SentinelOne Singularity Complete Reviews

We use SentinelOne Singularity Complete for all of our endpoints, including virtual machines, physical servers, and laptops.

The solution gives us a good sense that the systems are secured against malware, drive-by fileless attacks, and advanced behavioral attacks. This is our primary reason for having the product, and it does a good job in that regard.

It does not require a lot of management. It is hard to quantify the time savings but it does not require a lot of our time. If I spend an hour a week on it, that is a lot.

It is hard to quantify the reduction in the mean time to detect unless you are a pretty big organization and you are tracking that. However, it has been able to detect things and alert about them pretty much instantly in the console. We also get emails right after that. In terms of the Vigilance MDR service, one Saturday morning, I tripped an alert for something I was doing. I thought of waiting and seeing how long it would take on a Saturday morning at 10 AM for them to jump in and figure it out. They took about 20 minutes.

Any good endpoint security product should reduce your organizational risks, and SentinelOne Singularity Complete has done that. It is almost impossible to quantify the reduction.

We were able to easily realize its benefits within 30 days.

The console is light years better than the CrowdStrike console, which had just a bunch of different screens cobbled together. It is much more unified and much easier to work with. It is very nicely designed. It is one of the better user interfaces I have ever seen for web application management. 

The product is pretty easy to manage and pretty easy to deploy. It also has a pretty low resource footprint.

The false alerts can be annoying, especially during administrative tasks. We have had a number of occasions where the software impacted a third-party application, so the application would either not run or exhibit other technical issues. We were also not getting any alerts in the console to indicate that SentinelOne was having a negative interaction with the product. Finally, after hours of troubleshooting, we turned off the endpoint security for the product, and the application just started working fine. We have probably had a good half dozen of those. It is quite annoying.

I have had experience with SentinelOne Singularity Complete for two years.

Their support is top-notch. I have been in the business for thirty years, and I have dealt with just about every support company out there. I am used to mediocre enterprise support, but SentinelOne's support is very good, deserving a ten out of ten.

Positive

We were running CrowdStrike prior to SentinelOne. We were using CrowdStrike Complete, but it was simply way too expensive to sustain for our budget. We were looking for something that was equally capable and did not have a huge price tag with it, so we ended up going with SentinelOne and their Vigilance MDR service.

SentinelOne Singularity Complete has not helped us consolidate other solutions. It was a one-for-one replacement for CrowdStrike. It has not helped us to get rid of anything at this point.

I have used Bitdefender in the past. We had their GravityZone Ultra, which had XDR Complete, but there were so many alerts. We would literally spend hours. We would pick a day a week or a day every couple of weeks and try to trace down alerts and clear out the console. From that perspective, SentinelOne does give off fewer false positives. However, when we are dealing with administrator or network administrator or developer tools, for obvious reasons, they tend to trip the alerts on the product. For normal end-user work, there are seldom any false positives or alerts that are not valid. It is almost never. I am the IT director, and it is always tripping on things I am doing. When I install some encryption software or disk wipe software, I get many alerts in SentinelOne, but for the actual end-users, typically, we do not get any false positives.

We use their public cloud. We deploy the agents ourselves. We do the updates through their public cloud, but we do the initial deployment ourselves.

The initial setup was pretty straightforward. There are some nuances to the product, naturally. It is an enterprise-class endpoint security product, so there are things that you need to learn and understand about how it works. The same is true of CrowdStrike, Palo Alto Cortex, or any other product in the same category.

We have multiple locations with about 35 remote users.

We used their onboarding service, which was very helpful because we would have meetings every week or two with the actual SentinelOne employee engineer to talk about our deployment and ask questions about particular features and best practices. It was worth the extra expense.

I had one other network administrator working on it with me, and I just assigned him the task of deploying software and working with me on some of the policy configurations.

I do most of the maintenance on it. The maintenance typically requires adding an exclusion here or there, troubleshooting an issue, or uploading logs for support to look at an issue or a question that we have. I do not spend 50 hours a year on it.

SentinelOne is significantly less expensive than CrowdStrike. I recently did a price comparison between CrowdStrike and SentinelOne to determine where we are going for the next three years. CrowdStrike is 200% to 300% the cost.

For their complete service, we were paying CrowdStrike 45K for 85 endpoints for a year. We have stepped down, and we are doing MDR and not having SentinelOne manage our policies and things. We have 200 endpoints, and our yearly cost is 17K, so we have gone from 45K to 17K. From a detection standpoint, depending upon which MITRE framework tests you look at, both vendors jockey up and down in the top ten. They are pretty comparable from a performance and efficacy standpoint, so there is not a 200% to 300% gap there.

I always do a round-robin. My final three ended up being Palo Alto Network's Cortex product and CrowdStrike's Falcon product, the lesser version of their MDR Overwatch product.

The thing that I did not like about Overwatch was that they would tell you that something was going on and here is what you should do, but they would not help you with it. SentinelOne was a little bit more helpful in terms of hopping in. Ultimately, Palo Alto is not support-friendly. I use Palo Alto Firewalls, and their support is not that great. It has not been for a while, so I hesitate to go into their endpoint security as well. It is also expensive. It requires a lot more infrastructure and cost to deploy. It is probably more akin to CrowdStrike from a cost perspective.

