Try our new research platform with insights from 80,000+ expert users
Ahmed Elbokhari - PeerSpot reviewer
IT Security Engineer at Woodward, Inc.
Real User
Top 10
We have good network and device controls, as well as real-time threat detection
Pros and Cons
  • "I appreciate the network control as well as the device control."
  • "I would appreciate seeing the browser extension react more effectively to events, going beyond mere detection."

What is our primary use case?

SentinelOne Singularity Complete serves as our everyday Endpoint Defense solution. We oversee daily detections and manage Sentinels, workstations, and servers. We strive to safeguard our assets and environment, while also defending against malicious processes and files.

How has it helped my organization?

We utilize Visions and its services. Visions and SentinelOne Singularity Complete are closely linked because we are now monitoring not only our products, endpoints, and environment, but we have also engaged Visions as a form of Managed Security Services Provider. Another aspect I find particularly valuable is their API. As a result, we've seamlessly integrated this solution with our SIEM system, which is functioning effectively. This is undoubtedly a tool that we employ, both in conjunction with Visions and our SIEM products.

It's capability to ingest and correlate data across our security solutions is impressive. I utilize tools such as Visions and Sentinel whenever I need to access or retrieve any telemetry. These tools, along with the enhanced visibility they provide, enable me to proactively conduct threat intelligence, explore my environment, and query assets generating alerts.

SentinelOne Singularity Complete has assisted us in streamlining our security solutions. We now possess the capability to identify malicious threats, and the system will automatically safeguard the relevant information, quarantine the threats, and revert any alterations made by the threat. 

It has effectively defended our environment against numerous malicious actors. With a membership of over ten thousand, the solutions help safeguard their data effectively.

Singularity Complete has helped us reduce the number of alerts we receive by approximately 30 percent. The false positive issue has been addressed by working with Visions. We remediate these issues and then classify them as false positives, rather than repeatedly receiving alerts as in other solutions. As a result, we now experience fewer alerts than initially expected from day one. 

It has assisted in releasing our staff to focus on other projects and tasks. Visions reviews all alerts, forwarding only the true positives to my team for investigation and response.

The agents are live, so our Mean Time To Detect is in real-time.

Our mean time to respond is in real-time. If an issue is escalated by Visions, we receive it instantly. Once it's recorded on the disk, it promptly gets escalated to them. They detect it, review the matter, and subsequently escalate it to us. Then, we review it together, all in real time. There is no downtime during which we have to wait.

SentinelOne Singularity Complete certainly reduces costs for our organization, as we need fewer personnel and don't have to involve numerous analysts due to the presence of Visions. It has also decreased our organization's risk by approximately 30 percent.

What is most valuable?

I appreciate the network control as well as the device control. These two features are truly excellent. I occasionally utilize the custom rules as well.

What needs improvement?

I would love to see improvement in the integration of SentinelOne Singularity Complete and Visions to better utilize the information we receive.

The browser extension for SentinelOne Hunter is a product designed for monitoring and detecting at a browser level. This library is widely recognized. It should not only detect incidents but also proactively block them within the browser environment. Therefore, I would appreciate seeing the browser extension react more effectively to events, going beyond mere detection.

Buyer's Guide
SentinelOne Singularity Complete
May 2025
Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: May 2025.
856,873 professionals have used our research since 2012.

For how long have I used the solution?

I have been using SentinelOne Singularity Complete for one year.

What do I think about the stability of the solution?

I rate the stability of Singularity Complete nine out of ten.

What do I think about the scalability of the solution?

I rate the scalability of Singularity Complete nine out of ten.

How are customer service and support?

We have used technical support a few times, and they were excellent and very competent.

How would you rate customer service and support?

Positive

What was our ROI?

We have seen a return on investment.

Which other solutions did I evaluate?

The organization assessed Carbon Black but found greater value in SentinelOne Singularity Complete.

What other advice do I have?

I rate SentinelOne Singularity Complete nine out of ten.

SentinelOne Singularity Complete is a mature solution that offers a multitude of features and the potential to enhance security within an organization. This presents significant value for security professionals.

We have deployed SentinelOne Singularity Complete across multiple divisions, various business units, and numerous locations spanning Europe, the US, and Japan. As a global organization, Singularity Complete seamlessly integrates with any internet-enabled entity, providing robust agent support upon connection.

Two individuals are responsible for the maintenance tasks, which include updating agents, upgrading policies, and deploying packages.

Having SentinelOne as a strategic security partner is a positive development.

Before assessing Singularity Complete, we need to dedicate a substantial six-month period to thoroughly engage with the product. This entails working with it on a daily basis, comprehending its intricacies, and obtaining full administrative rights to explore and interact with all its features and functionalities.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Craig McGill. - PeerSpot reviewer
IT Security Analyst at a recreational facilities/services company with 1-10 employees
Real User
Top 5
Helps save costs, and ingest and correlate data across our security solutions
Pros and Cons
  • "The most valuable features are threat hunting, the ability to disconnect or disable a machine's network connection in real time, and the ability to restore the connection once the issue is resolved quickly."
  • "Singularity Complete needs to improve its ability to granularly select and extract the executable files that I want to run."

What is our primary use case?

We use SentinelOne Singularity Complete as our EDR to monitor our network. We incorporated SentinelOne Singularity Complete into our SIEM to mitigate threats.

We implemented it because we needed more insight into the interactions that occurred on our endpoints.

How has it helped my organization?

SentinelOne Singularity Complete's interoperability with third-party tools enables seamless data exchange and effortless information extraction or export between them.

