Dillon Schwebke - PeerSpot reviewer
Information Security Engineer at a university with 10,001+ employees
Real User
Enriches our investigations and reduces our response time
Pros and Cons
  • "The deep visibility feature is valuable. It is helping enrich our IR team in their investigations."
  • "It can be a little daunting at first. With the deep visibility feature, if I had more insights into how to troubleshoot things better, that would be helpful. Their documentation could be a lot better. It could be more in-depth."

What is our primary use case?

We are using it for endpoint protection and visibility. With threat-hunting metrics, we can see what is going on in our environment. We also use it for application inventory. It helps to keep the inventory of all our apps.

We are using it mostly on-prem and some AWS.

How has it helped my organization?

Our response times are way shorter. We are getting a lot more data that we need right away instead of having to pull from different products. It is an all-encompassing solution. The best part about it is that we do not have to use multiple tools to get what we need out of it. That is why we like it.

In terms of interoperability, for the most part, Singularity Complete is integrated with a lot of our tools, such as our SIEM. It does a great job. With some vendors, it could do a better job in terms of integrations, but overall, it is one of the products that we use that integrates with a lot of tools.

Singularity Complete has 100% helped free up our staff for other projects and tasks. We used to have a team of four people for our EDR product previously, whereas, with SentinelOne, we have two people to manage it. It kind of manages itself. Having Vigilance is also a huge help. It has saved 50% of our time.

Singularity Complete has not helped reduce alerts, but that is not SentinelOne's fault. It gives us more alerts, which is good because that lets us know our previous product was not doing as well. It gives us more alerts. We want to tune those out, but because of the way we work and the way things are, we do not always have the power to tune those up. We are so federated. So, we have more alerts, and we are happy about that, but we can do a better job on our end of clearing those up.

Singularity Complete has helped reduce our organizational risk. Especially with Ranger, we are able to see a broader landscape of the endpoints that do not have SentinelOne. I do not have the metrics on the risk reduction because that is one piece that I do not run. I know that there is a team that specifically looks at Ranger for risks, and from what I have been told, it has been reducing risks.

SentinelOne is great as a strategic security partner. They have been very helpful, especially in providing a little bit of direction and best practices. Ultimately, there is one product that we are not thinking about changing because it just works well. The company has been treating us well, and a lot of the modules and features that it has cover most of what we need in our environment.

What is most valuable?

The deep visibility feature is valuable. It is helping enrich our IR team in their investigations. 

I love how we can use it for different use cases. We can take those deep visibility rules and make some STAR rules out of those for responsiveness. It is a great product that has been helping us with our instant response.

What needs improvement?

It can be a little daunting at first. With the deep visibility feature, if I had more insights into how to troubleshoot things better, that would be helpful. Their documentation could be a lot better. It could be more in-depth.

There should be fewer updates. It is a huge one because we are very federated. All of our users go on different cadences of their updates. Some may patch monthly, and some may patch every week. Having a less amount of updates every year would be a huge help.

Buyer's Guide
SentinelOne Singularity Complete
March 2024
Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.

For how long have I used the solution?

I have been using Singularity Complete for about two and a half years.

What do I think about the stability of the solution?

It is great. It is stable. It is a lot better than it was. When we first got it, we had to do a lot of issues around performance and agents and how to interact with things. Now, we do not have to do that. Within the past nine months, I never had to worry about performance issues.

What do I think about the scalability of the solution?

It is super easy. We have 20,000 endpoints. It was super easy to scale them. We are willing to scale it more. There is no issue with that at all.

How are customer service and support?

This is probably the only negative. Their support is sometimes good, but most of the time, if I have something, the response is, "I do not know. I will get back to you." That does not always work for us. We need to answer quicker than that.

Sometimes it feels like things go by the wayside. If we have a group meeting with SentinelOne, we bring up a couple of topics, but we may not hear back on those things. Things like that are the negative part of SentinelOne for us. I would rate their support a seven out of ten.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We used Sophos. Sophos was more cumbersome. The agent was clunky. We were not getting alerts. There were a lot of false positives, and the customer support was not the best. We felt that it was not valuable to us. It was causing more harm than benefit.

What was our ROI?

We have seen a return on investment. Because of the product, we have been able to focus more of our teams into other areas. Because SentinelOne handles most of the things, we have been able to invest in our CTI or SOC, and our e-discovery team. SentinelOne takes a huge load off.

What's my experience with pricing, setup cost, and licensing?

We are happy with it. It is cheaper than some of the other things we pay for. It is not the cheapest, but it also is not outrageous, so we are happy with it. 

Which other solutions did I evaluate?

We evaluated Carbon Black and CrowdStrike. With Carbon Black, money was the main difference, and with CrowdStrike, we could have only one account. We are very federated. We have 52 accounts in SentinelOne, and each account has its own IT team. We could not do that with CrowdStrike. We could only have one account. We could do groups, but we could not assign people to those groups. SentinelOne really fits the needs of our federated environment.

What other advice do I have?

I would definitely recommend trying it out. It would be great if someone could walk you through each of the features, what it can do, and how it can help your environment. That would be it. Do not just read about the product. Try it and see what it can do. That was what really won me over. Pamphlets and other similar things are great, but if you are not in the product, it does not help. At least try it for a month. It is great. It is simple. It is easy.

In terms of the quality and maturity of Singularity Complete, previously, there was a lot to be done, but the features that are out today should have been out originally. They are on the right track to make this product more amazing than it already is. From what I have seen in some of the talks at the conference, they are heading in the right direction, and that is what I would tell anyone.

Overall, I would rate Singularity Complete a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Nagendra Nekkala - PeerSpot reviewer
Senior Manager ICT & Innovations at Bangalore International Airport Limited
Real User
Top 5Leaderboard
Easy to configure, has increased our security score, and reduces our costs
Pros and Cons
  • "The protection SentinelOne Singularity Complete provides to our endpoint devices in terms of cybersecurity is valuable."
  • "The documentation provided for implementation is not adequate and has caused us challenges."

What is our primary use case?

We use SentinelOne Singularity Complete as our server and endpoint security solution.

We sought to consolidate our security solutions, lower maintenance, and operational costs, and streamline scalability and configuration. Implementing SentinelOne Singularity Complete enabled us to achieve these goals.

How has it helped my organization?

SentinelOne Singularity Complete's interoperability is excellent. The solution can correlate with various threats and provide us with granular information across our landscape. Singularity Complete is fully integrated and can be scaled and expanded to all of our devices.

Singularity Complete's ability to ingest and correlate across our security solutions is good.