I briefly considered Bitdefender's MDR solution using GravityZone where they did the MDR piece of it. It was probably half or a third of what we would have spent for SentinelOne, but I did not have the sense that it was quite the next-gen product that I was looking for, even though it scored pretty well.

All these are very similar because they base their activity on what a piece of software is trying to do on the system. It is a real-time behavioral analysis. They do not use predefined signatures from the last 25 years. They are trying to do things in real time. In terms of how long it takes to have visibility into what an application is doing and how quickly they can lock it down once they have the visibility, each vendor scores differently, but each of these three would generally be considered in anybody's top five.

SentinelOne is fairly innovative. I like what they are doing with the integration of their Purple AI for being able to do real-language queries of their telemetry data. You do not need to know all the correct syntax, which helps us non-SecOps folks who have to dabble in it periodically. We can do real-world queries. I have not asked for pricing on that. It is probably more than I want to pay for it, given that we do not get too much use out of this kind of feature, but they are continuing to innovate in that regard. From that perspective, it is a good product.

SentinelOne Singularity Complete is very mature at this point.

We have not yet had an occasion to integrate it, although, in a couple of weeks, we are going to be integrating their Cloud Funnel service with another MDR provider, Red Canary. We have not done that yet, and we have not made use of their other interoperability pieces.

They have two Ranger products. One is the Ranger Identity Protection product, which is kind of an add-on product, and the other one is more of a rogue detection product. We did subscribe to the Ranger Identity Protection product, but it was so difficult to work with that we finally stopped using it. It was a subscription.

Our correlation is whatever is going on in the endpoints. We are not pulling in Palo Alto firewall telemetry, or Okta or O365 data at this point, but we are moving in that direction. We are simply using it for endpoint security and for their Vigilance MDR service.

SentinelOne is good as a strategic partner. We are in the third year of our three-year contract and plan to continue with them. We are not going to go directly to them. We are going to go through one of their partners, Red Canary, but we will be using the SentinelOne Complete product and then using Red Canary to do the MDR along with active remediation and SIEM ingestion of our Okta data, our Palo Alto firewall data, and our O365 data. They can then begin to cross-correlate events and attacks across different attack surfaces of ours.

I would rate SentinelOne Singularity Complete a nine out of ten.

We use SentinelOne's EDR platform. We use Ranger for network discovery. It helps to find out any endpoints that do not have an agent or rogue devices that may come up on the network that are not protected. It allows us to isolate them until we have the proper protections in place.

We are starting to delve into Identity.

The EDR platform has helped us achieve our business goals by providing the best security against ransomware, which is the number one threat to our business.

We have seen a lot of benefits since we deployed SentinelOne many years ago. We were able to consolidate around eight different antiviruses globally. It saved us licensing costs, human capital, and the amount of time it takes to keep up with some of the legacy technologies.

Other than that, the product gives us so much visibility to things. We did not have that visibility before. It also gave us access to every endpoint globally from a single platform. My engineers and my SOC operators are able to touch every endpoint globally in a matter of seconds. We are able to consolidate all the data that we are getting from the platform. We then build rule sets and protections and automate playbooks to be able to help save time so that we can focus on some of the bigger threats that we have.

SentinelOne has had a huge impact on our risk management posture. In my viewpoint, any threats, especially with ransomware being the biggest threat to our business, can lead to downtime for operations. If manufacturers are not making the product, we are not making money.

SentinelOne has helped us improve our analyst efficiency because of the simple fact that it is a single singular platform where they have access to every endpoint data that is out there in the world in our scope of devices. It gives them the ability at their fingertips to dive deep into the telemetry data that they need to make a justification or make a decision about a threat.

SentinelOne helps us reduce noise. We also leverage SentinelOne Vigilance as a managed service provider, which takes away the load from my analysts. It enables us to develop playbooks to cut down the noise and helps us to prioritize what matters the most, which makes us way more efficient. It makes us speedier when it comes to the time to react to a threat.

SentinelOne, especially the Vigilance team, helps us to reduce false positives. It is not only because the technology itself is so good at what it does; it is also because of the information that we get related to a threat or an alert. The information is enough for us to have some sort of disposition on what that is. We can then write a rule or mute that through a click of a button so that it is not constantly coming to the surface.

SentinelOne helps us with our incident response process tenfold. We have so many options, from automation to using Purple AI, to give my analysts more confidence in their abilities. It is an amplifier. It is not a replacement. It is a way for them to build their confidence and skill set, but it also increases our efficiency and our time to respond to threats. The storylines with SentinelOne were probably one of the first things that caught my attention back when EDR was new to the market. They help the analyst develop a storyline or improve the storyline that they have already developed.

SentinelOne helps us with our mean time to detect by the fact that we have every endpoint consolidated into one platform. We have the prioritization based on the rule sets, the type of devices, the classification of the data it holds, or the classification of the department or the sensitivity of a manufacturing process in that environment. These methods help to cut the detection time for my analysts.

The platform provides multiple ways to communicate. With the addition of Vigilance and their main services, there is a very drastic reduction in the mean time to respond based on the information they give us. The information that we receive from those methods helps us to make a lot quicker decisions with the threats.

