SentinelOne Singularity Complete Reviews

SentinelOne has completely replaced the antivirus solution that we used before. It's also an EDR solution. In the case of any suspicious malware, we can control the system with this agent.

Previously, we had some processes related to incident response which required more steps.  We needed to upload to VirusTotal, Sandbox, et cetera. Now, this process is shortened because all of the information we need is already in SentinelOne. We can briefly analyze and even respond from one management console. If someone has SOC, using the API, they can control everything. It's very cool. I think this is the future.

Behavioral AI does recognize novel and fileless attacks but we hope not to experience an attack like this. These days, there is no life without the internet. I don't think it is really a plausible scenario because we all use Microsoft services, 365, etc. If you don't have an internet connection, then you don't have anything. The guys from SentinelOne showed me an example where they can actually work without an internet connection and it worked just fine, like a common antivirus solution. But it wasn't important to us that it can do this because we know that in the real world, there are not many scenarios that wouldn't involve the internet.

We do use the storyline feature because it's SentinelOne's main feature that they are proud of. We don't see a lot of viruses in our environment and from what we have seen, it doesn't really help because a user will download a virus, the antivirus blocks it, and that's the end of the story. So there isn't much of a storyline behind it. But the SentinelOne guys showed us how it works and in the case of a difficult attack, it should work fine. 

We work with the storyline feature when we are suspicious of something and we need to check. But we didn't have an exact case where something highly critical was in our systems.

I find all of the features to be valuable. It's a cool and very informative tool. The management console analyzes, stops, and prevents the spread of malware. You only need to work with the console. There is nothing to do on the agent side. The user does not need to be involved in this process. 

The level of information it provides is enormous. You have all you need in case something happens. If we need to have an incident response with third-party external companies, we can give them the data that they can analyze further. The information about what's happened on the computer is absolutely amazing.

It's very comprehensive. It offers a lot of data but you can see only what you need or you can go further. If you need to investigate a little further, you can do that in any process. It's a SOC-analyst style.

If you are not an analyst, you can still do a lot with it. It's very convenient. We have workers who are not in the office, who are working from home. This is a good solution for them because it's Cloud-based. I can control everything from one console and even for users who are not in the office. We work with lots of vendors and not many of them have this solution. Traditional antivirus software doesn't have these features.

In terms of its impact on the endpoint, when you have a house computer working on antivirus, it doesn't make a huge impact on the system resources and even more, it can be installed parallel to antivirus. We have had scenarios where we have traditional antivirus and SentinelOne installed in parallel. It's two antiviruses on the computer and users won't know about it. They know about it when they start to download bad stuff and the antivirus starts yelling. 

According to what I see in the console, I do think that SentinelOne covers a wide variety of operating systems. It's even more than it needs to. In the traditional way, it's like antivirus but it does even more because it's also like an EDR solution. It covers all processes, what it does, where it goes, et cetera. There's a lot of stuff under the hood. I'm surprised it doesn't use a lot of resources because I thought it would be more aggressive for CPU memory.

In terms of improvement, they should work on agents' updates because that is not a strong part. It's not their strong point. It's not straightforward to upgrade agents. I send them questions about it. They already worked on this and they promised that in the next release that they will show me their solution for it. But this year I have had complaints about agents' updates, that they aren't clear.

They have a lot of updates on their management console. They have a lot of features. There is not enough time to read about it all. It's really a lot. The features that they apply are great and I would love to use them, but it's lots of things to know. And if you're not only working with antivirus on SentinelOne like me, there isn't much time to learn about it. 

I have been using SentinelOne for almost a year. 

I'm very excited to work with SentinelOne but they have a problem with agent updates. We lose connectivity when we update agents. When users are working from home it's not good to lose connection because you don't have options to connect or have meetings. 

I think they started working very closely on this problem. This solution will be better but so far, that's been my experience. 

