Prateek Parashar. - PeerSpot reviewer
Cyber Security Administrator at a manufacturing company with 501-1,000 employees
Real User
Top 10
Helps consolidate security solutions, reduce alerts, and free up staff time
Pros and Cons
  • "The most valuable features are asset tracking, patching, endpoint tagging, and policy updates."
  • "While SentinelOne Singularity Complete effectively visualizes security data across our solutions, requiring extensive manual effort for analysis limits its effectiveness. I would therefore rate it a seven out of ten."

What is our primary use case?

We initially implemented SentinelOne Singularity Complete to streamline application installation and patching across our extensive network of over a thousand systems. Managing individual systems has become increasingly challenging. While the platform provided initial visibility during the first attack, its usefulness in further investigation proved limited.

How has it helped my organization?

SentinelOne Singularity Complete boasts good interoperability.

It has helped consolidate some of our security solutions.

While the number of security alerts we receive has been successfully reduced, it has occasionally missed some threats. To address this, we have implemented Microsoft Defender alongside SentinelOne for additional protection. This layered approach has identified several malware incidents that SentinelOne, due to its limitations at the kernel level, did not detect.

SentinelOne Singularity Complete has to an extent helped free up our staff time to focus on other tasks. In conjunction with Defender and Automox 60 to 70% of time has been saved.

Our mean time to detect has been successfully reduced by 70%.

SentinelOne Singularity Complete has reduced our mean time to respond to threats it detects by providing informative feedback from malware reviews.

Our costs have been reduced because we use it daily.

SentinelOne Singularity Complete has reduced our organization's risk by 80%.

What is most valuable?

The most valuable features are asset tracking, patching, endpoint tagging, and policy updates.

What needs improvement?

While SentinelOne Singularity Complete effectively visualizes security data across our solutions, requiring extensive manual effort for analysis limits its effectiveness. I would therefore rate it a seven out of ten.

The pricing has room for improvement.

Buyer's Guide
SentinelOne Singularity Complete
March 2024
Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.

For how long have I used the solution?

I have been using SentinelOne Singularity Complete for two years.

What do I think about the stability of the solution?

I would rate the stability of Singularity Complete eight out of ten.

What do I think about the scalability of the solution?

I would rate the scalability of Singularity Complete a seven out of ten because of the integrations they have with third-party groups.

How are customer service and support?

The technical support is quick to respond.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We previously used Automox only for device management, not as a complete EDR.

What's my experience with pricing, setup cost, and licensing?

SentinelOne Singularity Complete's price point is excessive compared to the functionality it provides.

Which other solutions did I evaluate?

SentinelOne Singularity Complete's longevity in the market may have created an inflated perception of its capabilities. While it was once considered a leading tool, comparisons with newer solutions like Automox, Cynet, and Fortinet reveal a lack of active use cases and functionalities offered by these competitors.

What other advice do I have?

I would rate SentinelOne Singularity Complete eight out of ten.

I haven't observed significant innovation from SentinelOne Singularity Complete lately. Other than obtaining the database, I haven't noticed any new features or third-party integrations being introduced. This leads me to believe that there may not be a high level of ongoing innovation at the moment.

SentinelOne Singularity Complete is deployed across thousands of instances and endpoints in different countries across multiple offices in Europe.

The only maintenance required is for updates to the endpoints.

While SentinelOne offers valuable security protection, it may not be sufficient as a standalone solution. Relying solely on Singularity Complete for a week-long absence might leave our system vulnerable to threats that other Endpoint Detection and Response solutions could identify.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Google
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Security Architect at WaveLength Ind
Real User
Top 5
Effectively prevents vulnerable devices from being compromised by isolating their network traffic
Pros and Cons
  • "The most valuable feature is the ability to drill down into individual sequences of processes."
  • "I encountered issues running Singularity Complete alongside other machine-learning tools."

What is our primary use case?

We use SentinelOne Singularity Complete to detect and respond to "unknown unknowns," which are threats that haven't been previously identified. Our process involves monitoring for any unusual activity or deviations from typical program behavior. This includes analyzing parent and child processes to ensure they're loading correctly and not communicating with unauthorized external servers for remote execution.

For example, I encountered a phishing email that triggered an investigation. Fortunately, Singularity Complete offers an event log feature that allows me to analyze the incident. The tool's built-in Advanced Detection Analytics functionality helped me identify the downloaded file, and its access time, and track its interactions with applications, including attempted installations. Furthermore, Singularity Complete boasts a rollback capability, enabling me to revert to a safe state before the malicious activity occurred. I've utilized this feature successfully for several clients.

In addition to Singularity Complete's event log and rollback functions, it excels in antivirus detection. It effectively identified even sophisticated threats like the MimiKatz attack, which attempts to escalate user privileges in Linux and Windows systems. The tool's signature-based detection proved valuable in this instance.

How has it helped my organization?

Automating threat resolution has significantly improved our security operations. On average, I scan around forty million files, and the detection rate has been quite good.

The integration capabilities significantly enhance my existing security environment. It is a night and day difference compared to CylanceOPTICS by BlackBerry, which I used previously. While CylanceOPTICS was good, it relied on an algorithmic approach that flagged millions of potential threats, resulting in some false positives that needed manual analysis and training. SentinelOne, on the other hand, leverages eleven different engines simultaneously, including AI, machine learning, heuristics, and dynamic and static scans. This comprehensive approach offers robust protection, and if something falls through the cracks, it can consult a cloud database for the latest threat intelligence. Beyond its detection capabilities, SentinelOne offers exceptional visibility and control. I can easily investigate events at any time, like tracking who accessed Yahoo Finance within my organization across specific timeframes. The global tenancy feature empowers me to apply scans and threat signatures across different segments or even my entire network, ensuring consistent protection. The more I explore SentinelOne's features, the more impressed I am. It's incredibly powerful and versatile, offering a level of security and control that far surpasses my previous solution.

The interface is user-friendly, but there's a learning curve due to its extensive capabilities. Navigating for someone unfamiliar with threat hunting can be challenging as they may need to explore every option. However, some features have tooltips explaining their function when hovered over.

Accessing the knowledge base often requires a partnership with the company. While I lack this access, my distributor provided the comprehensive admin guide.

Ranger is an excellent feature for threat scanning. While alternative pen testing tools like Digital Defense exist, Ranger offers a unique advantage. It utilizes SentinelOne agents as probes within the network, allowing scans for irregular connections and identifying devices without the agent. This provides a comprehensive view of potential vulnerabilities. Imagine we decide to deny access to certain devices. In that case, every agent with those policies implemented, throughout our network, would individually isolate their traffic. This isolation prevents communication with the rogue devices. Consequently, even if one of those devices harbors a threat, it's unable to move laterally within the network. All other devices, recognizing it as unauthorized, will refuse to communicate with it.