Its ability to ingest and correlate data across our security solutions simplifies the process considerably. It's akin to pulling data into a SIEM and correlating timestamps, IP addresses, MAC addresses, and any other metric that would link the two machines.

It helps reduce alerts which is one of the things that attracted us to the solution. It has reduced the alerts by around 75 alerts per week.

Singularity Complete frees up our staff for other projects and tasks, thanks to its out-of-the-box setup and automated operation. I only need to intervene when a real threat emerges.

It helps reduce our mean time to detect and our mean time to respond.

Singularity Complete helps our organization save on costs by preventing malware from entering our machines which would result in downtime and machine repairs.

It helped reduce our organizational risk by 20 percent. 

What is most valuable?

The most valuable features are threat hunting, the ability to disconnect or disable a machine's network connection in real time, and the ability to restore the connection once the issue is resolved quickly.

What needs improvement?

Singularity Complete needs to improve its ability to granularly select and extract the executable files that I want to run.

For how long have I used the solution?

I have been using SentinelOne Singularity Complete for four years.

What do I think about the stability of the solution?

I would rate the stability of SentinelOne Singularity Complete a nine out of ten.

What do I think about the scalability of the solution?

I would rate the scalability of SentinelOne Singularity Complete an eight out of ten.

How are customer service and support?

The technical support is difficult to contact.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

In my previous company, I used VMware Carbon Black. When I changed jobs, my new company was already using SentinelOne Singularity Complete. 

What was our ROI?

We've seen a positive return on investment with SentinelOne Singularity Complete. The key benefit for me was the ability to proactively prevent suspicious activity on our endpoints. As a practitioner rather than a manager, I dealt with an incident on an endpoint and was impressed by the solution's capabilities. Singularity Complete automatically contained the threat, allowing me ample time to clean the infected machine. Most importantly, it prevented the need to rebuild any other machines, even the affected ones in most cases. I often resolved issues on endpoints within an hour or two, minimizing downtime and ensuring user productivity.

What's my experience with pricing, setup cost, and licensing?

The pricing for SentinelOne Singularity Complete is competitive. SentinelOne has a better price out of the box compared to Carbon Black and CrowdStrike.

Which other solutions did I evaluate?

Carbon Black lacked the same level of back-end support as CrowdStrike Falcon Complete.

What other advice do I have?

I would rate SentinelOne Singularity Complete a nine out of ten.

SentinelOne Singularity Complete is an innovative solution that is ahead of Carbon Black and on par with CrowdStrike.

It is a high-quality mature solution that will help improve any security stack.

We are deploying it across eight locations, encompassing all departments and protecting our 500 employee endpoints.

I am an IT security analyst and I update the sensors myself.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
SentinelOne Singularity Complete
May 2025
Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: May 2025.
856,873 professionals have used our research since 2012.
Sumit Saxena. - PeerSpot reviewer
Senior Consultant at a consultancy with 10,001+ employees
Real User
Top 10
Great threat detection and prevention capabilities, but needs to support more common development languages
Pros and Cons
  • "The threat detection and prevention capabilities are valuable, providing development programming support that enables us to perform fair investigations."
  • "SentinelOne needs to provide more documentation for administrators and analytics."

What is our primary use case?

We use SentinelOne Singularity Complete as our endpoint security solution to detect malicious activity and unusual behavior. It is a great tool for analytics and forensic investigations, and it has a good feature for catching threats. I was particularly impressed with this feature.

We implemented SentinelOne Singularity Complete to secure our endpoints.

How has it helped my organization?

SentinelOne Singularity Complete has helped us consolidate our security solutions. We can create use cases and workflows in SentinelOne, and analyze alerts and logs. We can also create custom policies based on our needs. For example, we can create workflows for post situations, or detect specific types of attacks, such as persistence or defense evasion techniques. We can use these techniques to create our own custom use cases, which can then be deployed in production to detect these types of threats.

After deploying SentinelOne Singularity Complete, we were confident we would not face any endpoint security threats. SentinelOne was able to block the type of events that were a true positive. Sometimes, we have also received false positives, but SentinelOne should detect this activity. So, that was the expectation, and SentinelOne has met it. This is very helpful.

SentinelOne Singularity Complete met our business needs and requirements. It was easy to deploy and manage as an administrator, and we can manage the console without having to constantly connect to the user or machine. We can do many things from the console alone, such as taking remote sessions, uninstalling any other solutions or products, and performing cleanup activities. This has been very helpful. We saw these benefits within one month of deploying Singularity Complete.

SentinelOne Singularity Complete helped reduce the number of false positive alerts we were receiving with our previous solution.

SentinelOne Singularity Complete has helped us save three hours per day of our staff's time. The single console makes it easy to manage compliance, including health check reports and the applications we are managing. We were able to identify and remediate malicious files through the console, without having to resolve the issue directly with users or other teams. This is a significant improvement.

SentinelOne Singularity Complete has helped reduce our MTTD and our MTTR.

SentinelOne Singularity Complete has helped reduce our organizational costs by eliminating the need for other endpoint security solutions. It is a cost-effective solution that provides comprehensive protection.

It has reduced our organizational risk by 90 percent.

What is most valuable?

The threat detection and prevention capabilities are valuable, providing development programming support that enables us to perform fair investigations. SentinelOne also provides security for installed devices for all operating systems, including Mac, Windows, and Linux, for users who cannot install SentinelOne themselves and need to connect with the administrator.

What needs improvement?

SentinelOne Singularity Complete needs to support more common development languages, such as PowerShell and Python so that we can better use the solution.