We use the Cloud. It's completely scalable. They use a management console for lots of companies. It's tremendously scalable, it can be used with hundreds of thousands of computers.

Right now, we protect only 100 endpoints, it's for highly critical systems. Before the COVID crisis, we had plans to increase usage. We need to renew at the end of the year. We will for sure renew for 100 endpoints. I'm not sure about expanding though.

We don't need to do anything related to updating service backend sites. For agents, we only need to click "select all" and "run update," that's it. It only requires one person for maintenance, to see events and analyst information, technology, etc. It has access for three people who are security engineers and our CSO.

They have excellent support. There are security vendors who take up to 48 hours to just answer back a "Hello," without an explanation to my problem. The SentinelOne guys answer within the hour with a solution to any concerns expressed in an email. Support is very awesome. They also connect me with engineers who can help me. I can share a screen with them to show them the exact problem. This is important because a lot of vendors don't do this.

The initial setup is very easy and straightforward. We don't use the on-premise solution, we are Cloud-based. It's important because we have a lot of resources on our side who work fast. We can deploy in minutes. The initial deployment took one hour. 

We did the deployment ourselves. It's really easy. We have a Wiki page where end-users can see what they can install themselves. They just need to click on it, type, tell us where they want us to put a computer, and that's it. The users can do it themselves.

We installed it for a pilot group of 10 users and then deployed for others.

Our analysts spend less time doing his job because he has everything he needs in one management console. He can programmatically do everything and only react to real incidents. It reduced the costs of analysts' work. Their work costs a lot of time and money and having SentinelOne enables us to save on these costs. 

There are actually three versions of this product: the user version, professional, and professional plus. If analysts need to see something, like what the users are doing, what processes are running, we can go to the console and see. The traditional version only shows when incidents happen. I think the next time we renew, we'd go with the lesser version because it shows enough information. 

There aren't additional costs to the standard licensing.

We have the option to choose different vendors. We briefly looked at other vendors. We looked at Carbon Black, Kaspersky, and ESET EDR.

We evaluated them one year ago. These vendors are comparable to traditional antivirus while SentinelOne is and all in one solution. It has everything you need. SOC analysts is straightforward and they gave us a straightforward proposal. 

It takes the same amount of time for SentinelOne to catch malware as it does other solutions. There's not much of a difference. In our case, we don't see a lot of viruses because we have a lot of levels of security that prevent them. 

We can see the difference between traditional antivirus and what we can do with SentinelOne. Even if the price is a little bit more, we can see what we can do with it. We can use EDR, stop network activity, do whatever we need on the endpoint, from the security engineer side. We can see that it's at a completely different level. We have a traditional antivirus but we're going to rid of them at the end of the licensing period.

My advice would be to go with the Cloud version, not on-prem. 

I would rate SentinelOne a ten out of ten. It's a ten out of ten in terms of the EDR. It's also a 10 of 10 for the product and company. The solution does a lot. 

My primary use case for this solution to protect my clients and sites that I support from malware and ransom ware. It is installed on the end point clients and servers as a client and then it clean and protects after a reboot. As a managed service provider we found it instrumental at preventing viruses and especially preventing ransom ware. We went from 30% ransom ware infections to zero. The software stops the infection before it executes.

It has saved hundreds of hours fixing destroy and encrypted computers. In the old days even if you restored the files Windows was still damaged. This stops the software from executing.

The valuable feature of this solution is the ability for it to stop a virus or ransom ware. It uses a SOC for active monitoring and AI software that watches where you go and what gets executed. If it sees danger I get alerted and the machine is frozen. If the SOC believes it to be a virus the machines network card is frozen or the machine is automatically returned to the state before the file was executed and the file is erased. If it's safe the machine is auto unfrozen. I can go in look at the logs, verify if it's a false positive and unfreeze the machine. If I believe it is a virus I can return the machine to before the file got executed. Erasing any damage. If I believe it's a false positive I can mark it benign and re execute the file. So far it's stopped four ransomware cases from getting through, so it's doing a good job.

