I have used SentinelOne Singularity Complete in a SOC environment where most customers were utilizing it.
Customer Success Manager at Digitank Technology
Has improved threat hunting through query suggestions and contextual incident storylines
Pros and Cons
- "SentinelOne Singularity Complete has shown a return on investment with its ability to detect threats at approximately 99% efficiency."
- "The main area for improvement relates to Linux compatibility. When deploying on a Linux system, the process isn't as seamless compared to other operating systems."
What is our primary use case?
How has it helped my organization?
The solution has been helpful especially for the infrastructure security team. They can focus their energy on other business projects and priorities while having peace of mind knowing that even without real-time operation, SentinelOne Singularity Complete can detect vulnerabilities and contain threats until they intervene. This allows them to work on other projects, develop security policies, and strengthen their defense. The team can address other security loopholes while SentinelOne Singularity Complete manages their infrastructure.
What is most valuable?
One of the features I particularly appreciate is the hunting capability, specifically being able to use deep visibility for threat hunting.
It's quite elaborate. It allows you to create and manage queries easily. Even if you're not very proficient in the language being used, it suggests the correct syntax when you type in plain text. If there's an error, it points out where you're wrong, enabling you to adjust the syntax. This feature is particularly beneficial for threat hunting using the deep visibility feature of SentinelOne Singularity Complete.
Additionally, the platform allows for compartmentalization, which is great because we use it for about 13 customers. It enables us to manage different environments from a single console and download relevant data for each customer.
What stands out is that this solution is not just about detection; it's also about response and containment. When it addresses an incident, it explains what occurred and suggests actions to take before further investigation.
Another excellent feature is its ability to filter events from the same company, helping to reduce noise. For instance, if a single user performs various actions that would typically trigger hundreds of alerts, this system consolidates those activities under that one user. This approach allows for tracking related events together rather than generating multiple alerts. As a result, you can analyze an incident from a holistic perspective rather than just viewing individual alerts in isolation. Overall, these capabilities enhance the effectiveness of threat management and incident response. That's my take on it!
It's capable of integrating with SIEM and other solutions. It offers enhanced interoperability.
What needs improvement?
The main area for improvement relates to Linux compatibility. When deploying on a Linux system, the process isn't as seamless compared to other operating systems. They could enhance this by providing an easier way to implement or deploy on Linux OS systems.
Buyer's Guide
SentinelOne Singularity Complete
September 2025

Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: September 2025.
868,706 professionals have used our research since 2012.
For how long have I used the solution?
I have used SentinelOne Singularity Complete for four years.
What do I think about the stability of the solution?
There have been no stability issues at the moment.
What do I think about the scalability of the solution?
It's scalable.
How are customer service and support?
Their support is very good. When we encounter an issue, we quickly raise support tickets, and the response time is very good.
How would you rate customer service and support?
Positive
How was the initial setup?
It's not complex. It's straightforward, and the support is very good.
What was our ROI?
SentinelOne Singularity Complete has shown a return on investment with its ability to detect threats at approximately 99% efficiency.
What's my experience with pricing, setup cost, and licensing?
It's affordable. The pricing is competitive.
SentinelOne Singularity Complete has proven beneficial in a specific case. In one instance, a customer had Microsoft licenses that were very expensive at the enterprise level. By implementing SentinelOne Singularity Complete, they were able to reduce their license plans and focus on this solution because it offered more robust features than their previous solution.
What other advice do I have?
I would rate SentinelOne Singularity Complete a ten out of ten. It's a good solution.
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Last updated: Sep 27, 2025
Flag as inappropriate
Director, Information Technology at Lenovo
Video Review
Our security analysts can efficiently manage incidents and investigations with its succinct interface
Pros and Cons
- "We are freeing up our resources and our security analysts' time to focus on the most critical threats to our landscape by not having to chase down false positives."
- "SentinelOne can continue to make the presentation of relevant and timely data to the analysts as succinct and clear as possible. It will allow analysts to execute remediation or resolution with the least amount of clicks."
What is our primary use case?
We have the Singularity Endpoint Detection platform along with the MDR service. We are using their Singularity Enterprise offering along with Vigilance Pro.
We are currently in the process of deploying it. We started with the deployment earlier this calendar year with a goal of reaching 30,000 endpoints this year. We have deployed to about 25,000 endpoints to date. Our end goal is 100,000, but that will be phased in over the next year.
How has it helped my organization?
Our deployment experience has been excellent. We have received a ton of support from their customer success team. We are using this initial deployment to tune the product to make sure it is not causing performance issues on our endpoints. We are going about it in a very methodical fashion.
It has helped us achieve business goals in a few areas. Even though we are early in our adoption, there are a few areas where I have seen benefits. One is around the technology, the solution itself. It provides our security analysts with a very succinct and usable interface that they can use to effectively and efficiently manage incidents and investigations.
