We use it for endpoint security for all of the systems in our environment. We have servers and workstations. We have macOS and Linux operating systems, and we are using it as an EDR/endpoint protection platform.
Director of Global Security Operations at a manufacturing company with 501-1,000 employees
Provides different levels of visibility, improves our ability, and has competitive pricing
Pros and Cons
- "The EDR functionality of the platform is what we use the most. That was the primary reason why we got SentinelOne. That is what we use the most in terms of functionality."
- "The ease of use can be better in Deep Visibility. It is not always the easiest. If I have not been in there in the Deep Visibility module for a long time, I do not always find it that easy to use. I tend to go and have to consult the help quite often if I have not been in there a long time."
What is our primary use case?
How has it helped my organization?
There is a lot of improvement from a security maturity perspective. Even though we have a very reputable and well-known SIEM, one of our go-to applications in our environment is SentinelOne. On a daily basis, almost all my staff or my analysts use it and operate it every day. It gives us a lot of information and a lot of data about what is going on. In addition to the detections, we are able to use and leverage Binary Vault. We could also use Remote Script Orchestration, which is an add-on that we could add to the platform. It allows us other functionalities that we would not normally have with another product in the same category. It allows us to run scripts on endpoints remotely out of the SentinelOne administrative GUI, which we use for all kinds of purposes. It has improved our abilities significantly in what we can do.
We have visibility into all our systems. We have visibility into malware or any suspicious activities that are occurring. We have the ability to quarantine systems based on the risks. If there is something going on, we have the ability to do that. We can also run remote scripts on systems, and we can control certain types of devices such as USB access. We have the ability to control what people can do with USBs. That is another functionality we use.
Most traditional antivirus platforms are very basic in terms of how you add exclusions. Usually, you completely exclude an application from detection. They do not provide you with various modes or various levels of visibility into an application. SentinelOne provides different levels of visibility, so you can have a level that has some visibility and does not completely make the application invisible to SentinelOne. It is the first platform that I have ever worked on with such capability. Instead of just a binary exclusion on or exclusion off, they provide different interoperability modes. There are five interoperability modes. Some are performance-focused, and some are visibility-focused. They allow you to select the mode that will give you the best balance of visibility and performance depending on the application. It is very handy. Most endpoint security platforms, antivirus, and EDRs are binary. You apply the exclusion and have zero visibility into what that particular application is doing in your environment. With SentinelOne, you can implicitly trust, or you have the ability to say that you trust it, but you want to have an eye on it if anything ever happens. For example, your third-party software is compromised, as happened with SolarWinds, and it starts doing funny things in your environment. That is what the interoperability exclusions give you with SentinelOne. This is an excellent feature.
In terms of its ability to ingest and correlate across our security solutions, they have recently added the Singularity marketplace in XDR. Not all of them but most of them are included in the license. We do leverage it. It gives us additional context. For example, we were able to add the VirusTotal API, which adds the context of what VirusTotal has in terms of information on a particular detection or binary that is detected in SentinelOne. They are starting to build those APIs out. We are able to add more context from other third-party applications. It is excellent. It is at no cost to us. We are using quite a few of them already for other platforms that are built out of the box. We are starting to leverage any out-of-the-box APIs for the platforms that we have.
It has helped us with a little bit of consolidation. We were able to consolidate the device control. We were using another platform for that. We had another completely separate vendor for USB control, and now, we have decided to not renew that license and move all the controls through SentinelOne.
It has not helped reduce alerts. The point is not to reduce alerts. It is to increase alerts. The point of Singularity is to reduce incidents, and, we for sure, have achieved that. The point of the Singularity platform is to block things that we do not want to occur in our environment or at least have visibility to them so that we can take action. If we were to strip it out completely, the organization would be in a much worse place.
It has helped free up our staff for other projects and tasks because the incident response has diminished. I do not have my analysts responding to threats. I have them just validating when something is detected to ensure that we are okay. For sure, it has freed them up. There are about 25% of time savings.