Ranger requires no additional agents, hardware, or network modifications. It's essentially a built-in feature of the existing agent. Therefore, if we have the module, we already possess the capability. Activation can be done remotely through the cloud. So, when we decide to upgrade to Singularity Complete, they'll offer us the option of adding Ranger Plus. If we agree, a small additional fee, typically around a few dollars, will be applied per client. While it might seem a bit pricey, considering the value it provides, I believe it's worth the investment. It translates to roughly five dollars per client. For instance, with 50 machines, the monthly cost would be $250. In my experience, it hasn't significantly increased my expenses. There might be a slight increase, but I haven't noticed any substantial impact.

SentinelOne Ranger effectively prevents vulnerable devices from being compromised by isolating their network traffic. This feature is just one of many within the SentinelOne platform, which includes a built-in router and firewall integrated directly into the agent. This integration allows for seamless compatibility with Windows firewalls and offers granular control over network traffic. For example, Ranger enables modification of the firewall's IP stack, granting the ability to isolate specific traffic based on defined rules. This can be particularly useful for segregating vulnerable devices and preventing their communication. While not recommended for general use, advanced users can leverage SentinelOne's Singularly Complete feature on, for example, a VMware server to further isolate vulnerable devices. By running the client software on a separate network from the server, administrators can block unauthorized traffic based on Ranger's or the agent's identification. This effectively isolates the vulnerable device, even if it's compromised since it lacks any incoming network traffic. The server acts as a default gateway, filtering and controlling all incoming traffic.

Singularity Complete can help reduce alerts when a threat is identified and a solution is implemented. However, if a threat is known but no solution is available, using Singularity Complete might increase alerts. This is because suppressing alerts for a known threat without addressing it can create a false sense of security. While Singularity Complete allows manual blacklisting of threats, it cannot import large lists of threats from spreadsheets in one go, a feature available in CylanceOPTICS. This can be time-consuming for dealing with many threats. Overall, Singularity Complete has improved in its alert management, but it remains average compared to competitors. While detection is excellent, the alerting system still requires some refinement.

As a threat detector, I perform threat analysis to quickly identify threats. This has significantly reduced the time I spend on analysis, allowing Singularity Complete to free up about 30 percent of my time for other tasks.

Singularity Complete has achieved a 15 percent reduction in our mean time to detection. This efficiency gain is powered by eleven different detection engines running concurrently, ensuring comprehensive identification of potential threats.

Singularity Complete can reduce our mean time to respond by providing a clear path to the root cause of an attack. However, it doesn't always do this, and sometimes further investigation is necessary. Nevertheless, the tool significantly speeds up the process of identifying the root cause. For example, imagine the timeline indicates a suspicious file was executed. We can use Singularity Complete to find out when it last ran in our environment, even if it wasn't detected on the same day. If the threat appeared recently but the file ran a month ago, it suggests a potential Trojan was planted. This prompts further investigation into how the file arrived on the system. It could have been introduced through a USB drive, email attachment, copied file, or existing on a network share. While Singularity Complete won't explicitly state the location like "Share five," it will provide a hash that can often lead us to the network path.

Singularity Complete helps manage costs by eliminating the need for additional products with overlapping functionality. This saves us thousands of dollars per month on full scans, as our existing agent already possesses that capability. By deploying it across all organizational agents and enabling Ranger, we can conduct daily scans that provide comprehensive insights into our network activity.

Singularity Complete has helped reduce our organizational risk. However, it's important to remember that no system is foolproof. While I haven't experienced a security breach since installing it, I deliberately expose some machines to potential threats to test and observe new attack techniques. To strengthen our security posture, I've implemented additional measures. Some machines have less aggressive scan and detection settings to simulate vulnerabilities and observe attacker behavior. Additionally, our network is layered, with weaker points that serve as honeypots, while critical systems are protected by stricter security protocols. Beyond Singularity Complete, we utilize Palo Alto Networks and FortiGate firewalls for further protection. Ultimately, the decision to invest in additional scanning capabilities depends on the cost and our overall security strategy.

What is most valuable?

The most valuable feature is the ability to drill down into individual sequences of processes. This allows for building a highly detailed timeline of events, which is incredibly helpful. Additionally, the quality of the intelligence provided is excellent, making it difficult to choose between the two. The solution effectively reveals the attacker's tactics, including the mechanism or injection method used, how they exploit vulnerabilities and their use of decoys or misdirection tactics like dequay attacks. They may target one area initially, then shift focus to another, potentially planting seeds for future attacks. Overall, the timeline, intelligence, and overall capabilities of SentinelOne Singularity Complete are highly impressive.

Everything operates in real-time, allowing us to conduct in-depth analysis to uncover previously unknown threats. This capability stems from the use of dynamic libraries, which enable flexible code execution. The key concept here is the ability to pivot within an application. We can dissect and analyze this pivoting behavior, which is a rare feature among software solutions. Additionally, the system allows us to create our custom signatures. By identifying a threat and performing a global search, we can locate other instances of the same threat across our network and establish correlation points. Subsequently, we can create a signature based on a unique identifier (story ID) and integrate it into the initial login scan. This enables us to proactively detect and respond to any attacks that utilize that specific signature, making it a powerful tool for threat prevention.

What needs improvement?

The uninstallation process for the SentinelOne agent could be improved. While it is currently possible to uninstall through the console, it can be more complex if registry modifications are required. Streamlining this process, especially for users with console access, would be a valuable improvement.

I encountered issues running Singularity Complete alongside other machine-learning tools. The program uses hooks, which we configure through a whitelist to specify allowed functionalities for each app. However, I've observed compatibility problems with certain applications. This seems to stem from my limited access to information from those companies, hindering the creation of effective hooks.

For example, an external scanner's EXE file might not provide hooks for features like memory protection or script locking, potentially conflicting with SentinelOne's capabilities. In my experience, Singularity Complete doesn't always play well with others. While it coexists with Kaspersky's detection without issue, enterprise AI solutions employing algorithmic scans or pre/post-execution analysis can pose problems. We might need to modify the whitelist due to unavailable information about the application's memory range. Sharing this information could create vulnerabilities, so companies understandably keep it confidential. While I believe CylanceOPTICS could likely work with Singularity Complete, I haven't achieved it because I prioritize optimal protection. Disabling all CylanceOPTICS features and putting it in uninstall mode allows it to function but without intervention. In such cases, CylanceOPTICS detects threats first, possibly due to its higher application number in Windows. Similar behavior has been observed with other products.

Deep Instinct is another excellent detection software I use for remote devices. Expanding Singularity Complete's coverage to include IoT devices, Linux, servers, Docker, and mobile platforms (currently limited to Deep Instinct on my devices) would be highly beneficial. While Deep Instinct allows uploading and installation via email code, Singularity Complete currently lacks this functionality.

For how long have I used the solution?

I have been using SentinelOne Singularity Complete for over five years.

How are customer service and support?