The second area is around the MDR. This has been a huge benefit to us compared to our prior solution. We used to get a lot of false positives. That took up the time of our security analysts, which then took away time from addressing real problems.
The risk management at Lenovo has improved greatly over our prior toolset. We have identified risks that we would not have otherwise identified with our prior implementation.
Our analysts' efficiency has gone up tremendously. We are not chasing false positives. The tool provides timely and relevant information to our analysts so that they can address the events with confidence. They know they are working on the right activities, and then along with the managed service, they are not chasing rudimentary incidents. Those are being resolved before they can get to our team.
It has definitely helped us reduce noise. In the prior platform, which we are phasing out, the false positive rate was tremendously high. That caused a huge amount of inefficiency in the team.
It has helped us increase our incident response because we are working as a team. We not only have an improved platform for detecting and managing incidents; we are also partnering with SentinelOne on the MDR and the managed service aspect of it.
It has helped us improve our mean time to respond from a perspective of seeing what is happening. I do not have any metrics related to the percentage of that improvement.
It has highlighted the risk of insider threats, and we have found that on multiple occasions. It is hard to compare if they would have been caught in our prior solution, but we have increased visibility into what is going on across our network and the machines that are connected to it.
SentinelOne is an integral part of our AI strategy. We have recently got a chief AI officer in our organization. He happened to be our chief security officer, so we take AI very seriously. There are two things that AI can impact. We can leverage SentinelOne to help us protect the AI models that we develop and use, but we can also leverage AI for endpoint protection in the product itself. We can utilize the AI offering to improve our response rate and mean time to respond.
What is most valuable?
We are freeing up our resources and our security analysts' time to focus on the most critical threats to our landscape by not having to chase down false positives. In conjunction with the MDR, many of those incidents and events are mitigated and resolved without any intervention from our team.
What needs improvement?
SentinelOne can continue to make the presentation of relevant and timely data to the analysts as succinct and clear as possible. It will allow analysts to execute remediation or resolution with the least amount of clicks.
For how long have I used the solution?
We started with the deployment earlier this calendar year.
How are customer service and support?
The support from SentinelOne has been second to none, exceeding expectations. Maybe we are in the honeymoon period, but they have definitely exceeded expectations. I have been part of many deployments, not just of cybersecurity platforms but also of other platforms, and SentinelOne, in comparison, has been second to none.
How would you rate customer service and support?
Positive
What's my experience with pricing, setup cost, and licensing?
We purchase it through CDW.
Which other solutions did I evaluate?
One of the primary considerations in evaluating EDR and identity security vendors was around the effectiveness of the detection and the ability to tune the solution to fit our needs. The presentation of the data to our analysts and the ability to detect events and threats that were not detected by our prior platform played a big role in that. We also were able to test out the MDR service as part of our proof of concept. That pushed it over the edge from anything we experienced with other vendors.
Earlier, we had a high false positive rate coming in, which would take up our analysts' time. In addition to that, our prior vendors or other vendors would report threats and incidents to our team but not what action to take to resolve them. The huge difference that we have seen is that we are now getting feedback from SentinelOne and the MDR team, and it is coming back completely resolved and completed. We are more on an information basis, and we do not have to spend any time on resolution or investigation.
What other advice do I have?
Anyone considering changing their endpoint detection or SIEM solution should consider SentinelOne. It offers benefits in the product and technology aspect, service aspect, and partnership, allowing us to influence the roadmap and plan our cyber defenses.
Even though we are early on in our adoption, we have had a direct line of contact with the product team. We have been able to provide feature requests. We are not simply a customer of SentinelOne. We view it as a partnership. We can influence the roadmap. Likewise, SentinelOne is providing us a vision of their roadmap, and we can plan accordingly how to steer our cyber defenses.
As it stands today, I would rate SentinelOne Singularity Complete a nine out of ten simply because we are so early in our adoption that we are not taking full advantage of all the aspects of the solution. We will continue to grow and mature alongside the product.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Buyer's Guide
SentinelOne Singularity Complete
September 2025

Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: September 2025.
868,706 professionals have used our research since 2012.
Vice President, Technology Operations at InfoEdge India Ltd
Provides centralized management but doesn't work very well with Linux endpoints
Pros and Cons
- "Whether our endpoints are running on Windows, Mac, Linux, or any flavor of operating systems, and even mobile devices, we can have a central dashboard through which we can do complete user management and policy management. We can have a complete security posture organization-wise, department-wise, or business-wise."
- "We ran into production issues related to CPU utilization on Linux endpoints. Our production environment's performance got degraded like anything."
What is our primary use case?
We used it only for six months. Initially, it turned out to be a good product, but then we had an issue, so we stopped using it. We are now using CrowdStrike.