It has reduced our mean time to respond (MTTR). Without it, we would not have very much visibility into detections. It has improved our mean time to detect by 80% to 90%. If we did not have Singularity Complete, we would have very little visibility on the endpoints at least, and that is where most of our threats are occurring.
We have a service from SentinelOne called Vigilance. This service has reduced our mean time to react or respond. This 24/7 service has improved our mean time to respond significantly because it is the SentinelOne analysts who are responding. It has improved our mean time to respond by 80% because they are performing the analysis. They are the experts, and they are looking at the detection in our console. We do not have to go out and try to perform that same level of understanding of what we have just seen. Their experts take a look at that. Instead of spending hours and hours trying to figure out what we are seeing, it is literally down to just minutes by the Vigilance team. It is a separate license that we have incorporated with our Singularity license. It is a part of their MDR solution. It is a service they offer.
It has overall reduced our organizational risk.
What is most valuable?
The EDR functionality of the platform is what we use the most. That was the primary reason why we got SentinelOne. That is what we use the most in terms of functionality.
What needs improvement?
The ease of use can be better in Deep Visibility. It is not always the easiest. If I have not been in there in the Deep Visibility module for a long time, I do not always find it that easy to use. I tend to go and have to consult the help quite often if I have not been in there a long time. I am not a primary user of the application, so I do not always find it second nature to go in there and gather information. It could be a little easier.
Buyer's Guide
SentinelOne Singularity Complete
August 2025

Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: August 2025.
867,445 professionals have used our research since 2012.
For how long have I used the solution?
We have been using this solution for four years.
What do I think about the stability of the solution?
Its stability is next to nothing. It probably has an uptime of 99.99%. The only issue you would have is that the agent sometimes becomes unresponsive or corrupt, but there is not a single application in the world where you do not have some level of corruption or issues that may arise. If anything, it is much better than the others that we have.
What do I think about the scalability of the solution?
It is very scalable. We have doubled the number of licenses or agents we have had in the last three years, and we have not had any issues.
How are customer service and support?
They are excellent when it comes to interoperability and exclusions. For example, you may have somebody in your environment complaining about slowness, or you may have several situations where end-users may report that a certain application has been slow on their computer. SentinelOne gives you the ability to remotely pull the logs off a computer and send the logs to tech support for them to perform an analysis. They can perform their analysis from the logs and come back to you and say, "From what we are seeing, it looks like you have an application running application ABC that seems to require an exclusion. We recommend this interoperability type." All you have to do is say, "Oh, perfect. Thank you very much for that information. Add the exclusion." They have done all the analysis for you. You check back with your end-user to see if that has rectified the situation. In almost every circumstance that we have run into, it got rectified. I have never seen that type of analysis performed by an EDR or endpoint protection provider before. It is the first time I have seen that. This aspect of their support is excellent. However, some of the other things are not always detailed enough in terms of what we should be doing. They can be a bit vague, and if it does not help the situation, they may have to raise the issue to a different tier. So, they can be a little vague about exactly what you should do, but at least they set you on the right path. Overall, I would rate them an eight out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
It was a product by Carbon Black called Carbon Black Response and Carbon Black Defense. We switched because Carbon Black was purchased by VMware at the time, and their customer service was diminishing substantially. Some of the older products that we still had by Carbon Black were not being supported as well as they were previously. Their technology roadmap was not fantastic. We started looking at other products. We found CrowdStrike and SentinelOne to be more up-to-date and more modern EDR solutions. We saw a noticeable improvement in terms of technology and detection. At the time, SentinelOne was priding itself on the level of number of detections it could detect. A lot of that came into the reviews of the product at the time and the type of tests that it was undergoing and its performance in those tests. That was a primary reason for deciding to go with SentinelOne and going away from Carbon Black. Pricing was another excellent aspect of the platform.
How was the initial setup?
They host the platform in the cloud. It is a SaaS application for us.