I've only had one interaction with their tech support, but it was excellent. In situations where we're struggling with an investigation, I believe they have a guardian contract that could allow them to analyze our findings. Alternatively, if we're having difficulty detecting something, they can guide us through the process. However, my access to their tech department was limited to a single instance when I needed it. The impressive part is that they were willing to help me even though I was from a partner company. Such helpfulness is rare in many organizations, which often require expensive fees before offering similar assistance.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Previously, we used CylanceOPTICS by BlackBerry but transitioned to SentinelOne Singularity Complete due to its enhanced user-friendliness. The latter platform boasts comprehensive investigation capabilities, allowing us to delve deeper into the specifics of security incidents. We can examine parent-child relationships, delve into registry entries, and analyze memory ranges with ease. The feature set is truly extensive.

While CylanceOPTICS offered some of these functionalities, it could not identify pivoting areas within an attack. If I needed to investigate the pivot itself, CylanceOPTICS wouldn't suffice. SentinelOne proves invaluable in such situations. By examining registry entries or monitoring running processes, it helps us pinpoint the root cause, be it a Run DLL or a Windows EXE file disguised as innocuous activity. While CylanceOPTICS might catch the attack, it wouldn't reveal the underlying malicious intent. SentinelOne grants us this crucial level of insight, empowering us to respond effectively.

What other advice do I have?

I rate SentinelOne Singularity Complete a nine out of ten. While the product itself is impressive, the price point is on the higher side. The only drawback is the limited support access. If they offered more affordable support options or provided unrestricted access to their knowledge base, I would easily give it a ten. Unfortunately, they haven't implemented this yet, as it would unlock more resources and expertise for users. Ultimately, it is what it is, but hopefully, they'll consider these improvements in the future. 

In my environment, I support a law firm and a music company while pursuing my research. Additionally, I use Intel hardware for testing purposes. My security strategy prioritizes avoiding complete system reimaging whenever possible. While I have encountered compatibility issues with specific SentinelOne versions and certain software, these were primarily during testing when I intentionally introduced malicious files. In general, the software has proven effective in preventing and mitigating threats.

SentinelOne Singularity Complete has been excellent in its ability to be innovative.

While SentinelOne Singularity Complete is well-established software, the developers continuously strive to improve it. After all, no software ever truly reaches complete maturity. To remain effective, we must constantly adapt, improve, and refine ourselves in response to evolving threats and technologies.

I'd love to partner with SentinelOne right now, but as a small business, cost is a major concern. That's why I'm working with a distributor. They purchase larger license blocks, like five thousand or ten thousand, and because I was one of their early customers, they granted me access. While I have a partnership with them, it's not a formal one. To my knowledge, they require organizations to have at least one hundred or two hundred seats to be considered for a true partnership. I'm unsure if a program exists for smaller businesses, but based on what I've seen, access to their knowledge base, support team, etc., seems to be restricted to contracts with a minimum seat capacity of one hundred or two hundred.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
SentinelOne Singularity Complete
March 2024
Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
Cybersecurity Service Manager at a manufacturing company with 5,001-10,000 employees
Real User
Gives us "eyes" on all our endpoints and the ability to manage them if compromised
Pros and Cons
  • "We opted for SentinelOne because it gives you visibility and control over all the devices on which you have the agent deployed. That is very valuable because, in the end, all the attacks enter only through one gateway, which is usually a user's computer."
  • "Ranger does provide me with visibility of the network, but not completely because the assets it scans are often mistakenly identified regarding what type of device they are."

What is our primary use case?

I am part of the security team, and our strategy is to have this EDR deployed on all of the company's assets, all of our endpoints. We wanted a powerful platform in terms of detection and response to incidents.

How has it helped my organization?

It gives us a first layer of security. In addition, we have hired the SentinelOne Vigilance Respond team, a 24/7 SOC that monitors and mitigates. And, in case we need to escalate an alert on any of our assets, it allows us to do a bit of threat intelligence analysis and debug any asset on any topic.

It has helped reduce alerts thanks to the Vigilance service over the last two years. This includes all types of incidents, whether critical, medium, or low priority. Most of the alerts are managed by them, and we do not see them. We only see those that require some information that only our company has, but very few reach that level since Vigilance is directly in charge of managing them. If we had to manage the alerts that Vigilance manages, between 30 and 50 percent of my workday would go to reviewing alerts.

Overall, it has reduced our mean time to detect by about 70 percent, as that is the percentage in which it acts as an autonomous tool. And our mean time to respond has been reduced by 80 to 90 percent because we have SentinelOne's DFIR, Digital Forensics and Incident Response, team involved.

By providing that first layer of detection and response, SentinelOne allows us to have eyes on all our endpoints and, from there, to manage if a machine or a server has been compromised. We can directly isolate it from the network so that malware or ransomware cannot spread broadly.

It has helped us consolidate security solutions, although we did have some problems. The DFIR team responds quickly, and the Vigilance Respond team is continually working with us, managing the alerts. We do quarterly evaluations, and the support team always responds well, plus we interact with the tool ourselves.

The security team has gained a presence and control over the company's equipment that we did not have before.

Every device that does not have SentinelOne installed is a risk, and without SentinelOne, the difference would be significant. It has helped reduce our organizational risk by 70 percent.

What is most valuable?

SentinelOne has three services that are very well consolidated:

  1. Technical support, through which they help you, suggest new configurations, and resolve questions. 
  2. The Vigilance Respond service, which is a 24/7 SOC that works on and manages all the alerts that are raised in SentinelOne on our devices. It’s a first layer of defense that filters a lot of the requests. Sometimes we end up escalating something because there are times when we need to understand if the alert is a false positive or not.
  3. DFIR, Digital Forensics and Incident Response. This team is in charge of doing all the forensic analysis of an incident, and we have a certain number of hours contracted with them. Their advisors' technical level is very high and enables you to create a high-quality forensic report, in case you have to escalate or report it to senior staff. The DFIR team is excellent.

Another aspect that is very good is the solution’s ingestion and correlation across security solutions. We opted for SentinelOne because it gives you visibility and control over all the devices on which you have the agent deployed. That is very valuable because, in the end, all the attacks enter only through one gateway, which is usually a user's computer. If you do not have visibility over that computer and the ability to manage it, you cannot block it, restart it, or run a full scan to see if the user has clicked on a link or if any type of malware has been downloaded. This is a layer of visibility and basic management that any company needs.

Also, there is the threat intelligence and activity correlation. They not only detect and respond to incidents but also prevent them.

What needs improvement?

We started using SentinelOne Ranger, but we found two problems. Perhaps they are particularities, but they should be addressed as they may change the minds of other companies that are considering this feature.

The first problem is that, while it scans all the assets that are on the network, when it comes to discerning whether an asset is a server or a laptop, it tends to fail. It does not have a very high level of precision. We have experienced problems when reporting these types of assets to those responsible for installing the agent, and then they tell us, "Hey, this is not a server, this is a fax," or "this is a printer." When things like that happen, we lose credibility.

The other issue that we saw with the functionality of Ranger is that if, for whatever reason, you have a product with SentinelOne installed but it is on a client's network, the SentinelOne agent starts scanning the ports and the network and goes to a honeypot. As a result, the client may think that it is being attacked because someone has reached its honeypot, when it’s actually us on the client's network. When you don't know that this is happening, it can generate conflict and tension with the clients. Once you know about the problem, you can deactivate that process, but sometimes it can have a negative impact.