I think communication and documentation could be improved in the solution. When you get a virus alert, there's not a lot of upfront training to let you know how to resolve a situation when it occurs. The first couple of times you're flailing a little bit until you get it sorted. I would probably also suggest that the interface could use a little bit of help. It's a little hunt and peck. 

For additional features, I'd like to see the ability to control it on a cell phone. It would be great if I could have it in the palm of my hand so that if I get a false positive, I can just look at the dashboard on my phone.

I've been using this solution for seven months. 

The solution seems super stable, although you do get some false positives, especially when it encounters a new piece of software. But the SOC is able to quickly whitelist and adopt to the new software fairly quickly.

The solution is scalable. I'm able to put it both in a script and I can see it being able to be deployed in a large environment as well as a small one. I have 285 end points and the roles are anywhere from financial traders to insurance agents. All employees have access to the solution, it's actually turned into my main route for antivirus end protection and the product doesn't require any maintenance except for when it finds a virus.

I've used technical support a few times and it's very good. They're very responsive and they alert you very quickly when there's an issue. They lean heavier on protection, which can sometimes be a problem. A lot of times, by the time I'm logged in to look at it, they've already figured out that it's a false positive and they mark it and whitelist it and put the machine back online. All that can take less than a couple of seconds.

I've previously used several antivirus programs and then I got to the point where I wanted to use an artificial intelligence program. Originally I used CrowdStrike, which I also liked, but the main reason I switched to SentinelOne is because it's incorporated as part of my MSP solution suite.

The initial setup is very straightforward. When you implement, it goes through and does the initial scan and it makes the configuration changes that it needs. I haven't had a problem with any deployment at all and it's a very quick process. 

It's deployed in house

The cost of the solution varies and depends on your relationship with the supplier. My cost is USD $6 per end point. I don't have additional costs on top of that.

I evaluated, Norton 360, Windows antivirus, Webroot, Crowdstrike, and ESET

With solutions like these it's important to keep in mind that any automated system can give false positives, especially when they first encounter your software. Be patient, work with the SOC and the technical support team. If your work is implementation, then do whole sites at one time. It's best to do it in sections, let it sit for a couple of weeks and then do the rest.

I would rate this solution a ten out of 10. 

In general, we replaced our entire antivirus and anti-spyware with SentinelOne. We use it across all platforms, from servers to workstations, to Macs, to Windows, to Linux, Virtual Desktop Infrastructure, and embedded systems - on-premise and in the cloud. We also use their console and their threat-hunting. We needed a solution that was simple and intuitive, without having multiple agents.

We have also started evaluating their IoT, for the discovery of all IoT devices. This is 

It has improved our operational efficiencies. It saves us time because it does that first level of EDR automatically and that allows us to focus on certain things that it tells us about.

And we have better confidence because of all the threats that have been remediated. In fact, the moment we started deploying, we started picking up stuff that was in a dormant state on machines.

SentinelOne has absolutely reduced the number of threats. We get thousands of hits around the world. I'm looking in the console right now and there are 14,639 suspicious detections in the last few days. Of those, it has blocked 87. Another 30 were mitigated right away, and 24 active threats are being investigated now. Remediation of those threats could not be automated because it needs a response to do certain things right.

The strength of SentinelOne is that it has an automated, active EDR. It does that first level of what a SOC analyst would do, automatically, using artificial intelligence, so we can focus on other things. Active EDR not only notifies you, but it actually fixes that first level. That is unheard of. Very few, if any, companies do that.

The reason we went into this whole selection process and selected SentinelOne is that their strategy is "defense-in-depth." They do not only do what the traditional AV endpoint security solutions used to do, but they go further by looking at behaviors and patterns. Additionally, their big differentiators are in the dept of behavior analysis. There are other companies that claim this - albeit in a lighter flavor. 