From an endpoint perspective, we have a heterogeneous environment. We have Windows, we have Mac, and we have Linux endpoints. We deployed it on all the endpoints, all different operating systems, and cloud instances as well. Our AD was also integrated along with the identity solution, but the issues specifically get reported on the endpoints for open-source or Linux. That is why we decided not to move forward with it.
By implementing SentinelOne Singularity Complete, we wanted security for our endpoints. After COVID, endpoint security became even more critical because our perimeter was more exposed. It was expanding wherever the end users were, so endpoint security became much more critical. Previously, in terms of endpoint security, the traditional antivirus, anti-malware, and endpoint protection were disconnected systems. We did not have any offline correlation, log collection, or policy management, whereas SentinelOne, as well as CrowdStrike, come with a central console. For compliance requirements, such as ISO, SOC 2, or PCI, we have to provide evidence in terms of the status of the endpoint patches and security posture. That is possible through the central console. That was the motivation for us to move to one of these products. SentinelOne was our first choice, but we ran into a specific issue.
We had not specifically signed up for any risk management, but we were also looking to expand that to a completely managed SOC where we do the log correlation as well. When we initially started, we only started with the endpoint, identity, and cloud.
How has it helped my organization?
The main reason for getting this solution was that it was a new-gen endpoint solution for having an organization-wide view of security vulnerabilities or abnormal behavior. That was the main reason we got started with SentinelOne Singularity Complete. It gave us a lot of that information. It also helped us with compliance requirements. In the case of any specific instance or any abnormal behavior, its reports certainly helped us with the root cause analysis and collection of logs. It helped us in providing or collecting the evidence that we could use in our compliance reports to ensure proper reporting for relevant legal entities.
The ranger product helped us to do discovery of endpoints. We could identify our rogue devices.
SentinelOne Singularity Complete helped to reduce alerts. It groups the alerts. If you have similar alerts coming from the same server or a couple of servers at a similar time frame, it groups them and sends a single alert along with the device ID. This way, you have less number of alerts for the team to work on. If the agent itself is not in the running state or does not have the latest signatures available, it basically groups the alerts and tries to create a single alert. You have all the endpoints listed out, and you can take action against that particular issue rather than the same issue being reported from thousands of machines together. It is hard to provide the metrics, but generally, it helped quite a bit. I had around 8,000 endpoint licenses, and if 20% of the services started reporting the same issue, there would have been 1,500 to 1,600 alerts in a minute. It merges them into a single alert. We can also define a real-time action. A single alert helps our backend team to take action easily. The same is applicable to the SentinelOne support as well. If certain patches or certain actions are required to mitigate an issue, their team can do the mitigation in one shot and the fixes get pushed to all the servers that were reporting that particular issue. In one shot, you can automate and orchestrate your mitigation.
SentinelOne Singularity Complete helped reduce the mean time to detect and the mean time to resolution. There was at least a 10% reduction.
SentinelOne Singularity Complete did not help us save any direct costs, but there is an opportunity in terms of manhours saved in the backend because of having all these features integrated. There were indirect cost benefits. We saved a lot of hours because our engineers did not have to keep an eye on all the alerts. They could automate certain actions. That was an indirect cost benefit. I cannot list any direct cost benefits. These are costly products.
SentinelOne Singularity Complete absolutely helped reduce organizational risk. It is meant for that. We had different levels of reporting available. We could have an executive view. We could view the standards or framework that we were using. We could see the level of compliance to various standards in terms of percentage. We could also define the actions by accepting something as a risk or mitigating that by orchestrating.
What is most valuable?
There is centralized reporting and view. We can have role-based access management where technical people or monitoring people can have a central dashboard with a single view of all the endpoints. Whether our endpoints are running on Windows, Mac, Linux, or any flavor of operating systems, and even mobile devices, we can have a central dashboard through which we can do complete user management and policy management. We can have a complete security posture organization-wise, department-wise, or business-wise.
They have a good data lake kind of feature where you can ingest all the security logs. They can be from your endpoint, your identity management system, or your cloud. They can be from any of those services, so you get to do log analytics. That is one of the features that I liked about it. The same capability is also available with CrowdStrike which we are now exploring because of the issue with SentinelOne. However, at the time, with SentinelOne Singularity Complete, because of log analytics, we could do threat intel or sandboxing or have custom logic written for any specific kind of reaction. Those kinds of things were quite easy.
Log analytics and a couple of other things were also pretty good.
What needs improvement?
We ran into production issues related to CPU utilization on Linux endpoints. Our production environment's performance got degraded like anything. After a lot of debugging, we figured out that because it consumed a big percentage of the CPU and memory. Some of the applications were restarting automatically or randomly. We had an auto-healing infrastructure, so if the system memory was available, the application would restart on its own. When this issue got prolonged, we could see a lot of service failures because of being out of memory. This issue started hitting us wherever we had persistence connection requirements. Because existing connections were breaking completely, any transaction that somebody was doing online got terminated, and that was a big issue.