Singularity Complete has enabled us to consolidate our security solutions. We can now consolidate all of our Linux and Windows security servers, as well as display various touchpoints and our laptops and desktop devices.

We use the Ranger functionality. The network and asset visibility provided is important because we can see the types of devices connecting to our enterprise network.

Ranger's ability to prevent vulnerable devices from becoming compromised is good.

Singularity Complete has increased our security score. We were able to see the benefits within four months.

Once we can configure and fine-tune Singularity Complete, we can eliminate the false positives that are generated.

Singularity Complete has helped free up our staff's time to work on other projects. We have saved around two months in total.

Singularity Complete has helped reduce our MTTD by 30 percent.

Singularity Complete has helped reduce our MTTR.

Singularity Complete has helped reduce our organizational risk by 50 percent.

What is most valuable?

SentinelOne Singularity Complete is easy to configure.

The protection SentinelOne Singularity Complete provides to our endpoint devices in terms of cybersecurity is valuable.

What needs improvement?

The support has room for improvement. They take a lot of time to respond.

The documentation provided for implementation is not adequate and has caused us challenges.

The pricing is also high and can be improved.

For how long have I used the solution?

I have been using SentinelOne Singularity Complete for three years.

What do I think about the stability of the solution?

SentinelOne Singularity Complete is stable.

What do I think about the scalability of the solution?

SentinelOne Singularity Complete is easily scalable.

How are customer service and support?

The technical support takes time to respond to our tickets.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

Previously, we utilized McAfee for our servers and Microsoft Defender for our endpoint protection on desktops and laptops. However, we desired a unified EDR solution to streamline our security management. Upon evaluating SentinelOne Singularity Complete and confirming it met all our requirements, we transitioned to this comprehensive solution.

How was the initial setup?

The initial deployment was straightforward. The deployment took two months, and three of us including two engineers were involved in the process. We first deployed Singularity Complete to our test servers to ensure everything worked properly before proceeding with the full deployment.

What was our ROI?

The consolidation of multiple solutions into Singularity Complete, along with improved response times and smoother business functionality, has resulted in a return on investment.

What's my experience with pricing, setup cost, and licensing?

The price is costly compared to what we were previously paying with Microsoft Defender and McAfee.

Which other solutions did I evaluate?

After evaluating CrowdStrike and other solutions, we ultimately chose SentinelOne Singularity Complete due to its user-friendly functionality, efficient logging, and rapid response times.

What other advice do I have?

I would rate SentinelOne Singularity Complete eight out of ten.

SentinelOne Singularity Complete is a comprehensive, integrated solution for endpoint protection across the enterprise.

Singularity Complete is deployed across our campus with around 200 users.

SentinelOne Singularity Complete is a good solution that meets our enterprise needs.

I recommend organizations first evaluate SentinelOne Singularity Complete to see the kind of visibility it can provide into their endpoints.

SentinelOne Singularity Complete has reduced our operational costs and response time while enhancing our business efficiency.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
SentinelOne Singularity Complete
March 2024
Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
CISO at a insurance company with 10,001+ employees
Real User
Excellent threat detection, easy to deploy, and helps save time
Pros and Cons
  • "We have had very few false positives or false negatives, which allows our analysts to focus on their work instead of dealing with noise."
  • "The endpoint firewall capability is fairly primitive and basic."

What is our primary use case?

We use SentinelOne Singularity Complete for its end-to-end detection and response capabilities.

How has it helped my organization?

We started using SentinelOne Singularity Complete because I wanted to eliminate a number of our existing first-generation tools, which were designed primarily for on-premises use cases. I wanted to move to our new set of tools, which were designed predominantly for cloud deployment and cloud infrastructure. There were two primary drivers for this decision: to reduce complexity and cost and to move to a solution that was specifically designed for our new architecture.

One of the main reasons we bought SentinelOne was for its integration capabilities. We don't have a standalone tool to supplement our overall security architecture. This includes our security data link, analytics layer, and intelligence capabilities. So that was really one of the primary reasons.

SentinelOne Singularity Complete excels at ingesting and correlating data across the security solutions that it has visibility into.

It has helped consolidate two of our security solutions.

SentinelOne Singularity Complete has helped our organization by boosting our confidence in our ability to detect and respond to the broadest range of threats, reducing noise in our security operations capability and resulting in fewer false positives than ever before.

It helped reduce our alerts by around 60 percent per day. SentinelOne Singularity Complete helped free up 20 percent of our staff's time to work on other projects.

Although I do not have data to support the claim, SentinelOne Singularity Complete should reduce MTTD. SentinelOne Singularity Complete has reduced our MTTR. It has saved us around 18 percent of our costs.

What is most valuable?

I find two features particularly valuable. First, deployment is much simpler than with other solutions with similar capabilities. Second, the fidelity of the detections is excellent. We have had very few false positives or false negatives, which allows our analysts to focus on their work instead of dealing with noise.

What needs improvement?

SentinelOne plans to integrate its endpoint agents, but the process is slow. The company has multiple agents with different functions, such as the ED Ranger, and each agent has different actual clients. Combining the endpoint agents would be a good step.

The endpoint firewall capability is fairly primitive and basic. It does not use objects and different device types to create a single object that can be easily managed. There is a significant amount of work to be done on the firewall side.

For how long have I used the solution?

I have been using SentinelOne Singularity Complete for almost seven months.

What do I think about the stability of the solution?

SentinelOne Singularity Complete is stable.

What do I think about the scalability of the solution?

SentinelOne Singularity Complete is scalable.

How are customer service and support?

Technical support has been excellent so far.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We previously used Tanium and Symantec, two separate sets of tools. Tanium is a first-generation tool that is not specifically designed for the cloud. It requires a significant amount of manual effort to configure and manage, rather than automate these tasks. Symantec does its job, but we are essentially buying two tools to do what SentinelOne Singularity Complete can do on its own. Therefore, the switch to SentinelOne is primarily a cost-saving measure.

How was the initial setup?

The initial deployment was straightforward. The entire deployment took 16 weeks, with eight weeks spent deploying the endpoints and eight weeks spent deploying the service. A total of 20 people were required for the deployment.

What was our ROI?

We are beginning to see a return on investment in SentinelOne Singularity Complete due to the reduced number of alerts in the operations center and the high-fidelity data.

What's my experience with pricing, setup cost, and licensing?

After negotiations, the pricing was found to be fair.

What other advice do I have?

I would rate SentinelOne Singularity Complete an eight out of ten.

SentinelOne Singularity Complete is a really mature product and seems to be focused on enhancing core capability and not getting distracted by other stuff.

