SentinelOne Singularity Complete Reviews

The primary use case for us is to use the lightweight SentinelOne agent on our endpoints. Our previous vendor's agent was heavier, which caused performance issues when scanning our systems. We were impressed with how lightweight the SentinelOne agent is and how few resources it consumes. We also use it for some of our infrastructure, which includes machines with limited resources. We wanted to find a solution that would not impact the performance of these machines.

SentinelOne Singularity Complete has streamlined the mitigation process and the time it takes to analyze and understand whether I have a true positive or a false positive. This has definitely saved me some time. The rollback feature is also a nice addition. Previously, our old solution would link out to services like VirusTotal, but it was difficult to follow these links to determine if an alert was a true positive or a false positive. For example, an alert might be labeled as a potentially unwanted application, which might not be as critical as a true positive. SentinelOne has made it easier to determine the severity of an alert. I have also noticed that SentinelOne has cut down on the number of false alerts. Our old solution would alert us to things like Chrome browser updates, which would download and make registry changes. With SentinelOne I have only encountered one alert that I didn't need to worry about.

We have definitely saved a lot of time. We had to spend some time setting up the environment correctly, scaling up the protections, and setting any exemptions. After that, the most I need to do is troubleshoot issues that are not related to SentinelOne, such as removing the SentinelOne agent if I need to troubleshoot another issue on an end-user device. Application updates, such as when a new installer is released, are the only other times I need to access SentinelOne, besides when I need to review an incident.

It has helped us reduce our MTTD. We are notified of threats quickly, and being able to see the threat on our dashboard has simplified the process. Once a threat is identified and I am on the screen, I can click once to view the visibility and see if the threat is anywhere else on our network. This is fantastic.

SentinelOne Singularity Complete has helped us reduce our MTTR.

Although it is difficult to quantify the direct financial savings of SentinelOne Singularity Complete, we have saved money indirectly through time saved.

Visibility is one of the most valuable features of SentinelOne Singularity Complete. It does not directly replace a dedicated SIM solution, but it works well for our environment and gives us the visibility into our systems that we need.

I appreciate that it is easy to review incidents that have been detected by the behavioral AI or the SentinelOne Cloud. From the notification we can click into the incident to start reviewing, it is just a few clicks. I have all the data in a single pane, and I can pivot to other sources of information, such as VirusTotal, with a single click. I can also hunt for the incident on the network with a single click. This makes things much easier and saves me time from having to review logs.

One way to improve and get additional benefits would be for SentinelOne to host the updated installer files for us, rather than us having to download and host them ourselves. This could be done in cloud storage or through our mobile device management platform. When they release a new package, whether it's an early release or a general release, I believe they could provide more value by hosting those packages directly. Currently, when they release a new package, I get notified, which is great. However, I then have to go to the portal, download the package, and replace the package that we have posted on our own cloud storage. This is time-consuming. If they could simply provide me with a link to the latest general release installer, that would be fantastic. Even if the link changes, I would only need to change the URL in our cloud storage. This would save me a lot of time.

I have been using SentinelOne Singularity Complete for five months.

I keep the central tab open in my browser. If I click Sign in instead of being signed in, the page refreshes, and I have to sign in again. I think this was just a session token expiring. I have not experienced any stability issues with SentinelOne Singularity Complete, such as crashing or downtime.

SentinelOne Singularity Complete is scalable to our infrastructure and endpoints. Once we figured out the deployment hurdle for Windows and Mac, we were able to push it out to all of our endpoints without any problems. I can break out devices into different sites and groups, and some of those groups can be dynamic. For example, if I'm looking for a Mac computer versus a Windows computer, I can just click on the group and see all of them there. I can also add tags for anything, such as the OS version or if the person might be a specific risk. These are non-relational attributes and values that we can set, so we can define whatever schema we want. It's fantastic.

The technical support team was quick to answer my question and their answer was precise. I didn't have to go back and forth with them or explain things multiple times. They gave me exactly what I needed.

Positive

We previously used BitDefender and Malwarebytes. SentinelOne Singularity Complete was priced similarly, and we felt that it had better support. When we had a support issue, it was answered and resolved quickly. Additionally, the visibility and ability to traverse the logs of all the other devices in our network were invaluable. This allowed us to see if a threat might be present elsewhere in our network. This is what ultimately led us to choose the complete solution over the other SKUs that they offer.

SentinelOne Singularity Complete has a lightweight agent. Additionally, some of our servers are running older operating systems. The agents from our previous vendor did not work well with these older systems. I specifically looked for a new solution that would not be a watered-down solution and would function across our legacy architectures as well as our current modern setup.