Its deployment was extremely straightforward. All you have to do is deploy their agents on your computers. The agent checks in with your cloud console, and you start retrieving information immediately. Carbon Black Defense has that capability as well, but we went with SentinelOne because it did have that cloud capability. When COVID hit, and everybody left the office to go home to work, it was seamless for us. We have full visibility into every single system and asset in the organization whether they are on-premises or off-premises. They could be traveling. They could be anywhere in the world. As long as they have Internet connectivity, we have full visibility into their computers.
In terms of maintenance, the only maintenance that is required is to maintain the health of the agents. Sometimes the agents can become corrupt or stop functioning, so you have to ensure that you are checking for assets in which you run into those situations. The other thing would be the agent versions. You have to maintain agent versions as new versions of the agents come out. You can either automate it so that your agents get updated automatically on whatever schedule that you want, or you can do it manually. You can also do it through some other software deployment platform. That is the only thing you have to do maintenance on. The backend is all maintained by SentinelOne. All the updates to the console environment are taken care of by SentinelOne. Because it is a SaaS application, the only thing that the customer is responsible for is the agent deployment and upgrades.
What about the implementation team?
We worked directly with the SentinelOne team. From our side, there were two of us. From their side, there was probably just one engineer.
What was our ROI?
It has helped our organization save costs. In terms of metrics, I can only go by what other competitors were charging at the time, and we got it at a significantly better price than what some of the other competitors were charging.
The ROI is not just from the platform itself. It is also from the Vigilance service perspective that has freed up my guys to do many other things. It saves my analysts at least two to three hours per day in man-hours, so there is a huge return on investment there. For the price that the service costs, it is extremely good value.
What's my experience with pricing, setup cost, and licensing?
Their pricing was extremely competitive. That is why we stayed with them so long. We are renewing at the end of next month. We have already put in the approval. It is all set to go. We are renewing for another year or so year over year. It has been a very effective product, and it has been priced very competitively.
What other advice do I have?
To someone who is researching Singularity Complete, I would say that it is excellent in terms of quality and maturity.
I would advise performing an extensive proof of concept. If you have the ability to use a security tool validation platform to test out multiple platforms before choosing one, that would be a good idea. You should also understand various modules that are add-ons to the platform. It is extremely important.
I have used the Ranger functionality, and I am very familiar with it. It provides network and asset visibility. You can configure the agent to scan the subnet that it sits on and look for other assets that are missing the SentinelOne agent. You can create a policy saying that if a device sits on a specific subnet and has, for example, more than five systems, try to interrogate those systems to see if they are the systems that may be eligible for the SentinelOne agent but are missing one. We did not renew the license for that specific functionality of SentinelOne about a year ago. We decided to go with another vendor to give us that type of visibility.
Overall, I would rate SentinelOne Singularity Complete a nine out of ten.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.

Senior Security Consultant at First Technology
High-quality, cost-effective, and stable
Pros and Cons
- "The most valuable feature of Singularity Complete is the Ranger function."
- "Improvements for SentinelOne's Singularity Complete could include adjusting pricing for specific markets, ensuring affordability, and better alignment with customer expectations in those regions."
What is our primary use case?
I use the solution for endpoint protection, including features like EDR, antivirus, and advanced threat prevention.
How has it helped my organization?
Singularity Complete has significantly reduced response time for our clients. With its multifunctional capabilities, it streamlines processes, allowing quicker and more efficient responses to various issues.
What is most valuable?
The most valuable feature of Singularity Complete is the Ranger function.
What needs improvement?
Improvements for SentinelOne's Singularity Complete could include adjusting pricing for specific markets, ensuring affordability, and better alignment with customer expectations in those regions.
For how long have I used the solution?
I have been working with SentinelOne Singularity Complete for a year.
What do I think about the stability of the solution?
I would rate the stability of the solution as a nine out of ten.
How are customer service and support?
I would rate the technical support of SentinelOne as an eight out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial deployment of the solution was straightforward. SentinelOne is typically used across multiple locations and departments for our clients. Fortunately, it demands very little continuous maintenance.
What's my experience with pricing, setup cost, and licensing?
The solution is reasonably priced.