They should improve it for the open-source or Linux endpoints. They can provide customizations where we can limit the on-access CPU utilization or memory utilization. It should honor the specified limit and use only a limited percentage of CPU and memory rather than utilizing all the CPU or memory available on a system.
Other than that, I do not have any input. There is a lot of potential. There are a lot of possibilities for orchestration and sandboxing. Because we hit one particular issue, we were not able to continue using it, but I see a lot of opportunities there.
For how long have I used the solution?
With SentinelOne Singularity Complete, we did not work for a long time. We gave away this product within six months. There were some problems or issues reported, and that is why we discontinued using this product. We stopped using it nine to ten months ago. We have now migrated completely to CrowdStrike.
What do I think about the stability of the solution?
I discarded this product within six months. I would rate its stability a five out of ten.
What do I think about the scalability of the solution?
Its scalability is fine. I would rate it a nine out of ten for scalability.
We used it in a heterogeneous environment. We had about 8,000 endpoint licenses.
How are customer service and support?
I would rate their support a six out of ten because the issues that I had reported were not resolved.
As a strategic partner, SentinelOne is pretty good. They are very proactive.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
Prior to SentinelOne Singularity Complete, we had multiple pieces. We did not have one single product for everything. For endpoint security, we had McAfee as an antivirus and anti-malware. For identity, there was a different application altogether. For SIEM, there was a completely different solution, and for log correlation, we had a different log management server. Dashboarding solutions were completely different. EPO was the tool that we had to orchestrate some of the endpoint and antivirus-related policies.
We were having some challenges with SentinelOne Singularity Complete, so we migrated to CrowdStrike. We are now also exploring CrowdStrike's SIEM solution.
From a maturity standpoint, both SentinelOne Singularity Complete and CrowdStrike are mature products.
How was the initial setup?
We deployed it on-prem and on the cloud. Its deployment was straightforward. It was orchestrated via my backend tool.
It does not require much maintenance. The maintenance required is similar to an endpoint. One or two people are sufficient for 8,000 to 9,000 licenses because they need to just monitor the status. In case they find a rogue device, then only they have to take action. Otherwise, once they have a complete deployment done, they just need to automate reports and tasks. Those kinds of things certainly help.
What's my experience with pricing, setup cost, and licensing?
It is expensive. There is no doubt about it. If one of the functions does not work, it becomes very difficult for any CIO to justify the cost.
I would not be able to share the exact price, but we had almost 8,000 endpoint licenses, and it was a huge cost.
CrowdStrike is not cheaper than SentinelOne. Both products go neck to neck. Both are costly products.
What other advice do I have?
I would advise going for this solution only if you have a clear use case.
I have only one recommendation. If anybody wants to use such a solution to its potential, they need to be very clear about their use case. They need to know whether they want to go for the complete solution or they are just focusing on the endpoint solution. If you have a complete use case that requires EDR, identity, cloud, and log analytics, then SentinelOne or CrowdStrike makes sense. If you only have an endpoint use case, then these solutions do not make sense. It would not be a cost-effective deal.
After the complete endpoint deployment, you have complete asset visibility. We never used the life cycle management piece. We were just using the EDR feature.
SentinelOne Singularity Complete did not help free up the time of our staff for other projects and tasks. It has a lot of potential to do that, but we used it for a very short duration. Because of the issue we had, we did not continue using this solution. However, it has a lot of potential.
I would rate SentinelOne Singularity Complete a six out of ten. After they improve the product and their support, I may increase the rating. At this time, I cannot rate it more than six.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
SME for Cybersecurity at Locuz Enterprise Solutions Ltd
Helps reduce our MTTD and MTTR while improving our network visibility
Pros and Cons
- "SentinelOne offers several valuable features for threat detection and response."
- "SentinelOne Singularity Complete needs more connectors for integration with more solutions."
What is our primary use case?
Our organization is leveraging SentinelOne Singularity Complete to achieve a comprehensive endpoint security solution. This involves utilizing SentinelOne's EDR functionality across all our endpoints, including IT, OT, and legacy systems. By integrating additional log sources, we're expanding to XDR which will further enhance threat detection, investigation, and response capabilities. This enriched data will also enable the creation of custom workflows to streamline security operations and improve the overall effectiveness of SentinelOne alongside existing security solutions like Office 365, proxy servers, and firewalls, allowing for better correlation and incident response.
Our previous antivirus solution wasn't strong enough to keep up with the growing number and complexity of cyberattacks. Traditional antivirus struggles to monitor all endpoint processes and activities. SentinelOne Singularity Complete addresses this issue with its Endpoint Detection and Response capabilities. EDR collects comprehensive endpoint data and stores it centrally, allowing us to monitor all running processes, identify evolving threats and their techniques, and take appropriate action. Additionally, SentinelOne's built-in AI and ML can detect suspicious behavior that traditional antivirus solutions might miss, providing advanced protection against modern cyberattacks.
