SentinelOne Singularity Complete Reviews

I'm only dealing with Google SecOps right now, not other Google Cloud products. On a limited scale, I think we use Microsoft Defender for one particular customer; for the others, we are using SentinelOne Singularity Complete and Palo Alto Cortex.

I've seen a lot of improvements and simplifications, and Google SecOps has recently moved into Gartner's as the highest one for visionaries. The AI, agentic AI, integration with SOARs, and simplified SKUs and pricing are noteworthy. Most customers who have various platforms for cybersecurity do not choose Azure Defender unless they are on a Microsoft stack right now. SentinelOne Singularity Complete is the most capable in terms of detection and response, and I use it quite extensively for forensic capabilities.

SentinelOne Singularity Complete can be quite intrusive, but it has strong detection capabilities. The Ranger functionality of SentinelOne Singularity Complete for the EDR is extensively used for customers. Microsoft Defender has recently upgraded to XDR capabilities.

For Azure Sentinel, the main issue that needs improvement is the pricing; it's quite unpredictable right now in terms of cost. The use of many components within Azure itself is confusing, especially with the recent move in terms of the console from Azure Sentinel to the Defenders. The highlight is more into the pricing; it is too expensive and unpredictable right now.

For Google SecOps, the only improvement I suggest is in terms of the reporting, especially for out-of-the-box reporting that seems very lacking right now. There aren't too many useful reports coming from out-of-the-box; we have to develop them ourselves right now.

SentinelOne Singularity Complete needs to work more on increasing true positive detections to make it closer to 10. A weakness seen with one large customer was that the detections were too intrusive, blocking many applications that should have been working, which led to many false positives.

I think technical support is quite good; we have been in contact quite occasionally, and they provide expected answers.

I find the initial setup quite straightforward for SentinelOne Singularity Complete.

SentinelOne Singularity Complete can be quite intrusive; that's one of the drawbacks. It's also the first thing that we recommend right now. We prefer to use other EDR platforms such as SentinelOne Singularity Complete and Palo Alto Cortex right now.

I'm using Google SecOps. If you want, I can leave my opinion on Google SecOps.

While the others will be on the cyber threat intelligence, the primary is Google SecOps, and I think the other one is Azure Sentinel.

There is room for improvement for these solutions. It's mostly SIEM and MDR for SentinelOne Singularity Complete. I haven't used Vigilance MDR; I only know the name.

We mainly focus on SentinelOne Singularity Complete and Cortex, while the other EDRs that we have managed are less significant. It's almost similar since both SentinelOne Singularity Complete and Cortex have EDR and XDR capabilities.

In terms of non-locked XDR platforms, the best one is SentinelOne Singularity Complete right now for their XDR capabilities. Other ones such as Palo Alto Cortex or even CrowdStrike are locked into their own ecosystem right now since they have many products within that ecosystem. In terms of integration, even though it looks quite open, some are tightly coupled into their own ecosystem, especially for Palo Alto Cortex.

We haven't had that in-depth experience in terms of ingesting and correlating for SentinelOne Singularity Complete; we mainly use it right now for their EDR capabilities. Since we provide the MDR services, we mainly integrate those with Google SecOps right now for the overall SOC services. I think they are the most capable in terms of detection and response.

We only tried Purple AI but haven't used it quite extensively. I find the pricing very reasonable, especially right now compared to other top-tier EDR platforms at the same level. I usually recommend the product for both smaller and bigger organizations. My overall rating for this review is 9.

Public Cloud

Our main use case is to protect all the Linux servers. We use it only for servers, not for users.

SentinelOne Singularity Complete is one of the most mature solutions available. It shows great benefits over time.

We can install filters to analyze every alert, and make some whitelists, blacklists, and exceptions, thus helping reduce alerts.

It can reduce the organization's risk. It gives better control to our limited team resources.

It already has AI capabilities, which is one of their advantages.

When you select a policy for a type of server, such as an Active Directory, we can apply a dedicated policy. We can have a dedicated policy for Exchange Server and a dedicated policy for MS SQL, Oracle server, etc.

The interface of SentinelOne Singularity Complete is user-friendly, and we can quickly find what we need.

The main issue with SentinelOne Singularity Complete was the process memory used for Linux servers, which generated a lot of tickets and incidents due to the high load of disk consumption and memory. The problem was on all systems, but especially on Linux servers. It might have already been fixed.