In the release, I would like to have application management features and pre-defined command features that allow us to take control of the system. 

SentinelOne needs to provide more documentation for administrators and analytics.

For how long have I used the solution?

I have been using SentinelOne Singularity Complete for six months.

What do I think about the stability of the solution?

I would rate the stability of Singularity Complete eight out of ten.

What do I think about the scalability of the solution?

I would rate the scalability of Singularity Complete eight out of ten.

How are customer service and support?

We have 24/7 support, but it is just moderate.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

SentinelOne is more secure and offers better scope for threat hunting on Linux than other security solutions, such as CrowdStrike and Microsoft Defender for Endpoint. SentinelOne Singularity Complete allows us to consolidate solutions and is easy to administer from a single console.

How was the initial setup?

The initial setup is straightforward. After completing the proof of concept, we deploy the Singularity Complete solution for our clients. We install the agent and create group policies for detection and prevention. We use a configuration management solution to deploy Singularity Complete within five to ten minutes.

One person can complete the deployment.

What about the implementation team?

We implemented the solution in-house.

What other advice do I have?

I would rate SentinelOne Singularity Complete seven out of ten.

I would rate SentinelOne Singularity Complete's ability to be innovative eight out of ten.

SentinelOne Singularity Complete has a mature GUI.

We deployed SentinelOne Singularity Complete in one of our client environments with 13,000 machines and 1,000 servers.

SentinelOne Singularity Complete maintenance consists of daily monitoring for updates and prioritizing policies and requires around five administrators.

SentinelOne is a good strategic partner.

SentinelOne Singularity Complete makes it easy to perform operations and investigations.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Werner Lunow - PeerSpot reviewer
CISO at a financial services firm with 1,001-5,000 employees
Real User
Top 10
Helps mitigate risks, reduces alerts, and provides great visibility
Pros and Cons
  • "We collect a lot of telemetry from Singularity Complete."

    What is our primary use case?

    We use SentinelOne Singularity Complete as an endpoint detection and response solution to detect advanced threats in memory and protect our environment from ransomware attacks.

    How has it helped my organization?

    We are ingesting data from Singularity Complete into our team. The integration between Singularity Complete and Splunk works well, pushing all alerts from Singularity Complete to our soft tool. We have also looked at other SentinelOne products, but we only use a few of them.

    We use Ranger to detect rogue sensors by scanning networks for endpoints that do not have SentinelOne installed. We do not use Ranger Pro.

    Ranger is used to identify endpoints that do not have SentinelOne installed, ensuring 100 percent coverage. However, we also use a network access control tool to verify that endpoints have the necessary security telemetry and toolsets installed. The NAC tool can either orchestrate the installation of missing components, quarantine endpoints or simply notify us that components are missing.

    The biggest benefit for us, other than mitigating the risks, is that Singularity Complete has raised the bar for red teaming, compared to the previous tool we were using. Some of the agent coverage in the previous toolset was becoming a limitation, but Singularity Complete gives us better coverage and visibility, both for red teaming and in general.

    Over time, Singularity Complete has helped to reduce alerts. At the beginning of the implementation, we had to spend some time training the system, accepting events, and so on. However, over time, the number of alerts has been reduced.

    Singularity Complete has helped our MTTD by providing broader visibility into our environment.

    What is most valuable?

    We collect a lot of telemetry from Singularity Complete. We then use this telemetry to search for malicious processes, which we would not have been able to see before. In other words, in addition to the standard setup that we expect, we are extracting additional telemetry from Singularity Complet to identify malicious processes and other types of threats running on endpoints.

    What needs improvement?

    Singularity Complete can be improved by allowing for better nesting of policies. Currently, when we create a policy and want to apply two different policies to an endpoint, we cannot do so. Instead, we must create two separate policies and place the endpoint in each policy, even if the only difference between the policies is slight. This makes the policy nesting process cumbersome and inefficient. Therefore, allowing for nested policies would be a valuable improvement to Singularity Complete.

    The Endpoint Health telemetry could be improved. This is likely true of all tools, but I think it would be particularly useful for us to be able to see the sensor when it is running on an endpoint and starts to consume more memory, or if there is a memory leak. This would allow us to collect better telemetry on this topic.

    For how long have I used the solution?

    I have been using SentinelOne Singularity Complete for one and a half years.

    What do I think about the stability of the solution?

    Singularity Complete is stable, but there are occasional instances where the sensor monitors a specific process that starts to malfunction, which is naturally possible. In these cases, we need to investigate and add an exception to prevent the sensor from monitoring the process so heavily, if it is a valid process so that it can return to normal operation. Therefore, there is a significant amount of tuning required. If the tuning is correct, Singularity Complete operates quite well and is certainly stable.

    What do I think about the scalability of the solution?

    Singularity Complete is scalable. We have 2,500 endpoints. I know other organizations that have over 70,000 endpoints.

    How are customer service and support?

    We have technical support that we can access, but I think it could be stronger. Currently, we deal with some local support, but their knowledge is limited. I would like to establish a closer relationship with SentinelOne International support, especially for the upgrade we are planning next year. I was in Tel Aviv in June and July and visited the SentinelOne offices to speak to them about this.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    Our previous solution, Cybereason was not very good at detecting things happening in memory, so we were looking to replace it with SentinelOne, CrowdStrike, or Cortex XDR by Palo Alto Networks. The replacement had to be able to see things happening in memory and deal with ransomware attacks. SentinelOne Singularity Complete was able to meet our requirements.