SentinelOne Singularity Complete is deployed across our entire estate. We have around 10,000 endpoints.

It requires maintenance, such as builds, policies, and other related tasks. We have a team of four responsible for maintenance and another three people for day-to-day operations.

They have stepped up as a strategic security partner.

I recommend organizations do a proper proof of concept with the SentinelOne Singularity Complete in their environment using their tools and their people.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
PeerSpot user
Chief Information Officer at a tech services company with 1-10 employees
Real User
Reduces alerts, allows data from everywhere, and helps to be as secure as we can be
Pros and Cons
  • "The ability to quickly and easily identify threats on our machines is valuable. The fact that it protects the environment as a whole is also valuable. They have the ability to identify network nodes, and they have Ranger as a component of the solution that allows us to see the whole picture. We can see on what we have SentinelOne and on what we do not."
  • "Interoperability with other SentinelOne solutions and other third-party tools is an area where you can run into some issues. Because of the way the agent works, there are sometimes things that are blocked or prevented from happening that are not identified as a threat, and therefore, not alerted in the console. Sometimes, we do have to dig through the logs, run tests, and adjust the whitelisting or exclusions to make sure that other applications will run properly."

What is our primary use case?

We use it for protection and endpoint detection across our entire customer base because we are a managed service provider. It is also for endpoint protection of our internal machines. 

We have Linux, Mac, and Windows. It has essentially replaced our antivirus solutions. It is our full endpoint detection. We then work in and partner with our outside XDR and our SOC. We interface SentinelOne identifications and alerts into the SOC so that they can manage those for us.

How has it helped my organization?

It is very strong in terms of the ability to ingest and correlate across our security solutions. They have added cloud capabilities. Some of that is through acquisitions, but a lot of it is native. It allows us to bring in data from everywhere, analyze what we need to analyze, and make sure that we are as secure as we can possibly be. When we have SentinelOne running in an environment, it always makes us feel more comfortable. We require it for every one of our customers. They may have a license elsewhere, but regardless of that, we essentially say that if they are coming on and going to be a customer of ours, we are going to remove whatever they have, and they are going to SentinelOne just because it is a far superior product that we have tested and evaluated.

With SentinelOne, we have not consolidated security solutions, but we have reduced our TCO because we do not have to support customers utilizing other endpoint protection solutions. We simply would not work with other solutions. We enforce SentinelOne to be the only endpoint protection solution that is monitored or managed by us. That obviously has helped our TCO in terms of the knowledge base and being able to support and protect our clients, but we have not reduced any applications or vendors that we work with because we stuck with SentinelOne from day one.

We have used the Ranger functionality a little bit. It provides network and asset visibility. It lets us see everything else that may be on the network that we may not already have an idea of. Just by having an agent in the environment, it lets us see additional switches that may have vulnerabilities or new machines that may pop up on the network that we are unaware of. There is a large benefit to that, for sure.

The fact that Ranger requires no new agents, hardware, or network changes is crucial to it being effective because a lot of different solutions out there require you to have something else running on the network to be able to perform the functions of Ranger. However, the way they designed SentinelOne, we can essentially have the regular SentinelOne singularity agent installed on a machine out there and enable the Ranger functionality on the agent. It will then do the work for us. Rather than having an additional appliance or an additional software service running in the environment to capture the information that we are looking for, we get it from Ranger. Ranger can help to prevent vulnerable devices from becoming compromised, but we have not used it this way.

SentinelOne Singularity Complete without a doubt has helped reduce alerts. With the policies that we enable across the board for our customers through SentinelOne Singularity Complete, we can onboard new clients, and as we onboard them, we are able to quickly and easily protect their environment without filtering through a ton of random alerts that are typically false positives when you are onboarding a new customer. That, to me, has been a huge benefit to having SentinelOne and reducing our overhead to manage the new customers that we are bringing on.

SentinelOne Singularity Complete has helped free up our staff for other projects and tasks by reducing the false positives that we get for our existing customers and when we onboard new ones. It obviously allows us some engineering time to be focused elsewhere. We have been able to do more automation and tie in other protection solutions into SentinelOne, such as our XDR with our SOC.

SentinelOne Singularity Complete has reduced our mean time to detect (MTTD) without a doubt. We get alerts regularly from the console that get notified to our SOC and also internally. We are able to respond to those very quickly. In fact, on average, about 90% to 95% of the time, SentinelOne Singularity Complete automatically remediates the solution based on how it is set up with our policies. Therefore, we do not have to do anything other than verify that it was a legitimate threat that was blocked.

Our mean time to respond (MTTR) is a lot faster than what we experienced with other solutions in the near past. It is almost immediate. It sees the process kick off. It remediates it 90% to 95% of the time, and even when it does not remediate it, it alerts us immediately. We are not waiting for a weekly scan or a daily scan that the other solutions typically use because it is all in real-time with the Singularity agent.

SentinelOne Singularity Complete has helped reduce our organizational risk. It is one of those solutions that lets us sleep easier at night when we have it on a machine. Security, in general, is not set-it-and-forget-it. It is not a single layer. You have to have multiple layers. We have other solutions that we partner with SentinelOne to try and make the environment as secure as possible, but SentinelOne is definitely the starting point. It gets us protected, and it makes our lives easier with the device. We feel more confident that the device is secure from everyday end users who do not necessarily know the difference between a fake or a phishing email that has a fake Adobe or Word Document attached to it that they are going to download and try to run. It definitely makes our life easier, and in my role, it helps me sleep a little better at night knowing that all of our machines are protected by that, both internally and across the board of our customers.

What is most valuable?

The ability to quickly and easily identify threats on our machines is valuable. The fact that it protects the environment as a whole is also valuable. They have the ability to identify network nodes, and they have Ranger as a component of the solution that allows us to see the whole picture. We can see on what we have SentinelOne and on what we do not. There is always that concern that you protect what you know, but items can be brought into the network that you are unaware of because you are not sitting at every customer location every day or every office every day, so the ability to quickly identify anything new on the network has been a huge benefit to the application. It is something that they have added over time. It has been huge for us.

What needs improvement?