SentinelOne Singularity Complete is the best EDR in the market, but it will evolve, though I have concerns about using US partners in Europe due to the geopolitical context. It is better to work with European companies.

I have been using SentinelOne Singularity Complete for approximately four years.

For stability, I would rate it a nine, as I have experienced only the issue of overload.

The technical support from SentinelOne Singularity Complete is very active and good, with a strong knowledge base available online. The response time of technical support is satisfactory and acceptable.

I would rate their support a nine out of ten based on reactivity and the solutions they provide; this is based on my team's interactions, not mine.

Positive

For Windows servers, we are using Defender. SentinelOne Singularity Complete is only used for Linux servers. 

The initial setup was not really complex; we only needed one on-premise management server to deploy to different servers. It took about two months for about 300 servers.

I am the third party assisting in the deployment.

I don't know about the licensing model. It seems easy, but it's not my area of expertise. I don't have information on how it compares to its competitors, but the pricing is per device.

We conducted some PoCs between SentinelOne Singularity Complete, Defender, and Carbon Black, and we decided to go with SentinelOne Singularity Complete based on usability. 

It is unclear if it has helped reduce our organization's mean time to detect or respond because we have a platform with four people, and we are using SOC as well. Our main activities are done by four people, and we don't have much time to conduct thorough investigations.

I cannot assess SentinelOne Singularity Complete's ability to be innovative because we stayed with it after choosing it and never compared it with others.

Overall, I would rate SentinelOne Singularity Complete a nine out of ten because nothing is perfect, but it is close.

I use SentinelOne Singularity Complete on our servers, specifically in our remote desktop services environment. I also use it alongside ESET for our workstations. Our environment isn't huge, with about 30 people, although we've had up to 50 users. I mostly use it as a security solution.

We have noticed a reduction in alerts since implementing SentinelOne Singularity Complete. 

The security aspect is the most valuable feature for me. Although SentinelOne Singularity Complete is marketed as providing superior blocking capabilities, my experience has varied. It has helped reduce alerts compared to other security solutions, which can be a positive feature since constant alerts tend to be overwhelming. However, this also leads to uncertainty about whether the solution is doing its job effectively.

The solution could improve its notifications and communications. For example, I don't receive much information about what threats have been blocked. A weekly report logging blocked threats would be helpful. Additionally, there should be a balance between too many notifications and no notifications at all, as neither product I'm familiar with strikes a comfortable medium.

An agent of ours clicked a link in an email that initiated what appeared to be a ransomware attack. The only thing that prevented the attack from succeeding was a free version of Malwarebytes that was running on the session, which effectively protected against it. The MSP confirmed that SentinelOne failed to detect the threat, but the free Malwarebytes version ultimately prevented it from impacting or compromising our systems.

Singularity Complete's interoperability with other SentinelOne solutions works well, but it doesn't work well with other third-party tools. Initially, it conflicted with the ESET we use on our workstations and the staff computers, and then they had to set up a white list for that.

I have a year and a half of experience with SentinelOne Singularity Complete.

SentinelOne Singularity Complete sometimes conflicts with third-party solutions. Initially, it conflicted with ESET on my workstations, requiring a whitelist setup. This indicates room for improvement in stability when interacting with other solutions.

My deployment is relatively small, and SentinelOne Singularity Complete works within those constraints. However, it is more of an add-on than a tool for consolidating security solutions within my organization.

My experience with SentinelOne's customer support has been mixed. We were performing a software upgrade for our Office Suite, which required temporarily disabling SentinelOne on the server. This was necessary because we were removing and reinstalling software. However, we couldn't simply request that our MSP disable it immediately. SentinelOne's policy required the MSP to contact their company and schedule the deactivation at least 24 hours before. Although we notified the MSP 12 hours before our intended start time, we could still not proceed as planned. Consequently, we had to postpone the project by an additional 24 hours.

Neutral

We previously used ESET on our servers, but our managed service provider recommended switching to SentinelOne Singularity Complete. ESET provided more frequent notifications, alerting us when it blocked something, which was helpful, although sometimes a bit excessive, similar to Norton products. While not quite as intrusive, finding a comfortable balance between ESET's transparency and Singularity Complete's lack of communication is challenging. Neither product offers the ideal middle ground; it's either an overwhelming number of notifications or none at all.