From an organizational perspective, SentinelOne helps me and empowers my team to be able to communicate to the business about some of the adversarial threats that we have in our environment. A lot of times when an endpoint or a production or line unit is impacted, the teams come to us with reports of a false positive, but in fact, it is not. SentinelOne helps us to educate, inform, and reinforce to the organization why we are here. We are here to help. We are here to help the business grow.

When we first looked at SentinelOne, we had a very distributed legacy antivirus environment. Through SentinelOne's platform, we were able to consolidate about eight different antiviruses globally, thus saving money and time. There were savings in terms of human capital or the amount of time it takes to keep up with some of those legacy technologies.

Like any vendor, SentinelOne had its challenges, but throughout our history as a partner and as a customer, they followed through with every commitment they made. That is huge. I do not look for a vendor, I look for a partner—a long-term partner. CISOs need partners to be successful. We have to lean on each other. There are things that they can do to improve the console or improve the product, and they are making strides in it. One value that I can bring to them is the fact that I am on the advisory board. As a customer, we bring problems or challenges or even opportunities to them that they take back to their product teams and marketing teams to come up with a solution. Being able to ride side by side with some of the developments they are making now, in the near future, or in the far future is pivotal to the success of a security organization.

We have been using SentinelOne's EDR platform since 2018.

The support teams speak various languages worldwide, which is beneficial for a multinational corporation like ours. We have teams across the world, and having support in native languages saves us time and increases efficiency.

Positive

We had a very distributed legacy antivirus environment before and selected SentinelOne for its consolidated platform.

We are also using a different SIEM solution currently but are considering migrating to full XDR in the future. We rely very heavily on managed services and Vigilance. We have a small security team, but over time, we will be able to build some hybrid models or hybrid approaches and start to go towards XDR.

When we looked at the EDR, having a single agent was a big deal. We have come a long way since then, but one of the primary reasons why we chose SentinelOne was their ability to package everything from a single agent.

The ROI is significant with SentinelOne, as it saves us money, time, and human resources by consolidating eight different antiviruses into one unified platform globally.

SentinelOne makes licensing easy by reducing the number of modules or packages that they have to offer. A lot of other vendors make licensing very complicated with separate modules or separate costs. By bundling necessary features, SentinelOne ensures that security leaders are not left confused by options. This bundling of necessities has served our needs well.

As they bring on more technologies and more offerings, they are either bundled with the premium packages or other packages they have or they are bundled separately as another SKU.

We compared SentinelOne against its competitors while evaluating EDR solutions. SentinelOne stands out to me from the competition because they stand by every commitment they make. They are extremely transparent and extremely collaborative with the customer base. They take back everything that the customers bring to the table and make the product better. It is a two-way street. We also have to give. We are giving that money for a product, so we are investing in them. At the same time, we want to have a voice. They allow us to have a voice. The fact that they are a true partner sets them apart from the competition.

Their transparency, their willingness to work with customers and receive feedback, and the humility to admit their faults but figure out a way forward with their trusted partners or customers set them apart from the competition. They have done a good job of getting the endpoints correct. They have done a good job at saturating the market with such a good endpoint product. The endpoint data is the most critical telemetry data that we have. If you think about network and email, those are all delivery methods, but a crime is only committed at the target location, which is the endpoint. With that being the most valuable information we have, they have done such a good job with that. They are already there at the endpoint. There are a lot of other things they can do to improve the data that they have with things like identity and network discovery. There are opportunities where you take Purple AI out and put it on top and extend the width or breadth of your security team. You can extend the breadth of reach across multiple facets or multiple layers of defense from one single platform.

AI is huge. It is a topic that comes with a lot of different variables. Some are good, and some are not so good. AI as a whole is not something to fear. It is no different than what mobile computing or cloud computing was. We have to embrace it. Embracing it empowers security organizations, security leaders, and security teams. It empowers them to make more and better decisions, and it also saves some time because a lot of the things that they are doing can be automated through the use of AI. It empowers the defenders, and by empowering them, it saves them time and allows them to focus on more important projects, more important topics, or more important threats. AI can help us cut down our mean time to detect and mean time to respond.

I have had several colleagues looking at SentinelOne and comparing them against some of the competitors, which is what you are supposed to do. To those who are considering purchasing SentinelOne, I would advise moving beyond the product. Do not just consider the product when evaluating SentinelOne. Focus on the leadership, product development teams, and their commitment to working closely with customers for long-term success.

SentinelOne is a true partner. We have had our issues. We have had our incidents. There were some times when I was desperate and needed help. They have been there. They are not there at the meat of it. They have traveled that road all the way to the end with me. That speaks volumes. To colleagues and people who are not yet using SentinelOne, I would recommend taking a look. Go beyond the curtain, the actual product, and the marketing. Look into the teams. Look into the leadership. Look into the success of other customers out there like myself. Call them. Talk to them. Challenge the product and challenge the teams, but do not let the first responses ever be the answer you go with. Continue to develop that relationship. That is what you should look for as a partner.

On a scale of one to ten, SentinelOne is definitely a ten. That is not just product-specific, customer support-specific, or road map-specific. A lot of different areas combined give it that score. Having a true partnership means that you are bringing everything to the table. You are helping each other grow.