Interoperability with other SentinelOne solutions and other third-party tools is an area where you can run into some issues. Because of the way the agent works, there are sometimes things that are blocked or prevented from happening that are not identified as a threat, and therefore, not alerted in the console. Sometimes, we do have to dig through the logs, run tests, and adjust the whitelisting or exclusions to make sure that other applications will run properly. It is very effective, and it protects our environment like no other solution that we have ever worked with or tested. It is very strong, but you have to get in and look at the visibility reports and the information in the system, in the console, and on the dashboard to really identify if something is being blocked and causing a performance issue for a customer or on a machine. They have the flexibility there, but it can be a little frustrating at times to find the needle in the haystack until you get used to the console and understand how it works. So, there are times when it can impede the ability of an application. The way I typically look at that is that the application developer or whoever developed the app is probably using some functionality that is not standard, and that is why SentinelOne is effectively not allowing it. The only issue there is that we do not always know that SentinelOne is not allowing it. It could be impeding the traffic for an application or a database connection, but we do not know that initially. It does not flag that as a threat or block anything, so there is no alert.

They have device and network control that they have added over time. It allows you to take over control of the firewall through the network control, and you can block and manage CD-ROMs and USB devices. One thing that I always thought would be beneficial for device control is the ability to enforce encryption on USB and external hard drives. You do not have to have a separate agent to handle any of that even if it is just tying into BitLocker on Windows devices or BitLocker To Go capabilities. To me, that would be a huge benefit to the product so that there is no other application, and you do not have to privately manage BitLocker settings for USB devices or external hard drives.

For how long have I used the solution?

Between my current organization and prior organization, I have been using SentinelOne for close to nine or ten years.

How are customer service and support?

We have not had any incidents where we have had to contact them for an emergency. There were no ransomware outbreaks and no major attacks or threats running through our environment, so I have not had to deal with that level of support. Typically, we reached out to their support when we had a question on interoperability or we were seeing some weird effects or an agent upgrade not wanting to push from the dashboard properly. For the most part, their support is pretty strong. The turnaround time is usually pretty good. We had only one ticket that had to be escalated above the initial tier 1 support. They get prioritized based on criticality, and even that ticket was closed within eight calendar days. To me, it was not a critical issue. I did not think it was an issue, but it took eight days. That was well within the expected time frames. I would rate their support a nine out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

In the past, I have used Trend Micro. This was prior to endpoint detection times. It was more than nine years ago. I used Trend Micro, Kaspersky, Norton, and McAfee. I have also used ESET and Malwarebytes. Typically, we were using those in layered approaches. We put ESET and Malwarebytes on the same machine because they served different purposes, but I have not used those in nine or ten years.

By implementing SentinelOne Singularity Complete, we were not necessarily trying to solve a problem. We wanted to try and find a best-of-breed solution that was more effective than legacy AV because legacy AV is based on somebody getting hit by the virus, and then it allows the fingerprint to be used to block hashes, etc. Somebody has to get hit, and then everybody else can benefit from that. That was the old model, and we wanted to go next-gen. We wanted to make sure that we were using something that could be as protective as possible on zero-day outbreaks. After reviewing many of the solutions out there, we felt like SentinelOne was the best of the breed. That is justified year over year, and that is why we have continued to stay with them both in my last organization and this one. When you review different reports that are out there every year, SentinelOne is the leader year after year.

What was our ROI?

It has helped us save a lot of soft dollar costs. I do not know if they offer it to everybody, but we have the ransomware insurance policy from SentinelOne that provides us a certain amount of reimbursements per endpoint should there actually be a ransomware outbreak. In all our time, we never had to use it because there simply has not been a ransomware outbreak on a single one of the machines that has SentinelOne properly installed on it.

What's my experience with pricing, setup cost, and licensing?

We buy the licensing in bulk. From a pricing standpoint, because we buy in bulk, we get very good pricing. Based on its functionality and capabilities, it is well worth the price. I do not think it is at all expensive based on what you get in the solution. We use the complete up to the core. Our pricing is probably a little bit more than somebody who is on the core. In general, it is well worth what you get for the price you pay.

What other advice do I have?

Overall, I would rate SentinelOne Singularity Complete a nine out of ten.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
PeerSpot user
Enterprise Security Architect at a recruiting/HR firm with 10,001+ employees
Real User
Single pane of glass allows us to run a lean team while protecting tens of thousands of endpoints around the world
Pros and Cons
  • "SentinelOne also provides equal protection across Windows, Linux, and macOS. I have all of them and every flavor of them you could possibly imagine. They've done a great job because I still have a lot of legacy infrastructure to support. It can support legacy environments as well as newer environments, including all the latest OS's... There are cost savings not only on licensing but because I don't have to have different people managing different consoles."
  • "If it had a little bit more granularity in the roles and responsibilities matrix, that would help. There are users that have different components, but I'd be much happier if I could cherry-pick what functions I want to give to which users. That would be a huge benefit."

What is our primary use case?

We use it for endpoint protection. It's an active EDR endpoint protection tool. Think of it as an antivirus and endpoint protection solution with machine learning, like McAfee on steroids.

In our company it is deployed in 83 countries and on over 40,000 workstations and servers.

How has it helped my organization?

It provides incredible visibility in a single pane of glass. The dashboard gives me visibility over all the endpoints, which are broken down by country, and then broken down within each country by brand and machine type. It provides a very simple way for me to understand if

  • we're being targeted globally
  • my endpoints are actively being attacked
  • we have outstanding issues in any one region
  • we have malicious activity.

In addition, it logs to my SIEM tool, cloud-natively, which makes it a very effective weapon to help diagnose and remediate any potential bad actors in my environment.

The Behavioral AI feature for ransomware and anti-malware protection does an outstanding job of identifying abnormal behavior patterns in my environment. Once we allowed it to sit in learning mode for about 30 days, we switched all our endpoints into what is called Protect mode, instead of Detect mode. With Protect mode, we have different functions available to us, such as kill, quarantine, identify, and rollback. Using those features, we are really able to protect our endpoints much better. We take advantage of the fact that we have a machine, or an automated process, governing our endpoint protection. That reduces the total headcount needed to babysit my environment.

Furthermore, Behavioral AI recognizes novel and fileless attacks and responds in real-time. It improves my security, reduces my total cost of ownership and management, and provides enhanced protection for what is now a highly mobile population. Due to COVID-19, we have had to take most of our workforce, and that's over 40,000 people around the world, and give them access to work remotely through a series of different mechanisms. In doing so, we felt much more comfortable because we have this endpoint protection tool deployed. It provides us not only the visibility into what the tool is doing and how it's protecting us, but it allows us to look at what applications are installed, what IP range is coming on, and what network it's sourced from.

And with Ranger we're able to help identify additional networks. Using SentinelOne with Ranger, allowed us to take a look at some of our smaller offices in Asia Pacific where we didn't have exceptional visibility.

