SentinelOne Singularity Complete Reviews

Sentinel One protects our endpoints from malware, viruses, trojans, and other cyber attacks. We outsource the management of Sentinel One to another organization. They monitor for infections at any endpoint on the console and work to determine if it's a false positive or an actual attack.

Most of the time, Sentinel One can automatically identify an attack, and it quarantines the process to block the attack. If Sentinel One can't make that determination on its own, the third-party team will further investigate the suspicious traffic. 

SentinelOne is doing its job and protecting our endpoints from various cyberattacks. Since we implemented the solution, we haven't seen any big cyberattacks get through, which has happened before. Any malware and threats we've seen in the past have been resolved by SentinelOne.

I like that SentinelOne doesn't use a lot of system resources or make the system slow. It also performs a full scan quickly—within two hours. It has an easy-to-use end-user GUI. 

We want more communication about features that we request and when they will be added to the product. For example, they can tell us what is being done about it. part, if that can be shared for the new features. 

We've requested that SentinelOne's agent provide more reporting on the endpoint's OS, system host, modem, and serial number. It's not able to determine this now. If the SentinelOne team can provide us with some updates about whether they're working on it, that would be useful.Also, we'd like SentinelOne to upgrade automatically. It doesn't automatically update the agent if some system has an older version of the SentinelOne. It has to be triggered from the console.

We have been using SentinelOne for a year now.

We've had SentinelOne for a year and haven't faced any major issues, so I would say it is reliable.

SentinelOne is scalable, but we need to purchase additional licenses. We have purchased two licenses for 300 endpoints. The license not only applies to the users but also to some of the servers. We have SentinelOne installed on some of our critical servers. It can be scaled to whatever size we want if we purchase enough licenses.

We haven't contacted SentinelOne support directly. When we need help, we reach out to our service provider. SentinelOne deals with threats when it detects them. If not, the service provider will analyze them. We haven't had issues with them so far. Their service is satisfactory and cost-effective.  

This is the first time we have used endpoint security. We were using an antivirus solution before this. I would say Sentinel One is doing the job perfectly.

Setting up SentinelOne is a pretty straightforward process. We have around 300 systems in our environment. Working with our security service provider and four other colleagues, we completed the deployment 10 to 15. It's worth noting that we were handling our daily tasks, so we weren't working on this the entire time. 

After deployment, we have to scan the endpoint for maintenance and upgrade. We also need to regularly update the endpoint agents from the console. Our security service provider primarily handles upgrades to the console itself. 

We have outsourced this whole thing to a security service provider. They provide complete security services for SentinelOne. They worked with our in-house IT team, and I took the lead. Once I learned the process from them, I could deploy it on a few systems, and they did the rest.

SentinelOne isn't cheap, but it's less expensive than CrowdStrike It's priced competitively. There are no add-ons. We have a Singularity Complete license, which includes everything we need for endpoint protection. 

We compared a few endpoint security solutions, including CrowdStrike before introducing SentinelOne to our organization

I rate SentinelOne eight out of 10. It's a good endpoint security tool, and I wouldn't hesitate to recommend it to others. 

We have the solution deployed on-premises and, for the last year, on the cloud as well. We have two systems.

Over the last year of Corona, we provided a lot of laptops to our workers to work at home. But because they're not connected, at first, to our network, they can't connect to the SentinelOne instance on-premises. We wanted something that would protect them when they're on the internet, and not only after they connected to our network. That is why we got the system that is in the cloud, to protect all the company laptops.

We don't have a lot of incidents because ours is a very closed network. We don't connect directly to the internet. So SentinelOne is only a barrier between us and the emails or between us and the files that go into our network. 

Three years ago, one of our employees got an email from someone and opened a file. It was ransomware. It started to infect the disks and I didn't know if it had started to encrypt the network routes. I stopped the computer, but I didn't know if another computer had also been infected. I waited for a company that was giving us support for those kinds of things. They got the disk and they started to check and analyze it. After four hours—and that was very quick, by their standards—I got the first analysis. If I had had SentinelOne the whole thing would have taken between 10 seconds and one minute. And then there was the cost of the SLA that we paid to the support company for that kind of support. A four-hour SLA costs a lot of money; the basic SLA is eight hours.

It has cut the response times to nothing. When we have an incident, we get an email in seconds and I can respond in a second to any threat. Even if it's a false alarm, I get the alarm immediately. For example, when we started to work from home, I accidentally installed a program that writes to the MBR partition in the laptop. It wanted to write to the MBR partition and SentinelOne stopped the file and it saved me from having to install the whole computer again. So it not only protects against threats but against mistakes. It's like having a big brother sitting behind you who protects you.

When you pay for a system like SentinelOne, along with the other systems that we have, we're less dependent on a SOC.

The solution gives me peace of mind when it comes to the reliability of the computers on our system. We can work through the internet, as has been happening recently with half of the company working from home, and I know that I have a system that has my back, that protects me. I know it does because I have tested it.

There isn't a single valuable feature, it's the whole engine and system. It's working online in  real-time and gives us alerts, on-click. We chose SentinelOne because in the millisecond that I clicked on the file, I got a block-alert.