The whole behavioral analysis helps us get to the root causes. We can understand and pictorially see the "patient zero" of any threat. It shows the first one who got whatever that threat is. When you look at their console and you see a threat, you can not only pick up the raw data to do forensics on it, but it can actually tell you a storyline: who patient zero was and how this whole threat has spread through your environment or on that machine itself; how it happened. Then, you can check on these things yourself. That's crazy good.

In addition, there is no dependency on the cloud to fully protect. Many products you see today, especially those called next-generation, depend on getting some information from the cloud. With this solution, you don't need to connect. It has the intelligence on the endpoint itself. That's useful because you're not always connected to the cloud. You could be in a lab. We've got laboratories where they aren't necessarily connected to the internet, but you want to have the latest intelligence of machine learning to see that you're doing the right thing. SentinelOne doesn't have to be connected. It's already got that behavioral stuff built-in.

They have a rollback and remediation facility as well. If you've got a virus or some malware on a machine, it's going to detect it and it can actually just clean up that part of that malware. You don't have to do anything else. And if you have ransomware, for example, it will pick it up before it causes a problem. And if it didn't, you can actually roll back and get it to the previous good version.

It integrates well with other products. We've got other cloud services that we use for security, and the intelligence is shared between SentinelOne and the CASB that we have.

And with the threat-hunting, you can validate what it's telling you: Is it a real threat or is it just something that is suspicious?

It can tell you everything that's running on an endpoint: What applications are running there and which of those applications are weak and that you have to watch out for. That's one of their free add-ons. You can do queries, you analyze, you can see who touched what and when. You can check the activities, settings, and policies.

Another advantage is that you can break up consoles. You can have them all in the cloud, or you can have some available physically. You may want to keep certain logs local and not share them because of GDPR. You can do those kinds of things. It's very adaptable and malleable.

If you have an agent on your machine, it will find out what things are neighbors to your machine. You can control machines at different levels. You can even control a device on your machine. If there is, for example, a USB device on your machine, I can control it and not let you use that USB device. I can actually get into your console and do stuff.

The other strength of SentinelOne is that you get almost all these features out-of-the-box. They add many features as a default, you don't pay extra, unlike many other companies. There are services you do pay extra for. I mentioned that SentinelOne handles that first level SOC security analyst-type work. But if you need a deeper understanding, with research, they've got a service for that and it's one that we're using. I was convinced that our current team wasn't good enough, so we had to get that service. It's actually very cost-effective, even cheaper than other ways of getting that level of understanding.

They are already reporting on application vulnerabilities in the landscape and working on providing remediation - another big win. 

Regarding the IoT feature, it's on the fence whether they're going to charge for it but that's an add-on module. However, it's not like you have to do anything to install it. You just have to click something in the solution.

The area where it could be improved is reporting. They have some online reporting, but it would be nice to be able to pick and choose. When I'm looking at the console, I would love to be able to pull certain things into a report, the things that are specific to me. They're very responsive. They regularly ask customers to provide feedback. They've been working on their reporting since the last feedback meetings. It's not only me but other customers as well who would like to see improvements in the reporting.

 File Integrity Monitoring is not a gap, but to do it you have to type several times. It's not the few-click intuitive situation.

It would be nice to have some data leakage included. Also, when it comes to data leakage, while you can get out everything that a person does on a machine, there needs to be a proper way of doing so, like other products that are just focused on data leakage.

I can't wait to see their advances in the cloud infrastructure (containers and serverless).

It would be nice (and is critical) to allow administrators to notate when they make changes to the console configurations - perhaps a tag for reporting. I might, for example, whitelist an application. If I did that today and I leave the company at some point, someone might wonder why I did this. There should be a place to easily notate everything.

I started validating and testing the product back in the fall timeframe of 2017. By the time the proof of concept was done, we were signing the product by the end of 2017 or January of 2018.

In our company, if something happens with a solution, everybody will know, and it will be out of the environment in a jiffy.