We have the Singularity Endpoint Detection platform along with the MDR service. We are using their Singularity Enterprise offering along with Vigilance Pro.

We are currently in the process of deploying it. We started with the deployment earlier this calendar year with a goal of reaching 30,000 endpoints this year. We have deployed to about 25,000 endpoints to date. Our end goal is 100,000, but that will be phased in over the next year.

Our deployment experience has been excellent. We have received a ton of support from their customer success team. We are using this initial deployment to tune the product to make sure it is not causing performance issues on our endpoints. We are going about it in a very methodical fashion.

It has helped us achieve business goals in a few areas. Even though we are early in our adoption, there are a few areas where I have seen benefits. One is around the technology, the solution itself. It provides our security analysts with a very succinct and usable interface that they can use to effectively and efficiently manage incidents and investigations. 

The second area is around the MDR. This has been a huge benefit to us compared to our prior solution. We used to get a lot of false positives. That took up the time of our security analysts, which then took away time from addressing real problems.

The risk management at Lenovo has improved greatly over our prior toolset. We have identified risks that we would not have otherwise identified with our prior implementation.

Our analysts' efficiency has gone up tremendously. We are not chasing false positives. The tool provides timely and relevant information to our analysts so that they can address the events with confidence. They know they are working on the right activities, and then along with the managed service, they are not chasing rudimentary incidents. Those are being resolved before they can get to our team.

It has definitely helped us reduce noise. In the prior platform, which we are phasing out, the false positive rate was tremendously high. That caused a huge amount of inefficiency in the team.

It has helped us increase our incident response because we are working as a team. We not only have an improved platform for detecting and managing incidents; we are also partnering with SentinelOne on the MDR and the managed service aspect of it.

It has helped us improve our mean time to respond from a perspective of seeing what is happening. I do not have any metrics related to the percentage of that improvement.

It has highlighted the risk of insider threats, and we have found that on multiple occasions. It is hard to compare if they would have been caught in our prior solution, but we have increased visibility into what is going on across our network and the machines that are connected to it.

SentinelOne is an integral part of our AI strategy. We have recently got a chief AI officer in our organization. He happened to be our chief security officer, so we take AI very seriously. There are two things that AI can impact. We can leverage SentinelOne to help us protect the AI models that we develop and use, but we can also leverage AI for endpoint protection in the product itself. We can utilize the AI offering to improve our response rate and mean time to respond.

We are freeing up our resources and our security analysts' time to focus on the most critical threats to our landscape by not having to chase down false positives. In conjunction with the MDR, many of those incidents and events are mitigated and resolved without any intervention from our team.

SentinelOne can continue to make the presentation of relevant and timely data to the analysts as succinct and clear as possible. It will allow analysts to execute remediation or resolution with the least amount of clicks.

We started with the deployment earlier this calendar year.

The support from SentinelOne has been second to none, exceeding expectations. Maybe we are in the honeymoon period, but they have definitely exceeded expectations. I have been part of many deployments, not just of cybersecurity platforms but also of other platforms, and SentinelOne, in comparison, has been second to none.

Positive

We purchase it through CDW.

One of the primary considerations in evaluating EDR and identity security vendors was around the effectiveness of the detection and the ability to tune the solution to fit our needs. The presentation of the data to our analysts and the ability to detect events and threats that were not detected by our prior platform played a big role in that. We also were able to test out the MDR service as part of our proof of concept. That pushed it over the edge from anything we experienced with other vendors.

Earlier, we had a high false positive rate coming in, which would take up our analysts' time. In addition to that, our prior vendors or other vendors would report threats and incidents to our team but not what action to take to resolve them. The huge difference that we have seen is that we are now getting feedback from SentinelOne and the MDR team, and it is coming back completely resolved and completed. We are more on an information basis, and we do not have to spend any time on resolution or investigation.

Anyone considering changing their endpoint detection or SIEM solution should consider SentinelOne. It offers benefits in the product and technology aspect, service aspect, and partnership, allowing us to influence the roadmap and plan our cyber defenses.

Even though we are early on in our adoption, we have had a direct line of contact with the product team. We have been able to provide feature requests. We are not simply a customer of SentinelOne. We view it as a partnership. We can influence the roadmap. Likewise, SentinelOne is providing us a vision of their roadmap, and we can plan accordingly how to steer our cyber defenses.

As it stands today, I would rate SentinelOne Singularity Complete a nine out of ten simply because we are so early in our adoption that we are not taking full advantage of all the aspects of the solution. We will continue to grow and mature alongside the product.

We used it only for six months. Initially, it turned out to be a good product, but then we had an issue, so we stopped using it. We are now using CrowdStrike.

From an endpoint perspective, we have a heterogeneous environment. We have Windows, we have Mac, and we have Linux endpoints. We deployed it on all the endpoints, all different operating systems, and cloud instances as well. Our AD was also integrated along with the identity solution, but the issues specifically get reported on the endpoints for open-source or Linux. That is why we decided not to move forward with it.