The initial setup was handled by the MSP, and I was somewhat against it from the start because I had heard rumours about it being a significant resource hog. My only concern was that I didn't want anything that would negatively impact the environment and slow it down, as the agents don't have time for that. Unfortunately, right from the start, we experienced the very impact I feared. Agent logins, which usually took around ten seconds, took six to seven minutes.

The deployment was completed in one day.

My implementation involved three people: myself, the marketing VP, and a former IT staff member. I had to reboot the servers, which caused minimal downtime.

Other than some delays initially with the agents and then during a software upgrade, there hasn't been any significant impact on ROI.

I did not notice a significant increase in cost after adding SentinelOne. It was close to the previous year's cost, which could be an annual increase unrelated to SentinelOne.

I rate SentinelOne Singularity Complete seven out of ten.

When we first deployed SentinelOne Singularity Complete with remote desktop services on our RDS server, we encountered problems. The software was running multiple instances of itself, one for each user session, in addition to the instance running on the actual server hardware. This caused the server to run extremely slowly, with users experiencing login times of six to seven minutes before reaching their desktops. To fix this issue, the MSP changed it to where it wasn't running independent sessions. It would just run on the server itself. It took the MSP half a day to make the changes.

SentinelOne Singularity Complete can be a decent solution for environments with newer hardware that can handle the overhead. It has a reputation for being secure, but its impact on performance was not suitable for my environment.

As a company with 30,000 employees and 26,000 endpoints worldwide, we have diverse operational needs that SentinelOne Singularity Complete effectively addresses.

SentinelOne Singularity Complete effectively addresses numerous challenges. As a cloud-based SaaS solution, it seamlessly protects office and remote workers, safeguarding laptops and other devices. Its comprehensive coverage extends to cloud infrastructure across multiple operating systems like iOS, Linux, and Windows, including Kubernetes environments. This versatility, coupled with its ability to fulfill various use cases, has made SentinelOne Singularity Complete our trusted security solution for the past four years.

SentinelOne Singularity Complete integrates with our other security solutions, correlating data from NDR, ADR, SIEM, and XDR tools. All this information is consolidated within SentinelOne, providing a centralized access point.

SentinelOne Singularity Complete has helped us streamline our security operations by consolidating multiple solutions into a single platform. We are currently in the process of acquiring a threat intelligence platform to complete our security stack.

We use Ranger to monitor our network and track connected devices. This is crucial because it helps us quickly identify unauthorized machines connected to our infrastructure, including personal devices. We have additional security measures in place, but Ranger provides an extra layer of protection. It also alerts us if the SentinelOne Singularity Complete agent is missing from any new or existing machines, allowing us to take appropriate action.

SentinelOne Ranger's agentless and hardware-independent nature is crucial for our environment with 26,000 endpoints, as manual management of such a large number would be extremely challenging.

Ranger uses a multi-layered approach to prevent vulnerable devices from being compromised. We employ scanners, network configurations, and a risk scanner to assess devices, endpoints, servers, and cloud infrastructures. Vulnerability reports and timelines for remediation are shared with device owners or custodians. This proactive strategy enables us to address vulnerabilities efficiently and secure our infrastructure.

SentinelOne Singularity Complete has significantly enhanced our security posture. While no system is impenetrable, this solution has brought us closer to achieving a high level of protection, ensuring we maintain at least a 90 percent security level.

Our team is dedicated to refining alerts and eliminating false positives from our solutions. Additionally, a team is responsible for identifying and excluding alerts from the solution. We can manually expedite this process by reviewing these elements and utilizing our security tools. We have been able to reduce the alert volume by 20 percent.

Our 30-member Security Operations Center team has been able to redirect their focus to other tasks due to the time saved after implementing SentinelOne Singularity Complete.

SentinelOne Singularity Complete has helped us improve our mean time to detect threats, which we accomplish using the Vigilance service for detection and response.

SentinelOne Singularity Complete has helped us decrease our organizational risk. We utilize the Security Scorecard to manage our security posture, which has remained steady at 90 percent.

Unlike other endpoint solutions like Kaspersky or Trend Micro, SentinelOne's agents are exceptionally lightweight, updating seamlessly without consuming significant network or system resources. This ensures smooth operation and user-friendly control. Moreover, SentinelOne's support team is highly competent, providing timely assistance and going the extra mile to resolve any issues.