So far, the scalability is going really well. It's really lightweight. Using the console, you can break it up into regions. It's integrated with Active Directory and we have it set up as the "research lab" in Melville, New York and something else in China.

Right now, it's our product of choice for endpoint protection. I suspect our usage will grow a lot once they enable the IoT; what they call Ranger.

Technical support started off mainly by email, but support is probably the single biggest improvement since we started with SentinelOne two years ago. They always had the intelligence, like any techie person, but techies are not necessarily good communicators. They always had answers, right up to the top. Their CEO is also a very technical person. But they have improved how tech support is delivered by 100-fold.

We had McAfee, and we were using it for other things too.

I'd never heard of SentinelOne in 2017. I knew of the other big guns but I came across it just by chance by looking at studies that spoke about SentinelOne. I had their sales guys and engineers demonstrate but it didn't mean anything. I still thought it might be fluff. So we had to test it and go through that whole rigmarole.

For all intents and purposes, they delivered. You have to remember that they were fighting a battle against all the big guns in the industry, solutions that were already entrenched. When we did our test, we actually broke a couple of their competitors, not because we wanted to. We were just comparing and doing it as a proof of concept. SentinelOne kept catching everything that I thought the other guys should have caught.

Also, they were never defensive; they were straight-easy to work with. Their responsiveness was also very good. If we needed to get something — and this might be because of the size of their company — we could go right up the chain and something would happen right away. If changes were required they happened really fast.

The initial setup was straightforward. I co-authored a book on evaluating products and one of the things that you have to take into account is ease of use and how intuitive things are. Some people may not consider that important, but I consider it important.

In general, it was easy to set up. That was one of the reasons I was pleasantly surprised.

What can make it difficult is the environment you are in. For example, we have "freeze periods" during about half the year, where we cannot make any changes. So, during retail, during Christmas, Chinese New Year, Black Friday, etc., nothing can change in the environment and we cannot deploy anything.

Other things, outside of the environment, were that there are financial/fiscal periods, every quarter, where we cannot change certain things. And we have different silos: a server group, a Windows group, a Mac group, and a Linux group that didn't want to touch anything. Everyone had some bad taste left in their mouths at some point in time, not necessarily with SentinelOne, but in general. If everything is working, why change it? So there were some political things, internally. We have about 35 different companies around the world. Each has a variation of things and there is every version of every thing out there. And some have badly written code too that shows up as malware; it manifests just like malware.

For deployment and maintenance it was me. I did almost everything. There were only one or two people. Obviously, we have to follow the sun because we're global, so at times there might have been three or four people involved, but generally it was one or two who were coordinating it. They know the product and how to deploy it and what needed to be done, but I needed those guys around the globe. They had to coordinate with each of those groups I mentioned. But we owned it and we were accountable for it. We have segregated duties. Even though I'm in security, I don't have the rights to get onto our Windows Servers and make changes. I have to ask the server guys to do something and that's why things take time. That's why you need people to coordinate it.

But, once it was detecting those threats, I felt that even though we had an outsourced team, they were lacking in knowledge. If I told them, "Hey, this is malware," without the right experience, they wouldn't know what the heck to do with it. That was the challenge. That's why we went with SentinelOne's managed service. They have people who can deal with it and sort out the things that are real.

The way you do it is that you don't just McAfee take off a machine and put this one in. You run them simultaneously for some time, and then take one out. I wanted to see if something would happen, or it started messing things up, or if people would start calling saying, "Hey, there's something going on in my machine."

We didn't work with any third-party. Over the years, I've seen that a lot of these guys tend to have biases.

We have absolutely seen a return on our investment because it has created that first-level SOC. Plus, it has all these other functions. It has replaced McAfee. We don't need a file integrity monitoring product. And we can see application vulnerabilities without using another product. And they keep adding features. Once they add this IoT feature, the ROI will be much more.