Another benefit of the Singularity Complete solution is the increased visibility it provides. We are able to collect data on endpoints that are connecting to specific IP addresses or installing specific files with similar hashes. This allows us to see how far a threat has propagated through the network or if anyone else has it installed. This is something that we could not do with our previous solution.

We use Windows and Mac computers. Deploying SentinelOne on Windows was fairly easy. We were able to do it through our remote management solution. The installation was straightforward and simple. The most difficult part of the process was that the device had to reboot in order for SentinelOne to connect to the visibility service and bring everything online.

Deploying SentinelOne on Mac was a bit different. This is primarily due to the way the macOS operating system works. We need to grant specific privacy permissions to applications in order for them to have full disk access or screen recording capabilities. We found that if we installed SentinelOne on the user profile of a Mac computer, the user's administrator could remove it. This is not ideal, so we had to go back to the drawing board and deploy SentinelOne through our MDM solution.

The biggest headache was that, in order to deploy SentinelOne through MDM so that users did not have to grant privileges to the application, we needed to create a Privacy Preferences Policy Control profile with the specific permissions granted for the SentinelOne bundle ID. We then pushed this profile out to all users. Once we did this, the installation was seamless.

A few colleagues and I completed the implementation in-house.

We have seen a return on investment in the form of time savings. We used to spend more time on incidents, but now we can quickly triage them and move on to other things. This has freed up our time so that we can focus on more important tasks.

We did receive a competitive price for SentinelOne Singularity Complete. However, I believe the retail pricing, or MSRP, is a bit high. I hope we can get the same competitive pricing through our reseller when it comes time to renew. I still believe there are benefits to the solution, even if we had to pay the list price. However, I think they could be more competitive with their upfront pricing.

I would rate SentinelOne Singularity Complete eight out of ten. The room for improvement is to add some additional features, such as Ranger, which they sell separately. I see a lot of value in Ranger, and I wish it was included with the complete purchase.

We do not have any direct plugins for SentinelOne Singularity Complete, such as Ranger. Ranger is an add-on that I believe can be purchased through SentinelOne to expand our visibility. We do not have that, and I wish it was included because there are quite a few nice features that I would hope to see eventually included or trickled down to the complete solution. I feel like those are just a few other cherries on top that would really put this package over the top. One of the struggles I have in a Mac environment is creating a custom application creating the Privacy Preferences Policy Control profile and setting everything correctly so that users do not need to interact with the application when it is pushed to them. SentinelOne has clear documentation and works with a few MDM vendors that have documentation already published. So when we were running a POC for a few of these vendors, it was very easy to get that set up, which is not something I can say for other applications.

SentinelOne Singularity Complete is an intuitive product. I found the getting started guide and active preparation checklist to be very helpful. The checklist is well-documented and comprehensive, and it covers everything from the initial purchase to GoLive. The support team was also able to answer any questions I had about navigating the application. The interface is mature and user-friendly. I have not encountered any major issues so far. Overall, I am very happy with SentinelOne Singularity Complete.

SentinelOne Singularity Complete is definitely valuable as a strategic security partner. SentinelOne Singularity Complete was our top choice, and we are happy with it. I would definitely recommend it to my colleagues if they were looking for a solution for their company.

Maintenance is only required when the vendor releases a new general access version of the installer. I need to download the new version, upload it to our servers, and make sure it deploys successfully to our machines. This is the extent of my maintenance responsibilities. I do not need to directly interact with the application itself.

I would recommend that people evaluating SentinelOne Singularity Complete try it out to see if it is right for their environment. SentinelOne offers a trial that can be set up for their environment. When an organization purchases the product, they will flip a switch and there is no need to set anything else up. This was beneficial for us because we did not have to waste time setting up and deploying the product to a few devices in our environment only to have to do it again after we purchased it. I would also recommend engaging with the resources that SentinelOne provides to get a good understanding of the product. We can tweak the settings and see how it responds to different threats. If organizations have any specific needs, they can talk to an engineer during the trial. This was helpful for us because the engineer was able to make changes to the settings to meet our needs. Overall, I would recommend taking a look at SentinelOne Singularity Complete. I was initially overwhelmed by the different SKU offerings, but I was able to work with sales to find the best package for our needs. The SentinelOne team has been very helpful.

This is our main endpoint and detection response platform. 

It's our antivirus for all of our endpoints, including workstation servers, Linux Windows, Macs, et cetera. We're also deploying it to some of our mobile endpoints as well. We also do incident threat hunting here so that if we see an incident in our environment, we can use it to hunt down that incident and try to get a better analysis of it. We're using it to scan our active directory environment. 