When SentinelOne Singularity Complete is used as the central hub for viewing alerts from all integrated security solutions, it is challenging to identify the specific solution that triggered each alert.

I have been using SentinelOne Singularity Complete for almost four years.

SentinelOne Singularity Complete is stable.

The technical support team is quick to respond to and resolve our issues.

Positive

Our hybrid environment has raised security concerns for management, leading them to seek an all-in-one solution. After conducting multiple proof-of-concept tests for endpoint security, they determined that Kaspersky was insufficient for their needs due to inadequate functionality and management complexity. As a result, they transitioned to SentinelOne Singularity Complete.

SentinelOne is actively developing new innovations and introducing additional integration platforms.

I would rate SentinelOne Singularity Complete nine out of ten.

SentinelOne Singularity Complete offers comprehensive endpoint security by automatically updating without impacting bandwidth. Unlike traditional signature-based solutions, it employs a behavior-based approach to detect and immediately address malicious or suspicious files and processes.

We are 100 percent confident with SentinelOne as a strategic security partner.

Maintenance has been seamless, and while SentinelOne does notify us in advance of any required downtime, I haven't experienced any interruptions in the past year and a half.

With 30,000 employees and 26,000 endpoints worldwide, our organization has implemented SentinelOne Singularity Complete across all endpoints.

Public Cloud

We have it for all of our client machines and servers. It is the antivirus solution for all clients and servers. We are also looking into going further with their log analysis portion. We are working with them in terms of pricing.

The overhead on the CPU is minimalistic, not taking up too many system resources.

Making exceptions and exclusions through the console interface is smooth, providing a very good experience. The clients communicate with the web console in less than a minute, which is much faster than other solutions such as Malwarebytes.

SentinelOne has helped us with consolidation. We have Malwarebytes installed along with SentinelOne, and we are moving just to SentinelOne. SentinelOne has the most widespread and up-to-date coverage because of the fact that we can deploy it fairly quickly. Its rogue detection feature helps catch systems missed during initial deployment. We are the most up-to-date now. 

It saves time for the staff once it is up and running. Once the system has gotten used to everything, it just works. There is a six to eight-month learning curve for the system to get used to your servers and software.

In the beginning, we had a fair number of false positives coming across, but once the system got set up, it has been pretty much running on its own. If we are running a lot of internal IT scripts for applications that are triggering the antivirus, it might detect that as suspicious. We have to configure it to exclude things. Overall, it is pretty smart. Its automation is working fairly well for us that way. 

As a strategic partner, they have been very vocal with us. They have been communicative and supportive. The product itself is robust. We have not had any situation where it failed and broke the computer. There is no CrowdStrike-type scenario going on.

Based on the updates they have done, they are focused on advancing the product. There is a constant evolution going on. The system is getting more robust. We are advancing and not digressing anywhere in terms of technology.

We moved from ESET, and we find that the licensing scheme, particularly how the licenses are attributed to clients, is pretty nice compared to what ESET offers. We work in a highly virtualized environment. We have roughly 150 to 160 virtualized clients that are refreshed daily. Every night, the systems refresh. With the old antivirus solution, the licensing would count into the thousands, necessitating manual deletion. Luckily, SentinelOne has a feature to decommission automatically, which has been fantastic. 

One area for improvement is automated deployment. I use it through a group policy. I put in the PC name, and when the user logs in, if the PC is in that group, it attempts an MSI install through Active Directory via GPO. That seems to play a little havoc and can conflict with manual installs, causing issues where it wants to delete and reinstall the client. To resolve this, I remove the computer from the security group, and it then stops complaining. The automated installation could improve in this regard.

We have been using SentinelOne for one year.

I would rate their support an eight out of ten. The rating would be better if they picked up the phone and had someone talk immediately. We are using the automated email process for support, and they respond within an hour or two hours sometimes.

Positive

We had moved from ESET.

We have not been hit since using it. I have experienced a ransomware attack only once, a few years ago, with minimal damage. Since then, I have not faced any intrusions, which is one reason I chose SentinelOne over ESET.

It has not helped us save costs. We are increasing costs because we are going more toward the avenue of protecting as a city. We have been watching other cities around us get hit, so there is more focused attention on protection at this level. We are moving to the complete license solution and looking at expanding that into Vigilance.