SentinelOne's Static AI and Behavioral AI technologies are among the most effective for protecting against attacks because they analyze not only the file's surface, but the behavior of the file. When I described to my manager what I was going to buy, I described a system that analyzes file behavior. If you open a calculator, calc.exe, you know it's going to open calc.exe, and maybe open service X or Y, but it won't go to the internet, to an IP, and spread something. When you analyze the behavior or reaction of each file that works on your PC, it's something else. It's a different level of EDR.

When there is an incident, the solution's Storyline feature gives you a timeline, the whole story, what it began with, what it opened, et cetera. You have the whole picture in one minute. You don't need someone to analyze the system, to go into the logs. You get the entire picture in the dashboard. The Storyline feature has made our response time very fast because we don't need to rely on outside help. We see the whole picture in front of us, from the beginning to the end. We can see, with the click of a button, if that file ran on more computers, not only one or two, and how it spread to other computers. We can see the whole tree and we can immediately respond. We don't need to wait for analysis.

The UI is very clear. You don't need to look for something or to dig to understand where it is. It's all in front of your eyes.

All they need to do to improve it is for it to grow further. The hackers don't sleep. If the hackers don't sleep, the solution continually needs to be updated. They need to keep ahead of the hackers.

I have been using SentinelOne for two years.

It has never gone down. In two years I haven't had any software or hardware problems.

The scalability is driven by demand. If I need to buy 100 licenses, I can buy 100 licenses. We started with 50 and now we have 200 on-premises and 100 on the cloud.

In terms of expanding our usage, we have a SCADA network. It is our operational network. That network is 100 percent disconnected from the outside world. It's not connected to any network, not to IT and not to the internet. We use a regular antivirus there. We plan on deploying SentinelOne to support that and to remove the old antivirus.

Prior to using Sentinel one we were using McAfee Endpoint Security. We switched because I understood that the systems that are only checking file signatures don't work anymore.

We installed it, in the beginning, on-premises on our computer inside the network, and the installation was done with an integration company. Every three or four months we upgrade because our location is not connected to the internet directly.

The on-premises deployment took something like a week to get it deployed to everyone, but the installation itself was very quick, half a day. Then, to see what should be put in the blacklist or what to exclude took about two weeks. The deployment was done by me and the IT manager.

The cloud version was very simple, no problem. Things were done automatically.

The integrator we used was DnA-IT. They only did the installation for the first implementation.

Now that we are going back to the workplace, I will start to work with them on an hourly basis, and we'll learn about all the features from them. They have good guys who know what I need and what we're going to do. I am one person who supports 400 people, so I need the time to sit with the system and to learn it. The system has a lot of features that we don't use or that we don't understand how to use because we haven't had a lot of time in the past year to research them and sit with the company to teach us. We work with the basic features, things like the blacklist and the USB restrictions. The integrator will show us how to use the more advanced features. I'm starting to think that if we can implement all the features from SentinelOne, I will be able to cut the antivirus that we are paying for.

We also use DnA-IT for support. If necessary, they open a ticket with SentinelOne.

It's cost-effective. The price of 100 licenses that I need in the cloud is cheaper than one Bitcoin I would need to pay in the case of ransomware. It's already paying for itself.

The pricing is very fair for the solution they provide.

Aside from the standard licensing fee, the only other costs are for the hardware, because we use Hyper-V on-premises.

I don't remember the names of the other solutions we tested because it was more than two years ago. At that time, SentinelOne was a very young, small, Israeli company with a new product. We were using another startup on our OT network and I asked them if they knew of a good EDR company and they told me there's a little company like ours, our friends, check them out. We also checked two other companies.

We did a penetration test on some solutions. A company that we work with on pen testing planted malware in Excel files, in a macro. We tested how each of the solutions alerted us on the macro and about what it was doing. SentinelOne alerted us at the moment I clicked on the mouse. When I got the popup alert from SentinelOne, I said, "That's it."

In the other software that we checked, there was a little delay because the software got the file, transferred it to the cloud, waited for the cloud to handle the file, and then got the answer back. It took about half a minute or a minute. But in half a minute or a minute, an attack can destroy half of the network. In fact, one of the others didn't detect it at all.

My advice is check out SentinelOne. See how the system works in a real-time attack. Only when you see how it works in real life, in real time, will you understand the ROI of the system. Simulate an attack, simulate a file, simulate that file changing something, and see how it works. I can say to my manager, "I have McAfee installed on my system, I'm safe," and they'll check the checkbox and move on, without understanding what they are doing. I need to sleep well at home and I can do so by knowing I have a system that has my back. That is what SentinelOne is.

Our primary uses are endpoint protection and application inventory.

The management is done through the SentinelOne web interface.

We work strictly in a Windows environment, using it for both workstations and servers.

At the moment, using SentinelOne brings us peace of mind. It has only highlighted a few things and generally, we've been quite lucky.

In terms of the engines that SentinelOne uses, it has stopped various scripts from running and it's highlighted lateral movement that we weren't expecting. From that perspective, it's been good.