Ranger does provide me with visibility of the network, but not completely because the assets it scans are often mistakenly identified regarding what type of device they are. A SentinelOne agent is worth a lot of money, and there is no point in putting it onto a printer, for example. It should have the ability to go a little further and be more precise.

Another very clear area for improvement, one that I don't understand why they haven't deployed it yet, is a self-updating SentinelOne agent. The agent has a version, and what SentinelOne proposed up until one year ago is that you had to be proactive in consulting the dashboard to see if your agent had reached end-of-life and then update it. Now, they've released a new feature where I believe you can schedule updates, so it makes perfect sense for the agent to update itself without any action on our part, and never go out of version. By simply connecting to the network it should be able to download and update.

This idea is not critical because SentinelOne updates many versions of the agent and, when one becomes obsolete, it does not mean that it no longer works. But this is something that SentinelOne should know how to work with. A solution could be that if you do not have the ability to auto-update the agent, SentinelOne would directly tell you which agents are not updated. That way, we would not have to go to the documentation, look at the dashboard, and filter the agents by version. It would be great if it were able to tell if the operating systems are unsupported so that we wouldn't have to look in the official documentation at whether the Windows Server is outdated or not.

If the agents self-updated, maintenance due to the update process would be minimal.

For how long have I used the solution?

I have been using SentinelOne Singularity Complete for about two years.

What do I think about the stability of the solution?

SentinelOne is very stable. It has never dropped or caused any problems

What do I think about the scalability of the solution?

We do not have it in any cloud. The agent is located on devices; we manage almost 10,000 computers. Our company has a presence in nine European countries, and SentinelOne is used in all of them. Our department is the group that supervises all regions, including Spain, France, the Nordic countries, Poland, Romania, the Czech Republic, Austria, and Switzerland.

We are continually deploying new agents because we detect more and more devices. SentinelOne will stay in our company until it dies, so to speak. With what it has cost us to get here, we will not change now.

How are customer service and support?

Support responds in less than a day.

SentinelOne is a top partner in the industry.

How would you rate customer service and support?

Positive

What was our ROI?

Defender for Endpoint is more expensive than SentinelOne. Other solutions are more expensive and others are cheaper, but in terms of cost-benefit ratio, we’ll always stick with SentinelOne.

The detection and visibility over all assets, whether by the agent or Ranger, and the ability to take action as a result are worth it. It is all very intuitive, and for me, these elements are our return on investment.

Which other solutions did I evaluate?

All the portals, at the end of the day, are "first cousins", such as CrowdStrike and Palo Alto, although that's not exactly an EDR. We went to a global cybersecurity congress in London, and all the solutions were there: SentinelOne and its competition. At the portal, user, and other levels, they are practically the same. Each will have something that is better and something that is worse, but they are quite similar.

What other advice do I have?

You have to do a cost-benefit analysis. Understand the context of your company. It is not the same for a bank or an insurance company compared to a company in the industrial sector that does not manage sensitive data. Understand your particular needs. After a cost analysis, if there is enough budget, choose SentinelOne.

The most important lesson I have learned using SentinelOne is to always listen to what the Vigilance Respond team says.

We are still chasing the benefits of the solution. The model is already deployed, but we are a very large company, and every day we find new devices that do not have SentinelOne. We are still in that phase of continual improvement, of improving the solution and achieving even more benefits. We are getting to the most isolated cases of, for example, servers that have little RAM, and we are debating if we should apply SentinelOne to them because, perhaps, the server will be affected more so. 

We are dealing with these small cases and continuously improving. You don't get all the benefits in two months; it is an ongoing process.

I would recommend SentinelOne, and if, in the end, it is a question of budget, choose it. If I became a CSO tomorrow, that is what I would do.

Foreign Language:(Spanish)

¿Cuál es nuestro caso de uso principal?

Soy parte del equipo de seguridad y nuestra estrategia es implementar este EDR en todos los activos de la empresa, en todos nuestros puntos finales. Queríamos una plataforma potente en términos de detección y respuesta a incidencias.

¿Cómo ha ayudado a mi organización?

Nos da una primera capa de seguridad. Además, hemos contratado al equipo SentinelOne Vigilance Respond, un SOC 24 horas al día, 7 días a la semana que monitorea y mitiga. En caso de que necesitemos escalar una alerta sobre cualquiera de nuestros activos, nos permite realizar un poco de análisis de inteligencia de amenazas y depurar cualquier activo sobre cualquier tema.

Ha ayudado a reducir las alertas gracias al servicio de Vigilance durante los dos últimos años. Esto incluye todo tipo de incidentes, ya sean críticos, de prioridad media o baja. La mayoría de las alertas las gestionan ellos y nosotros no las vemos. Solo vemos aquellos que requieren alguna información que solo nuestra empresa tiene, pero muy pocos llegan a ese nivel ya que Vigilance se encarga directamente de gestionarlos. Si tuviéramos que gestionar las alertas que gestiona Vigilance, entre el 30 y el 50 por ciento de mi jornada laboral se dedicaría a revisar alertas.

En general, ha reducido nuestro tiempo promedio de detección en aproximadamente un 70 por ciento, ya que actúa como una herramienta autónoma. Ademas, nuestro tiempo promedio para responder se ha reducido entre un 80 y un 90 por ciento porque contamos con el equipo DFIR, análisis forense digital y respuesta a incidentes de SentinelOne involucrado.

Al proporcionar esa primera capa de detección y respuesta, SentinelOne nos permite vigilar todos nuestros puntos finales y desde allí, gestionar si un equipo o un servidor se ha visto comprometido. Podemos aislarlo directamente de la red para que el malware o el ransomware no puedan propagarse ampliamente.

Nos ha ayudado a consolidar soluciones de seguridad, aunque si tuvimos algunos problemas. El equipo de DFIR responde rápidamente y el equipo de Vigilance Respond trabaja continuamente con nosotros, gestionando las alertas. Hacemos evaluaciones trimestrales y el equipo de soporte siempre responde bien, además interactuamos con la herramienta nosotros mismos.

El equipo de seguridad ha ganado una presencia y control sobre los equipos de la empresa que antes no teníamos.

Todo dispositivo que no tenga SentinelOne instalado es un riesgo y sin SentinelOne, la diferencia sería significativa. Ha ayudado a reducir nuestro riesgo organizacional en un 70 por ciento.

¿Qué es lo más valioso?

SentinelOne cuenta con tres servicios que están muy bien consolidados:

  1. Soporte técnico, a través del cual te ayudan, sugieren nuevas configuraciones y resuelven dudas.

  2. El servicio Vigilance Respond, que es un SOC 24 horas al día, 7 días a la semana, que trabaja y gestiona todas las alertas que se generan en SentinelOne en nuestros dispositivos. Es una primera capa de defensa que filtra muchas de las solicitudes. A veces terminamos escalando algo porque hay ocasiones en las que necesitamos entender si la alerta es un falso positivo o no.