By implementing SentinelOne Singularity Complete, we wanted security for our endpoints. After COVID, endpoint security became even more critical because our perimeter was more exposed. It was expanding wherever the end users were, so endpoint security became much more critical. Previously, in terms of endpoint security, the traditional antivirus, anti-malware, and endpoint protection were disconnected systems. We did not have any offline correlation, log collection, or policy management, whereas SentinelOne, as well as CrowdStrike, come with a central console. For compliance requirements, such as ISO, SOC 2, or PCI, we have to provide evidence in terms of the status of the endpoint patches and security posture. That is possible through the central console. That was the motivation for us to move to one of these products. SentinelOne was our first choice, but we ran into a specific issue.

We had not specifically signed up for any risk management, but we were also looking to expand that to a completely managed SOC where we do the log correlation as well. When we initially started, we only started with the endpoint, identity, and cloud.

The main reason for getting this solution was that it was a new-gen endpoint solution for having an organization-wide view of security vulnerabilities or abnormal behavior. That was the main reason we got started with SentinelOne Singularity Complete. It gave us a lot of that information. It also helped us with compliance requirements. In the case of any specific instance or any abnormal behavior, its reports certainly helped us with the root cause analysis and collection of logs. It helped us in providing or collecting the evidence that we could use in our compliance reports to ensure proper reporting for relevant legal entities.

The ranger product helped us to do discovery of endpoints. We could identify our rogue devices.

SentinelOne Singularity Complete helped to reduce alerts. It groups the alerts. If you have similar alerts coming from the same server or a couple of servers at a similar time frame, it groups them and sends a single alert along with the device ID. This way, you have less number of alerts for the team to work on. If the agent itself is not in the running state or does not have the latest signatures available, it basically groups the alerts and tries to create a single alert. You have all the endpoints listed out, and you can take action against that particular issue rather than the same issue being reported from thousands of machines together. It is hard to provide the metrics, but generally, it helped quite a bit. I had around 8,000 endpoint licenses, and if 20% of the services started reporting the same issue, there would have been 1,500 to 1,600 alerts in a minute. It merges them into a single alert. We can also define a real-time action. A single alert helps our backend team to take action easily. The same is applicable to the SentinelOne support as well. If certain patches or certain actions are required to mitigate an issue, their team can do the mitigation in one shot and the fixes get pushed to all the servers that were reporting that particular issue. In one shot, you can automate and orchestrate your mitigation.

SentinelOne Singularity Complete helped reduce the mean time to detect and the mean time to resolution. There was at least a 10% reduction.

SentinelOne Singularity Complete did not help us save any direct costs, but there is an opportunity in terms of manhours saved in the backend because of having all these features integrated. There were indirect cost benefits. We saved a lot of hours because our engineers did not have to keep an eye on all the alerts. They could automate certain actions. That was an indirect cost benefit. I cannot list any direct cost benefits. These are costly products.

SentinelOne Singularity Complete absolutely helped reduce organizational risk. It is meant for that. We had different levels of reporting available. We could have an executive view. We could view the standards or framework that we were using. We could see the level of compliance to various standards in terms of percentage. We could also define the actions by accepting something as a risk or mitigating that by orchestrating.

There is centralized reporting and view. We can have role-based access management where technical people or monitoring people can have a central dashboard with a single view of all the endpoints. Whether our endpoints are running on Windows, Mac, Linux, or any flavor of operating systems, and even mobile devices, we can have a central dashboard through which we can do complete user management and policy management. We can have a complete security posture organization-wise, department-wise, or business-wise.

They have a good data lake kind of feature where you can ingest all the security logs. They can be from your endpoint, your identity management system, or your cloud. They can be from any of those services, so you get to do log analytics. That is one of the features that I liked about it. The same capability is also available with CrowdStrike which we are now exploring because of the issue with SentinelOne. However, at the time, with SentinelOne Singularity Complete, because of log analytics, we could do threat intel or sandboxing or have custom logic written for any specific kind of reaction. Those kinds of things were quite easy.

Log analytics and a couple of other things were also pretty good.

We ran into production issues related to CPU utilization on Linux endpoints. Our production environment's performance got degraded like anything. After a lot of debugging, we figured out that because it consumed a big percentage of the CPU and memory. Some of the applications were restarting automatically or randomly. We had an auto-healing infrastructure, so if the system memory was available, the application would restart on its own. When this issue got prolonged, we could see a lot of service failures because of being out of memory. This issue started hitting us wherever we had persistence connection requirements. Because existing connections were breaking completely, any transaction that somebody was doing online got terminated, and that was a big issue.

They should improve it for the open-source or Linux endpoints. They can provide customizations where we can limit the on-access CPU utilization or memory utilization. It should honor the specified limit and use only a limited percentage of CPU and memory rather than utilizing all the CPU or memory available on a system. 

Other than that, I do not have any input. There is a lot of potential. There are a lot of possibilities for orchestration and sandboxing. Because we hit one particular issue, we were not able to continue using it, but I see a lot of opportunities there.

With SentinelOne Singularity Complete, we did not work for a long time. We gave away this product within six months. There were some problems or issues reported, and that is why we discontinued using this product. We stopped using it nine to ten months ago. We have now migrated completely to CrowdStrike.

I discarded this product within six months. I would rate its stability a five out of ten.

Its scalability is fine. I would rate it a nine out of ten for scalability. 

We used it in a heterogeneous environment. We had about 8,000 endpoint licenses.

I would rate their support a six out of ten because the issues that I had reported were not resolved.