    How was the initial setup?

    The initial deployment was slightly more complex than our previous tool because we needed to understand and implement the exceptions. These exceptions included both standard exceptions and our own custom exceptions related to how applications behave. However, the complexity is justified by the better coverage and protection that the new tool provides.

    Three people from our company were involved in the deployment, which took about six months. This included removing the previous solution and replacing it with Singularity Complete.

    What's my experience with pricing, setup cost, and licensing?

    The cost of Singularity Complete is similar to our previous solution but it comes with additional options such as Kubernetes integration. We make sure to benchmark the prices against other EDR solutions before renewal to ensure we are not overpaying.

    What other advice do I have?

    I would rate SentinelOne Singularity Complete eight out of ten.

    We started looking at the reception technology, but it was too much for us and required too many permissions. As a result, we did not proceed with it.

    Ranger provides network and asset visibility, but we use other telemetry to build a data lake, which we then use to give us more holistic visibility.

    Singularity Complete is definitely innovative. It offers better coverage of endpoints and sensors than our previous solution, as well as better coverage from red teams and other threats. It also provides us with much better telemetry from endpoints than our previous solution. This includes features that our previous EDR tool promised but did not deliver.

    SentinelOne is a fairly mature product. I think we first looked at it about six or seven years ago when it first came out. It has definitely matured a lot since then. When we first saw SentinelOne, it had a lot of problems with automatically killing things without alerting us. However, we have definitely seen improvements in the solution from a product perspective. Additionally, there are now more modules and integrations available. We have looked at the reception part of it, as well as quite a few other pieces, including Rogue Sensor Pro. We have looked at a lot of little bits, so it has quite broad coverage in terms of what it actually will cover.

    We have deployed Singularity Complete across the company and all lines of business, including our branches in South Africa and other parts of Africa. This includes approximately two and a half thousand endpoints.

    Four people are managing Singularity Complete. Every six months we have to update the sensors. 

    We have definitely told others about and shown them Singularity Complete, and we have told them that we are happy with it. When implementing Singularity Complete, we need to know what our expectations are and, obviously, test the solution thoroughly to prevent any negative outcomes.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    reviewer2277096 - PeerSpot reviewer
    Director or IT Security at a educational organization with 11-50 employees
    Real User
    Provides a single pane of glass and takes care of a lot of things for us
    Pros and Cons
    • "The single pane of glass is probably the most valuable. That is a big one. We could see everything from one view."
    • "It is not so much on the Singularity platform itself, but they have their own built-in SIEM that is included with it. That needs to evolve a little bit. It is relatively basic in its capabilities. They have potential there for a great product and a needed product too. Having some kind of SIEM capability with the endpoint solution will save me from buying a bigger SIEM or buying another one. I could just use the one that comes with my endpoint solution."

    What is our primary use case?

    We use it for our endpoints. It is installed on all of our servers and desktops. It is a replacement for the AV platforms that we used to have. 

    Overall, the product monitors what is happening on your machines. It monitors incoming mail and web addresses that your browsers are trying to access. It looks for suspicious activity that may occur on your desktop or on your server and generates alerts based on the type of activity. It might find a malicious file that you downloaded. Like a virus scanner, it would scan something. It might find something that it suspects to be malicious. It will look at that item and go to its own threat intelligence sources to see if it is a known threat. If it is a known threat, it will either block it or do something to it based on how you have pre-configured it. If it suspects something to be a threat but does not have any reference, meaning that it is an unknown threat, then depending on what it detects or how that thing may behave, it would either alert you or suppress or isolate it. It can do a number of things. It depends on the inner workings of the product itself, but our use cases are to protect our endpoints. It is a replacement for our AV, but it is a whole level above what AV used to be. It is the evolution of AV.

    How has it helped my organization?

    We had three different AV platforms in our organization. There was no central way to manage them. We had no complete visibility. From one part of our organization, we had no visibility into another part of our organization. By putting this platform in, we now have one view of the entire organization. We can look at threats as they span our organization. Threats could potentially be moving around. We can detect if they are spreading to other parts. We could not do any of that before.

    Singularity Complete has a much better detection engine. It detects a lot more than an AV can. AV is pretty much finished. There would not be AV anymore.

    In terms of interoperability, we do not have any other SentinelOne solution. This was our first one. There is not a lot of interoperability between endpoints and everything else. The only interoperability that is useful for us right now is the log data that it provides to our SIEM. It allows us to do correlative analysis between different areas. If we have a threat that could be going from endpoints to internet devices, such as switches, or places where the EDR system is not installed, it becomes valuable when we are sharing data from the EDR and our other systems, and we have a tool that analyzes all that data to look for threats that may span in our entire environment. I do not see the interoperability being a problem with our other tools, and I am sure it would not be an issue amongst SentinelOne's own tools as well, but I do not have any data points on that yet.

    Singularity Complete has helped big time to reduce our alerts. In fact, that was my concern with it. I was concerned that we are not seeing too many alerts anymore. I had a meeting with them recently, and I mentioned to them that I feel that we should be getting more alerts. They are going to take a look at our platform to make sure it is working fine, but it seems to be doing a great job of dealing with the alerts in an automated fashion. I became a little bit suspicious that it might be doing too good of a job, so we are just having them double-check. It is just me making sure all my I's are dotted, and my T's are crossed. As a security person, I do not like to have questions out there, but otherwise, it is doing a great job.

    It has freed up our time. It takes a lot less time to investigate things. It takes care of a lot of things for us. It has offloaded 30% to 50% of some of the work that we had to do in the past. It allowed us to work and focus more on higher-priority items.