When it comes to interoperability, we are going to look at some integration with our FortiGate system for the firewall to help analyze the logs that come through there. We are slowly moving from stopping the intrusion to more like a preemptive, preventative focus.

To those considering using this solution, I would advise digging into the console and taking the time to learn. Some people complain and find it confusing, but understanding the system's ins and outs is crucial. The console is well laid out, so it is worth taking the time to learn it.

The quantity of detection is quite a lot in the first few months. The product has a learning curve, so you have to guide it in the beginning so it gets used to the scripts and applications that are running in your system. We have created quite a list of exclusions, and I always take the time to look at each one. Since September 2024, false positives have been reduced to one every two weeks.

Overall, I would rate it a nine out of ten.

This is an Umbrella platform that provides endpoint security as well as cloud security and provides ingestion like identity and network protection. These are the use cases we work with our clients as per managed security services. It provides great endpoint and cloud security services.

With the AI-based capabilities and the high detection rate, the mean time to detect and mean time to resolve the complete dwell time is less on that particular point. This really directly helps in that area.

The feedback is very good. Detection time and mean time detection, all the security metrics like mean time to detect and dwell times, make SentinelOne Singularity Complete great from the Sentinel point of view. It also provides the MITRE ATT&CK metrics on the dashboard, which helps us to understand tactics and techniques.

There are multiple features such as network controls and device control. We can manage the device as well as detect any unprotected or rogue identity and rogue endpoints across the enterprise. All of these are great features from SentinelOne Singularity Complete.

It reduces the manual intervention time. It reduces the alert noise and now has the AI capabilities to drill down that particular event or incident.

In terms of enhancement, SentinelOne Singularity Complete may increase to include some agent for email protection.

I have demo experience, not production work on the AI Purple where we can take the data from multiple vendors or from Sentinel, and it will provide the enhanced observability and visibility. I have a couple of demo level experiences because that product we are not using right now.

Scalability is also a nine.

Technical support is also good. I would rate it around nine. When we have any escalation or something, it is very helpful in that area.

Positive

It is a simple process.

We are the managed service provider, so we help our clients. Sometimes it requires some advanced level of configuration or implementation.

CrowdStrike is the main competitor, along with Palo Alto Cortex and Microsoft Sentinel. These are the three main competitors for the product range from SentinelOne.

It is very hard to compare on this point until we have any kind of detailed one-to-one comparison. It actually depends on the use case on how we are implementing and which services we are opting. SentinelOne provides MDR and EDR detection, so it is a very great portfolio when compared. However, every peer competitor is also evolving day by day, so it is very hard to tell on that point.

It is helpful because it provides the data ingestion from other vendors also. SentinelOne Singularity Complete, from the end user perspective, provides the complete security protection, which is the first thing we are looking for. It has very few false positives. With device control, we can manage the device inventory as well as compliance as per the standard working. These are the features which SentinelOne Singularity Complete provides.

SentinelOne Singularity Complete is a very great product. Network discovery and device control and these features are very helpful for administrators and cybersecurity analysts to help the cybersecurity portfolio correctly.

I would rate this review a nine overall.

Public Cloud

Other

We use SentinelOne Singularity Complete for all of our endpoints, including virtual machines, physical servers, and laptops.

The solution gives us a good sense that the systems are secured against malware, drive-by fileless attacks, and advanced behavioral attacks. This is our primary reason for having the product, and it does a good job in that regard.

It does not require a lot of management. It is hard to quantify the time savings but it does not require a lot of our time. If I spend an hour a week on it, that is a lot.

It is hard to quantify the reduction in the mean time to detect unless you are a pretty big organization and you are tracking that. However, it has been able to detect things and alert about them pretty much instantly in the console. We also get emails right after that. In terms of the Vigilance MDR service, one Saturday morning, I tripped an alert for something I was doing. I thought of waiting and seeing how long it would take on a Saturday morning at 10 AM for them to jump in and figure it out. They took about 20 minutes.

Any good endpoint security product should reduce your organizational risks, and SentinelOne Singularity Complete has done that. It is almost impossible to quantify the reduction.

We were able to easily realize its benefits within 30 days.

The console is light years better than the CrowdStrike console, which had just a bunch of different screens cobbled together. It is much more unified and much easier to work with. It is very nicely designed. It is one of the better user interfaces I have ever seen for web application management. 