  3. DFIR, Análisis Forense Digital y Respuesta a Incidentes. Este equipo se encarga de hacer todo el análisis forense de un incidente, y tenemos contratada una determinada cantidad de horas con ellos. El nivel técnico de sus asesores es muy alto y te permite crear un informe forense de alta calidad, en caso de que tengas que escalar o informar a tu personal superior. El equipo de DFIR es excelente.

Otro aspecto que es muy bueno es la incorporación de la solución y la correlación entre las soluciones de seguridad. Optamos por SentinelOne porque te brinda visibilidad y control sobre todos los dispositivos en los que tienes implementado el agente. Esto es muy valioso porque, al final, todos los ataques entran sólo a través de una puerta de enlace, que suele ser la computadora del usuario y si no tienes visibilidad sobre esa computadora o capacidad de administrar, no podrás bloquear, reiniciar o ejecutar un análisis completo para ver si el usuario ha hecho clic en un enlace o si se ha descargado algún tipo de malware. Esta es una capa de visibilidad y gestión básica que cualquier empresa necesita.

Además, cuenta con una gran inteligencia de amenazas y correlación de actividades. No sólo detecta y responde a incidentes sino que también los previene.

¿Qué necesita mejorar?

Empezamos a utilizar SentinelOne Ranger, pero encontramos dos problemas. Quizás sean particularidades, pero conviene abordarlas ya que pueden hacer cambiar de opinión a otras empresas que estén considerando esta característica.

El primer problema es que, tal vez escanea todos los activos que hay en la red, pero la hora de discernir si un activo es un servidor o un portátil, tiende a fallar. No tiene un nivel de precisión muy alto. Hemos experimentado problemas al informar este tipo de activos a los responsables de instalar el agente y luego nos dicen: "Oye, esto no es un servidor, esto es un fax" o "esto es una impresora". Cuando suceden cosas así, perdemos credibilidad.

El otro problema que vimos con la funcionalidad de Ranger es que si, por cualquier motivo, tiene un producto con SentinelOne instalado pero está en la red de un cliente, el agente SentinelOne comienza a escanear los puertos y la red y va a un honeypot. Como resultado, el cliente puede pensar que está siendo atacado porque alguien ha llegado a su honeypot, cuando en realidad somos nosotros en la red del cliente. Cuando no sabes que esto está pasando, puede generar conflicto y tensión con los clientes. Una vez que conozcas el problema, puedes desactivar ese proceso, pero a veces puede tener un impacto negativo.

Ranger me proporciona visibilidad de la red, pero no completamente porque los activos que escanea a menudo se identifican erróneamente con respecto al tipo de dispositivo que son. Un agente SentinelOne vale mucho dinero y no tiene sentido ponerlo en una impresora, por ejemplo. Debería tener la capacidad de ir un poco más allá y ser más preciso.

Otra área de mejora muy clara, una que no entiendo por qué no la han implementado todavía, es que el agente de SentinelOne sea autoactualizable. El agente tiene una versión, y lo que SentinelOne proponía hasta hace un año es que había que ser proactivo al consultar el panel para ver si su agente había llegado al final de su vida útil y luego actualizarlo. Ahora, han lanzado una nueva función en la que creo que se pueden programar actualizaciones, por lo que tiene mucho sentido que el agente se actualice sin ninguna acción de nuestra parte y nunca se quede sin versión. Simplemente conectándose a la red debería poder descargarse y actualizarse.

Esta idea no es crítica porque SentinelOne actualiza muchas versiones del agente y cuando una queda obsoleta, no significa que ya no funcione. Pero esto es algo que SentinelOne debería saber cómo ejecutar. Una solución podría ser que, si no tiene la capacidad de actualizar automáticamente el agente, SentinelOne te indique directamente qué agentes no están actualizados. De esa forma, no tendríamos que ir a la documentación, mirar el panel y filtrar los agentes por versión. Sería fantástico si pudieras saber que sistemas operativos no son compatibles para que no tuviéramos que buscar en la documentación oficial si Windows Server está desactualizado o no.

Si los agentes se autoactualizaran, el mantenimiento debido al proceso de actualización sería mínimo.

¿Durante cuánto tiempo he usado la solución?

He estado usando SentinelOne Singularity Complete durante dos años aproximadamente.

¿Qué pienso sobre la estabilidad de la solución?

SentinelOne es muy estable. Nunca se ha caído ni ha dado ningún problema.

¿Qué pienso sobre la escalabilidad de la solución?

No lo tenemos en ninguna nube. El agente está ubicado en los dispositivos; Gestionamos casi 10.000 ordenadores. Nuestra empresa tiene presencia en nueve países europeos y SentinelOne se utiliza en todos ellos. Nuestro departamento es el grupo que supervisa todas las regiones, incluidas España, Francia, los países nórdicos, Polonia, Rumanía, República Checa, Austria y Suiza.

Continuamente implementamos nuevos agentes porque detectamos cada vez más dispositivos. SentinelOne permanecerá en nuestra empresa hasta que muera, por así decirlo. Con lo que nos ha costado llegar hasta aquí no vamos a cambiarlo ahora.

¿Cómo es el servicio y soporte al cliente?

El soporte responde en menos de un día.

SentinelOne es un socio líder en la industria.

¿Cómo calificaría el servicio y soporte al cliente?

Positivo

¿Cuál fue nuestro Retorno de Inversión?

Defender for Endpoint es más caro que SentinelOne. Otras soluciones son más caras y otras más baratas, pero en términos de relación coste-beneficio, siempre nos quedaremos con SentinelOne.

La detección y visibilidad de todos los activos, ya sea por parte del agente o del Ranger y la capacidad que tiene de tomar medidas valen la pena. Es todo muy intuitivo y para mí, estos elementos son nuestro retorno de la inversión.

¿Qué otras soluciones evalué?

Todos los portales, al fin y al cabo, son "primos hermanos", como CrowdStrike y Palo Alto, aunque no sean exactamente EDR. Asistimos a un congreso global de ciberseguridad en Londres y todas las soluciones estaban allí: SentinelOne y su competencia. A nivel de portal, usuario y otros niveles son prácticamente iguales. Cada uno tendrá algo mejor y algo peor, pero son bastante similares.

¿Qué otro consejo tengo?

Tienen que hacer un análisis coste-beneficio. Comprende el contexto de tu empresa. No es lo mismo un banco o una compañía de seguros que una empresa del sector industrial que no gestiona datos sensibles. Comprende tus necesidades particulares. Después de un análisis de costos, si hay suficiente presupuesto, elije SentinelOne.

La lección más importante que he aprendido al utilizar SentinelOne es escuchar siempre lo que dice el equipo de Vigilance Respond.

Todavía estamos descubriendo más beneficios en la solución. El modelo ya está implementado, pero somos una empresa muy grande y cada día encontramos nuevos dispositivos que no tienen SentinelOne. Todavía estamos en esa fase de mejora continua, de mejorar la solución y lograr aún más beneficios. Estamos llegando a los casos más aislados de, por ejemplo, servidores que tienen poca RAM y estamos debatiendo si debemos aplicarles SentinelOne porque, quizás, el servidor se verá más afectado.