Which other solutions did I evaluate?
Before choosing SentinelOne, we evaluated other solutions, including SmartOps. SentinelOne stood out with its advanced AI engine, especially evident in recent micro-attack evaluations.
What other advice do I have?
Singularity Complete offers strong integration capabilities with over 100 APIs and excellent integration with other SentinelOne solutions.
Asset visibility with Singularity Complete is crucial for my clients as it enables a clear understanding of their network and assets. It is important because without knowing what is in their environment, it is challenging to secure it effectively.
It is crucial for me that Ranger requires no new hardware or network changes. This is very important as it simplifies deployments and enhances scalability for us.
Ranger assists in preventing vulnerable devices from being compromised. It can isolate devices on the network in response to a threat, automatically detecting and responding to issues such as a virus, ensuring swift action and containment.
Singularity has successfully reduced alerts by 80%, significantly improving the efficiency of the alert management process.
Singularity has freed up people's time, reducing their workload by approximately 45%, and enabling them to focus on other projects and tasks more efficiently.
Singularity has proven to be cost-effective for our clients, with an estimated cost reduction of around 30%.
SentinelOne Singularity Complete is high quality and built for enterprise-level security.
I'm very pleased with SentinelOne as a strategic security partner. Overall, I would rate SentinelOne Singularity Complete as a nine out of ten.
My advice to new users is to adopt SentinelOne's Singularity Complete platform, and if feasible, opt for the visual response option for enhanced security measures.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer.
Buyer's Guide
SentinelOne Singularity Complete
August 2025

Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: August 2025.
867,445 professionals have used our research since 2012.
Head of Global Solutions at Arete Advisors
The Ranger feature scans the network and provides visibility into all the unsecured assets
Pros and Cons
- "I like Singularity's rollback features, threat-hunting, and Ranger Insights. The Ranger feature scans the network and provides visibility into all the unsecured assets."
- "Singularity's reporting isn't that great. The dashboards could be more customizable. It could be better integrated with other tools. SIEM tools provide better feeds. Singularity is a separate product altogether. It does not give enough information to integrate with different solutions to correlate better."
What is our primary use case?
We are a service provider with a huge customer base. Singularity Complete is a tool we use to protect our clients from ransomware and other external threats. SentinelOne has been our strategic partner for a long time, and we are one of their platinum partners in Central Europe. It covers all endpoints like laptops, desktops, and servers. It's used everywhere.
How has it helped my organization?
We manage multiple clients with Singularity Complete, and the clients are happy with the protection it offers against external threats or ransomware attacks. It's an excellent tool for detecting those and preventing much greater damage.
Once you deploy the tool and spend a few weeks fine-tuning it, Singularity helps reduce the number of alerts. It decreases your alerts by around 25 percent. Singularity frees up staff for other projects and tasks.
Singularity has reduced our mean time to detect and respond. At most, detection takes up to 30 minutes. The response time depends on your configuration. Quarantine is happening in real-time.
What is most valuable?
I like Singularity's rollback features, threat-hunting, and Ranger Insights. The Ranger feature scans the network and provides visibility into all the unsecured assets. It doesn't require any agents or network changes. It just gives us information about the unsecured assets that aren't managed by the IT departments of any company. It detects the vulnerabilities but doesn't prevent them.
What needs improvement?
Singularity's reporting isn't that great. The dashboards could be more customizable. It could be better integrated with other tools. SIEM tools provide better feeds. Singularity is a separate product altogether. It does not give enough information to integrate with different solutions to correlate better.
For how long have I used the solution?
I have used Singularity for three years.
What do I think about the stability of the solution?
I rate Singularity Complete eight out of 10 for stability.
What do I think about the scalability of the solution?
I rate Singularity Complete nine out of 10.
How are customer service and support?
I rate SentinelOne support four out of 10. Their response is usually slow, even for priority one issues. They don't get on a call and fix the issue. They keep asking questions, so it gets frustrating sometimes.
How would you rate customer service and support?
Positive
How was the initial setup?