The product is pretty easy to manage and pretty easy to deploy. It also has a pretty low resource footprint.

The false alerts can be annoying, especially during administrative tasks. We have had a number of occasions where the software impacted a third-party application, so the application would either not run or exhibit other technical issues. We were also not getting any alerts in the console to indicate that SentinelOne was having a negative interaction with the product. Finally, after hours of troubleshooting, we turned off the endpoint security for the product, and the application just started working fine. We have probably had a good half dozen of those. It is quite annoying.

I have had experience with SentinelOne Singularity Complete for two years.

Their support is top-notch. I have been in the business for thirty years, and I have dealt with just about every support company out there. I am used to mediocre enterprise support, but SentinelOne's support is very good, deserving a ten out of ten.

Positive

We were running CrowdStrike prior to SentinelOne. We were using CrowdStrike Complete, but it was simply way too expensive to sustain for our budget. We were looking for something that was equally capable and did not have a huge price tag with it, so we ended up going with SentinelOne and their Vigilance MDR service.

SentinelOne Singularity Complete has not helped us consolidate other solutions. It was a one-for-one replacement for CrowdStrike. It has not helped us to get rid of anything at this point.

I have used Bitdefender in the past. We had their GravityZone Ultra, which had XDR Complete, but there were so many alerts. We would literally spend hours. We would pick a day a week or a day every couple of weeks and try to trace down alerts and clear out the console. From that perspective, SentinelOne does give off fewer false positives. However, when we are dealing with administrator or network administrator or developer tools, for obvious reasons, they tend to trip the alerts on the product. For normal end-user work, there are seldom any false positives or alerts that are not valid. It is almost never. I am the IT director, and it is always tripping on things I am doing. When I install some encryption software or disk wipe software, I get many alerts in SentinelOne, but for the actual end-users, typically, we do not get any false positives.

We use their public cloud. We deploy the agents ourselves. We do the updates through their public cloud, but we do the initial deployment ourselves.

The initial setup was pretty straightforward. There are some nuances to the product, naturally. It is an enterprise-class endpoint security product, so there are things that you need to learn and understand about how it works. The same is true of CrowdStrike, Palo Alto Cortex, or any other product in the same category.

We have multiple locations with about 35 remote users.

We used their onboarding service, which was very helpful because we would have meetings every week or two with the actual SentinelOne employee engineer to talk about our deployment and ask questions about particular features and best practices. It was worth the extra expense.

I had one other network administrator working on it with me, and I just assigned him the task of deploying software and working with me on some of the policy configurations.

I do most of the maintenance on it. The maintenance typically requires adding an exclusion here or there, troubleshooting an issue, or uploading logs for support to look at an issue or a question that we have. I do not spend 50 hours a year on it.

SentinelOne is significantly less expensive than CrowdStrike. I recently did a price comparison between CrowdStrike and SentinelOne to determine where we are going for the next three years. CrowdStrike is 200% to 300% the cost.

For their complete service, we were paying CrowdStrike 45K for 85 endpoints for a year. We have stepped down, and we are doing MDR and not having SentinelOne manage our policies and things. We have 200 endpoints, and our yearly cost is 17K, so we have gone from 45K to 17K. From a detection standpoint, depending upon which MITRE framework tests you look at, both vendors jockey up and down in the top ten. They are pretty comparable from a performance and efficacy standpoint, so there is not a 200% to 300% gap there.

I always do a round-robin. My final three ended up being Palo Alto Network's Cortex product and CrowdStrike's Falcon product, the lesser version of their MDR Overwatch product.

The thing that I did not like about Overwatch was that they would tell you that something was going on and here is what you should do, but they would not help you with it. SentinelOne was a little bit more helpful in terms of hopping in. Ultimately, Palo Alto is not support-friendly. I use Palo Alto Firewalls, and their support is not that great. It has not been for a while, so I hesitate to go into their endpoint security as well. It is also expensive. It requires a lot more infrastructure and cost to deploy. It is probably more akin to CrowdStrike from a cost perspective.

I briefly considered Bitdefender's MDR solution using GravityZone where they did the MDR piece of it. It was probably half or a third of what we would have spent for SentinelOne, but I did not have the sense that it was quite the next-gen product that I was looking for, even though it scored pretty well.