No obtienes todos los beneficios en dos meses; es un proceso continuo.

Yo recomiendo a SentinelOne. Si al final es una cuestión de presupuesto, elígelo. Si mañana me convirtiera en un OSC, eso es lo que haría.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
PeerSpot user
Brian Glen - PeerSpot reviewer
Incident Response Specialist at Klick Health
Real User
Provides good protection and helps with network and device control
Pros and Cons
  • "Device control and network control are valuable."
  • "The application management needs improvements, but I understand that they are working on it. We talked to them a few months ago, and it is something they are trying to get up to speed and fix. This way, we will be able to disable critical apps or vulnerable apps through SentinelOne. We will be able to patch applications or disable applications through the Application Management tab."

What is our primary use case?

We use it for endpoint protection. It is our antivirus and EDR solution. 

We are also using it for device control, such as blocking USBs, and we also use it for network control. We are blocking port access on machines.

How has it helped my organization?

Singularity Complete has saved us time. I recently did the agent upgrade. I used their upgrade policy and just specified the maintenance window and things like that. The first two times I updated the agents, I used to sit there and highlight the endpoints and run agent updates, but this time, I used auto-upgrade. With auto-upgrade, it ran between 6 PM to 8 AM, and then it ran all day on the weekend, and it was up in there. In one day, it updated 1,000 endpoints. That was pretty cool. I did not have to sit there and do the manual work. I just watched the system to make sure that the endpoints got updated. That was pretty cool. It is nice to know that I do not have to sit there, and I can just create a policy and let it go. It definitely saves time.

Singularity Complete has reduced our mean time to detect (MTTD). I get an email pretty much right off the bat. When an alert pops up, I get an email from my ticketing system, so it is pretty quick. If I am on my desk. I take care of it pretty quickly. Currently, I am the main person running this, and other people back me up when I am not around. I am hoping I can get somebody else trained on this. 

Singularity Complete has helped reduce our organizational risk. It is somewhere in the middle when it comes to contributing to our security posture.

SentinelOne has been a good partner. We mostly use Mac and Windows systems, and we were able to do device control and network control out of SentinelOne rather than through MDM. We are doing it all through SentinelOne. We did not have any conflict in the apps.

In terms of interoperability, we have plugged it into our Alert Logic MDR. It flags to our MDR. For example, if a threat cannot be mitigated or it is hard to mitigate a threat, then the MDR will notify us. Some of the things related to applications could use some work, but they are in the process of fixing this. We will then be able to update and disable applications through SentinelOne.

What is most valuable?

Device control and network control are valuable. 

They updated the console, and on the incidents page, we can break down the incidents and see all attack attempts. It is pretty cool and in-depth. 

What needs improvement?

The application management needs improvements, but I understand that they are working on it. We talked to them a few months ago, and it is something they are trying to get up to speed and fix. This way, we will be able to disable critical apps or vulnerable apps through SentinelOne. We will be able to patch applications or disable applications through the Application Management tab.

Singularity Complete has not helped reduce alerts. In fact, it produces a lot of false positives. It does its job, but I have spent the last week fine-tuning the system and trying to suppress false positives. I am getting a hang of it.

For how long have I used the solution?

I have been using SentinelOne Singularity Complete for about a year and a half.

What do I think about the stability of the solution?

Its stability is very good. Recently, one person had an issue, and I had to reinstall the agent. They had lost their Internet connectivity. We put in some strategy work, and we had to go in there and figure out which ports are open, but other than that, it has been very good.

What do I think about the scalability of the solution?

Its scalability is pretty good. 

How are customer service and support?

I have interacted with their support. They are always pretty easy to get a hold of. I never have to wait. They are helpful. They have resolved any issue that I have ever brought up with them in a timely manner. I would rate them a 10 out of 10.

How would you rate customer service and support?

Positive

How was the initial setup?

It is a cloud solution. I inherited it, so I was not there when they implemented it. It was implemented about six months before I got hired. It was probably deployed in late 2021, and I started in February 2022.

It requires a little bit of maintenance in terms of fine-tuning the false positives and things like that. For example, because people use Logitech devices, I had to suppress the alerts because they kept popping up because the hash was always different. I have noticed that when a new agent comes, it can be a little aggressive in the beginning. I have to fine-tune the alerts a little bit, but that is a part of the process. I update the agents twice a year. I will try to do it more because now I know how the upgrade policy works. The only thing I am not yet good at is reviewing the Mac logs. Windows logs are easy because of the years of Windows experience and the use of Windows Event Viewer. I just got to be better with the Mac logs.

What was our ROI?

In terms of cost savings, I am starting to get into the budget, but we have not got any malware or serious incidents. There are money savings when you do not have serious incidents.

We have not had any downtime. We have not had anybody's machines compromised. It has been protecting the endpoints pretty well. It has been pretty quiet. We have not had anything that we would consider a major incident, so it is doing pretty well.

What's my experience with pricing, setup cost, and licensing?

I do not know much about it. From what I understand, it is pricey, but it works. It is a very good product. 

What other advice do I have?

I also used SentinelOne five years ago at another company, and I find it to be way better now. It is a much more refined product. It does not actively scan the system the way it used to. It has come a long way in terms of performance on the machines. It does not hinder the performance of developers' machines. I hear no complaints about SentinelOne blocking or grinding machines to a halt with scans when developers are doing builds and things like that. It has improved greatly. Five years ago, I used to hear complaints about SentinelOne slowing down the systems, but I have not heard that once here.

We tested the Ranger functionality a bit. We were demoing it. Ranger was pretty cool for the visibility of devices, but we did not find a use for it.

Overall, I would rate SentinelOne Singularity Complete a 9 out of 10.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
PeerSpot user
IT Director at a wholesaler/distributor with 501-1,000 employees
Real User
Helps save us time, provides good service, and quick remediation
Pros and Cons
  • "The most valuable feature is the quick response to attacks."
  • "The SentinelOne portal is not user-friendly, which is one of its drawbacks."

What is our primary use case?

We use SentinelOne Singularity Complete to protect our environment.

How has it helped my organization?

SentinelOne Singularity Complete has helped us reduce the number of alerts we receive. I was attacked three times, and each time I received an alert. There were a lot of good features in SentinelOne that we were not aware of until we contacted them after we were hacked. SentinelOne took the role of fast response protection and took action.

SentinelOne Singularity Complete has freed up our staff's time to work on other tasks and projects. I made many changes to my department this year, including migrating all of my servers from on-premises to the cloud. With Singularity Complete, I was able to protect my cloud servers immediately and shut down my on-premises. I was also able to receive notifications of changes to IP addresses and users, which are common changes that occur during a migration. Sentinel was able to alert me every time there was a change.

What is most valuable?

In terms of service, SentinelOne has very great service. They respond immediately as soon as we open a ticket. I got attacked last year, and they were able to help me resolve my issues. So I got a fast response. Of course, we paid for it, but in terms of professionalism and support, they were extremely professional, and they have a lot of professional people working for them.