We don't have a lot of incidents but SentinelOne has reduced our response time by a couple of hours, per incident. It does a lot more than what the previous AV products did.

The most valuable features are application auditing and malware detection.

Application inventory and auditing highlight which applications are installed on the endpoints, and whether there are any known vulnerabilities. If the endpoint is not patched then it will be reported. This helps us in terms of validating our patch management methodology.

On the malware protection, it looks like it stops all malware and detects things such as suspicious activity.

The automatic monitoring of OS processes is a good thing to have. However, I'm not totally familiar with the product in-depth. It gives peace of mind in terms of our security and it doesn't seem to have any impact from an end-user perspective.

We use the threat detection feature.

The Deep Visibility feature is something that we have used once or twice. It gives us visibility of all of the activities that took place, to determine what exactly was caused. We don't use this feature very much, purely because we don't have many things to look at. We did find some things that were suspicious, and we were able to resolve them. It highlights certain things that we weren't aware of, and then we were able to go in and understand them further. At that point, we either marked an issue as a false positive, or we denied it permission to continue. In either case, SentinelOne stopped it from proceeding. 

At the moment, my confidence is quite high with respect to the effectiveness of the distributed intelligence at the endpoint. I haven't had reason to determine if it's not working and at the moment, it seems to be doing what it says it does.

With respect to product patches, it should have the ability to patch directly from SentinelOne, rather than be presented with a list and have to do it separately. As it is now, it shows you what products require patching, but you need a separate application to install the patch. If you could initiate an update to the application from SentinelOne, that would be a nice feature. 

I have been using SentinelOne for approximately a year and a half.

Overall, the stability is very good. We have had one version where it had a high CPU usage, but the later versions were better.

We have not run into problems with scalability. It can be very good.

There are three users in the company including the IT department, helpdesk, and operations manager. At the moment, we have implemented 100% of our endpoints. Probably, as we add endpoints over time, our usage will increase slightly.

The technical support is excellent. We have only had to use them two or three times, and the response has been very fast, very detailed, and very explanatory.

Prior to SentinelOne, we used Symantec Endpoint Protection. We switched because SentinelOne offered various features such as Deep Visibility, threat analysis, and application inventory. There were a lot of features that SentinelOne had that Symantec didn't, at the time.

The initial setup is very straightforward. It was pretty much all done for us. Essentially, all we had to do was install the agent on each workstation that was upgraded.

It took about three weeks to deploy, covering all 212 of our endpoints.

We didn't have a specific implementation strategy. We somewhat phased it in, and all of the new devices would be installed with SentinelOne. As we go through the different workstations, we replace what is necessary and upgrade the agent. It was a case of going through our four different offices and because we're quite small, we did it one by one.

There is no maintenance required, post-deployment.

SentinelOne support assisted us with deployment and it was done pretty much right away. They were very good.

Once the tenant was created, they gave us an overview of how to use it. The product is quite straightforward and easy to use and. There are probably elements we could go through further with SentinelOne, but I don't know if it's because I buy through a third party. Maybe, the third party is supposed to do more, but I'm not sure.

The reseller that we purchased SentinelOne from is O2 Mobile, and the experience was fine.

Although there isn't a tangible ROI, the product gives us a lot more detail and insight into the threats, which is valuable. There has been ROI, but it's more time value rather than a hard dollar value.

The price is reasonable in terms of what the product offers. SentinelOne is more affordable than some competing products, and it's not overly expensive for what you're getting.

We looked at Trend Micro before choosing this product. SentinelOne looked easier to use and it was almost a complete product. We didn't go into too much depth, and I cannot compare the detection capabilities, but the cost was a factor.

My advice for anybody who is implementing this product is to fully understand all of the elements that it provides and to be aware of all of the features. For myself, I think it's important to have a deeper and better understanding of all of the functionality that the product offers.

At the moment, we have a lot of trust in SentinelOne. If it continues to stop future threats then I will continue to rate it highly, or even perfect. At this time, I wouldn't say it's perfect because I can't say that I haven't been compromised because of it.

I would rate this solution a nine out of ten.

We have the Core version for almost all our endpoints. We will be installing it completely for the US, who wants more products, and India, because we have experienced that India is more exposed to threats.  

We are currently updating our agents from 4.0.5 to 4.2.

Every day, we check threats that come from outside.

The solution is powerful because we just have to update the agent by using the console, which is simple to do. I just select the endpoints and click "Update" on the console. That is it, because it is very easy to use. 

Regarding threats, it is very powerful. It highlights them immediately on the console, then you can decide if it's a false positive or an actually real threat. 

SentinelOne's distributed intelligence at the endpoint is very powerful and works well.

I would like to improve the reports because they are not so customizable and we would like more info from them.

I cannot download all the hosts that we have on our tenant, because there is limit of 10,000. I have asked our provider to work with SentinelOne to fix this. For example, my complaint is that if I want to download an Excel file or CSV, I have a limit of 10,000 rows. However, in our tenant environment, we can download more than 16,000 rows. 