As a strategic partner, SentinelOne is pretty good. They are very proactive.

Neutral

Prior to SentinelOne Singularity Complete, we had multiple pieces. We did not have one single product for everything. For endpoint security, we had McAfee as an antivirus and anti-malware. For identity, there was a different application altogether. For SIEM, there was a completely different solution, and for log correlation, we had a different log management server. Dashboarding solutions were completely different. EPO was the tool that we had to orchestrate some of the endpoint and antivirus-related policies.

We were having some challenges with SentinelOne Singularity Complete, so we migrated to CrowdStrike. We are now also exploring CrowdStrike's SIEM solution.

From a maturity standpoint, both SentinelOne Singularity Complete and CrowdStrike are mature products.

We deployed it on-prem and on the cloud. Its deployment was straightforward. It was orchestrated via my backend tool.

It does not require much maintenance. The maintenance required is similar to an endpoint. One or two people are sufficient for 8,000 to 9,000 licenses because they need to just monitor the status. In case they find a rogue device, then only they have to take action. Otherwise, once they have a complete deployment done, they just need to automate reports and tasks. Those kinds of things certainly help.

It is expensive. There is no doubt about it. If one of the functions does not work, it becomes very difficult for any CIO to justify the cost.

I would not be able to share the exact price, but we had almost 8,000 endpoint licenses, and it was a huge cost.

CrowdStrike is not cheaper than SentinelOne. Both products go neck to neck. Both are costly products. 

I would advise going for this solution only if you have a clear use case.

I have only one recommendation. If anybody wants to use such a solution to its potential, they need to be very clear about their use case. They need to know whether they want to go for the complete solution or they are just focusing on the endpoint solution. If you have a complete use case that requires EDR, identity, cloud, and log analytics, then SentinelOne or CrowdStrike makes sense. If you only have an endpoint use case, then these solutions do not make sense. It would not be a cost-effective deal.

After the complete endpoint deployment, you have complete asset visibility. We never used the life cycle management piece. We were just using the EDR feature.

SentinelOne Singularity Complete did not help free up the time of our staff for other projects and tasks. It has a lot of potential to do that, but we used it for a very short duration. Because of the issue we had, we did not continue using this solution. However, it has a lot of potential.

I would rate SentinelOne Singularity Complete a six out of ten. After they improve the product and their support, I may increase the rating. At this time, I cannot rate it more than six.

Our organization is leveraging SentinelOne Singularity Complete to achieve a comprehensive endpoint security solution. This involves utilizing SentinelOne's EDR functionality across all our endpoints, including IT, OT, and legacy systems. By integrating additional log sources, we're expanding to XDR which will further enhance threat detection, investigation, and response capabilities. This enriched data will also enable the creation of custom workflows to streamline security operations and improve the overall effectiveness of SentinelOne alongside existing security solutions like Office 365, proxy servers, and firewalls, allowing for better correlation and incident response.

Our previous antivirus solution wasn't strong enough to keep up with the growing number and complexity of cyberattacks. Traditional antivirus struggles to monitor all endpoint processes and activities. SentinelOne Singularity Complete addresses this issue with its Endpoint Detection and Response capabilities. EDR collects comprehensive endpoint data and stores it centrally, allowing us to monitor all running processes, identify evolving threats and their techniques, and take appropriate action. Additionally, SentinelOne's built-in AI and ML can detect suspicious behavior that traditional antivirus solutions might miss, providing advanced protection against modern cyberattacks.

Our organization utilizes a two-pronged approach to cybersecurity with SentinelOne. On-premises, SentinelOne Singularity Complete safeguards our sensitive big data that never leaves our network. Additionally, we leverage the cloud-based SentinelOne SaaS solution for further protection.

SentinelOne offers a marketplace that expands its XDR capabilities. This marketplace allows for seamless integration with various security solutions, including Azure AD, email gateways, threat intelligence platforms, firewalls, and proxies. By integrating these tools, we can create automated response playbooks within the XDR platform, streamlining our security posture.

SentinelOne Singularity Complete excels at gathering and analyzing data from various security solutions. Its built-in marketplace offers over 120 connectors that automatically ingest logs, enabling correlation and better incident response through custom workflows. This integration streamlines security operations by minimizing manual effort and allowing security personnel to focus on faster remediation.

We leverage Ranger to secure our raw networks and functionalities that SentinelOne has limited coverage for. Additionally, we actively search for vulnerabilities in our systems.

Ranger is a valuable tool for improving network and asset visibility. It helps us identify gaps in our coverage by highlighting raw networks and unmonitored endpoints. These blind spots represent areas where we lack agent deployment, and Ranger essentially acts as a roadmap for prioritizing where to install them for a full view of our environment.

Ranger has a seamless integration process. From the console, we enable Ranger, triggering the installation of a lightweight agent on our endpoints. This agent then monitors traffic to identify coverage gaps and potential vulnerabilities within our system.

Integrating all log sources and creating a custom workflow will streamline analyst workloads. This will automate most of the basic tasks currently handled manually, freeing up the team for other projects. The analysts performing investigations and remediation will see a significant reduction in time spent on repetitive tasks.

Since implementing SentinelOne Singularity Complete, our mean time to detection has been drastically reduced, going from two full days down to just ten minutes each month.