We also use the solution’s automatic remediation and rollback in Protect mode, without human intervention. I want to protect mode for both malicious and suspicious, and that is in Protect mode. Having turned that on, we saw no negative impact, across the board, which has been an outstanding feature for us. It does save time on having to go in and identify things, because we allowed it to run in learning mode for so long. It learned our business processes. It learned what's normal. It learned file types. It learned everything that we do enough that, when I did turn that feature on, there were no helpdesk calls, no madness ensued, no people complaining that files were being removed that they needed. It worked out very well for us. 

We also use the solution’s ActiveEDR technology. Its automatic monitoring of every OS process, at all times, improves our security operations greatly. There is a learning time involved. It has to learn what processes are normal. But the fact that it's actively engaged with every process—every file that moves across it, every DLL that's launched, whether or not it's automated or process-driven—everything is viewed, inspected, and categorized. And it allows us to have enhanced visibility that ties directly into the Deep Visibility. I can look at and help identify behavior patterns. 

For example, yesterday I wrote a series of queries for Deep Visibility that are based on MITRE ATT&CK parameters. Those give me reports, on a daily basis, of how effective this tool really is because I can use MITRE ATT&CK engine parameters to help define what's going on. Even if something is not considered malicious behavior by the tool itself, if I take that information and couple it with information I can pull from Tanium and information I pull from other tool sets, and aggregate that into my SIEM tool, my use case is provided. I get more positive and actionable intelligence on how my endpoints are behaving. If I have somebody out there who is doing testing of software, I can pick that out of a crowd in a second.

We have application control and containers available. Since we have AWS, Azure, and a myriad of cloud platforms, it's been hugely beneficial to us. Considering that we are endeavoring, as an organization, to move into cloud-based solutions, this has been a huge benefit.

Overall, SentinelOne has absolutely reduced incident response time. It's instantaneous. It has reduced it by at least 95 percent.

I use the tool to help me determine how well my other tools are working. For example, we have a role called a RISO, a regional information security officer. Those people are responsible for regions of the globe, whether it be Latin America, Asia Pacific, or AMEA. The RISOs now use the tool because it can help them identify other tools we have rolled out, like Zscaler. They can go into the SentinelOne console and query for Zscaler and look at all the machines in their environment and determine what the delta is. It allows people with different levels of knowledge and different roles in an organization to have visibility. It's been outstanding. That, in and of itself, makes it a better tool than its counterparts and it makes it usable for non-technical and non-security people.

We get the long-term strategic benefits of having enhanced visibility and the more short-term tactical benefits of knowing that our endpoints are protected, the visibility is there, and that no matter what lands on top of it, it's going to get taken care of.

What is most valuable?

The most valuable feature of the solution is its ability to learn, the fact that once you tune it correctly, it knows how to capture and defeat malicious activity on the endpoints. It's not set-it-and-forget-it, but it does give me a much more comfortable feeling that my endpoints are secure and protected from malicious behavior.

SentinelOne also provides equal protection across Windows, Linux, and macOS. I have all of them and every flavor of them you could possibly imagine. They've done a great job because I still have a lot of legacy infrastructure to support. It can support legacy environments as well as newer environments, including all the latest OS's. The latest Mac OS X that's coming out is already supported and in test for our organization. The complete coverage of every OS that we have in our environment has been a huge benefit because I don't have to have different tools to support them. There are cost savings not only on licensing but because I don't have to have different people managing different consoles. For me, having single pane of glass visibility is incredibly important because we run a very lean team here. We are a skeleton crew governing all 83 countries. In doing so, it provides us the ability to do a lot more with a lot less.

I use the Deep Visibility feature every single day. It is outstanding because I just create hunting cases and then I can load them. I can figure out what queries I want to run and I can go digging. And with the queries that I have built for the MITRE ATT&CKs, it makes it very simple to identify something. And now that I have reporting set up based on those queries, I get emails every day.

Using Deep Visibility I have identified a threat and figured out information about it. I've also used Deep Visibility to be proactive versus reactive as far as my alerting goes. I know that SentinelOne will protect my endpoints, but there's also a case where there isn't specific malicious behavior but the patterns look malicious. And that's really what I'm writing these queries for in Deep Visibility.

Here's an example. You can do a lateral movement in an organization. You can RDP to one server and RDP to another server, depending on how your software defined perimeter is configured. Unless you do something malicious, SentinelOne will look at it, but it won't necessarily stop it, because there is no malicious activity. But I can write a query in Deep Visibility to show me things. Let's say somebody breached my secure remote access solution. With the Deep Visibility queries that are being run, I can see that that one machine may have RDPed to a server and RDPed to another server and been jumping around because they may have gotten compromised credentials. That can be reported on. It might not have been malicious behavior, but it's an activity that the reporting from Deep Visibility allows me to pursue and then do a deeper dive into it.

What needs improvement?

If they would stop changing the dashboard so much I'd be a happy man. 

Also, if it had a little bit more granularity in the roles and responsibilities matrix, that would help. There are users that have different components, but I'd be much happier if I could cherry-pick what functions I want to give to which users. That would be a huge benefit.

The nice thing about SentinelOne is that I get to directly engage with their leadership at any time I want. That allows me to provide feedback such as, "I would like this function," and they've built a lot of functions for me as a result of my requests. I don't really have much in the way of complaints because if I want something, I generally tend to get it.

For how long have I used the solution?

I have been using SentinelOne for about 14 months now.

What do I think about the stability of the solution?

It's incredibly stable. We really haven't had any significant issues. There have been a couple of things here and there where certain versions of the product weren't disabling Windows Defender effectively. I think that was predicated on a GPO that we identified that had been accidentally linked and that kept turning Defender back on again. The issues were very trivial things.

How are customer service and technical support?

I talk to my TAM once a week, minimum. I think I have the best customer support in the business.

I had an issue that I raised a couple of weeks ago and within minutes I had an army of engineers working on it. By the end of the week, I had senior management calling me asking me what else I want, what else I need, and how else they could help me. 

They go all-in. I have never had to wonder or concern myself with whether I will be getting adequate support? Will the support be on time? Will the support be effective and accurate? Not once, not ever.

I have such a close relationship with the team, not only the team that sold it to me but the team that supports me. We call each other on a first-name basis and we talk about how we're doing. It's that kind professional relationship. That's how good it is.

Which solution did I use previously and why did I switch?

Before, we had a mix of dozens of different solutions across the enterprise. We didn't have any one, ubiquitous solution. We had a mix of McAfee and Panda and Kaspersky. You name it, we owned a copy of it, and that didn't provide a unified field of view. It also didn't provide the best protection that money can buy and, in my opinion as a professional in this industry for 25 years, this is the best protection money can buy.