We started deploying it in 2018.

It has been a stable product.

The process is completely automatic when an endpoint connects to the console. At that point, the agent will be updated. However, when we install a new machine, we have to install it manually, even the agent.

We have never had an issue with scalability.

We have 15,447 endpoints in total with the Core version. 99.99 percent of the endpoint usage is Windows. We also use it with a few Macs and Linux. It is really powerful from this point of view.

Our SOC has logged some tickets with the technical support. They have never complained about SentinelOne's support.

Previously, we had the McAfee, which was complicated to managed. 

We heard about this SentinelOne and its new antivirus, so we contacted our consultant who organized a PoC. After the PoC, we decided to migrate the solution.

I have been satisfied with the new antivirus.

For deploying, it takes a long time. Our process was first to install SentinelOne with McAfee, having two antiviruses in the same host. Then, we started to uninstall McAfee. That process took about six to nine months because we had a lot of endpoints to deploy.

The antivirus migration was normal. The only thing that was tricky was the removal of the McAfee tool because sometimes it worked incorrectly and didn't uninstall the antivirus.

The installation was done by our SOC and me. Our SOC is comprised of five to six people. The SOC personnel are the same people who currently maintain the solution.

I think the solution has reduced our incident response time and mean time to repair.

SentinelOne is easier to use than McAfee was. With the SentinelOne console, you have everything you need, like the dashboard and configuration, which makes it easier to manage than McAfee. However, I have more experience with McAfee.

We have a SOC managing our environment. They are very happy with features that SentinelOne provides.

We will be upgrading to complete version next year, including Deep Visibility. This includes 2,000 endpoints for the USA and India. However, we currently haven't enabled this feature.

We have never needed the solution’s one-click, automatic remediation and rollback for restoring an endpoint, but the feature is very powerful.

Biggest lesson learnt from using SentinelOne: Never trust anyone.

I would rate this solution as a 10 out of 10.

SentinelOne monitors our infrastructure 24/7.

We are a very small team. Recently, we had to add an extra person; we had two guys, but now there are three. We have about 2000 endpoints and servers, which is a lot if you have to do it on your own. The SOC monitoring that we now have from SentinelOne gives us more time to focus on other important stuff and go to bed without any worries, since SentinelOne is watching over us.

They also guarantee an insurance. For example, if your company has been infected by ransomware, then they provided one million dollars or something as an assurance. For us, if SentinelOne has the balls to say, "Okay, if endpoints are infected, we will give you $2,000 per endpoint that is infected." That's a way for them to convey that we can trust their company.

It is easy to manage and install. It has a very nice graphical interface that is very intuitive when end users are using it. You don't have to follow or read a book about 600 pages to have knowledge on how to use it. When SentinelOne is up and running, you can easily find your way. 

They do updates all the time. It's very nice to see how they constantly evolve. New features are being added each time that I take a look at the interface, which is really nice. It's not something you have to do for yourself all the time. You just go to the interface of the management portal, and you will see each time a new feature has been deployed. For example, when we started with SentinelOne, we had some applications that needed to be whitelisted, where we had to go through a whole bunch of licensing rules provided by the distributor. Now, we have the possibility to select from a catalog which rules we want to whitelist, since we are using that application. It is such an easy step for us, which is nice. It makes our life comfortable when managing all our endpoints and very complex infrastructure.

The Behavioral AI recognizes novel and fileless attacks and responds in real-time. The nice thing about SentinelOne is that it is behavior-based, so the AI is smart enough to detect when something is moving. For example, an external person was doing some administrative tasks for us, and he used a tool that is also used by attackers. He called me, and says, "I'm blocked. I think SentinelOne is seeing my tool as a virus or malware." Then, I looked at SentinelOne, and it says this guy is using hacker tools. That is what I found very nice. SentinelOne can immediately identify the tools used by hackers. In this case, it was immediately blocked, even though it was not a malicious application, Trojan, or something like that. Because the solution knows hacker tools and behaviors, it says, "Okay, this cannot work on this environment. This will be blocked." That's something that I really like.

It is a good use as an EDR solution because it immediately reacts on stuff. It also quarantines endpoints.

We are now using an external monitoring tool to monitor the services of SentinelOne, because apparently they don't have any solution for that. When the SentinelOne agent is down, you can go to the interface and see a mark on SentinelOne that something is not correct or the server needs to be rebooted, but you will not get an alert. You will not be warned that there is an issue with the SentinelOne agent. I have found that a little bit disturbing, because then we need to use a third-party monitoring tool to make sure that all services of SentinelOne are up and running. 

We installed the agent a little more than a year ago.

One of the nicest things about SentinelOne is their support. I never met a company which gives such fast, great support. It's extremely fast. When I create a case with some questions, they answer immediately. They provide us with information on how to do stuff, and if we have issues, then they give us an update immediately. Normally, when I open a case with other products it takes days, but with SentinelOne, I get a response in about half an hour. Most of the time, it's cleared in about two hours time.