Deploying Singularity was straightforward. The only issue is with the interoperability with other tools running in the customer's environment. We faced some challenges, but those were the initial teething issues. The solution requires some maintenance. You need to continuously update the agents and apply patches. We need multiple people to maintain the solution because we are a service provider with a huge customer base, but if you are deploying it for one client, one engineer is enough.
What was our ROI?
If an organization does not use this tool and gets attacked by ransomware or a threat, and it will incur costs in terms of a ransom or business loss. Singularity reduces organizational risk by about 30 to 35 percent.
What's my experience with pricing, setup cost, and licensing?
Singularity is reasonable, but a few clients say it's expensive because they're comparing it with traditional antivirus. The pricing could be much cheaper for the Asia-Pacific region because it's a price-sensitive market.
What other advice do I have?
I rate SentinelOne Singularity Complete eight out of 10. Singularity Complete is a high-quality tool. The detections are good. We don't see many false positives. It's a good tool. It's still maturing but good.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer.
Security Analyst at R V college of Engineering
Helps reduce alerts because it can correlate the data
Pros and Cons
- "They provide a map, a process tree, and that is pretty good for analysis."
- "It would help if they could get all the relevant threat information, the related events, in one place. Currently, we need to go to a number of places and do research. If they could have it all in one place, that would help investigations."
What is our primary use case?
We use it mainly for EDR, alert handling, and development. It's a detection and response tool. It is mainly for protecting endpoints and having response capabilities. We use it as the one endpoint solution for all departments and all operating systems.
How has it helped my organization?
We get a lot of data from SentinelOne about threats, and obviously that helps protect the organization.
It helps reduce alerts because it can correlate the data. It doesn't just depend on hashes. It can see the behaviors, and that helps a lot to reduce alerts. Compared to our previous tool, it is detecting 20 to 30 percent fewer false alerts.
In addition, because it has real-time detection, it helps decrease our MTTR. Within seconds, we'll get the data. And for mean time to respond, we need to collect the data, and most of it is available. So it takes us five to 10 minutes to respond after detection.
For our organization, security is very important. If a solution is protecting us, it is like saving money. With SentinelOne's features and the fact that it is in the cloud, that makes it cheaper. As an EDR tool—the best one—it helps to reduce risk; in our organization by 30 to 40 percent.
What is most valuable?
They provide a map, a process tree, and that is pretty good for analysis.
Also, it can be integrated with third-party threat intelligence tools. From that perspective, it's good. And we can ingest SentinelOne data into Splunk and correlate and provide analysis on that.
It gets data from all the endpoints, and we'll have that in a centralized place, and we can track those cases to detect the threats. It helps protect the organization in that way.
And Ranger provides network and asset visibility. We have network-level data visibility, as well as endpoint data and application layer data. It has a good feature to collect all the domains that are initiated. That helps us see if there are any malicious connections on the machines. And it's simple because Ranger requires no new agents, hardware, or network changes.
What needs improvement?
They could add more visibility on the network side. That is currently done via a plugin.
Also, it would help if they could get all the relevant threat information, the related events, in one place. Currently, we need to go to a number of places and do research. If they could have it all in one place, that would help investigations.
For how long have I used the solution?
I have been working with SentinelOne Singularity Complete for about one and a half years.
What do I think about the stability of the solution?
It is a stable solution and it is growing.
What do I think about the scalability of the solution?
It can be extended in the cloud, so the scalability is a 9 out of ten.
How are customer service and support?
The tech support is really good. We get responses on time, as defined in the SLAs.
How would you rate customer service and support?
Positive
How was the initial setup?
The SentinelOne team helps with the implementation, and as it is a cloud SaaS application, we didn't have to do much. They have pretty well-defined documentation, and it is straightforward. And similarly, the maintenance is taken care of by the vendor.
What was our ROI?
We are seeing ROI because we are securing and protecting the company and, obviously, protecting its money as well. As an EDR, it's doing a good job of protecting the endpoints.
What's my experience with pricing, setup cost, and licensing?