Initially, I was just researching solutions using independent reports and industry reviews. I don't necessarily agree with everything in industry reviews, but I used them to narrow down the field and to figure out which solutions I needed to look at. I also looked into whether there were any legal issues the companies were fighting. In that first phase, I got it down to about four or five that I would take to the next level and actually touch them with live malware. The reason the other ones fell off is either they were too focused on one thing or there were some legal things. The industry is small. You hear things, not necessarily officially, but unofficially you hear things.

I looked at McAfee, CrowdStrike, Carbon Black, Palo Alto Traps, Cylance, Endgame, Tanium.

In my evaluation, back in 2017, I wanted to see the features of each and match them up with our requirements. What were our influences? What was important to us? I tried to map that into what features were available at the time, or look at whether a product could consolidate another product that we had so that we would no longer need that other product. I also looked at operational efficiencies, security efficiency, and whether it meets all our compliance goals.

Then I went to the lab where I had real malware. There was a whole method to that madness of testing. 

McAfee failed miserably, even with their later product. It would have been easier for us to stick with the incumbent, but it couldn't pick up on malware. There was something it never detected. With that type of next-generation, machine-learning algorithm, it's not so much the algorithm as it is the intelligence, the data that they collect over time.

At the time, Palo Alto Traps was not ready for prime time - immature console, limited support across all our platforms and focus on exploits.

I broke Cylance, surprisingly. I didn't expect that. I'm not even a researcher, per se. I have other jobs in our company. When I managed to break them I was looking at how they responded. I'm not expecting everyone to be perfect, but I found them very defensive. They would say, "Oh, it's only one in 100 or 200 or 300 pieces of malware". But it was the way they responded to things. It took a while for them to get back to me, and they were more concerned about whether I was doing the same thing with the others.

The other weakness of Cylance was that, for anything else, like remediation and response to something, you had to buy another piece. It wasn't part of the product, whereas, with SentinelOne, it was part of the product, without paying anything more.

Some of our folks were convinced that CrowdStrike was the way to go but our tests proved otherwise. CrowdStrike has some good features, but it requires going to the cloud. And secondly, whenever you get events, you almost have to use their service, so you're paying them to help resolve something. It gets expensive.

Separately, I did a compatibility test where I checked our environment: I deployed it in a sampling of some of our machines to see if it run without creating another mess.

When you do a thorough proof of concept, you already have all the details, so nobody's going to mess with you. I compared everything. At the end of the day, I gave my boss a report and said, "This is it. You decide."

Have a look at it. Compare it. It's a very good product to have.

It gives you a lot more insight. It has combined many products into one agent and it's expanding. There are a lot of things it can do now on the cloud, like containers. It gives you insight into a lot of the threats with the hunting ability. I have learned from the tool to see how our environment is. I've learned about certain behaviors of our applications, just by observing what pops up.

There is a console that is in the cloud and there are agents that are all over. You put these agents on Macs or Windows or Linux, or on whatever the cloud versions are of all these virtual devices. We are spread out across the globe. We've got nearly 50,000 endpoints in different parts of the world. We generally stay as close to the latest version of the agent as possible, but we go through change-control and it is very strict. We don't just put things on endpoints. We validate and test in our environment because we have nearly every type of operating system and variations of them in our environment. Therefore, sometimes we are something like .1 or .2 of a version behind. In terms of the console, we are at the latest version.

As a company, we use all variations of clouds, from Ali Cloud, which is China to Azure; we're predominantly Azure. We have AWS and GCP. SentinelOne manages that console and we have access to it. We own that part, our console. It's on AWS, I believe.

Overall, is there room for improvement? Absolutely. There are gaps in the reporting because we need to give reports to different levels. Ideally, we want to just drag and drop things to create reports. They have very nice reports but they're canned. We want to be able to choose what goes into a report. Otherwise, it's right up there and I would give it a nine out of 10.