If we have a remaining question that has nothing to do with the things that the case was created for, SentinelOne will still answer. Some companies need you to create a new case for this, but SentinelOne just says, "Okay, we will help you also with this and provide you with more info," which is magnificent.

The support is very handy because, when you have an issue, it's like working with an extra colleague. If you ask a question to recall it, SentinelOne support can solve it in about two hours, which is nice because then you can go to the next thing. You don't have to focus anymore on the problem. With other vendors, it takes some days to solve it, then it hangs.

Our previous antivirus server was on-premise. When we did the updates, then all the clients needed to be connected to that on-premise server. However, with COVID-19 happening, we have been very happy that SentinelOne is in the cloud because even when an endpoint leaves the company, they are still protected by SentinelOne and receiving updates. SentinelOne gives more time back to a small team as well as always being accessible, even if you're not at the company.

The initial setup was easy. We did it step-by-step, so we didn't deploy it to all our endpoints in one shot. We deployed 300 or 400 endpoints per week. This was in case there were any issues, then we could act immediately so we wouldn't have an impact on the whole business. However, we didn't experience any issues. We were up and running in about three or four days and had migrated 2000 clients to SentinelOne.

For our implementation strategy, we deployed one day, then another day we would watch. Then, we deployed another day and would watch the next. So, in about two weeks, we were up and running. We decided to do it that way because we have had issues with mass rollouts in the past. Now, we are very careful when rolling out stuff to the whole company. Perhaps, it might have not been a problem to roll it out in one day, but we did it very slowly to have a kind of a control outcome.

The solution gives us more time. We can divide our productivity and time to other products. We don't have to look at SentinelOne a lot.

The pricing level for this service and application was very interesting for us. I don't know exactly what the price was, but apparently it was a big surprise that the SOC was also included in our pricing model.

The Deep Visibility feature practically double the price. Because we have a SOC, we rely on them to have insights about all the threats, so we are not monitoring our environment ourselves. It is mostly done by the SentinelOne SOC. That is the reason why we decided not to go for this feature.

We believe the traditional antivirus protection that is using signature-based validation is outdated. We had a look at different solutions, like CrowdStrike and SentinelOne. These solutions are more AI-based that go on behavior. When we spoke to SentinelOne, they also offered a SOC as service. This means that SentinelOne is monitoring all our endpoints with us, and we don't have to do anything, because they do all the hard work. They validate the detections. So, if SentinelOne detects something on the endpoint, the SOC of SentinelOne will validate and see if it is a false positive or true positive. In case of a true positive, it will then see if there are extra steps needed. If that is the case, then SentinelOne contacts us through email asking us to do some final steps or provide them with the info.

SentinelOne was lucky because we first looked at CrowdStrike. However, they were pushing us all the time to get the deal. My manager got furious, and said, "Okay, let's stop everything. We told you we cannot decide before the end of October. That's our company rule." The pressure was too high from CrowdStrike. Therefore, we decided to have another look at SentinelOne. The first time when we saw SentinelOne, it was never mentioned in any Magic Quadrant, so it was hard for us to have a view on what the public experience was with SentinelOne. We were a little bit scared in just believing the vendor and their marketing people that it was a great, innovative product which uses smart technology and behavioral-based analysis. 

SentinelOne will not scan my hard disk. SentinelOne does not care about the hard disk. It only reacts when you execute something. So, I know when I connect my hard disk to my desktop with my tools on it, I don't have to be scared. SentinelOne will not respond, as long as I don't use the tools. A lot of other antivirus vendors, they will immediately start scanning the USB drive or external drive, and they quarantine all the tools. I don't like that. I know it seems a bit strange that it doesn't scan the USB drive. However, I don't care, as long as it protects the USB drive as soon as someone is executing or installing something. This is more convenient for me than something that scans all the time.

We have a partially view of the Storyline technology because we don't have the full license of SentinelOne. The Storyline technology's ability to auto-correlate attack events and map them to MITRE ATT&CK tactics and techniques is very clear and nicely presented. They make it very clear on what phase it is in the attack. If it's a lateral movement, they make it very easy. I'm very happy with that.

I would rate this solution as a 10 out of 10.

It's for our regular laptop users, desktops, and our production servers. For the production servers we use it to make sure there is nothing coming from the outside. And for our regular users it works everywhere, so they can do everything with a laptop.

It's a cloud solution. We don't have a large business. We have a lot of services but we don't have many users. Everything is in the cloud and we have about 20 clients or 20 agents for normal users in the Netherlands and we have between 100 and 200 users in the Philippines. The rest is for server safety.

There is a lot of remote work at the moment and SentinelOne provides the safety I want. Everything goes outside now and the only control I have is Sentinel One, but it gives me enough control.

We have developers who do a lot on their laptops and sometimes they create problems. When that happens, SentinelOne is pretty fast with them. We have configured it to disconnect them from the network so we don't end up with more problems. Now, those developers know they have to contact our IT department if they want to fix it. The great thing there is that we know that when something happens on a laptop it is isolated.

We see what is mitigated and what is not. And when SentinelOne is in doubt, it asks the managers what to do with what it has found. When you have arranged that once, it will take care of it the next time. That's great.