SentinelOne Singularity Complete has reduced our mean time to remediation.

SentinelOne Singularity Complete has been a valuable asset in reducing our organization's security risks. Its features, including device control and firewall management, provide us with the tools we need to effectively manage and secure our endpoints.

SentinelOne offers several valuable features for threat detection and response. Correlation, static analysis, and other detection engines work together to identify and address security issues. Additionally, the STAR Rules feature allows us to create custom alerts based on specific attacker behaviors or indicators of compromise. This empowers us to not only respond to built-in threats but also proactively detect and prevent emerging ones by defining custom actions for abnormal activity. In short, SentinelOne goes beyond native threat detection, offering customization to tackle even the newest threats.

SentinelOne Singularity Complete needs more connectors for integration with more solutions.

It seems there are currently two separate installers for the same device, one in MSI format likely for Windows and another in a potentially custom EXP format. Ideally, these could be combined into a single installer. If that's not feasible, the EXP format could be used as a self-extracting archive that automatically installs the software using the MSI installer. This would eliminate the need for two separate agents and provide a more streamlined installation experience.

SentinelOne endpoint protection enters a reduced functionality mode during certain resource-intensive events. This mode temporarily limits some features and may require a machine restart. In some cases, the agent might even get disabled. To restore full functionality, we need to re-enable the agent and reboot the machine, which can be inconvenient. Ideally, SentinelOne should improve its handling of resource usage to avoid these disruptions.

The technical support response time has room for improvement.

I have been using SentinelOne Singularity Complete for three months.

The current version of SentinelOne Singularity Complete is stable.

SentinelOne Singularity Complete is highly scalable.

The technical support response time is slow.

Positive

Our previous antivirus solution, Symantec Endpoint Security, struggled to keep up with evolving cyber threats. Additionally, integrating it with other security tools proved to be a slow and cumbersome process. Since switching to SentinelOne, we now benefit from seamless integration with various log sources and other security solutions, enabling a more holistic and responsive security posture.

The initial deployment was straightforward and took four months to complete in our large environment but it was not complex to onboard the machines based on our policies.

Four people were required for the deployment. 

While the cost of SentinelOne Singularity Complete might seem high at first glance, it's important to consider the value it offers. This helps to average out the cost.

I would rate SentinelOne Singularity Complete nine out of ten.

SentinelOne Singularity Complete offers a comprehensive security solution for cloud workloads and endpoints. While it excels at covering all these areas, it could benefit from more granular control and further enhancements. The ability to extend its protection to cloud security or cloud servers, similar to CSPM tools, would be valuable for taking action within cloud or microservice environments.

Maintenance is required for updates.

SentinelOne is a good strategic security partner.

Before implementing SentinelOne Singularity Complete, it's crucial to understand how it will integrate with your existing systems. This ensures compatibility and avoids any unintended consequences. Make sure to create exclusions for any applications that might conflict with SentinelOne to prevent disruptions.

Our main use case is to protect all the Linux servers. We use it only for servers, not for users.

SentinelOne Singularity Complete is one of the most mature solutions available. It shows great benefits over time.

We can install filters to analyze every alert, and make some whitelists, blacklists, and exceptions, thus helping reduce alerts.

It can reduce the organization's risk. It gives better control to our limited team resources.

It already has AI capabilities, which is one of their advantages.

When you select a policy for a type of server, such as an Active Directory, we can apply a dedicated policy. We can have a dedicated policy for Exchange Server and a dedicated policy for MS SQL, Oracle server, etc.

The interface of SentinelOne Singularity Complete is user-friendly, and we can quickly find what we need.

The main issue with SentinelOne Singularity Complete was the process memory used for Linux servers, which generated a lot of tickets and incidents due to the high load of disk consumption and memory. The problem was on all systems, but especially on Linux servers. It might have already been fixed.

SentinelOne Singularity Complete is the best EDR in the market, but it will evolve, though I have concerns about using US partners in Europe due to the geopolitical context. It is better to work with European companies.

I have been using SentinelOne Singularity Complete for approximately four years.

For stability, I would rate it a nine, as I have experienced only the issue of overload.

The technical support from SentinelOne Singularity Complete is very active and good, with a strong knowledge base available online. The response time of technical support is satisfactory and acceptable.

I would rate their support a nine out of ten based on reactivity and the solutions they provide; this is based on my team's interactions, not mine.

Positive

For Windows servers, we are using Defender. SentinelOne Singularity Complete is only used for Linux servers. 

The initial setup was not really complex; we only needed one on-premise management server to deploy to different servers. It took about two months for about 300 servers.

I am the third party assisting in the deployment.

I don't know about the licensing model. It seems easy, but it's not my area of expertise. I don't have information on how it compares to its competitors, but the pricing is per device.

We conducted some PoCs between SentinelOne Singularity Complete, Defender, and Carbon Black, and we decided to go with SentinelOne Singularity Complete based on usability. 

It is unclear if it has helped reduce our organization's mean time to detect or respond because we have a platform with four people, and we are using SOC as well. Our main activities are done by four people, and we don't have much time to conduct thorough investigations.

I cannot assess SentinelOne Singularity Complete's ability to be innovative because we stayed with it after choosing it and never compared it with others.