    It has absolutely reduced the mean time to detect. It has probably reduced the time to detect by 75% because we just did not have some of these capabilities before.

    Singularity Complete has also reduced our mean time to respond but not as much as the mean time to detect. It does a lot of resolution of issues for us. It has probably improved that by 30% to 50% because it does a lot of that automatically, but it frees up our time. We can resolve the stuff that needs our personal assistance a lot quicker because we have more tools and capabilities at our disposal through SentinelOne than we had before.

    Singularity Complete has saved us costs big time. We have eliminated three different vendors and the associated maintenance of those platforms. We needed more people and resources to manage three different things, but now, we do everything with just a couple of folks. Our time savings are about 50%.

    It has helped reduce our organizational risk because we can detect more things that are hitting us. I cannot give a number on that, but it has definitely reduced our risk exposure. From a pure security standpoint, our risk frame point used to be flagged as red. We were missing a lot of things, and now, it is green.

    What is most valuable?

    The single pane of glass is probably the most valuable. That is a big one. We could see everything from one view. 

    The automatic detection and response is great. It takes care of a lot of alerts that it generates before they even cross our desks, which is great. 

    It has advanced detection capabilities. It has the ability to go and look for known threats that are in the environment. Its ability to detect even unknown threats and any suspicious activity is great. We are very happy with it.

    What needs improvement?

    It is not so much on the Singularity platform itself, but they have their own built-in SIEM that is included with it. That needs to evolve a little bit. It is relatively basic in its capabilities. They have potential there for a great product and a needed product too. Having some kind of SIEM capability with the endpoint solution will save me from buying a bigger SIEM or buying another one. I could just use the one that comes with my endpoint solution.

    From the looks of it, it does pretty much what we need, but it could do more. It would be nice if it had some newer features that other players have. They would have a good market advantage if they were offering SIEM as a part of it. They kind of do that, but it is not something they are promoting. We just stumbled on it, so you can use it for doing other things as well, not just endpoint incident and event collection.

    For how long have I used the solution?

    We installed it in January, and we were doing a gradual ramp-up over three months. It has been up and running for about four months now. It is completely up and running.

    What do I think about the stability of the solution?

    We have not had any issues. The performance seems good. 

    What do I think about the scalability of the solution?

    It seems very scalable. We have not run into any issues. We pushed it over about 2,000 endpoints. It performs the exact same way it has been.

    How are customer service and support?

    I have not personally contacted them, but my team has contacted them. Especially during deployment, they were very helpful. They helped us to get it done. The feedback I got was positive.

    Which solution did I use previously and why did I switch?

    We had three different AV platforms. We eliminated McAfee, Defender, and ESET. Singularity Complete does everything better than these because it has got capabilities that these products did not even have. The biggest thing for us is the single pane of glass, so we can see right down to the machine. It is great at machine isolation, and it has better detection and mitigation capabilities than any of these products. It does a lot of it behind the scenes. A lot of it is automated and does not require us to do anything.

    How was the initial setup?

    It is a cloud solution with local installs at the endpoints, so everything is cloud.

    I manage security for the organization. I was not doing the deployment, but I was a part of the deployment team, the meetings, and the decisions when we were going to do different things. I was not pushing the software to anybody's desktop but my team was.

    It was not a difficult installation. Based on the feedback that we got, it was pretty straightforward. It went over relatively smoothly.

    It does not require any maintenance. It is cloud-based, so we do not have to do much to it. The endpoints will update themselves periodically, so there is not much for us from a maintenance standpoint. It does not have a lot for us to do.

    What about the implementation team?

    We acquired our SentinelOne implementation through a reseller. We used the reseller's help, but we did almost 90% of it ourselves. They helped us manage the project piece and provided expertise and guidance. Between SentinelOne and the vendor itself, we got it done, but we did 90% of the heavy lifting.

    There were probably four or five people between all of our locations, but most of it was done remotely. There was no need to touch individual desktops. We were able to push most of it out.

    What's my experience with pricing, setup cost, and licensing?

    SentinelOne was half the price of CrowdStrike.

    Which other solutions did I evaluate?

    We looked at all the big ones, such as CrowdStrike. That is the first one that comes to mind. We even looked at Microsoft Defender and Sentinel. We looked at a few other solutions out there. We had an IBM demo there, but I do not remember what theirs was called. Bitdefender was another one that we looked at.

    We went to Singularity Complete for the feature set. They did not have a robust feature set the way CrowdStrike does, but they had everything that we needed. CrowdStrike had even more advanced features, but SentinelOne's pricing was half of what CrowdStrike sells for. It was a pretty easy decision for us to go with SentinelOne. They were much better than the other players that we looked at. It came down to between SentinelOne and CrowdStrike, and the pricing made all the difference. They also seemed pretty easy to deal with, whereas with CrowdStrike, it felt like they were doing us a favor. When we talked to them, I just did not get a great sense of them, but price was one of the main things. CrowdStrike's price was double of SentinelOne's price.

    What other advice do I have?

    I would advise a couple of things. If you are using a reseller to buy this and install it for you, have a good reseller that you can call upon for support and help manage the project. The other thing that I would probably suggest is to negotiate your education up front and not after the fact. It does not come with a lot of training. They even charge for the online university, so you should probably negotiate that as a part of the negotiation process before you sign a deal. Other than that, it is good.