Overall, it's effectiveness is 100 percent because we don't see many outbreaks anymore. Nobody's complaining about using their endpoints.

I've only done a rollback once and it worked flawlessly at that moment, but that was nine months or a year ago. It saved us a lot of time because the problem didn't spread over the network. It affected one machine because it was disconnected from the network. We then rolled it back and it was up and running again. If the rollback hadn't worked well, it would have meant a couple of days of additional work. If the outbreak had reached my network I would have had to clean everything. I was able to do everything from the portal. The connection with the manager was still there. We just had to click on two buttons and everything went.

Overall, it has helped to reduce our response time by about 20 percent. 

The most valuable feature is the information it finds and what it is doing with that information. I can check if the info it sends is true. It's very clear. 

And if you configure it in the right way, it does a lot automatically. And that's what you want. You don't have to use it every day. I only log in to the SentinelOne portal once a day, just to check if there are alarms or the like and that's it. The rest is flawless.

Now that we've been using it for six months, SentinelOne knows what we want to have, what it has to do and it works that way. So it's very simple to use and that's pretty nice for the team. 

The best part of the agent is that users can't remove or disable it, so endpoints will be safe. I can control it from the portal. I can see when it's updated and I can push updates from the portal. The greatness of SentinelOne is that our end-users don't see anything to do with the agents. Some of them don't even know it's on their laptops. And that's a good thing.

It's good on Linux, and Windows is pretty good except that the Windows agents sometimes ask for a lot of resources on the endpoints. That could be in the fine-tuning of the scanning. In Mac, they are complaining about the same problems, that it's using a lot of resources, but that could also be that we have to configure what it is scanning and what it should not scan. Currently it scans everything.

I have been working in my current company since April 1, so I have been using it here for six months. But I used it in another company in Eindhoven for a couple of years. That company was also a provider of SentinelOne and that's why I know how it works and what it does.

It has great stability. We haven't experienced any downtime or any kinds of bugs. If the users use the endpoints normally, nothing happens. We have some users who think they have to bypass SentinelOne, and then we sometimes have problems with those endpoints. But that's because of user action. It has nothing to do with SentinelOne.

We started with about 50 endpoints and now we have over 300. We haven't had a problem with it.

There will be more servers to watch over so our usage will be increasing. When the business grows, our IT will grow with it, and SentinelOne has to grow along with us.

I have used their technical support and my experience with them has been very good. They are fast. They know what they're talking about. Those are two great things for support to have.

Before SentinelOne the company was using F-Secure. It started as an antivirus and then F-Secure also made a cloud-based endpoint protection solution from it, with a managed base and automation and checking for updates. It works with a database, which is not the way SentinelOne works. F-Secure is much cheaper.

They switched to SentinelOne because it is more for malware. F-Secure doesn't do anything in malware, just virus scanning.

The initial setup of SentinelOne is straightforward. It's fairly logical. Everything works in the way you think it has to work. It's pretty simple to work with. It's just a matter of installing the agent and go. It takes about two minutes. There is an agent client with token codes. You just install the token code in it and reboot your endpoint and it's working.

We have it installed on 305 endpoints. This is a work in progress. We didn't have all of those endpoints when SentinelOne came in. We've rolled out new endpoints. But, it doesn't take long for a machine to get an agent and to make a connection and to get updates. Once you are in the portal, you can update from there. And then, you only have to check if it's already there and if the agent is working.

If we push an update, within an hour everything is there. If they are all online it will go pretty fast.

It's working simply. You don't have to learn a lot to know what it does and how to work with it, and that saves time. And it gives you a solid solution for security.

You have to look at the kinds of problems you can end up with and the fact that you want security against them, and then SentinelOne is not expensive. That's the way I would sell it. 

If you avoid having one outbreak a year, just one, then SentinelOne is worth the money. When you have that one outbreak and it spreads across your complete network, it means days of work are gone. For a complete environment like ours, with 300-plus users, it would be very expensive.

I've also used Sophos with customers. If you want to have a safe environment, then you have to work with tools like SentinelOne. F-Secure and Sophos work with databases for virus knowledge and that creates a delay.

Also, SentinelOne has the rollback which works flawlessly, whereas F-Secure and Sophos don't have that.

My advice is start working with it. You're going to love it.

The biggest lesson I've learned from using SentinelOne is that security tools can be different. SentinelOne has taught me that you can do security in different ways. If it sounds expensive, I would not always say that it is expensive.

We are a very small business. We don't have somebody who specializes in security. Our IT is just three people who do everything. That makes it difficult to say we are going to focus on SentinelOne and try to use it completely. We put it into use for malware security and that's it. We only have a WatchGuard firewall on the front-end and that's it in terms of security on SentinelOne.

They are improving the management tools. They are getting better. The portal is functioning with more logic. Those are good improvements. It's user-friendly enough. People with low IT knowledge can work with it.

It's a very good program. It does what it says it does, and I'm very glad that I have it.

We are a managed services provider. We are not just using it for ourselves, but we are also supporting it and deploying it for a number of our customers.