All these are very similar because they base their activity on what a piece of software is trying to do on the system. It is a real-time behavioral analysis. They do not use predefined signatures from the last 25 years. They are trying to do things in real time. In terms of how long it takes to have visibility into what an application is doing and how quickly they can lock it down once they have the visibility, each vendor scores differently, but each of these three would generally be considered in anybody's top five.

SentinelOne is fairly innovative. I like what they are doing with the integration of their Purple AI for being able to do real-language queries of their telemetry data. You do not need to know all the correct syntax, which helps us non-SecOps folks who have to dabble in it periodically. We can do real-world queries. I have not asked for pricing on that. It is probably more than I want to pay for it, given that we do not get too much use out of this kind of feature, but they are continuing to innovate in that regard. From that perspective, it is a good product.

SentinelOne Singularity Complete is very mature at this point.

We have not yet had an occasion to integrate it, although, in a couple of weeks, we are going to be integrating their Cloud Funnel service with another MDR provider, Red Canary. We have not done that yet, and we have not made use of their other interoperability pieces.

They have two Ranger products. One is the Ranger Identity Protection product, which is kind of an add-on product, and the other one is more of a rogue detection product. We did subscribe to the Ranger Identity Protection product, but it was so difficult to work with that we finally stopped using it. It was a subscription.

Our correlation is whatever is going on in the endpoints. We are not pulling in Palo Alto firewall telemetry, or Okta or O365 data at this point, but we are moving in that direction. We are simply using it for endpoint security and for their Vigilance MDR service.

SentinelOne is good as a strategic partner. We are in the third year of our three-year contract and plan to continue with them. We are not going to go directly to them. We are going to go through one of their partners, Red Canary, but we will be using the SentinelOne Complete product and then using Red Canary to do the MDR along with active remediation and SIEM ingestion of our Okta data, our Palo Alto firewall data, and our O365 data. They can then begin to cross-correlate events and attacks across different attack surfaces of ours.

I would rate SentinelOne Singularity Complete a nine out of ten.

Public Cloud

Other

We primarily use the solution for EDR, which it does in a brilliant way. We are also using it for log management. We can use it for investigations, reporting, and security incident management.

The most important aspect of the solution is that the load on the machine is not very high. It doesn't take up battery resources.

The solution prevents ransomware and other threats.

So far, it is working brilliantly. The dashboards and UI are user friendly, as is the ability to configure as needed.

It seems to have a lot more capabilities. The XDR capabilities, in particular, look very strong. We're currently looking into that.

If we want to do integrations with third parties, we don't have very many challenges around that.

The ability to ingest and correlate across our security solutions is very useful. It's impressive. The AI engine it has is excellent.

It helps us consolidate our security solutions.

While it does not allow us to reduce alerts per se, it does a good job of correlating. The way it's integrated into the SIM, it's working to the expectations we have.

The solution helps free up people so that they can work on other tasks. We don't have to grow our team too much now. My security team is actually quite small - about five people. We all get more time to handle other tasks.

We've noted that it does help reduce mean time to respond. We can identify events easier and those that are most critical are brought to the forefront. Previously, we were in the dark. Now we have so much more visibility. It's been a huge improvement. 

It's effectively helped to reduce organizational risk. 

They are still largely an EDR product. The MDR side needs to be demonstrated. They need to make zero trust more robust. 

I've used the solution for around two years now.

I'd rate the solution's ability to scale eight to nine out of ten. 

The SLA is good and the support team is quite impressive. They are very quick. I never need to escalate.

Positive

We were using Sophos and Symantec previously. We switched as SentinelOne took up fewer resources and could support a Linux environment. 

The initial setup is fairly straightforward. 

It's giving me confidence that my network is protected. The ROI is not so much cost savings as security on offer. We can safely sustain our business and secure our data assets. However, the time and cost savings we've seen are quite good. 

The solution is moderately priced. It's a valuable solution to have, however. 

We are evaluating Crowd Strike at the moment. 

We are a SentinelOne customer. 

The quality and maturity of the product are good. It's one of the market leaders. It's delivered on what it's supposed to do. 

I'd rate the solution nine out of ten.

They are a good strategic security partner. They have the right credentials. They're offering a relevant service and it helps me communicate to my customers. I rate them very highly.

On-premises