Our organization utilizes a two-pronged approach to cybersecurity with SentinelOne. On-premises, SentinelOne Singularity Complete safeguards our sensitive big data that never leaves our network. Additionally, we leverage the cloud-based SentinelOne SaaS solution for further protection.
How has it helped my organization?
SentinelOne offers a marketplace that expands its XDR capabilities. This marketplace allows for seamless integration with various security solutions, including Azure AD, email gateways, threat intelligence platforms, firewalls, and proxies. By integrating these tools, we can create automated response playbooks within the XDR platform, streamlining our security posture.
SentinelOne Singularity Complete excels at gathering and analyzing data from various security solutions. Its built-in marketplace offers over 120 connectors that automatically ingest logs, enabling correlation and better incident response through custom workflows. This integration streamlines security operations by minimizing manual effort and allowing security personnel to focus on faster remediation.
We leverage Ranger to secure our raw networks and functionalities that SentinelOne has limited coverage for. Additionally, we actively search for vulnerabilities in our systems.
Ranger is a valuable tool for improving network and asset visibility. It helps us identify gaps in our coverage by highlighting raw networks and unmonitored endpoints. These blind spots represent areas where we lack agent deployment, and Ranger essentially acts as a roadmap for prioritizing where to install them for a full view of our environment.
Ranger has a seamless integration process. From the console, we enable Ranger, triggering the installation of a lightweight agent on our endpoints. This agent then monitors traffic to identify coverage gaps and potential vulnerabilities within our system.
Integrating all log sources and creating a custom workflow will streamline analyst workloads. This will automate most of the basic tasks currently handled manually, freeing up the team for other projects. The analysts performing investigations and remediation will see a significant reduction in time spent on repetitive tasks.
Since implementing SentinelOne Singularity Complete, our mean time to detection has been drastically reduced, going from two full days down to just ten minutes each month.
SentinelOne Singularity Complete has reduced our mean time to remediation.
SentinelOne Singularity Complete has been a valuable asset in reducing our organization's security risks. Its features, including device control and firewall management, provide us with the tools we need to effectively manage and secure our endpoints.
What is most valuable?
SentinelOne offers several valuable features for threat detection and response. Correlation, static analysis, and other detection engines work together to identify and address security issues. Additionally, the STAR Rules feature allows us to create custom alerts based on specific attacker behaviors or indicators of compromise. This empowers us to not only respond to built-in threats but also proactively detect and prevent emerging ones by defining custom actions for abnormal activity. In short, SentinelOne goes beyond native threat detection, offering customization to tackle even the newest threats.
What needs improvement?
SentinelOne Singularity Complete needs more connectors for integration with more solutions.
It seems there are currently two separate installers for the same device, one in MSI format likely for Windows and another in a potentially custom EXP format. Ideally, these could be combined into a single installer. If that's not feasible, the EXP format could be used as a self-extracting archive that automatically installs the software using the MSI installer. This would eliminate the need for two separate agents and provide a more streamlined installation experience.
SentinelOne endpoint protection enters a reduced functionality mode during certain resource-intensive events. This mode temporarily limits some features and may require a machine restart. In some cases, the agent might even get disabled. To restore full functionality, we need to re-enable the agent and reboot the machine, which can be inconvenient. Ideally, SentinelOne should improve its handling of resource usage to avoid these disruptions.
The technical support response time has room for improvement.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete for three months.
What do I think about the stability of the solution?
The current version of SentinelOne Singularity Complete is stable.
What do I think about the scalability of the solution?
SentinelOne Singularity Complete is highly scalable.
How are customer service and support?
The technical support response time is slow.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Our previous antivirus solution, Symantec Endpoint Security, struggled to keep up with evolving cyber threats. Additionally, integrating it with other security tools proved to be a slow and cumbersome process. Since switching to SentinelOne, we now benefit from seamless integration with various log sources and other security solutions, enabling a more holistic and responsive security posture.
How was the initial setup?
The initial deployment was straightforward and took four months to complete in our large environment but it was not complex to onboard the machines based on our policies.
Four people were required for the deployment.
What's my experience with pricing, setup cost, and licensing?
While the cost of SentinelOne Singularity Complete might seem high at first glance, it's important to consider the value it offers. This helps to average out the cost.
What other advice do I have?
I would rate SentinelOne Singularity Complete nine out of ten.
SentinelOne Singularity Complete offers a comprehensive security solution for cloud workloads and endpoints. While it excels at covering all these areas, it could benefit from more granular control and further enhancements. The ability to extend its protection to cloud security or cloud servers, similar to CSPM tools, would be valuable for taking action within cloud or microservice environments.
Maintenance is required for updates.