Overall, I would rate SentinelOne Singularity Complete a nine out of ten because nothing is perfect, but it is close.

We use SentinelOne Singularity Complete for network protection and response.

SentinelOne Singularity Complete effectively ingests and correlates data from all our security solutions, providing a unified view for better threat detection and response.

SentinelOne Singularity Complete aggressively identifies and quarantines potential threats. It effectively catches threats that other EDRs might miss. Overall, we find this level of aggressiveness acceptable for an endpoint protection solution and are satisfied with SentinelOne Singularity Complete's performance. We saw the benefits immediately.

SentinelOne Singularity Complete significantly reduces alerts by filtering out many false negatives. This allows us to identify actual threats as soon as they are categorized, separating true positives from the filtered noise. This helps us focus on the real threats, eliminating the need to sort through irrelevant alerts. The number of alerts has been reduced by 75 percent. It also helped to free up a significant amount of our time to work on other tasks.

SentinelOne Singularity Complete has significantly improved our ability to detect threats, even those previously unknown. This advanced EDR solution provides alerts for any suspicious activity, regardless of classification, allowing us to proactively assess and mitigate potential risks.

While SentinelOne Singularity Complete shows promise in reducing our organization's costs, the solution is still new to us and we haven't quantified the exact savings yet.

It improved our organization's security posture by enabling us to proactively identify and neutralize emerging cyber threats, thereby reducing overall risk in the ever-present threat landscape.

SentinelOne Singularity Complete stands out for its threat-hunting abilities and the agility of its agents in detecting malicious content across our gateways and endpoints. We're impressed by the breadth of threats covered by their constantly updated signature base, providing full protection against new cyber threats. While we're still exploring the platform's full potential, Singularity Complete's extensive capabilities, and superior coverage compared to our previous solution have already given us a significant security advantage.

SentinelOne Singularity Complete offers competitive pricing, but there's always potential for even better value.

I have been using SentinelOne Singularity Complete for one year.

SentinelOne's technical support was good at assisting with onboarding through troubleshooting actions and resolving configuration problems.

Positive

After using Symantec and Fortinet's EDR solutions, we migrated to SentinelOne Singularity Complete seeking a more comprehensive defense. SentinelOne's aggressive threat detection capabilities were a major factor in our decision.

The initial setup was seamless thanks to the SentinelOne support team. We had three people involved with the deployment from our local team and the support engineers online.

The SentinelOne support team helped us with the implementation in-house and it was seamless.

The pricing for SentinelOne Singularity Complete is competitive.

We evaluated several endpoint detection and response solutions, including Symantec, SentinelOne, CrowdStrike, and Bitdefender. While Symantec offered a phased migration option from on-premises to cloud and maintained endpoint interoperability, its EDR and threat-hunting capabilities fell short compared to SentinelOne. SentinelOne's robustness ultimately outweighed the advantages of the other options, including CrowdStrike's strong detection capabilities but higher price point, and Bitdefender's overall offering.

I would rate SentinelOne Singularity Complete nine out of ten.

We're in the process of consolidating our security solutions by migrating some services to the SentinelOne platform. While SentinelOne is a strong contender, we're also evaluating other tools to diversify our security posture and avoid vendor lock-in. This multi-platform approach will ensure we have the full protection needed.

As of now, no maintenance has been required for SentinelOne Singularity Complete.

SentinelOne is a strategic partner for our security operations. Their solution helps us maintain the safety of our internal systems, applications, and users. As security is a top priority, we consider them a top-tier partner in our overall operations.

I recommend SentinelOne Singularity Complete for anyone needing a robust Endpoint Detection and Response solution. However, to ensure it meets your specific needs, thoroughly evaluate its capabilities against your current operational requirements. If it aligns with your needs, consider a trial to experience SentinelOne's operation firsthand before committing to a contract.

Considering our sensitive data and security needs, we require a top-tier endpoint protection solution. SentinelOne Singularity Complete stands out as a market leader, achieving high ratings and verification from industry experts like Gartner.

First, budget-wise, and for the quick actions I take in automation, certainly AI plays a crucial role.

The most valuable features are the quick action and restoration capabilities. I can catch any behavior and restore everything for the last two changes. There's also automation that gives my team free time, preventing them from having to look for every alert. As a result, we don't need their action on some emails.

Integration with the firewalls is needed because there is no integration with Forti as a FortiAnalyzer. It is currently integrated with FortiManager and the Forti box, but if I have an analyzer, it doesn’t integrate with them. It would be better if there were direct integration with FortiAnalyzer.

I have used the solution for two years.

The stability is just okay.

The scalability is good at more than ninety percent.

I would rate the customer service at an eight.

Positive

I tried, when busy, CrowdStrike, and as an endpoint, I work with FortiClient.

The setup is complex related to the XDR because there are more logs, and the queries need someone expert for that. I should create a guide.

The deployment has been done in-house by my team.

If I compare prices between SentinelOne and another solution, I have already conducted this exercise, and SentinelOne is cheaper by more than sixteen percent.

It’s cheaper than other competitors.

I will recommend it to other clients. The quality is good for us based on our operations. We don't have a huge amount of transactions, but it’s good for us. The solution meets our needs. It’s good. Overall product rating is eight out of ten.