We use SentinelOne to secure our entire environment, including all user endpoints and servers. We are also currently testing the Deep Visibility addon. We were using a definition-based AV prior to SentinelOne, and we were getting daily/weekly infections of a variety of malware. We are a mix of PC, Mac, and Linux. We have on-premises machines and servers, as well as cloud VMs that we were wanting to protect. We wanted to purchase a Next Generation AV client that would be algorithm-based instead of definition file-based.

SentinelOne has provided amazing security. We were getting new cryptolocker variant infections several times per month and the month following our SentinelOne rollout, the numbers dropped to zero. We have not had a single infection since.

The new console is not only visually appealing and simple to use, but it allows you to customize and apply labels to different areas. I don't have a good gauge on how much money SentinelOne has saved us, but we only get a handful of security alerts in our console each day. It has freed up our security staff to perform other tasks. 

We love the API. We use it to generate robust reporting, and we also developed tools to perform agent actions remotely without needing to provide all IT staff with console access. 

The agent will now also report the location in AD. This allows you to create dynamic collections of machines in the cloud console based on their location in local AD. You can replicate your AD OU structure into the console and run deployments and reporting based on OU. It's a very powerful feature and something that was missing in our last product. 

The agent update schedule is a little sporadic, and the updates are frequent. You are definitely going to want to have a good management solution in place, such as SCCM, Intune, or Jamf in order to maintain the environment properly.

There is agent data, such as last known IP address, that is not stored historically. It would be nice if the console stored data daily, so that you could look at a timeline of events on a machine over a period of time, and currently this is not possible. You can see a snapshot of the data at the moment, but once it changes whatever was there previously is not stored. 

I have been using SentinelOne for four years.

The agent is very stable, especially the later versions of the product. Agent never crashes and consumes minimal system resources. New agent versions are constantly released (which can be slightly difficult to manage if you don't have a good endpoint third party management solution like SCCM\JAMF). Release over release both stability and features have improved and been more fleshed out. 

It is very scalable and easy to deploy over any of the standard management solutions.

Customer service and our TAM are both very good. They are responsive and have never been unable to answer a question we asked. 

We switched because or old solution flat out was not picking up infections. It was really almost rather useless. 

The initial setup is straightforward. We do not have any on-premises infrastructure. Rather, we are using sentinel one in full-cloud mode. It was really just a matter of deploying the agent to the endpoints.

Our in-house team handled the deployment.

ROI is kind of hard to quantify but we definitely do feel like we get our money worth.

The costs are really rather minimal for what you receive with the product. No real advisement here. The larger count you have, the deeper discount you will receive in your contract.

We looked at Carbon Black. SentinelOne was more economical, and the feature set was comparable so we ultimately went with it.

Be ready to dedicate a good amount of time to learn the API. To really get the most from the product you need to tap the REST API.

We are an MSP supporting various business verticals (including medical and pharmaceutical). Our core monitoring/deployment solution is SolarWinds RMM, through which we were recently introduced to SentinalOne. We use the bundled automation to install, patch, and monitor antimalware protection to endpoints. We are in the process of replacing Bitdefender with SentinalOne for several clients. 

Deployment is automatable through the RMM, though a little clunky to do. The provided automation was a little challenging, but once you get it configured it's quite effective. Once we got it deployed to our users, it operates seamlessly and with minimal impact on system resources. Even our clients with lower-end workstations report improved performance since switching from Bitdefender. 

After migrating, this also picked up some latent malware that was not previously detected & cleaned it immediately with almost no interaction required. I was impressed with how little this bogged down the affected system. This was in our pilot run, so I was on-site.

The fact that this runs using AI instead of heuristics provides the best protection I've seen. It has the ability to rollback a ransomware infection instantly and with minimal disruption to the user & provides robust reporting. 