It is comparatively cheap in the market and provides a good price point.
What other advice do I have?
In terms of maturity, SentinelOne is a good tool.
It can be used in any department in an environment with Windows, Linux, and Mac machines.
Use it, but start with documentation. Once you understand the basics, it is pretty straightforward.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Cyber Intelligence Analyst at a financial services firm with 1,001-5,000 employees
Provides a lot of visibility, and enhances our defense and the ability to respond to emerging threats
Pros and Cons
- "I really like deep visibility. Deep visibility is one of the coolest features of almost any tool that we use. The breadth of data that is collected there is valuable, and it gives us the ability to search back through literally tons of data going back a specific period of time."
- "Something we are looking forward to is the ability of the SentinelOne backend to ingest data from other sources. Now that they are moving to the Singularity data lake, we are looking forward to being able to query data that is not just collected by SentinelOne endpoint agents. We are looking forward to being able to query against all data that we are ingesting into that backend."
What is our primary use case?
We perform a relatively detailed hunt in our environment for specific IOCs and indicators. Specifically in regards to compliance organizations or regulatory organizations that release data, we need to validate that no IOCs for those specific threats exist in our environment. We can go back to a specific period of time, so we can validate that things like that do not exist. We can also correlate activity in our environment with endpoint data with a high level of efficacy.
How has it helped my organization?
I have administered lots of different AVs in my long tenure as an AV EDR administrator. This is quite honestly the first one of this type. With a tool like Singularity Marketplace, getting an integration running is just a matter of creating an API key and plugging it in. It is really cool. With the Singularity data lake that we have been learning about during this conference, it looks like it is going to be pretty painless to ingest from sources that we are already collecting from and dump them straight into SDL. We have a higher level of visibility and a better grasp of the data we are collecting. There is a reduced time to detection and high efficacy correlations.
I am an analyst, and Singularity Complete definitely makes making a determination, researching a specific threat, or trying to correlate it much quicker. Instead of spending a whole day trying to research something, I can knock it out quickly and then move on to other tasks. It makes me capable of doing a job that would typically require another person at least. There is greater job satisfaction. I do not get burnt out.
Singularity Complete has helped us bolster our defenses, so the downstream impact is reduced alerts because we are able to not only triage issues but also proactively apply defense with STAR rules and things like that. We are able to reduce alerts just because we are getting protection on the front side. There is the granularity of the data that we can query through deep visibility in particular to refine our custom STAR detections. That does help decrease the work.
Singularity Complete has absolutely reduced our organizational risk. Compared to where we came from with the traditional endpoint protection, our ability to respond to emerging threats has really matured. The level of actual attacks that we have to respond to is drastically reduced. It is hard to quantify the reduction, but there is at least a 25% to 35% reduction.
SentinelOne is a big value-add to the organization. They are continually pushing forward and innovating. They are constantly developing new things. As I am learning about new features here at the conference, I am logging into the console, and some of those features are already there. I know they waited until this conference to release that, but they are still cool to see. It feels good to work with the product and to be learning a product that is not getting stale.
What is most valuable?
I really like deep visibility. Deep visibility is one of the coolest features of almost any tool that we use. The breadth of data that is collected there is valuable, and it gives us the ability to search back through literally tons of data going back a specific period of time. We typically go back 90 days for most things, but we could go back further.
The ability to pick it up is also valuable. It is very intuitive. It does not require a lot of training. For example, we had an intern over the summer who joined us. We were able to get him up and running in the visibility very quickly without a lot of hand-holding.
What needs improvement?
Something we are looking forward to is the ability of the SentinelOne backend to ingest data from other sources. Now that they are moving to the Singularity data lake, we are looking forward to being able to query data that is not just collected by SentinelOne endpoint agents. We are looking forward to being able to query against all data that we are ingesting into that backend.
For how long have I used the solution?
I have been using this solution for between two and three years.
What do I think about the stability of the solution?
Its stability is excellent.
What do I think about the scalability of the solution?
Its scalability is excellent.
How are customer service and support?