    I would rate Singularity Complete a nine out of ten. For my use case, it is definitely a nine.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    IT_Blue_Team_Person - PeerSpot reviewer
    Soc Analyst at a retailer with 10,001+ employees
    Real User
    Top 20
    We can easily deploy the agents, have great visibility, and log correlation
    Pros and Cons
    • "The most valuable aspects of SentinelOne Singularity Complete are the ease of deployment with the Sentinel Agent and the enhanced visibility with Skylight, which provides correlation of logs and all endpoint data in a centralized location."
    • "We often experience interruptions to our investigations in SentinelOne Singularity Complete."

    What is our primary use case?

    I review the data logs from each SentinelOne agent using Skylight to develop queries. We have been using Star Alerts to create custom alerts based on those rules. We also partner with their Vigilance team for 24/7 monitoring.

    We implemented SentinelOne Singularity Complete to gain widespread visibility into global markets and to facilitate easy agent deployment for EDR and XDR solutions.

    How has it helped my organization?

    SentinelOne Singularity Complete's interoperability with other SentinelOne and third-party applications is excellent. We recently used a proof of value to integrate some of our other email products, such as Proofpoint, with SentinelOne Singularity Complete. The ease of use has been amazing. Singularity Complete has been a great data ingestion platform, and we have already gained a wealth of data that we never had access to before.

    Singularity Complete's ability to ingest and correlate data across our security solutions has been effective. We can see a significant number of events from our DNS logs, firewall logs, and email tenancy. Overall, it has performed very well thus far.

    We ended up getting rid of QRadar and relied heavily on Singularity Complete. Singularity Complete allowed us to deploy the SentinelOne agent on a significant number of domain controllers and collect much more information than we could with QRadar alone. We needed to purchase additional licenses to quantify the data more effectively. However, Singularity Complete provided the same if not even more enrichment because it allowed us to see a lot of things about the transitioning of IP ranges, the ingressing of traffic from different IP ranges if they are open to the internet, and who is contacting those ranges via different endpoints. Overall, Singularity Complete has provided a significant improvement in data ingestion over our previous solution of QRadar.

    Overall, we have seen a quicker response time with Singularity Complete. We are able to drill down into events in a much more granular way. This allows us to respond better, correlate the information that Singularity has gathered, and come up with a definitive answer to certain questions. Because of Singularity's enrichment of the data that we currently have, we are able to answer these questions more accurately, carefully, and with more specific timestamps. Since we have some of these deployed globally, it is very important for us to get the centralized time zones correct so that we know exactly when an event occurred.

    Singularity Complete has helped us reduce the number of false positives. It provides us with a wealth of data enrichment, which allows us to distinguish between normal and abnormal events in our environment. This is important because we have billions of events happening every ten minutes across our many deployed endpoints. In the past, we would waste analyst time investigating alerts that turned out to be false positives. However, with Singularity Complete, we can now quickly identify which alerts are most likely to be legitimate and prioritize those for investigation. For example, if Singularity Complete tells us that a particular event has been seen a thousand times on one endpoint but only twenty times on another endpoint, we know that the twenty occurrences on the second endpoint are more likely to be abnormal and worth investigating.

    Singularity Complete has helped free up our staff's time for other projects. With all the data enrichment that Singularity Complete has provided us, we are no longer chasing false positives. We are able to set our custom Star rules so that we receive the alerts that are most relevant to our organization, rather than broad alerts that may or may not be relevant. This allows us to focus our attention on what matters most and to investigate more accurate alerts. As a result, we are able to dedicate time to other projects. Before Singularity Complete, our analysts spend two to four weeks. With Singularity Complete in place, we've seen a reduction of two to three weeks, depending on the vendor. On average, analysts now spend three to ten days analyzing logs.

    Singularity Complete substantially reduced our MTTD.

    Our MTTR has been substantially reduced by Singularity Complete. We are now able to respond within the hour of receiving the alert.

    Singularity Complete has helped our organization save costs by eliminating the need to replace equipment infested with malware. We can now detect, remediate, and roll back malware attacks as needed, thanks to the visibility that Singularity Complete provides. We can drill down into actual alerts, not just false positives, and eradicate any malware that may be infecting our systems.

    Singularity Complete has reduced our organizational risk by providing us with much broader visibility into various endpoints deployed globally. This allows us to see what is normal in our environment, rather than reacting to what may not be normal.

    What is most valuable?

    The most valuable aspects of SentinelOne Singularity Complete are the ease of deployment with the Sentinel Agent and the enhanced visibility with Skylight, which provides correlation of logs and all endpoint data in a centralized location.

    What needs improvement?

    The ingestion and correlation of data would be improved by integrating with email security solutions such as Proofpoint or our email security solution. We do not yet have a marketplace integration, so we had to build it from scratch. As a result, it has been somewhat difficult for this particular use case, but the data is available and we are able to correlate it with users, not necessarily with endpoints, but we are making progress.

    We often experience interruptions to our investigations in SentinelOne Singularity Complete. It would be helpful if we could resume our search query from where we left off, even if we lose internet connectivity or the platform is caching results. This would reduce our MTTR by eliminating the need to wait for the platform to load results again. We expect some load times due to the amount of data in our environment, but the current load times are too long and sometimes produce no results. We would like to see the overall response time of the platform improved.

    One area for improvement would be per-user dashboarding. This may be a permissions issue, but we currently only have organization-wide dashboards. I think per-user dashboards would be beneficial because they would allow users to focus on their specific investigations. For example, when a user opens Singularity Complete, they can see a dashboard that is tailored to their current investigation.

    For how long have I used the solution?

    I have been using SentinelOne Singularity Complete for three years.