SentinelOne is a good strategic security partner.
Before implementing SentinelOne Singularity Complete, it's crucial to understand how it will integrate with your existing systems. This ensures compatibility and avoids any unintended consequences. Make sure to create exclusions for any applications that might conflict with SentinelOne to prevent disruptions.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Cyber Consultant at a consultancy with 11-50 employees
User-friendly interface and policy customization helps with server protection
Pros and Cons
- "The interface of SentinelOne Singularity Complete is user-friendly, and we can quickly find what we need."
- "Overall, I would rate SentinelOne Singularity Complete a nine out of ten because nothing is perfect, but it is close."
- "SentinelOne Singularity Complete is the best EDR in the market, but it will evolve, though I have concerns about using US partners in Europe due to the geopolitical context. It is better to work with European companies."
- "The main issue with SentinelOne Singularity Complete was the process memory used for Linux servers, which generated a lot of tickets and incidents due to the high load of disk consumption and memory."
What is our primary use case?
Our main use case is to protect all the Linux servers. We use it only for servers, not for users.
How has it helped my organization?
SentinelOne Singularity Complete is one of the most mature solutions available. It shows great benefits over time.
We can install filters to analyze every alert, and make some whitelists, blacklists, and exceptions, thus helping reduce alerts.
It can reduce the organization's risk. It gives better control to our limited team resources.
It already has AI capabilities, which is one of their advantages.
What is most valuable?
When you select a policy for a type of server, such as an Active Directory, we can apply a dedicated policy. We can have a dedicated policy for Exchange Server and a dedicated policy for MS SQL, Oracle server, etc.
The interface of SentinelOne Singularity Complete is user-friendly, and we can quickly find what we need.
What needs improvement?
The main issue with SentinelOne Singularity Complete was the process memory used for Linux servers, which generated a lot of tickets and incidents due to the high load of disk consumption and memory. The problem was on all systems, but especially on Linux servers. It might have already been fixed.
SentinelOne Singularity Complete is the best EDR in the market, but it will evolve, though I have concerns about using US partners in Europe due to the geopolitical context. It is better to work with European companies.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete for approximately four years.
What do I think about the stability of the solution?
For stability, I would rate it a nine, as I have experienced only the issue of overload.
How are customer service and support?
The technical support from SentinelOne Singularity Complete is very active and good, with a strong knowledge base available online. The response time of technical support is satisfactory and acceptable.
I would rate their support a nine out of ten based on reactivity and the solutions they provide; this is based on my team's interactions, not mine.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
For Windows servers, we are using Defender. SentinelOne Singularity Complete is only used for Linux servers.
How was the initial setup?
The initial setup was not really complex; we only needed one on-premise management server to deploy to different servers. It took about two months for about 300 servers.
What about the implementation team?
I am the third party assisting in the deployment.
What's my experience with pricing, setup cost, and licensing?
I don't know about the licensing model. It seems easy, but it's not my area of expertise. I don't have information on how it compares to its competitors, but the pricing is per device.
Which other solutions did I evaluate?
We conducted some PoCs between SentinelOne Singularity Complete, Defender, and Carbon Black, and we decided to go with SentinelOne Singularity Complete based on usability.
What other advice do I have?
It is unclear if it has helped reduce our organization's mean time to detect or respond because we have a platform with four people, and we are using SOC as well. Our main activities are done by four people, and we don't have much time to conduct thorough investigations.
I cannot assess SentinelOne Singularity Complete's ability to be innovative because we stayed with it after choosing it and never compared it with others.
Overall, I would rate SentinelOne Singularity Complete a nine out of ten because nothing is perfect, but it is close.
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Last updated: Apr 13, 2025
Flag as inappropriateNetwork & Security Section Head/Digital Transformation at City Edge
Automation has freed up our team, streamlining quick actions and restoration capabilities
Pros and Cons
- "The most valuable features are the quick action and restoration capabilities."
- "The stability is just okay."
What is our primary use case?
First, budget-wise, and for the quick actions I take in automation, certainly AI plays a crucial role.
What is most valuable?
The most valuable features are the quick action and restoration capabilities. I can catch any behavior and restore everything for the last two changes. There's also automation that gives my team free time, preventing them from having to look for every alert. As a result, we don't need their action on some emails.
What needs improvement?
Integration with the firewalls is needed because there is no integration with Forti as a FortiAnalyzer. It is currently integrated with FortiManager and the Forti box, but if I have an analyzer, it doesn’t integrate with them. It would be better if there were direct integration with FortiAnalyzer.
For how long have I used the solution?
I have used the solution for two years.
What do I think about the stability of the solution?
The stability is just okay.
What do I think about the scalability of the solution?
The scalability is good at more than ninety percent.
How are customer service and support?
I would rate the customer service at an eight.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I tried, when busy, CrowdStrike, and as an endpoint, I work with FortiClient.