I tested this by deliberately infecting an unpatched test machine with WanaCry. First of all, SentinalOne blocked the initial infection attempt. I had to put S1 into "notify only" mode on that system to actually infect the machine. Once infected, WanaCry did what it does... encrypted all the documents I had copied to the test machine and put up the background. 

We immediately got a notification on our dashboard that a system was infected. At the same time, we got a popup on the client machine notifying us of the infection, with the option to auto-repair the damage. It took less than a minute (granted, we only had about 200 MB of files on the test system) for S1 to repair the damage and put the machine back to normal with no evidence of the infection.

You also can't remove the client from the local machine without approving it within the dashboard. This is a nice feature to prevent tampering by either hapless users or even skilled threat actors. 

Set up is very labor-intensive. You have to provide multiple codes from multiple places within the S1 dashboard in order to use the provided automation, and it's different for each client (or "sites" as they call it). It very much feels like an enterprise application that has been adapted for SMBs, but not very thoroughly. It would be better if they had a "site package" similar to the one offered by SolarWinds for the RMM. You just run the package on the client machine and done. 

The stability is excellent so far. Once installed, it's "set it and forget it."

Scalability is great if you're scaling up, but scaling down may prove to be challenging.

Technical support is provided for us through SolarWinds, and they're very knowledgable.

We used Bitdefender (also through SolarWinds) previously. SentinalOne was pitched by SolarWinds a few months ago as an alternative with robust ransomware protection. Being a small MSP, a single ransomware infection at a client could spell disaster for our business. We are always looking for the latest technology, but not marginal improvements. 

The setup script provided by SolarWinds (proprietary to their RMM) was a little challenging to get going, but once it worked, it worked perfectly. Except it didn't run on Win7 systems because it uses Powershell commands from a later version than what's available on Win7.

The vendor team provided support, but we did the deployment.

We're making about seventy-five percent over the per-seat cost, and it's easy to sell at that price point.

The per-seat cost is low, but you have to commit to a certain number of licenses for a year.

We really hadn't seen EDR solutions in action before. Our decision was based primarily on the fact that it has SolarWinds integration. 

Definitely worth the money compared to heuristic solutions, especially for clients who tend to "stretch" their hardware as long as possible. The low impact and robust reporting go a long way to make this an easy sell, and the cost is excellent for the price point. 

I use it pretty extensively. All of my highest-tier clients use SingularityOne.

All of my business's machines use SentinelOne complete with Singularity and XDR, which ties into things like Azure AD and whatnot. It's really great. Although I don't get the 24x7 Managed Security Operations Center wonderfulness through it.

It is a well-designed product that does what it says it is going to do. It protects endpoints, finds anomalies, and remediates them based on the automation plans I've set up.

It is a really great product.

The most valuable feature is that it does what it says it will do. It fulfills its claims. It’s not really common for products to do that today.

In terms of improvement, the documentation could be better. I would also like to see SingularityOne compatibility with Huntress, and the tighter integration between them would bring more to the table.

I have been using it for three or four years.

I would give the product a ten out of ten. 

Sentinel One has improved our organization by protecting the environment we are working in.

We had some stability issues when we started working with SentinelOne. 

I have been using Sentinel One for one year now.

Initially, there were a lot of issues that kept popping up. Now it has become stable.

It is definitely scalable. We have around eight to ten thousand servers.

I would rate SentinelOne a seven out of ten.

I use SentinelOne to protect against ransomware attacks, validate incoming emails, and ensure websites don't have any malicious coding.

SentinelOne's auto-rollback feature is the most valuable.

SentinelOne's phishing feature could be improved.

I've been using SentinelOne for around five years.

SentinelOne is stable and reliable.

SentinelOne is easy to scale.

SentinelOne's technical support is helpful and competent.

Positive

The initial setup was straightforward and completed within a day because we had run a POC with them to understand the environment and had all the information we needed. I would rate the setup process 3.5 out of five.

We did the implementation in-house with the support of SentinelOne engineers.

I would give SentinelOne a rating of eight out of ten.