    What do I think about the stability of the solution?

    I would rate the stability of SentinelOne Singularity Complete as a seven out of ten. We have sometimes encountered problems where queries do not load or take an abnormally long time to load, especially when we are narrowing down the search range to a fourteen-day period, which is standard for us. We have also seen queries that run for twenty minutes or so and then log us out. Additionally, the time narrowing feature, or at least the custom time slots, where we can specify a date, such as September 18, may not work depending on how we write the query. We have had to get used to the custom syntax for the time stamps. Finally, we have sometimes seen data that does not update as often as it should.

    What do I think about the scalability of the solution?

    We have not experienced any problems with scalability. We are able to onboard new machines, and within a day or two, we see more data populate for those machines. So far, scaling has been very helpful for us. This is one of the reasons why we wanted to onboard with Singularity Complete, to get that visibility and to get it right away.

    How are customer service and support?

    Most of the technical support team members I have spoken to at the level two and level three levels of support have been very helpful and willing to share resources and documents from the help portal and knowledge base articles.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We previously used IBM Security QRadar but it did not provide the level of data ingestion we required so we switched to SentinelOne Singularity Complete.

    What was our ROI?

    We have seen a return on investment from SentinelOne Singularity Complete, based on our reduced time to detect and respond to threats, as well as the overall risk reduction to the organization.

    What's my experience with pricing, setup cost, and licensing?

    Our organization is very satisfied with SentinelOne Singularity Complete, especially compared to other options available. It is very affordable and easy to license, and it allows us to onboard new analysts quickly, with a turnaround time of one day at most.

    Which other solutions did I evaluate?

    We evaluated CrowdStrike, but the way their deployment platform worked would not work for our organization.

    What other advice do I have?

    I would rate SentinelOne Singularity Complete eight out of ten.

    We just started using Ranger this week. So far, we've done small test use cases to see what our endpoints can communicate with. Ranger has identified a significant number of machines, including printers, other endpoints, and personal machines, which gives us a better understanding of our network security.

    SentinelOne Singularity Complete has come a long way. I believe it used to be called Power Query or even Data Set at one time. We're currently using the Skylight portion of Singularity Complete, which is a newer addition. Compared to where it was, Singularity Complete is now leaps and bounds ahead. It's the product we use when we need a lot of raw data and the ability to customize what we're looking for in our environment. The wealth of information that we get from every endpoint with the Singularity Complete agent installed allows us to create a large number of custom rules and alerts. This saves us a lot of time, especially for our analysts, who no longer have to respond to as many false positive alerts. 

    We have a maintenance process in place for our custom rules and alerting. We have a dedicated team of members who are responsible for maintaining these aspects, but overall, we have not encountered any major issues that have impacted our team. A lot of this maintenance does occur outside of office hours.

    With SentinelOne Singularity Complete, experiment and use it to its fullest potential, even if a mistake is made. It is a robust platform, so causing any serious damage is unlikely. Some specific features to play around with include custom roles, alerting, fields, power queries, search queries, data retention, and customized displays for the analysts. Tailoring the platform to specific needs will help get the most out of it. Singularity Complete collects a lot of data, so make sure to parse and categorize it in the most efficient way for the organization.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Director of IT at a construction company with 51-200 employees
    Real User
    Saves us time and cost, and is easy to upgrade
    Pros and Cons
    • "The most valuable features include the agent installation and update processes."
    • "The UI appears to be flat, and I wish to have the ability to customize it with features and buttons that are tailored to our needs."

    What is our primary use case?

    We utilize SentinelOne Singularity for endpoint malware protection and to gain visibility into threats across the network.

    How has it helped my organization?

    SentinelOne Singularity has the potential to ingest and correlate data across our security solutions.

    Ranger provides network and asset visibility.

    Ranger saves us time by not having to make changes to our hardware and systems.

    Ranger helps prevent vulnerable devices from being compromised.

    SentinelOne Singularity assisted our organization by saving deployment time and decreasing the volume of support calls.

    Singularity helps reduce the number of alerts.

    Singularity has helped our staff free up around 15 minutes of their time to focus on other projects.

    It has reduced our MTTD.

    It has helped our organization save costs through time savings.

    What is most valuable?

    The most valuable features include the agent installation and update processes.

    What needs improvement?

    The UI appears to be flat, and I wish to have the ability to customize it with features and buttons that are tailored to our needs.

    For how long have I used the solution?

    I have been using SentinelOne Singularity Complete for seven months.

    What do I think about the stability of the solution?

    SentinelOne Singularity is stable. We have not experienced any crashes or downtime.

    What do I think about the scalability of the solution?

    SentinelOne Singularity scaled easily in terms of deployment. We haven't experienced any performance issues, whether it's installed on a higher-end machine or a low-end machine. SentinelOne Singularity has been excellent.

    Which solution did I use previously and why did I switch?

    We faced issues with our previous endpoint solution, Panda Adaptive Defense 360. SentinelOne Singularity seemed to be a more reliable and easier-to-manage alternative. Panda Adaptive Defense 360 caused significant downtime during deployments and updates.

    How was the initial setup?

    The initial setup was straightforward. The deployment required three people.

    What about the implementation team?

    The implementation was completed in-house.

    Which other solutions did I evaluate?

    We assessed McAfee, Trend Micro, and BlackBerry. We opted for SentinelOne Singularity due to its smaller footprint and more efficient software that uses fewer resources.

    What other advice do I have?

    I rate SentinelOne Singularity a nine out of ten.

    SentinelOne Singularity is a mature product.