How was the initial setup?
The setup is complex related to the XDR because there are more logs, and the queries need someone expert for that. I should create a guide.
What about the implementation team?
The deployment has been done in-house by my team.
What was our ROI?
If I compare prices between SentinelOne and another solution, I have already conducted this exercise, and SentinelOne is cheaper by more than sixteen percent.
What's my experience with pricing, setup cost, and licensing?
It’s cheaper than other competitors.
What other advice do I have?
I will recommend it to other clients. The quality is good for us based on our operations. We don't have a huge amount of transactions, but it’s good for us. The solution meets our needs. It’s good. Overall product rating is eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Mar 2, 2025
Flag as inappropriatePrincipal IT Security & Compliance at IBEX Holdings Ltd
It integrates well with other platforms, is user-friendly, and is stable
Pros and Cons
- "Unlike other endpoint solutions like Kaspersky or Trend Micro, SentinelOne's agents are exceptionally lightweight, updating seamlessly without consuming significant network or system resources."
- "When SentinelOne Singularity Complete is used as the central hub for viewing alerts from all integrated security solutions, it is challenging to identify the specific solution that triggered each alert."
What is our primary use case?
As a company with 30,000 employees and 26,000 endpoints worldwide, we have diverse operational needs that SentinelOne Singularity Complete effectively addresses.
SentinelOne Singularity Complete effectively addresses numerous challenges. As a cloud-based SaaS solution, it seamlessly protects office and remote workers, safeguarding laptops and other devices. Its comprehensive coverage extends to cloud infrastructure across multiple operating systems like iOS, Linux, and Windows, including Kubernetes environments. This versatility, coupled with its ability to fulfill various use cases, has made SentinelOne Singularity Complete our trusted security solution for the past four years.
How has it helped my organization?
SentinelOne Singularity Complete integrates with our other security solutions, correlating data from NDR, ADR, SIEM, and XDR tools. All this information is consolidated within SentinelOne, providing a centralized access point.
SentinelOne Singularity Complete has helped us streamline our security operations by consolidating multiple solutions into a single platform. We are currently in the process of acquiring a threat intelligence platform to complete our security stack.
We use Ranger to monitor our network and track connected devices. This is crucial because it helps us quickly identify unauthorized machines connected to our infrastructure, including personal devices. We have additional security measures in place, but Ranger provides an extra layer of protection. It also alerts us if the SentinelOne Singularity Complete agent is missing from any new or existing machines, allowing us to take appropriate action.
SentinelOne Ranger's agentless and hardware-independent nature is crucial for our environment with 26,000 endpoints, as manual management of such a large number would be extremely challenging.
Ranger uses a multi-layered approach to prevent vulnerable devices from being compromised. We employ scanners, network configurations, and a risk scanner to assess devices, endpoints, servers, and cloud infrastructures. Vulnerability reports and timelines for remediation are shared with device owners or custodians. This proactive strategy enables us to address vulnerabilities efficiently and secure our infrastructure.
SentinelOne Singularity Complete has significantly enhanced our security posture. While no system is impenetrable, this solution has brought us closer to achieving a high level of protection, ensuring we maintain at least a 90 percent security level.
Our team is dedicated to refining alerts and eliminating false positives from our solutions. Additionally, a team is responsible for identifying and excluding alerts from the solution. We can manually expedite this process by reviewing these elements and utilizing our security tools. We have been able to reduce the alert volume by 20 percent.
Our 30-member Security Operations Center team has been able to redirect their focus to other tasks due to the time saved after implementing SentinelOne Singularity Complete.
SentinelOne Singularity Complete has helped us improve our mean time to detect threats, which we accomplish using the Vigilance service for detection and response.
SentinelOne Singularity Complete has helped us decrease our organizational risk. We utilize the Security Scorecard to manage our security posture, which has remained steady at 90 percent.
What is most valuable?
Unlike other endpoint solutions like Kaspersky or Trend Micro, SentinelOne's agents are exceptionally lightweight, updating seamlessly without consuming significant network or system resources. This ensures smooth operation and user-friendly control. Moreover, SentinelOne's support team is highly competent, providing timely assistance and going the extra mile to resolve any issues.
What needs improvement?
When SentinelOne Singularity Complete is used as the central hub for viewing alerts from all integrated security solutions, it is challenging to identify the specific solution that triggered each alert.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete for almost four years.
What do I think about the stability of the solution?
SentinelOne Singularity Complete is stable.
How are customer service and support?
The technical support team is quick to respond to and resolve our issues.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Our hybrid environment has raised security concerns for management, leading them to seek an all-in-one solution. After conducting multiple proof-of-concept tests for endpoint security, they determined that Kaspersky was insufficient for their needs due to inadequate functionality and management complexity. As a result, they transitioned to SentinelOne Singularity Complete.