How was the initial setup?

The initial setup of SentinelOne was very simple. I packaged the executables into MSIs, including the token ID, I created a package in Tanium, and I dropped it on all the workstations. I was able to deploy it to over 40,000 endpoints in 35 days.

When you govern as much real estate as I do, meaning the number of endpoints and the number of different business units that those endpoints comprise, there had to be a deployment strategy for it. I broke it down into countries, and in each of those countries I broke into brands and I broke it into asset types, whether they be servers or workstations, whether they're mobile or localized. It's not difficult to push out there, as long as you create exclusions. I used my legacy tools in parallel with this for a month and still never faced any issues.

For any organization, if you have any kind of deployment mechanism in place, you could put your entire workforce on this and it wouldn't matter how many endpoints. If they're online and available and you have a deployment solution, you could do it in a month, easily, if not less. I could've done it much faster, but I needed to do a pilot country first. I did all the testing and validations and then, once we went into production mode, it was very fast.

What's my experience with pricing, setup cost, and licensing?

I got a really good deal so I'm very happy with the pricing.

Which other solutions did I evaluate?

I looked at everything. I looked at CrowdStrike, Cylance, Carbon Black, and I had McAfee as the largest of the incumbents. I tested them all and I validated them all and I pushed every malware virus—everything in my collection—at them. I built a series of VMs to test and validate the platform. I tested against multiple operating systems. I tested against downloads, I tested against uploads. I tested visibility. I did this entire series of tests and listed out 34 or 35 different criteria. And at the end of the day, SentinelOne came out on top.

One of the huge benefits of SentinelOne is the Full Remote Shell. That has been an incredibly useful tool for me.

Cylance came in second. It has very similar functionalities, very similar builds, but not a full remote shell. It had the single pane of glass dashboard, but the visibility I get out of SentinelOne, as well as the protection and the capability to run the Full Remote Shell pushed it over the top.

Carbon Black was nice, but I had to run two different dashboards, one cloud and one local. I couldn't get single pane of glass visibility from that.

When I tested SentinelOne against all the engines, they all pretty much found everything. Mimikatz was the deciding factor. A couple of the solutions flagged it but didn't remediate it. SentinelOne just rolled everything back as it started to discover it. It actually pulled the installer out, so that was nice. 

A lot of new technologies that are out there are very similar. They are pulling from public threat feeds and other learning engines. But if you compare and contrast all the features available, SentinelOne is just going to edge everybody else out. And they're constantly evolving the product to make it more efficient and to have a smaller footprint too. When they came out with Ranger, we were still doing some network discoveries around our environment to try to figure out exactly what was still out there. That came to be a very useful tool.

It really just shines. If you compare it to everybody else there are a lot that come close, but nobody else can really quite get to the top. SentinelOne really gives you the best overall picture.

What other advice do I have?

Do your homework. I would encourage everybody, if you have the capabilities, to do what I did and test it against everything out there. If you don't have those capabilities and you want to save yourself a lot of time, just go straight to SentinelOne. I cannot imagine any organization regretting that decision. With the news stories you read about, such as hospitals under attack from malware and crypto viruses—with all the bad actors that exist, especially since the pandemic took over—if you want to protect your environment and sleep soundly at night, and if you're in the security industry, I highly encourage you to deploy SentinelOne and just watch what it's capable of.

I don't use the Storyline technology that much simply because I'm really turning this into a more automated process for my organization. An example of where we may use Storyline is when we download an encrypted malicious file. Let's say that email was sent to 500 people. If it gets through our email gateway, which is unlikely, I can not only identify those users quickly, but I can also use the Storyline to determine where it came from, how it got there, and what it was doing along the way. And while it killed it, it will tell me what processes were there. It helps us create and identify things like the hash, which we then summarily blacklist. Overall, Storyline is better for identifying what had happened along the way, but after the fact. For me, the fact that it has actually taken care of it without me having to go hunt it down all the time is the real benefit.

The only thing we don't take advantage of is their management service. We do have a TAM, but we don't have Vigilance.

For top-down administration, there's only about six of us who work with the solution. For country level administration, we have one or two in every country in those 83 countries.

We run a myriad of different front office and back office environments. SentinelOne had to learn different environments in different countries. It had to understand the business processes that are surrounding those. We did a substantial amount of tuning along the way, during the deployment. And then, of course, there are agent updates and there are considerations when you get a new EA version and are creating test groups. But, as an organization, we have reduced our total cost of ownership for our EPP platform, we have improved our visibility a hundred-fold, and we have maintained our data integrity. It really is the one end-all and be-all solution that we needed.

It's a home run. I've been doing this a long time and I've done this in over 48 countries around the world. Given what we do with this product and the visibility it has given us and the protection it has given us, I feel very comfortable with my security right now.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Rick Bosworth S1 - PeerSpot reviewer
Rick Bosworth S1 IT security at SentinelOne
Real User

I'm delighted to report that we have now released Fully Customizable RBAC Roles.  Thanks again for your feedback! 

See all 2 comments
Craig McGill. - PeerSpot reviewer
IT Security Analyst at a recreational facilities/services company with 1-10 employees
Real User
Top 10
Helps save costs, and ingest and correlate data across our security solutions
Pros and Cons
  • "The most valuable features are threat hunting, the ability to disconnect or disable a machine's network connection in real time, and the ability to restore the connection once the issue is resolved quickly."
  • "Singularity Complete needs to improve its ability to granularly select and extract the executable files that I want to run."

What is our primary use case?

We use SentinelOne Singularity Complete as our EDR to monitor our network. We incorporated SentinelOne Singularity Complete into our SIEM to mitigate threats.

We implemented it because we needed more insight into the interactions that occurred on our endpoints.

How has it helped my organization?

SentinelOne Singularity Complete's interoperability with third-party tools enables seamless data exchange and effortless information extraction or export between them.

Its ability to ingest and correlate data across our security solutions simplifies the process considerably. It's akin to pulling data into a SIEM and correlating timestamps, IP addresses, MAC addresses, and any other metric that would link the two machines.

It helps reduce alerts which is one of the things that attracted us to the solution. It has reduced the alerts by around 75 alerts per week.

Singularity Complete frees up our staff for other projects and tasks, thanks to its out-of-the-box setup and automated operation. I only need to intervene when a real threat emerges.

It helps reduce our mean time to detect and our mean time to respond.

Singularity Complete helps our organization save on costs by preventing malware from entering our machines which would result in downtime and machine repairs.

It helped reduce our organizational risk by 20 percent. 

What is most valuable?