We just wanted a better antivirus. It fixed a lot of problems that we were facing.

We get a lot of benefits from them, including its ease of use. We don't have to really go digging or spend hours a day trying to configure something. 

They have a really good knowledge base. That eliminates a lot of the time having to do manual research. The time it cuts down is great. It removes a lot of time from doing some of these manual and tedious tasks.

Their basic endpoint and detection platform is pretty much their bread and butter. The features that it comes with get a lot of love. You can add custom solutions, rules, et cetera. 

The mobile device management platform is also really good.

They have a lot of integrations with a lot of common platforms that we use. We integrate them with three or four other platforms including data analysis platforms. We haven't really come across too many instances where we had to create custom APIs for them. 

Our impressions of the solution's ability to ingest correlated data across our security solutions are good. They do it really well. They tend to take a lot of the data that they ingest and do a really good job showing you exactly what you need to do or utilizing that data the better way than just receiving it and then manually parsing it. 

We can consolidate our security solutions. It's nice. We have a lot of our security solutions right in the platform itself. They don't offer everything that we need as a security team, yet they do offer a lot. We've been acquiring more of their products as the years go on.

We use the Ranger functionality. That was something we acquired a little over a year ago, and we had quite a lot of endpoints in there, and we actually reduced that number down to under 20 recently. So we're working our way through it, and it's made a lot of progress in our environment.

It provides network and asset visibility for us. Ranger scans our network. It does a really good job of identifying that. In correlation with some of our other network tools, it does a really good job of evaluating what's out there and also being able to provide a proper review and analysis of those endpoints.

We like that Ranger requires no new agents, hardware, or network changes. It's actually really nice. Every time we want to do something that involves the installation of an agent, we have to put in a change request, and we have to wait for the proper easy to improve it. The nice thing about it was we just alerted a couple of teams. We were going to do some scans, and that was it. We've never had any issues. Agentless is definitely the way we've been trying to go moving forward.

We have more insight into our environment. While it doesn't cut down on alerts, we gain more visibility.

The solution, on average, saves us a couple of days' worth of time in total.

It's helped reduce our company's mean time to detect. In correlation with the SOC, we've seen quick alert times. We get an alert almost immediately after an incident.

It also improved the mean time to respond. It does depend on the situation.

From the standpoint of having to suffer through an attack, the solution has saved money in saving us a potential loss. We're paying for the product. The savings are all hypothetical numbers, however, we are definitely saving money. It's helped us reduce organizational risk. We were in bad shape before. We're looking a lot better now. 

The grouping feature needs improvement. There are many times I've wanted to do blacklisting or exclusions for specific people in a group, however, I don't want to remove them from the group itself. 

I'd like to see an auto-update feature. 

I've been using the solution for about over three years. I've been dedicated to it only for a year or two.

They are pretty stable. The company is expanding at a good rate and they are releasing new features to maintain the stability effectively.

We have almost 3,000 endpoints. We have a spike of 500 to 600 endpoints in the summer to December season. We are primarily Windows and also have about 200 Linux endpoints. They are all deployed across the same organization. 

Scaling is flexible. They do a really good job.

Technical support is helpful. Sometimes Level One support may not be the greatest, however, you can push to someone higher. Issues are always resolved. 

Positive

I don't have any personal experience working with other solutions. 

We are at about 98% deployment. There are endpoints that pop up that don't have the agent to get it, however, we're past the deployment phase or past the initial configuration phase. It's all just maintaining and tweaking, and as new features come out, we adjust.

I wasn't here for the initial deployment process. I've done a lot of configurations for new features that they've implemented.

Our team does general maintenance. They do a really good job of giving you the information you need to troubleshoot. Their knowledge base is really good. 

We've definitely seen an ROI. I'm not sure where we would be without it right now. 

The pricing is fair. It's not cheap, nor is it expensive.

The solution seems to be quite innovative. They are coming out with network products. Every month we have a webinar on new features coming out.

The quality and maturity of the solution are both great. The stuff they give us is really detailed.

There are instances of the solution on the cloud, however, all the endpoints are on-premises. 

I'm pretty satisfied with the product as a security partner. I'm happy with where we are with them. 

This is a great product. If a company is unhappy with its current EDR, SentinelOne is a good choice. They are acquiring a lot of companies and solutions to add to their roster in order to provide a more centralized platform.

I'd rate the solution nine out of ten. It's going to be a good one-stop-shop and I enjoy working with them.

SentinelOne Singularity Complete is primarily used for endpoint protection and integrating vulnerability reports from assessments. It also provides device control, exclusion management, and block listing capabilities. 