The primary use case is that it's endpoint protection software and we use it to protect our end customers' endpoints, whether they are Apple or computers, laptops or servers.

SentinelOne is software as a service, but it has an agent that has to be installed on a computer or a server onsite.

Its Behavioral AI recognizes novel and fileless attacks and responds in real-time. What that means is that we have better confidence. For example, a number of users use USB drives which they bring from home. While we have a lot of customers where we have actually restricted the use of external USB drives, there are certain customers where we cannot restrict that use because of the way they run their businesses. The result, for them, is that there is a constant fear that at any given point in time, an infected USB from someone's home computer can actually infect the whole lot of computers within the corporate environment. But having SentinelOne means we have a certain level of peace of mind, so that even if something completely new tries to enter the network or the system via a USB drive, for example, it doesn't matter. The system will detect it and kill it. There is a level of protection which we never felt before using SentinelOne.

As a managed service provider, the most important thing is that the more secure a customer's network is, the less time our team will spend trying to fix issues. One of our customers is a prestigious hotel in London, and they were struggling, literally battling, with a virus that had infected their network of about 90 computers. Whatever we could have done, and all their previous IT company could have done, could not have eliminated that virus. Even if you completely formatted a computer, it kept coming back. The only way we were able to clean that whole network up and stabilize the environment was when we brought in SentinelOne. Before that it was Symantec, and Symantec couldn't do anything to control that infection. But SentinelOne brought in such stability, that since we introduced it into that network about one-and-a-half years back, not a single report has come in of any infection there.

Also, when we have to report on attacks to a customer, the customer always asks us for the root cause analysis. It is very important for us to understand the behavior and to find out where that infection came from and what it initially did so that we can look at that behavior and try to prevent it from happening again elsewhere. SentinelOne helps us in doing the root cause analysis and reporting back to our customers. It gives us insight into where a problem started and how it propagated into the system. Tracking the history of the virus' actions gives that insight, which is very important. Otherwise, there is no way to create a root cause analysis report for a security breach.

The automatic remediation and rollback in Protect mode, without human intervention, is already enabled on almost all of our computers. That helps us minimize the number of technicians we need to work on things. Automatic remediation is a policy which we enable when we deploy the system, which means that a lot of things happen automatically. And from our side, we only keep an eye on the dashboard. That means that we need fewer technicians to support the system. It provides support itself through that functionality.

Overall, SentinelOne has reduced our incident response time, absolutely. In our case, it's particularly true because we have remote teams working from remote offices. With SentinelOne, we don't need to send someone onsite because we can see a lot of things from a single pane of glass on the dashboard. And if there is a problem, we can do all the troubleshooting, and working on that incident, remotely. So it has definitely improved the way we have provided cybersecurity to our customers.

And it has reduced our mean time to repair by more than 60 percent. Previously, when we were using other solutions, we had to do a lot more work.

The solution's automation has also increased analyst productivity. The effect is significant in the sense that the amount of time our analysts used to spend on security has been reduced. These days, they only have a look at the dashboard which is open on one of the screens in our office. They just keep an eye on that and as long as it shows everything is green, they don't even bother drilling down and looking at other stuff. It's only when they see an alarm coming up that they jump in and look at it. That was never the case before. Before, they were remotely accessing computers and working on them and trying to fix issues. That has become a thing of the past since we started using SentinelOne.

It's artificial intelligence-based software. The best part is the fact that it doesn't necessarily rely on definitions, like other software. For example, Symantec, AVG, Avast, and Kaspersky, traditional antivirus software, rely on virus definitions. So every now and then, if there is a virus infection, they will compile a new set of virus definitions and push it to the local agent so it will know that this virus exists and that it should keep an eye out for it. 

These traditional software solutions have small levels of functionality that may help them to identify if there are any dodgy activities within the computer. They would then try to mitigate those, but only to a very limited extent. With SentinelOne, that's not the case because it basically has its own intelligence to identify any dodgy behavior within the system. As soon as SentinelOne detects anything which is not right, it will start tracing the changes being made. And because it's centrally controlled, it will give the controller team an early indication that there is something wrong and that we need to fix it. Not only that, but it will block it and keep track of it for mitigation.

We also use the solution’s ActiveEDR technology. Because it's an agent-based system, it is monitoring internally. It's not that the central system is doing it. It's keeping an eye on the functioning of the endpoint itself. If the endpoint is functioning properly, it will sit behind the scenes and not do anything at all. As soon as it sees any malicious activity within the system, that's where it's triggered. The artificial intelligence part of the agent is able to differentiate what activity can be considered malicious and what activity can be considered normal. And that's big. It's something that cannot happen without that kind of intelligence in place.

It has a one-click button that we can use to reverse all those dodgy changes made by a virus program and bring the system quickly back to what it was. That's one of the most important features.

Another valuable feature is that if a machine is infected, one that may infect other computers within the network, we have the capability of segregating that machine so that it remains connected to the internet but is cut off from the other machines in the network. That helps prevent spreading of the infection. That's a very unique feature, one I have not seen in the last 10 to 15 years from any other antivirus program. That's amazing.