    Maintenance is necessary only when we are periodically carrying out updates.

    Having a vendor like SentinelOne is crucial for a solid security strategy, as we aim for a product that seamlessly caters to both the IT department and end users. We intend to avoid exacerbating issues more than resolving them. Therefore, I believe SentinelOne is a suitable solution for us – easy to deploy and maintain on a daily basis.

    I suggest trying out SentinelOne Singularity and comparing it to more traditional security vendors. SentinelOne Singularity offers a slightly distinct approach, but it's an effective method.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Ian Sterling - PeerSpot reviewer
    Analyst Information Security at a healthcare company with 5,001-10,000 employees
    Real User
    Top 20
    Drastically reduced alerts, highly interoperable, and unparalleled support
    Pros and Cons
    • "I have been a Mac guy for twenty years, and the feature parity and the capabilities of a Macintosh agent are unparalleled in the industry. It is the first anti-malware and antivirus that does not make you feel that you bought the wrong processor. It is really good and lightweight."
    • "It seems like they are doing a lot with their automatic updates. They can maybe slow down the actual release cycle to make it easier to deploy the most recent and then do it using the live update. They can continue to work on that because trying to get agent changes through change management platforms and get approvals and testing can be quite difficult."

    What is our primary use case?

    It is our primary software platform for endpoint detection and response and vulnerabilities.

    How has it helped my organization?

    Our overall fleet posture and our security have increased a lot. It is much easier to get the agents out onto machines no matter what their operating system is, and it gives equitable reports back no matter what our platform is.

    So far, it is one of the most interoperable applications and platforms that I have seen. There is the ease of bringing things in with the marketplace and the willingness of the company itself to work with you to help you address anything that they do not currently have.

    Singularity Complete has helped free up our staff for other projects and tasks. Being new in the department for a year and a half, I am not the one to say how much time it has saved, but it has made my life easier by several hours a week. It gives me a straight line and a story for what I am looking for, so I can quickly identify whether something is to be expected and just a false positive or if it is actually a problem. Usually, when it is a problem, SentinelOne would have already mitigated it.

    Singularity Complete has absolutely helped reduce alerts. It has drastically reduced alerts across the board. There is a 40% to 60% reduction. This reduction is because it is tunable. It is very tunable, and you can tweak it to meet your needs where you are not just stuck with what a manufacturer or a software developer said in terms of the alerting that you are going to get.

    Singularity Complete has definitely helped reduce our organizational risk. Our risk score has gone down by 15% to 20%. We have better coverage and better insight into what is being covered.

    Singularity Complete has probably saved us costs. I do not have enough insight into those budget numbers, but they keep adding things to it, so my guess is that it has saved us costs.

    SentinelOne is one of our most important partners. The help that we get from their engineers, success team, and support really and truly has been unparalleled.

    What is most valuable?

    I am going to be a little biased because I am a Mac guy. I have been a Mac guy for twenty years, and the feature parity and the capabilities of a Macintosh agent are unparalleled in the industry. It is the first anti-malware and antivirus that does not make you feel that you bought the wrong processor. It is really good and lightweight. 

    What needs improvement?

    It seems like they are doing a lot with their automatic updates. They can maybe slow down the actual release cycle to make it easier to deploy the most recent and then do it using the live update. They can continue to work on that because trying to get agent changes through change management platforms and get approvals and testing can be quite difficult.

    For how long have I used the solution?

    I have been using Singularity Complete for three years.

    How are customer service and support?

    I am blown away by their support. Every time I reach out to my customer service manager, they are returning questions after hours. You do not see that from a lot of companies. I would rate their support a 10 out of 10.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We were not officially using a similar solution. We had other products that we were using, but we did not have a full solution like SentinelOne. We were using multiple things. One of them was McAfee. We switched because they got bought by Trellix, and nobody knew what was going to happen with them. That was our most recent one and what I am most experienced with.

    How was the initial setup?

    I was involved in its initial deployment. I packaged the Jamf mobile device management installation package for our Macs. As far as security products go, it was the easiest one. The instructions were great. They were aligned with the vendor, which is something not common. Usually, it is like, "Here is what you have to do with your vendor." SentinelOne took that extra step, and it deployed right out of the box.

    We have on-premises, public cloud, and private cloud deployment. Our cloud provider is primarily AWS, but we also have a little bit with Google and Mandiant, so we have a hybrid cloud. We are in the middle of a migration. The cloud is fairly new for us, and securing it has been a priority.

    We have our deployment segregated on endpoint types, but our entire organization has it.

    What about the implementation team?

    We did it directly on our own. We rolled it out very quickly. We had been dealing with McAfee before it, so this was like a breath of fresh air.

    We had two or three people working on it, so it went out very smoothly.

    What was our ROI?

    I believe we have seen an ROI. If nothing else, the investment that they are making, as analysts, engineers, and architects, we feel that we can get more done in SentinelOne and have a better stance overall for our organization. 

    Which other solutions did I evaluate?

    They evaluated a lot, but that was before I was in the department, so I do not know exactly which ones they did.

    What other advice do I have?

    I would advise listening to your sales engineers and letting them give you ideas because SentinelOne can do things that you have no idea about.

    For next-generation platforms, it is at the top of what is a small stack right now, and that puts them ahead of a lot of other people.

    I would rate it a 10 out of 10. It has been fantastic for us.

    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    PeerSpot user
    Buyer's Guide
    Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros sharing their opinions.
    Updated: May 2025
    Buyer's Guide
    Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros sharing their opinions.