Our clientele represents a diverse range of industries, including insurance and manufacturing.

Singularity offers complete interoperability with other SentinelOne solutions and third-party tools, and our clients have reported no issues.

The Ranger functionality provides network and asset visibility, allowing identification of installed and uninstalled assets within the environment. This capability contributes to maintaining a clean and organized environment.

It can prevent unauthorized access and use of USB drives, a common source of malware. Personal USB drives can carry malicious software that infects an entire network. Therefore, SentinelOne Singularity Complete plays a crucial role in protecting organizations from these external threats.

SentinelOne Singularity Complete enables in-depth root cause analysis and the ability to add exclusions as needed, effectively minimizing alert volume.

SentinelOne Singularity Complete helps users save approximately one-third of their time, allowing them to focus on other tasks.

SentinelOne Singularity Complete helps reduce our mean time to detect and helps reduce our mean time to respond by 25 percent.

SentinelOne Singularity Complete helps reduce environmental risk by identifying vulnerabilities.

The visibility feature is crucial for effective detection analysis. The user-friendly console ensures ease of use and learning, even for beginners. Furthermore, the tool's capacity to consolidate various security solutions and perform risk correlation analysis enhances its value.

The primary issue is the console's random automatic logouts, requiring users to repeatedly re-enter their username and password. This problem needs to be addressed.

I have been using SentinelOne Singularity Complete for about six months.

The system has experienced interoperability challenges and high resource utilization, particularly with CPU and RAM.

SentinelOne Singularity Complete is highly scalable.

The response time of customer service could be improved.

Neutral

The initial setup involves configuration policy setup and deploying the agent, which is straightforward if done through tools like SCCM.

Deployment can be managed by one person when using SCCM or similar tools.

The manual effort used for tasks like remediation has been reduced, contributing to ROI.

While SentinelOne Singularity Complete carries a higher price tag than some endpoint security solutions, customers find its robust features and return on investment justify the cost. However, it remains a more budget-friendly option compared to CrowdStrike.

CrowdStrike is a comparable endpoint integration solution. SentinelOne is priced higher than CrowdStrike.

SentinelOne's console offers a more user-friendly experience compared to CrowdStrike and Trend Micro One, making it particularly well-suited for beginners.

I would rate SentinelOne Singularity Complete nine out of ten.

We have many endpoints in multiple locations.

Maintenance is only required if an agent is disabled or cannot connect to the controller; otherwise, no manual intervention is needed.

As a security partner, SentinelOne is on par with CrowdStrike and has strong potential to become a leader in its field.

I recommend SentinelOne for its ease of use and management, especially for new customers. The user-friendly console and straightforward deployment process facilitate a quick learning curve. Furthermore, its cloud-based architecture minimizes the burden of updates.

We use the solution for endpoint protection. Our clients are fintech companies, banks, and other organizations. The tool helps to pick up malicious files in the endpoint and protects the endpoint.

The Ranger feature is valuable. It helps us manage variable assets in our environment. The endpoints and nodes have SentinelOne engines on them.

The product must provide the ability to update applications from the SentinelOne Management Console. Using SentinelOne Management Console to patch applications will be quite useful.

I have been using the solution for 3 years.

I rate the solution's stability 7 out of 10. I've only had issues with the agents once. I reported it through the management console.

We use the solution in endpoints in different departments across the organization. The tool does not require maintenance. We can auto-update it from SentinelOne Management Console. We can push the auto-update agent from the console. I rate the solution's scalability 9 out of 10.

The support personnel always want to share links instead of joining sessions. Getting them on sessions that would probably help resolve the situation is quite hard. They don't always want to do it. That's the only issue I have with them. When we raise a support case, they get back to us and point us to a link to a community guide or solution. They don't respond quickly if the problem requires us to join a virtual session.

Neutral

The initial setup is not complex. The deployment takes about 30 minutes. It is quite fast.

Our customers have seen an ROI on the product. It takes them 4 months to see ROI.

The tool's price is reasonable.

We are partners and resellers. Singularity Complete’s interoperability with other SentinelOne solutions is fine. I've been able to push logs into our SIEM solution. We used our API. It was quite easy to do. The API token expires, so we have to regenerate and integrate it.

The solution’s ability to ingest and correlate across security solutions is quite fast. I don't have any issues with it. The Ranger functionality provides network and asset visibility. It's quite important. We can identify when endpoints that are not permitted or allowed on the network are active. It helps us isolate or deploy an agent on the endpoints. It's quite useful.