We have used it on Mac and we have used it on Windows. We have seen a good level of protection, because since installing it for those of our customers who have taken it, not a single report of a breach has come out. I feel very strongly that the system is quite capable.

One of the areas which would benefit from being improved is the policies. There are still software programs where we need to manually program in the policies to tell the system, "This program is legitimate." Some level of AI-based automation in creating those policies would go a long way in improving the amount of time it takes to deploy the system. 

There is also a bit of room for improvement in the way SentinelOne is deployed. Right now we push it, but a lot of the time the pushing doesn't work. So we have to log in to each computer and do a manual install. That area would help in making the product stronger.

We have been using SentinelOne for about two-and-a-half years.

It's very stable. I have not seen it crash, nor have I seen any other problems.

I have not used their technical support. My engineers have used it, and their feedback about the support has been good so far. I don't think they have had complaints.

The initial setup is straightforward. But when deploying it to 100 or 200 or 300 machines, pushing it is easier than logging on to each machine and doing it manually. But sometimes, pushing doesn't work and doing it manually takes a little bit more time. But that's a one-off exercise.

We don't have much of an implementation strategy for the solution. As an MSP, there are a lot more things going on, day-to-day, than just dealing with SentinelOne. But for deployment, I get my boys to log on to a customer's systems, do the push, and then whatever does not work through push deployment, they install manually.

For maintenance of SentinelOne, we only have two engineers who look at it on a day-to-day basis. We don't need any more than that. In terms of deployment, it depends on the size of the deployment. If it's a 100-user deployment, we would have a team of three or four who would do it over a few days' time.

The return for us is that it has reduced the manpower we require.

Pricing is a bit of a pain point. That's where we have not been able to convince all of our customers to use SentinelOne. The pricing is still on the higher side. It's almost double the price, if not more, of a normal antivirus, such as NOD32, Kaspersky, or Symantec.

I understand that these are not similar products, but for a customer who has a certain amount of money to pay for an antivirus, they can only spend so much. That's where it becomes hard to convince them to pay double the price for endpoint security.

That is the only feature of this product which causes us to step back and not be able to deploy it for absolutely every customer we have. We would love to, but obviously if the customer doesn't have the budget to pay for it, there is not much we can do.

If they can somehow bring the prices down, that would massively help in bringing this to a lot more customers.

We looked into other solutions, but not as deeply as we went into SentinelOne. Because we liked SentinelOne so much, we just stopped there. And we already had experience with the likes of Malwarebytes, Symantec, and AVG. This was a far superior product.

I haven't had a chance to take a deeper dive into Carbon Black, but that is something I have been told is comparable to SentinelOne.

One of the things which attracted me to SentinelOne was the fact that it is the only product which is tied to the SonicWall platform, and we use the SonicWall platform a lot. A lot of our customers have SonicWall firewalls. Having a combination of SonicWall and SentinelOne provides an end-to-end security arrangement with products that are integrated with each other.

Go for it. It's an absolutely brilliant product. But understand what it is before starting to deploy. Unless you understand the product, you will not know how to use it to the best of its best capabilities.

The solution's Behavioral AI works with and without a network connection, providing the internal protection. But having that network connection is important because it will then be able to report it to the central dashboard. While it will do what it has to do locally, it's helpful when the agent reports back to the central dashboard so that the IT Admin can take action. It is important that the systems remain connected to the internet.

But overall, the Behavioral AI is amazing. It's something very new in the market. The way SentinelOne works and the way it is set up, I haven't been more impressed by any other product. It is a step forward in security.

We have 400 to 500 endpoints using SentinelOne at the moment, and all those customers are happy. We are happy that they're using it, because it helps us secure their network better than what they had before. We have it on laptops which have been given to home users, on computers in offices, on servers in computer rooms. They all have SentinelOne and we are happy with the level of protection that it offers.

Moving forward, with every customer whose antivirus is coming up for renewal in our portfolio, we are recommending getting rid of Symantec and other products and taking on SentinelOne.

It's very effective and it's improving by the day. In the last two-and-a half years I have seen that the way it detects and the way it mitigates threats are constantly improving. It's a very effective solution.

SentinelOne Singularity Complete has improved our security stack. You don't have to worry about monitoring 24/7. 

The tool's most valuable feature is Vigilance Respond Pro monitoring. You don't have to have a dedicated SOC and worry about staffing. 

I don't like switching the way you switch from legacy to XDR.

I have been using SentinelOne Singularity Complete since March 2023. 

SentinelOne Singularity Complete is stable. 

The product is scalable. 

A reseller consultant helped us with the tool's implementation. Our experience was good. 

SentinelOne Singularity Complete has freed up my staff's time and helped them focus on other tasks. 

The product's interoperability with other SentinelOne solutions and third-party tools is good. 

The solution has reduced our organizational risk. We have faster responses to incidents. 

SentinelOne Singularity Complete is a mature and solid product. I like the standard EDR capabilities. 

I rate it a nine out of ten.