The most valuable feature is the quick response to attacks.

What needs improvement?

The SentinelOne portal is not user-friendly, which is one of its drawbacks. We have to search for options to disable and enable protection. We have to go through it on our own to find the options we need to add or remove notifications. SentinelOne did not tell us about these options until we encountered problems and had to contact them. We were not well informed. When we first implemented the solution all the options were turned off and we did not know that we had to navigate through and turn on what we required.

The MTTD has room for improvement. I was attacked last year and did not receive an alert from SentinelOne Singularity Complete until 24 hours after the attack occurred.

For how long have I used the solution?

I have been using SentinelOne Singularity Complete for two years.

What do I think about the stability of the solution?

SentinelOne Singularity Complete is stable and we have not encountered any issues.

What do I think about the scalability of the solution?

I would rate SentinelOne Singularity Complete's scalability an eight out of ten.

How are customer service and support?

We do not have a support package, so we pay per use, which is expensive. However, they are very professional and follow up well. They took charge immediately, found a solution immediately, and blocked the ransomware attack. They also gave us details on what to do next. Two to three days later, they called my department back and followed up with the system administrator to make sure everything was okay. Overall, I am satisfied with their service.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I previously used Microsoft Defender and Sophos. SentinelOne is a much better solution than Defender and has a quicker response time to alerts and attacks than Sophos.

How was the initial setup?

The initial deployment was straightforward. Implementing SentinelOne was not complicated, and more user-friendly than the others.

The deployment was completed by myself and one admin.

What's my experience with pricing, setup cost, and licensing?

SentinelOne Singularity Complete is expensive compared to Microsoft but not Sophos. However, it is worth the price for its quick response and immediate remediation options.

What other advice do I have?

I would rate SentinelOne Singularity Complete nine out of ten. SentinelOne is one of the best security solutions I have worked with. I would rank it in the top three best platforms for security.

SentinelOne Singularity Complete is an aggressive and accurate security solution.

No maintenance is required except for updates that we push out to all end users.

For organizations that want an aggressive security partner, I recommend SentinelOne Singularity Complete.

Although SentinelOne Singularity Complete is expensive, I have no qualms about investing more money in the security of my department and data. I would definitely recommend SentinelOne Singularity Complete. It gives me peace of mind knowing that my data is safe.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
PeerSpot user
Head - Network & Security at a manufacturing company with 1,001-5,000 employees
Real User
Top 20
Provides immediate MTTD, and automatic remediation, but the support needs a lot of work
Pros and Cons
  • "The most valuable feature is the automatic remediation."
  • "SentinelOne's customer support is sluggish and frequently fails to deliver sufficient assistance."

What is our primary use case?

We use SentinelOne Singularity Complete for our endpoint security.

How has it helped my organization?

The visibility that SentinelOne Singularity Complete provides throughout our organization is good.

SentinelOne Singularity Complete's capability to intake and correlate across our security solutions is great. As long as we have configured everything correctly and are monitoring the logs to respond to potential threats, we have the assurance that the threats are being identified and thwarted. A year ago, we faced a malicious attack that was detected and halted by SentinelOne EDR, which played a pivotal role in saving me.

SentinelOne Singularity Complete has certainly helped reduce the number of alerts we were receiving. Previously, I was using McAfee, and I had numerous threats and malware present in my environment that were only detected by SentinelOne Singularity Complete. This assistance facilitated the remediation of those threats and subsequently led to a decrease in security alerts.

SentinelOne Singularity Complete has saved us time by identifying the threats in real-time saving us long investigation times.

SentinelOne Singularity Complete's MTTD is immediate.

The MTTR is good.

What is most valuable?

The most valuable feature is the automatic remediation.

What needs improvement?

The reporting dashboards require improvement. Currently, they lack customization options, preventing me from generating a summarized executive report for management. 

SentinelOne's customer support is sluggish and frequently fails to deliver sufficient assistance. The quality of after-sales support is also subpar and requires enhancement. The support is not meeting the expected standards, and as a result, I am feeling dissatisfied.

For how long have I used the solution?

I have been using SentinelOne Singularity Complete for one and a half years.

What do I think about the stability of the solution?

SentinelOne Singularity Complete is stable.

How are customer service and support?

The customer service and support are unsatisfactory. I have been attempting to initiate the MDR services and have reached out to my account representative at SentinelOne for three months now, with no results. I am disappointed that I am unable to integrate any details into my environment, which would allow me to present information on a monthly and quarterly basis. I require this information to assess the performance with my MDR representative, but these matters are not progressing. I feel deceived.

How would you rate customer service and support?

Negative

Which solution did I use previously and why did I switch?

I previously used McAfee but it was not able to detect some of the malware threats that SentinelOne Singularity Complete does.

How was the initial setup?

The initial setup is straightforward as long as we are not dealing with legacy systems. In the manufacturing industry, many systems utilize older operating systems like Windows 2000, which run traditional applications that cannot be removed. Deploying on Unix is also challenging, whereas Windows Ten is straightforward.

We deploy in large manufacturing environments and there were around 80 people involved in the deployments.

What about the implementation team?

The implementation was completed by the SentinelOne team.

What's my experience with pricing, setup cost, and licensing?

SentinelOne Singularity Complete can be expensive for the SMB market but is suitable for enterprise-level organizations. The service provided by SentinelOne is not up to par with the cost we are paying.

Which other solutions did I evaluate?

I carried out a Proof of Concept with several Endpoint Detection and Response solutions, including CrowdStrike, Trend Micro, and VMware. However, none of them were able to meet my requirements in the same way that SentinelOne Singularity Complete does.

What other advice do I have?

I would rate SentinelOne Singularity Complete a six out of ten.

Currently, I have not yet completed the integration with third-party tools. However, I am utilizing the Sentinel logs as inputs for my Security Operations Center services, and I am gaining comprehensive visibility from this approach.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
PeerSpot user
Cyber Security Engineer at a manufacturing company with 10,001+ employees
Real User
Uses low resources, reduces alerts, and reduces organizational risk
Pros and Cons
  • "The external drive scanning is great."
  • "I am not a fan of the UI and feel it has room for improvement."

What is our primary use case?

We have deployed SentinelOne Singularity Complete on all of our internal employee workstations. It is our endpoint solution for extended detection and response and all of the components within that scope.

We implemented SentinelOne Singularity Complete to help us address our cybersecurity challenges, mitigate threats to our machines and organization, and protect our data.

How has it helped my organization?

SentinelOne Singularity Complete integrates well with other third-party solutions, such as Palo Alto Networks, which we use for VPNs, and Zscaler, which we use for content filtering. The fact that it is not an invasive program is great. Therefore, staying in alignment with what SentinelOne is currently doing with the platform is something I would definitely recommend. Something to avoid when choosing an endpoint protection solution is resource consumption. People develop a bad reputation for a product when they detect it impeding their workflow. So, as long as SentinelOne can avoid this, they are on the right track.