Ranger requires no new agents, hardware, or network changes. It is used for existing agents or endpoints. We can also identify neighboring endpoints that do not have agents. It's easy because we do not have to do any additional configurations. It leverages the current agents that we have deployed across endpoints. It's a good feature. We need not deploy another agent to work for Ranger.

A computer that doesn't have an agent is vulnerable to exploits. When Ranger helps to find the computer and network, it helps to prevent vulnerable devices from becoming compromised. We can identify and isolate the computer and deploy the agent on it. Singularity Complete does not reduce alerts.

The solution saves deployment time. We can push agents from the management console to the endpoint. It will save us time from physically going to the endpoint and installing the agent ourselves. The product reduces MTTD by 20%. The product reduces MTTR by 20%.

If an endpoint gets compromised, we will have to spend money. The tool generally helps us stay safe and protects computers. Thus, the solution reduces costs in the long run. Unprotected endpoints are risky endpoints. Singularity Complete has helped reduce our organizational risk.

Singularity Complete is quite a good tool. I'm quite confident in its ability to detect threats. It is good to have SentinelOne as a strategic security partner. People planning to use the tool must go for it. It's a good solution. It does what it claims.

Overall, I rate the product 8 out of 10.

SentinelOne Singularity Complete is an MDR solution. It is used mainly to detect advanced threats in our teams and on-site teams.

I have used two different vendors before Singularity. Each had its pros and cons. However, Singularity is the most complete tool for EPP and EDR. From a financial, operational, and performance point of view, it is very efficient to have a single solution.

Ranger is a good feature. The XDR functionality provides the timeline of the attack. The product provides deep analytics for threat hunting. My team uses it to detect incidents and for threat hunting. I like the app inventory feature. It is very good for detecting unauthorized apps by our security policy.

I have raised a couple of comments regarding the speed of investigating incidents and performing analysis by the MDR service team. We are a telecom company. We are sensitive to the information of the users. The speed of investigation of the MDR service team must be improved.

I have been using the solution for one year.

The product is pretty stable. It didn't create any issues on the endpoints, laptops, and PCs.

We haven't tried to scale the tool yet, but the solution will be scalable after we increase our license.

The support team is very collaborative. We have a dedicated account manager who is also a part of our support line. We do not face any delays or major inconveniences from the support team. I rate the support an eight out of ten. I will give it a ten out of ten when SentinelOne has better coverage in the Middle East.

Positive

I have used Kaspersky, CrowdStrike, and Carbon Black. After using these solutions for a year, I chose Singularity Complete. The other solutions are existing products and are leaders. However, Singularity Complete is better than them from a financial and technological perspective.

The initial setup is not complex. It's similar to any endpoint solution implementation. We require one staff to deploy the solution. We mainly use AWS as our cloud provider. We also use GCP.

We did the implementation ourselves. It was like any other solution. We faced similar issues. They were not big issues, though. It doesn't require a lot of technical expertise.

We have seen a return on investment because we have saved at least 50% to 60% since we bought the tool. It is an achievement when we get one solution instead of two at 50% less cost. It improved our KPIs.

The licensing is convenient, straightforward, and very clear. I care more about the breakdown of the license than the licensing itself. Some vendors have very complex licensing schemes. SentinelOne's licensing scheme is very clean.

Carbon Black has a competitive version of Singularity Complete, but it is not at the same level as Singularity Complete. It lacks features like threat hunting and Ranger. So, I chose Singularity.

We didn't have any major issues related to the integration. However, we had some issues related to the implementation on the server site. It was solved by upgrading the agents. Initially, we had a couple of issues related to integration, but after that, it was solved.

The solution gives us more visibility into alerts but doesn't reduce them. It might help after we conduct the patching and vulnerability management, but we haven't tested it yet.

Singularity Complete has helped free up our staff for other projects and tasks. We have a full-fledged SOC team that uses SIEM tools. We use it to complement our SOC and our XDR and MDR solutions. We have Singularity Complete as a technology for further investigation and threat hunting.

When we get an alert from the SOC team, we use the tool to do the analysis and threat hunting in 30 minutes per incident. It is a considerable saving in the team's time because we have limited engineers and security analysts. The tool saves 50% of the staff's time.

The product has helped us save on operation and acquisition costs by 70%. We have replaced two solutions from other vendors with Singularity Complete. Singularity Complete has surely helped reduce our organizational risk. We had a lot of alerts from the previous vendors. Now, we see fewer alerts.

Compared to its competitors, Singularity Complete is very mature. It exceeds in some areas, especially in threat hunting. I have seen other solutions. They have very strong capabilities in detection but not in threat hunting. Singularity Complete makes a difference with our analysts when they perform threat hunting and threat analysis.