I have dealt with a lot of support in my time, and SentinelOne's support is the most responsive one I have ever had. However, I currently have an ongoing support case, and I am struggling with getting that escalated, which colors my overall perception of it. We are getting active updates daily though, so they are engaged. Even if we have not found a fix yet, there is an active conversation or two-way communication. Overall, their support is superior to others that I have dealt with. I would rate their support a nine out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We were using another solution previously. The main reason for switching was the efficacy of the product. SentinelOne was tested against several competitors when renewal time came up, and it exceeded expectations and performed better than others.
The previous product was a traditional endpoint protection. It was very signature-based. It always felt like we were behind with new types of attacks and new types of malware because we had to wait for signatures to come out and things like that. It felt like we were always trying to catch up. With SentinelOne, we feel like we are better protected from the start.
What's my experience with pricing, setup cost, and licensing?
There are cheaper options out there that I know are not as effective. I have administered several of them, not for this organization but for others. The thing I like about SentinelOne is that I know that if it raises an alert, it is worth looking at, so we are not dealing with a lot of false positives. It is rare.
Which other solutions did I evaluate?
We evaluated Cisco AMP, Microsoft Defender, and McAfee. SentinelOne exceeded expectations and outperformed all of those. We did a bake-off against those solutions and found SentinelOne to be the most effective.
What other advice do I have?
Overall, I would rate Singularity Complete a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Information Architect & Security Officer at a wholesaler/distributor with 201-500 employees
Has a user-friendly UI, saves us time, and reduces alerts
Pros and Cons
- "The user interface, ease of maintenance, and the efficient way to identify the root cause of an incident to see all the factors that contributed to it are the most valuable features."
- "The mobile agents need improvement, especially in their integration with the dashboard of the normal Windows Image-based agents."
What is our primary use case?
We use SentinelOne Singularity Complete as our next-generation EDR agent to block attacks in our environment.
We had some issues at one of the companies, where they were unable to block a ransomware attack. In my opinion, the EDR agent that we were using at the time was outdated and primarily relied on identifying malware by its signature or hash. This means that it could only detect known attacks. I believe that this was the main reason why the agent failed to block the ransomware attack.
How has it helped my organization?
We have integrated SentinelOne Singularity Complete with Azure AD and Fortinet, and we are aiming to integrate the system with Mimecast. The integration is seamless when we log in with enough permissions we are ready to go.
Ranger provides network and asset visibility. The installed agents can scan across networks that they are in. We can also set Ranger to require a minimum number of agents on a site before scanning begins. This prevents Ranger from scanning home networks when someone is working remotely with only one agent. In the pilot program, we set the minimum number of agents to zero, so Ranger began scanning for other endpoints on the site as soon as it was installed.
Ranger requires no new agents, hardware, or network changes. It gives us much more insight into what is actually happening on our networks, which is what we were looking for. Additionally, the way that SentinelOne allows us to isolate protected endpoints from unprotected endpoints is very nice. It is a very easy step into a network access control solution without all the overhead of doing that. It is a very basic way to get on the same level.
At this moment, we feel that we are in full control of the stages of managed endpoints. We didn't have that feeling before, but now we know that if we don't receive an alert from the system after a while, then we can be 99.9 percent sure that nothing is wrong. When we do get an alert, we need to take action. It may be a minor or major issue, but we need to do something. Regarding new installations of agents on new endpoints, we had some initial concerns that the agent would try to block applications running on those endpoints. However this issue only occurred on 8,000 endpoints, and we were able to resolve it by setting up an exclusion for the affected application. This was minor work, but it used to take a lot of time to install new agents on new endpoints with our previous solution. Now, both IT and other departments feel confident that we are in control. This is a huge difference.
Singularity Complete has helped reduce our false positive alerts. We used to receive hundreds of false positives each day until we implemented Singularity Complete, and now the false positive count is down to five per day. We also use the MDR services of SentinelOne. They are handling that for us, and we get a good insight into what actually happened. This is a huge difference.