The most valuable features are threat hunting, the ability to disconnect or disable a machine's network connection in real time, and the ability to restore the connection once the issue is resolved quickly.

What needs improvement?

Singularity Complete needs to improve its ability to granularly select and extract the executable files that I want to run.

For how long have I used the solution?

I have been using SentinelOne Singularity Complete for four years.

What do I think about the stability of the solution?

I would rate the stability of SentinelOne Singularity Complete a nine out of ten.

What do I think about the scalability of the solution?

I would rate the scalability of SentinelOne Singularity Complete an eight out of ten.

How are customer service and support?

The technical support is difficult to contact.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

In my previous company, I used VMware Carbon Black. When I changed jobs, my new company was already using SentinelOne Singularity Complete. 

What was our ROI?

We've seen a positive return on investment with SentinelOne Singularity Complete. The key benefit for me was the ability to proactively prevent suspicious activity on our endpoints. As a practitioner rather than a manager, I dealt with an incident on an endpoint and was impressed by the solution's capabilities. Singularity Complete automatically contained the threat, allowing me ample time to clean the infected machine. Most importantly, it prevented the need to rebuild any other machines, even the affected ones in most cases. I often resolved issues on endpoints within an hour or two, minimizing downtime and ensuring user productivity.

What's my experience with pricing, setup cost, and licensing?

The pricing for SentinelOne Singularity Complete is competitive. SentinelOne has a better price out of the box compared to Carbon Black and CrowdStrike.

Which other solutions did I evaluate?

Carbon Black lacked the same level of back-end support as CrowdStrike Falcon Complete.

What other advice do I have?

I would rate SentinelOne Singularity Complete a nine out of ten.

SentinelOne Singularity Complete is an innovative solution that is ahead of Carbon Black and on par with CrowdStrike.

It is a high-quality mature solution that will help improve any security stack.

We are deploying it across eight locations, encompassing all departments and protecting our 500 employee endpoints.

I am an IT security analyst and I update the sensors myself.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Werner Lunow - PeerSpot reviewer
CISO at a financial services firm with 1,001-5,000 employees
Real User
Top 5
Helps mitigate risks, reduces alerts, and provides great visibility
Pros and Cons
  • "We collect a lot of telemetry from Singularity Complete."

    What is our primary use case?

    We use SentinelOne Singularity Complete as an endpoint detection and response solution to detect advanced threats in memory and protect our environment from ransomware attacks.

    How has it helped my organization?

    We are ingesting data from Singularity Complete into our team. The integration between Singularity Complete and Splunk works well, pushing all alerts from Singularity Complete to our soft tool. We have also looked at other SentinelOne products, but we only use a few of them.

    We use Ranger to detect rogue sensors by scanning networks for endpoints that do not have SentinelOne installed. We do not use Ranger Pro.

    Ranger is used to identify endpoints that do not have SentinelOne installed, ensuring 100 percent coverage. However, we also use a network access control tool to verify that endpoints have the necessary security telemetry and toolsets installed. The NAC tool can either orchestrate the installation of missing components, quarantine endpoints or simply notify us that components are missing.

    The biggest benefit for us, other than mitigating the risks, is that Singularity Complete has raised the bar for red teaming, compared to the previous tool we were using. Some of the agent coverage in the previous toolset was becoming a limitation, but Singularity Complete gives us better coverage and visibility, both for red teaming and in general.

    Over time, Singularity Complete has helped to reduce alerts. At the beginning of the implementation, we had to spend some time training the system, accepting events, and so on. However, over time, the number of alerts has been reduced.

    Singularity Complete has helped our MTTD by providing broader visibility into our environment.

    What is most valuable?

    We collect a lot of telemetry from Singularity Complete. We then use this telemetry to search for malicious processes, which we would not have been able to see before. In other words, in addition to the standard setup that we expect, we are extracting additional telemetry from Singularity Complet to identify malicious processes and other types of threats running on endpoints.

    What needs improvement?

    Singularity Complete can be improved by allowing for better nesting of policies. Currently, when we create a policy and want to apply two different policies to an endpoint, we cannot do so. Instead, we must create two separate policies and place the endpoint in each policy, even if the only difference between the policies is slight. This makes the policy nesting process cumbersome and inefficient. Therefore, allowing for nested policies would be a valuable improvement to Singularity Complete.

    The Endpoint Health telemetry could be improved. This is likely true of all tools, but I think it would be particularly useful for us to be able to see the sensor when it is running on an endpoint and starts to consume more memory, or if there is a memory leak. This would allow us to collect better telemetry on this topic.

    For how long have I used the solution?

    I have been using SentinelOne Singularity Complete for one and a half years.

    What do I think about the stability of the solution?

    Singularity Complete is stable, but there are occasional instances where the sensor monitors a specific process that starts to malfunction, which is naturally possible. In these cases, we need to investigate and add an exception to prevent the sensor from monitoring the process so heavily, if it is a valid process so that it can return to normal operation. Therefore, there is a significant amount of tuning required. If the tuning is correct, Singularity Complete operates quite well and is certainly stable.

    What do I think about the scalability of the solution?

    Singularity Complete is scalable. We have 2,500 endpoints. I know other organizations that have over 70,000 endpoints.

    How are customer service and support?

    We have technical support that we can access, but I think it could be stronger. Currently, we deal with some local support, but their knowledge is limited. I would like to establish a closer relationship with SentinelOne International support, especially for the upgrade we are planning next year. I was in Tel Aviv in June and July and visited the SentinelOne offices to speak to them about this.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    Our previous solution, Cybereason was not very good at detecting things happening in memory, so we were looking to replace it with SentinelOne, CrowdStrike, or Cortex XDR by Palo Alto Networks. The replacement had to be able to see things happening in memory and deal with ransomware attacks. SentinelOne Singularity Complete was able to meet our requirements.

    How was the initial setup?

    The initial deployment was slightly more complex than our previous tool because we needed to understand and implement the exceptions. These exceptions included both standard exceptions and our own custom exceptions related to how applications behave. However, the complexity is justified by the better coverage and protection that the new tool provides.

    Three people from our company were involved in the deployment, which took about six months. This included removing the previous solution and replacing it with Singularity Complete.

    What's my experience with pricing, setup cost, and licensing?

    The cost of Singularity Complete is similar to our previous solution but it comes with additional options such as Kubernetes integration. We make sure to benchmark the prices against other EDR solutions before renewal to ensure we are not overpaying.

    What other advice do I have?

    I would rate SentinelOne Singularity Complete eight out of ten.

    We started looking at the reception technology, but it was too much for us and required too many permissions. As a result, we did not proceed with it.