I like the product's vision very much. Everything has to be on a single agent, and the integration is very much worked on. It has a very good integration roadmap. It has a very complete and strategic vision. It doesn't sell only endpoint products. I like the completeness of its vision.

People who want to buy the tool must test all the features to see how they will get value from the product because it's very complex and feature-rich.

Overall, I rate the solution a seven out of ten.

We use it for endpoint protection. It is our antivirus and EDR solution. 

We are also using it for device control, such as blocking USBs, and we also use it for network control. We are blocking port access on machines.

Singularity Complete has saved us time. I recently did the agent upgrade. I used their upgrade policy and just specified the maintenance window and things like that. The first two times I updated the agents, I used to sit there and highlight the endpoints and run agent updates, but this time, I used auto-upgrade. With auto-upgrade, it ran between 6 PM to 8 AM, and then it ran all day on the weekend, and it was up in there. In one day, it updated 1,000 endpoints. That was pretty cool. I did not have to sit there and do the manual work. I just watched the system to make sure that the endpoints got updated. That was pretty cool. It is nice to know that I do not have to sit there, and I can just create a policy and let it go. It definitely saves time.

Singularity Complete has reduced our mean time to detect (MTTD). I get an email pretty much right off the bat. When an alert pops up, I get an email from my ticketing system, so it is pretty quick. If I am on my desk. I take care of it pretty quickly. Currently, I am the main person running this, and other people back me up when I am not around. I am hoping I can get somebody else trained on this. 

Singularity Complete has helped reduce our organizational risk. It is somewhere in the middle when it comes to contributing to our security posture.

SentinelOne has been a good partner. We mostly use Mac and Windows systems, and we were able to do device control and network control out of SentinelOne rather than through MDM. We are doing it all through SentinelOne. We did not have any conflict in the apps.

In terms of interoperability, we have plugged it into our Alert Logic MDR. It flags to our MDR. For example, if a threat cannot be mitigated or it is hard to mitigate a threat, then the MDR will notify us. Some of the things related to applications could use some work, but they are in the process of fixing this. We will then be able to update and disable applications through SentinelOne.

Device control and network control are valuable. 

They updated the console, and on the incidents page, we can break down the incidents and see all attack attempts. It is pretty cool and in-depth. 

The application management needs improvements, but I understand that they are working on it. We talked to them a few months ago, and it is something they are trying to get up to speed and fix. This way, we will be able to disable critical apps or vulnerable apps through SentinelOne. We will be able to patch applications or disable applications through the Application Management tab.

Singularity Complete has not helped reduce alerts. In fact, it produces a lot of false positives. It does its job, but I have spent the last week fine-tuning the system and trying to suppress false positives. I am getting a hang of it.

I have been using SentinelOne Singularity Complete for about a year and a half.

Its stability is very good. Recently, one person had an issue, and I had to reinstall the agent. They had lost their Internet connectivity. We put in some strategy work, and we had to go in there and figure out which ports are open, but other than that, it has been very good.

Its scalability is pretty good. 

I have interacted with their support. They are always pretty easy to get a hold of. I never have to wait. They are helpful. They have resolved any issue that I have ever brought up with them in a timely manner. I would rate them a 10 out of 10.

Positive

It is a cloud solution. I inherited it, so I was not there when they implemented it. It was implemented about six months before I got hired. It was probably deployed in late 2021, and I started in February 2022.

It requires a little bit of maintenance in terms of fine-tuning the false positives and things like that. For example, because people use Logitech devices, I had to suppress the alerts because they kept popping up because the hash was always different. I have noticed that when a new agent comes, it can be a little aggressive in the beginning. I have to fine-tune the alerts a little bit, but that is a part of the process. I update the agents twice a year. I will try to do it more because now I know how the upgrade policy works. The only thing I am not yet good at is reviewing the Mac logs. Windows logs are easy because of the years of Windows experience and the use of Windows Event Viewer. I just got to be better with the Mac logs.

In terms of cost savings, I am starting to get into the budget, but we have not got any malware or serious incidents. There are money savings when you do not have serious incidents.

We have not had any downtime. We have not had anybody's machines compromised. It has been protecting the endpoints pretty well. It has been pretty quiet. We have not had anything that we would consider a major incident, so it is doing pretty well.

I do not know much about it. From what I understand, it is pricey, but it works. It is a very good product. 