SentinelOne is actively developing new innovations and introducing additional integration platforms.
What other advice do I have?
I would rate SentinelOne Singularity Complete nine out of ten.
SentinelOne Singularity Complete offers comprehensive endpoint security by automatically updating without impacting bandwidth. Unlike traditional signature-based solutions, it employs a behavior-based approach to detect and immediately address malicious or suspicious files and processes.
We are 100 percent confident with SentinelOne as a strategic security partner.
Maintenance has been seamless, and while SentinelOne does notify us in advance of any required downtime, I haven't experienced any interruptions in the past year and a half.
With 30,000 employees and 26,000 endpoints worldwide, our organization has implemented SentinelOne Singularity Complete across all endpoints.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
IT Infrastructure Manager at a training & coaching company with 11-50 employees
Simplifies operations with good UI and centralization
Pros and Cons
- "The web portal has a really good web UI, and all the things are well integrated."
- "Singularity Complete has helped reduce alerts."
- "The basic functionalities should be up and running even during maintenance windows. I understand that it is a software-as-a-service model, but it becomes a problem if I cannot do anything when issues occur during maintenance."
- "The maintenance window can be improved because once it happened that I had multiple laptops, and the maintenance window caused a lot of laptops to get stuck in the portal, blocking access."
How has it helped my organization?
Singularity Complete has helped reduce alerts. We have one place to go to check them, and there is also a reduction in false alerts.
Singularity Complete helped free up our staff for other projects and tasks. I do not have the metrics, but it saves a lot of time compared to what I have used at other companies.
Singularity Complete has helped reduce our mean time to detect. We only have to look at the portal. We can quickly isolate the user or the device, which also stops the virus from spreading. It also reduces our mean time to respond.
What is most valuable?
The web portal has a really good web UI, and all the things are well integrated. It is easy for us to increase the number of users because it is pretty simple.
What needs improvement?
The maintenance window can be improved because once it happened that I had multiple laptops, and the maintenance window caused a lot of laptops to get stuck in the portal, blocking access. This is important to address. The basic functionalities should be up and running even during maintenance windows. I understand that it is a software-as-a-service model, but it becomes a problem if I cannot do anything when issues occur during maintenance.
They could make it simple to have a SIEM integrated with their solution so that we can send logs to their server and then analyze them.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete for almost one year.
What do I think about the stability of the solution?
It is stable.
What do I think about the scalability of the solution?
It is scalable. We have 50 users in our company. We have three administrators. We also have a consultant.
How are customer service and support?
I did not have the opportunity to contact them because I had almost no issues.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We were probably using Webroot. I was not there when they made the decision to switch.
How was the initial setup?
I did not participate in the initial setup, but our new onboarding process for laptops is really straightforward. You just join the domain, and the software gets installed automatically. It is bound to our site, making it very easy.
What was our ROI?
It is difficult to measure ROI, but since we started using it, we have not had any problems related to security. We have not experienced any breaches or issues so far.
It has absolutely helped reduce our organizational risk.
What's my experience with pricing, setup cost, and licensing?
Overall, it was a good experience. It is pretty easy for us to increase the number.
What other advice do I have?
SentinelOne is focused on this solution. This is evident in the GUI. The GUI is well done compared to solutions like Microsoft Defender which I have been trying to get into, but it almost repels me. SentinelOne Singularity Complete is very stable and mature. It is one of the best solutions that one can choose.
I would rate SentinelOne Singularity Complete a nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Mar 18, 2025
Flag as inappropriate
Buyer's Guide
Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros
sharing their opinions.
Updated: September 2025
Product Categories
Endpoint Detection and Response (EDR) Endpoint Protection Platform (EPP) Anti-Malware Tools Extended Detection and Response (XDR)Popular Comparisons
CrowdStrike Falcon
Microsoft Defender for Endpoint
Fortinet FortiEDR
IBM Security QRadar
Microsoft Defender XDR
HP Wolf Security
Cortex XDR by Palo Alto Networks
Fortinet FortiClient
Elastic Security
WatchGuard Firebox
Trellix Endpoint Security Platform
Buyer's Guide
Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the biggest difference between Carbon Black CB Defense, CrowdStrike, and SentinelOne?
- Which is better - SentinelOne or Darktrace?
- What do you recommend to choose when replacing Symantec EDR: SentinelOne or CrowdStirke Falcon?
- Cortex XDR by Palo Alto vs. Sentinel One
- Which solution do you prefer: CrowdStrike Falcon or SentinelOne Singularity Complete?
- Does SentinelOne have a Virtual Patching functionality?
- What is the biggest difference between EPP and EDR products?
- What is the difference between EDR and traditional antivirus?
- What is your recommendation for a 5-star EDR with low resource consumption for a financial services company?
- Which is the best EDR for a logistics company with 500-1000 employees?