It ingests and correlates data across all of our security solutions. It is a modern solution that I am extremely satisfied with.

SentinelOne Singularity Complete has helped us consolidate our security solutions. It is an extended detection and response solution that provides us with detection and response capabilities, as well as heuristic-based protection. It is a very modern endpoint protection solution. I think it is very competitive with other software such as Trend Micro.

SentinelOne Singularity Complete is a modern endpoint protection solution that addresses the cybersecurity needs of the organization realistically and from a compliance perspective. Since I joined the team a year ago, I have seen the benefits.

SentinelOne Singularity Complete reduces the number of alerts because it is an easy-to-manage solution without thousands of data sources. When we do receive alerts, Singularity Complete provides concise and actionable information.

SentinelOne Singularity Complete is a manageable solution that scales and does not require a dedicated person to handle it.

I am satisfied with SentinelOne Singularity Completes MTTD.

SentinelOne Singularity Complete helps reduce the MTTR because it provides actionable steps when something is detected. It also helped us reduce our organizational risk. It uses modern techniques to identify threat actors and helps us maintain compliance. As a large international company involved in governance, it is important to us that Singularity Complete reduces our organizational risk. 

What is most valuable?

SentinelOne Singularity Complete does not consume many resources compared to the competition, like McAfee. The external drive scanning is great.

What needs improvement?

I am not a fan of the UI and feel it has room for improvement.

Heuristic analysis can always be improved. Many companies need to work on this. So, I think the sooner SentinelOne, for example, can get ahead of the curve on that, the sooner we can count on it as a realistic enterprise solution.

For how long have I used the solution?

I have been using SentinelOne Singularity Complete for over one year.

What do I think about the stability of the solution?

SentinelOne Singularity Complete is one of the most stable solutions we have in our stack.

What do I think about the scalability of the solution?

SentinelOne Singularity Complete is scalable.

How are customer service and support?

The few times I have used the technical support it has been a good experience.

How would you rate customer service and support?

Positive

What other advice do I have?

I would rate SentinelOne Singularity Complete eight out of ten.

Although we can use a multifaceted approach with different products, this has both advantages and disadvantages. For example, if one product fails, the entire system does not. However, it would be an advantage if SentinelOne offered other tools, such as VPN and encryption. SentinelOne Singularity Complete is a cutting-edge, modern solution that offers a multifaceted approach to XDR. It is not outdated like many other programs. As long as SentinelOne continues to innovate and evolve in the cybersecurity landscape, it will remain a leading solution.

One of the things that really impressed me about SentinelOne Singularity Complete compared to other solutions was their commitment to taking cybersecurity practitioners seriously. This is anecdotal, as I met some of the most technical professionals working at their booth at Black Hat, while many other booths were staffed by sales representatives. As a practitioner, the fact that I can't ask many sales representatives very technical questions is not a good reflection on the company. SentinelOne was different. I was able to have very technical discussions with their staff, which shows that they take their approach very seriously.

SentinelOne Singularity Complete is at the forefront of cybersecurity protection. I consider it a great solution option, and I strongly recommend comparing it to other offerings. I believe it will stand up well against the competition.

We are a Fortune 500 company, and SentinelOne Singularity Complete is deployed on tens of thousands of endpoints.

SentinelOne Singularity Complete is a set-and-forget solution when it comes to maintenance.

I have good impressions of SentinelOne as a strategic security partner.

Organizations should research any solution before implementing it. The price of one product may make sense for some organizations but not others. Apply the same due diligence to any solution that will affect the organization's overall security posture.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
PeerSpot user
Manager of Information Security at a recreational facilities/services company with 1,001-5,000 employees
Real User
Top 20
Reduces alerts, offers deep visibility, and saves time
Pros and Cons
  • "The deep visibility is really important for us. With it, we can really look deep into some of the incidents."
  • "We did use the Ranger functionality. However, there was some scanning going on and it caused a lot of noise, so we had to disable it."

What is our primary use case?

We use it at our enterprise to protect all of our endpoints. We needed an EDR tool, and this product was one of the top options that we looked at at the time.

How has it helped my organization?

We definitely get a lot more insights into incidents. When we get an alert, we can go a lot deeper into the information and investigate.

What is most valuable?

The deep visibility is really important for us. With it, we can really look deep into some of the incidents.

Singularity's interoperability with other SentinelOne is okay. It does an okay job. We can tie it into some of our other tools. 

The solution's ability to ingest and correlate across our security solutions is okay. We can tie it into messaging solutions so that we can get alerts directly rather than logging into the console. 

It reduces alerts. There are not a lot fewer false positives. I'm not sure the percentage it has reduced, however in comparison to before, it is definitely less. 

The product does save a lot of time and we are able to get to tasks and respond quicker. It's helped reduce our mean time to respond.

It's helped us save costs in some areas. It would be based on hours saved. While the solution itself is a little more expensive, operationally, it helps us reduce costs. 

What needs improvement?

We did use the Ranger functionality. However, there was some scanning going on and it caused a lot of noise, so we had to disable it.

The remote console is currently an add-on. Having the remote console without having to pay a huge fee would be ideal. They could reduce the cost a lot.

There was an issue a few months ago where the agent kept getting shut off, however, now there's a newer agent and that's not happening anymore. 

For how long have I used the solution?

I've used the solution for almost two years now. 

What do I think about the stability of the solution?

The stability has gotten better and better over the last two years.

What do I think about the scalability of the solution?

The solution is deployed across 2,000 machines in four properties. 

It can scale well. We keep deploying it further and it works. 

How are customer service and support?

Technical support does a good job. I've never had to work with support a ton. They do a decent job. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We had previously used a few solutions, including FireEye and Endgame. We left Endgame when they got bought out shortly after we bought them and it felt stagnant. 

How was the initial setup?

The deployment was pretty straightforward. We deployed it originally in a reduced state until we had an outline for a majority of machines when we could protect the environment better. 

We had two or three staff members who handled the deployment. 

There is some maintenance required. We do have to monitor and fix agents and occasionally update the product. There are two to three people who perform occasional maintenance duties. 

What about the implementation team?

We set up the product ourselves. 

What was our ROI?

We have witnessed an ROI, although I can't speak to the exact number or percentage. 

What's my experience with pricing, setup cost, and licensing?

I don't have any visibility on the pricing. 

Which other solutions did I evaluate?

We did evaluate other options. We looked into CrowdStrike and SentinelOne and maybe one other option, however, it wasn't considered very long. We demoed CrowdStrike and went with SentinelOne as it was more user-friendly and had a better flow. CrowdStrike felt thrown together and was hard to navigate. 

What other advice do I have?

SentinelOne's ability to be innovative is good. They've done a good job. Over the last two years, the product has continued to improve, change, and add valuable features. 

The quality of the product is good. It feels mature and is well-developed. I don't have any concerns with its technology. 

They are a good strategic security partner. They are a growing company and one of the leading EDR tools in the space. 

I'd rate the solution nine out of ten. I would recommend it to others. 

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2024
Buyer's Guide
Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros sharing their opinions.