previously used several antivirus programs and then I got to the point where I wanted to use an artificial intelligence program. Originally I used CrowdStrike, which I also liked, but the main reason I switched to SentinelOne is because it's incorporated as part of my MSP solution suite.

The initial setup is very straightforward. When you implement, it goes through and does the initial scan and it makes the configuration changes that it needs. I haven't had a problem with any deployment at all and it's a very quick process. 

It's deployed in house

The cost of the solution varies and depends on your relationship with the supplier. My cost is USD $6 per end point. I don't have additional costs on top of that.

I evaluated, Norton 360, Windows antivirus, Webroot, Crowdstrike, and ESET

With solutions like these it's important to keep in mind that any automated system can give false positives, especially when they first encounter your software. Be patient, work with the SOC and the technical support team. If your work is implementation, then do whole sites at one time. It's best to do it in sections, let it sit for a couple of weeks and then do the rest.

I would rate this solution a ten out of 10. 

SentinelOne Singularity Complete has improved our security stack. You don't have to worry about monitoring 24/7. 

The tool's most valuable feature is Vigilance Respond Pro monitoring. You don't have to have a dedicated SOC and worry about staffing. 

I don't like switching the way you switch from legacy to XDR.

I have been using SentinelOne Singularity Complete since March 2023. 

SentinelOne Singularity Complete is stable. 

The product is scalable. 

A reseller consultant helped us with the tool's implementation. Our experience was good. 

SentinelOne Singularity Complete has freed up my staff's time and helped them focus on other tasks. 

The product's interoperability with other SentinelOne solutions and third-party tools is good. 

The solution has reduced our organizational risk. We have faster responses to incidents. 

SentinelOne Singularity Complete is a mature and solid product. I like the standard EDR capabilities. 

I rate it a nine out of ten.