    Ranger provides network and asset visibility, but we use other telemetry to build a data lake, which we then use to give us more holistic visibility.

    Singularity Complete is definitely innovative. It offers better coverage of endpoints and sensors than our previous solution, as well as better coverage from red teams and other threats. It also provides us with much better telemetry from endpoints than our previous solution. This includes features that our previous EDR tool promised but did not deliver.

    SentinelOne is a fairly mature product. I think we first looked at it about six or seven years ago when it first came out. It has definitely matured a lot since then. When we first saw SentinelOne, it had a lot of problems with automatically killing things without alerting us. However, we have definitely seen improvements in the solution from a product perspective. Additionally, there are now more modules and integrations available. We have looked at the reception part of it, as well as quite a few other pieces, including Rogue Sensor Pro. We have looked at a lot of little bits, so it has quite broad coverage in terms of what it actually will cover.

    We have deployed Singularity Complete across the company and all lines of business, including our branches in South Africa and other parts of Africa. This includes approximately two and a half thousand endpoints.

    Four people are managing Singularity Complete. Every six months we have to update the sensors. 

    We have definitely told others about and shown them Singularity Complete, and we have told them that we are happy with it. When implementing Singularity Complete, we need to know what our expectations are and, obviously, test the solution thoroughly to prevent any negative outcomes.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    PeerSpot user
    Luigi Tiano - PeerSpot reviewer
    Co-Founder & VP Sales and Marketing at Assurance IT
    Real User
    Great roll-back feature, helps save time and integrates well with other security solutions
    Pros and Cons
    • "The most valuable aspect, in any scenario, was the rollback feature."
    • "Native integration with the mobile console is an area that can be improved."

    What is our primary use case?

    We utilize SentinelOne Singularity Complete to manage the endpoints, including workstations on both Windows and Mac platforms. This enables us to detect any anomalous behavior and threats on these workstations. Essentially, it empowers us to safeguard our enterprise, effectively replacing our conventional antivirus solution.

    We aimed to bolster our security and achieve more comprehensive coverage, which is why we adopted SentinelOne Singularity Complete.

    How has it helped my organization?

    Singularity Complete's interoperability with third-party tools is good. The integration with the Singularity XDR platform enables us to collect logs from various other platforms and consolidate them into a single console. This greatly facilitates swift issue diagnosis and identification, making it an advantageous perspective.

    We have recently begun using the ingestion and correlation functionalities of Singularity Complete. Currently, we are in the process of integrating it with our existing networking equipment, namely Palo Alto and Fortinet. Our objective is to ingest specific data from these sources and derive meaningful insights from the collected information. The integration processes are quite straightforward and user-friendly. It seems that any challenges we are facing might be attributed to configuration issues on our side, which we need to improve upon.

    Singularity Complete has assisted us in consolidating our security solutions. With Singularity Complete, we now have a centralized platform for monitoring alarms. We are gradually phasing out the other solutions we had in place.

    It has enabled us to gain more confidence and autonomy. The solution is comprehensive as it effectively manages both workstations and threats. Consequently, it significantly reduces the burden of dealing with operational issues and reacting to problems. This approach eliminates the need for excessive proactivity, as we trust the platform to handle these tasks on our behalf. Thus, we no longer need to spend time searching for threats, as the platform efficiently performs this task for us.

    It helped reduce false positives. We fine-tuned the solution by creating some exclusions that have reduced the number of alerts.

    Singularity Complete has freed up two to three hours per week of our staff's time to work on other projects and tasks.

    Singularity Complete has reduced our MTTD by around five hours and has reduced our MTTR by around three hours on average.

    It has indirectly helped save costs because we spend less time having to deal with configuration and proactively configuring alarms and alerts.

    Singularity Complete has reduced our organizational risk by around 40 percent.

    What is most valuable?

    The most valuable aspect, in any scenario, was the rollback feature. There were instances when some workstations detected infections, and having the rollback feature proved to be incredibly valuable.

    What needs improvement?

    Native integration with the mobile console is an area that can be improved.

    I'd like to see more operations with the XDR platform.

    For how long have I used the solution?

    I have been using SentinelOne Singularity Complete for one year.

    What do I think about the stability of the solution?

    I would rate the stability of Singularity Complete a ten out of ten.

    What do I think about the scalability of the solution?

    I would rate the scalability of Singularity Complete a nine out of ten.

    How are customer service and support?

    The technical support is of high quality, strong, and responsive.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We previously used ESET but we were often missing threats and not finding out until after the fact.

    How was the initial setup?

    The initial setup is straightforward. We collected several samples for each department, and subsequently, we distributed them to ensure their functionality among the users in different departments. After conducting the necessary tests, we proceeded to implement the final version.

    Two individuals were engaged in the deployment: a Cyber Hunter and an administrator.

    What about the implementation team?

    The implementation was completed in-house.

    What was our ROI?

    We have observed a return on investment through the time saved managing our workstations and addressing threats. This has provided us with additional time to dedicate to operational projects.

    What's my experience with pricing, setup cost, and licensing?

    The pricing was very similar in terms of its competitors, but I believe SentinelOne's capability and willingness to attract new business allowed us to save some extra money. I think the pricing aligns well with the market. They encountered competition, so their pricing was slightly more adaptable. That's where we gained an advantage from it.

    Which other solutions did I evaluate?

    We evaluated CrowdStrike and Defender. We didn't find Defender to be a strong enough technology. CrowdStrike was more expensive, while SentinelOne offered a combination of good technology and affordability.

    What other advice do I have?

    I would rate SentinelOne Singularity Complete ten out of ten.

    SentinelOne is ahead of the curve. They are certainly leading the way. When we consider the kinds of integrations being developed and the AI integrated into the platform, it's evident that they are the latest entrants to the market. This current position enables them to be more innovative in their approach.

    SentinelOne Singularity Complete is extremely mature at this level.

    We have 50 end users based out of multiple locations. A lot of our users work from home. Singularity Complete is deployed on laptops, workstations, and our servers.

    The maintenance is minimal and is overseen by one person.

    We're very satisfied with SentinelOne as a strategic partner. They've given us what we need, and we see a long-term future relationship with them.

    Planning the rollout is crucial because we need to effectively manage the changes with the users. Therefore, meticulous planning of the rollout, organized by department, ensures a seamless transition and allows us to anticipate any potential issues. Adopting a staggered approach, rolling it out per department, is likely the most effective strategy for deploying Singularity Complete.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros sharing their opinions.
    Updated: March 2024
    Buyer's Guide
    Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros sharing their opinions.