I also used SentinelOne five years ago at another company, and I find it to be way better now. It is a much more refined product. It does not actively scan the system the way it used to. It has come a long way in terms of performance on the machines. It does not hinder the performance of developers' machines. I hear no complaints about SentinelOne blocking or grinding machines to a halt with scans when developers are doing builds and things like that. It has improved greatly. Five years ago, I used to hear complaints about SentinelOne slowing down the systems, but I have not heard that once here.

We tested the Ranger functionality a bit. We were demoing it. Ranger was pretty cool for the visibility of devices, but we did not find a use for it.

Overall, I would rate SentinelOne Singularity Complete a 9 out of 10.

We are a partner of SentinelOne and we provide demo proofs of concept to customers. Most of our customers use traditional antivirus software, which does not have the capability to perform zero-day analysis, block ransomware, or block zero-day attacks. SentinelOne, on the other hand, is an endpoint detection and response and endpoint protection platform solution, which means that it has the capability to block zero-day attacks, ransomware, and machine learning-based threats. SentinelOne Singularity Complete does not have antivirus technology, but rather it is an anti-malware solution.

Our customers switched to Singularity Complete primarily for security and ease of use. It is easy to install, troubleshoot, and upgrade. Singularity Complete is purely cloud-based for our customers.

Singularity Completes' interoperability is straightforward. They have easy API integrations with all major integration platforms, so it's simple. There are no complications.

SentinelOne can ingest and correlate data well. It has its own EDR and XDR technologies, so it provides threat defense, detection, and monitoring. The models work like a SIEM for endpoints, so customers can correlate logs, identify patterns, and visualize everything. It is very visible.

I deployed Ranger for one of our customers with a large infrastructure. Ranger provides clear network and asset visibility.

Singularity Complete was very helpful to our customers during the COVID-19 pandemic because many of their employees were working from home. When employees work from home, they often need to open ports from outside to active networks, which can make those networks more vulnerable to ransomware attacks. One of my customers had a traditional antivirus running, but it was unable to detect the ransomware. I deployed Singularity Complete to understand the attack pattern and block it. The customer was so happy with SentinelOne Singularity Complete that they renewed their subscription for four years in a row.

Singularity Complete increases the number of true positive alerts by detecting attacks that antivirus software misses.

Singularity Complete helps save time.

Singularity Complete has reduced the MTTD by ten percent.

Singularity Complete has reduced the MTTR. Where a traditional antivirus may take ten minutes, Singularity Complete takes two to three minutes.

Singularity Complete helps reduce organizational risk.

The anti-ransomware capability to analyze the threats and user-friendliness are the most valuable features.

When comparing SentinelOne to CrowdStrike, I find that CrowdStrike has more comprehensive vulnerability assessment tools. It offers a variety of Falcon tools, including deep inspection, while Singularity Complete does not have all of these features. It still sticks to EDR or EDP. Therefore, I need improvements to match the features that CrowdStrike offers, such as a higher level of vulnerability assessment and a better understanding of the IOCs in our system so that we can apply fixes.

SentinelOne Singularity Complete needs improvement on Linux machines. We identified a few issues with most of our Linux customers' machines. Specifically, the application is not working properly after installation.

A major area of Singularity Complete that needs improvement is the restart option. We do not need a restart after installing a CrowdStrike agent. So for organizations that are running 24/7 and can't restart their machines, we do not recommend SentinelOne Singularity Complete.

I have been working with SentinelOne Singularity Complete for five years.

I would rate the stability of Singularity Complete nine out of ten.

Singularity Complete can scale easily. 

Overall the technical support is good but we sometimes have difficulty getting a hold of them.

Positive

We previously used CrowdStrike Falcon, but SentinelOne Singularity Complete is easier to deploy. CrowdStrike Falcon has many features and policies that need to be configured, while Singularity Complete is straightforward. It has a single policy and is very easy to deploy compared to CrowdStrike Falcon. However, CrowdStrike Falcon offers more features.

The initial deployment is straightforward. We receive a URL extension from the company and we set the policies and install the agent.

I deploy the solution for POCs using 20 machines. We demonstrate the deployment methods, and the customer completes the rest of the process. We typically complete this task in two days. For larger organizations that have a lot of departments and branches, the deployment can take up to 15 days.

SentinelOne Singularity Complete is cheaper than CrowdStrike but more expensive than any traditional anti-virus solution.

I would rate SentinelOne Singularity Complete eight out of ten.

The Ranger functionality is not that important because it is optional, and most customers already have a solution for understanding their environment.

I would say that 90 percent of SentinelOne Singularity Complete is a quality product with only ten percent with room for improvement.

SentinelOne will not sell to organizations with fewer than 100 endpoints. Most of our clients are mid- to enterprise-level.

Maintenance is required, but the SentinelOne team maintains the cloud deployments, so we don't need to worry about it. The endpoint agents must be upgraded whenever an upgrade is available or when we have to fine-tune policies for customers to reduce false positives. One IT support person can handle any maintenance for the endpoints.

I suggest always doing a POC. If the customer is currently using traditional antivirus technology, they may not understand EDD, EPP, or EDR technology. Therefore, I always recommend a POC to help the customer understand these technologies. Customers should never implement an endpoint solution without a POC, because we don't know what endpoints are running on their system or how compatible the new solution will be with other endpoints. For example, if we are implementing a DLP solution, we should ask for a POC with all available agents, or we can deploy a test machine to understand the solution before implementing it in production.

We use SentinelOne Singularity Complete to provide endpoint protection for all endpoint servers and Kubernetes clusters in our environments where SentinelOne is supported. We also use SentinelOne to help manage our systems and provide visibility into the assets in our environment.

We have found that Singularity Complete integrates well with our existing SIEM solution, Splunk, and some of our other system management tools, such as Okta and Armis. We are also looking forward to the additional future integrations that are planned.

I appreciate Singularity Complete's ability to ingest and correlate data across our security solutions. I use this feature quite often, either to perform deep visibility searches to correlate data across different sources if I have specific concerns about security events, or even to track running or operational issues as well. Singularity is not only a security product but it can also be used for troubleshooting non-security and related issues on devices.

Compared to the previous EDR solution, Cylance Protect, we had substantially fewer false positives when we implemented Singularity Complete.

Singularity Complete has reduced our MTTD.

Singularity Complete has reduced our MTTR somewhat compared to our previous EDR solution.

Singularity Complete has reduced our organizational risk by 20 percent, specifically the risk profile associated with malicious activities on protected devices.

The most valuable features, of course, are the protection and support for the devices. In addition to that, the ability to see the last log-on dates for time-tracking purposes has been helpful. The most useful feature of all is deep visibility. I think it was recently renamed to something else, but it is the ability to run IOC queries across all devices and gain information to look at any kind of potential events that might occur.

We have had cases where Singularity Complete has caused applications to malfunction. The existing interoperability rules have not necessarily been sufficient to resolve those conflicts. SentinelOne needs to work on interoperability with other systems and on the interoperability rule set.

I have been working with SentinelOne Singularity Complete for one year.

We have not had any stability issues in our environment with Singularity Complete.

Singularity Complete is scalable.

With any support service, it depends on the person we get on the line. Some are better than others. But overall, I find the technical support team to be good, comparable to other good technical support teams I've seen from other vendors.

Positive

We implemented SentinelOne Singularity Complete to move away from a legacy EDR platform, Cylance Protect, that did not perform as well as a modern EDR solution should.

The initial deployment was complex due to the complex environment. I would agree that deploying to a single device would be straightforward, but we have a manufacturing environment that requires bespoke applications, which makes any migration complex.

Fifteen people were required for the deployment.

The implementation was completed in-house.

The pricing and licensing make sense. We worked with a third party to help us with licensing, and the licensing we obtained through that process was ultimately reasonable and comparable to other products on the market.

We evaluated Microsoft Defender, CrowdStrike, and Cortex XDR by Palo Alto Networks.

I would rate SentinelOne Singularity Complete ten out of ten.

We are considering the possibility of using SentinelOne to consolidate some of our security solutions, but have not moved in that direction just yet.

Singularity Complete has not yet saved our staff time because it takes more time to deploy and migrate to the point where we have time savings. I think it will in the next couple of years.

We see a lot of innovation from SentinelOne. They are acquiring many other products that are integrating with the platform we looked to adopt in the next couple of years if it works out well. New features and functionalities are also regularly released. So, in terms of innovation, that's one of the reasons we chose SentinelOne Singularity Complete in the first place.

Singularity Complete is a mature product that can sufficiently protect our assets. I would say that the core features associated with that functionality are in place and work well.

Maintenance is relatively low, but systems need regular updates, and we need to troubleshoot all of them. So, there is some work involved.

SentinelOne is a good strategic security partner. We appreciate the direction of their product roadmap and its current coverage. One area where they could improve is in having their EDR support teams reach out to us. We don't believe we have an EDR or anything similar setup, but it would be helpful if they offered quarterly or semi-annual meetings to check in, see how we're doing, and give us an opportunity to provide feedback.

People researching Singularity Complete should first understand their environment and deployment goals to ensure compatibility between their existing solutions and the new product. They should also evaluate multiple competitors before making a commitment.