Singularity Complete has helped free up time for our staff to work on other projects. Compared to the time we spent with the previous solution, we are now saving about 70 percent of our staff's time.
It has reduced our MTTD. It has also helped save our organizational costs. We are paying 20 percent less than our previous solution.
What is most valuable?
The user interface, ease of maintenance, and the efficient way to identify the root cause of an incident to see all the factors that contributed to it are the most valuable features.
What needs improvement?
The mobile agents need improvement, especially in their integration with the dashboard of the normal Windows Image-based agents. The goal was to achieve full integration support, but this has not yet happened. The integration is incomplete.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete for two years.
What do I think about the stability of the solution?
SentinelOne Singularity Complete is extremely stable. We have not had any downtime on the cloud.
What do I think about the scalability of the solution?
SentinelOne Singularity Complete is scalable. To scale, we simply need to install agents, and the rest is taken care of by SentinelOne.
How are customer service and support?
The technical support is quick to respond and provide answers.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We previously used Trend Micro but switched to SentinelOne Singularity Complete after a successful ransomware attack. We were already looking for a different solution because Trend Micro was time-consuming to maintain, difficult to extract information from, and generated a lot of false positives. We never felt in control of our security posture.
How was the initial setup?
The initial deployment was straightforward. We first ran SentinelOne Singularity Complete in parallel with Trend Micro. This means that the agents can run in a monitoring policy or process, which sends us information about what the agent would block if it were in blocking mode. When we are confident that it is safe to switch to a blocking policy or policies, we can do so with a single click in the dashboard, and the agent or group of agents or all agents will start blocking. This is very easy to do, and we were able to deploy the agents to all endpoints in a matter of weeks.
What's my experience with pricing, setup cost, and licensing?
SentinelOne Singularity Complete is a fair price.
What other advice do I have?
I would rate SentinelOne Singularity Complete nine out of ten.
SentinelOne Singularity Complete is not a static platform, and new features are released all the time. This adds new value to the product on a regular basis. Compared to other systems, which can be difficult to understand, Singularity Complete is seamless and easy to use. We don't need to do anything to activate new features, and we are notified by email when they are ready to use. It is then up to us to decide whether or not to use them.
SentinelOne Singularity Complete is a mature solution, and our organization is booming because of it. We're not experiencing the issues that we typically encounter with new companies or solutions.
We have 800 users and Singularity Complete is deployed across multiple countries and locations.
For maintenance, we need to ensure our agents are always up to date.
We decided to start using the mobile agents because they were part of our initial purchase. We have already taken the next step and are now looking into Ranger AD. We will be looking into this next year to increase our security level. SentinelOne Singularity Complete is a very easy-to-use product that provides a high level of security and is very usable for us. This is how most security solutions should work. I am very positive about SentinelOne Singularity Complete as our security partner.
I suggest doing a POC to see if SentinelOne Singularity Complete is the right fit.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Network and Systems Team Lead at Utilibill Pty Ltd
The solution performs well and is less resource-intensive than other products
Pros and Cons
- "Singularity has the same features as other antivirus products, but it provides an added layer of security and vulnerability protection. It's also light on resources. Singularity doesn't use a lot of CPU or memory."
- "SentinelOne is causing a problem with the data service that causes one of our applications to crash randomly. We're still looking for a permanent fix, but we have implemented a temporary workaround that excludes that application from the scan."
What is our primary use case?
We use Singularity to secure our workstations and servers.
How has it helped my organization?
Singularity has added some features to our security setup. It adds layers of protection to our security servers and workstations. One advantage of Singularity over other traditional antivirus products I use is that it doesn't use as many resources as other products.
If you resolve them permanently, the solution can reduce the number of alerts. Some applications keep triggering alerts, and you need to remove them, or they will continue to do so. We need physical signatures to prevent them from alerting again in the future. We can reduce the alerts by about 80 to 90 percent annually. Our old antivirus wouldn't flag some applications as malicious, but SentinelOne detected them, so we removed those applications, and it reduced our alerts.
Singularity has reduced our organizational risk by about 80 to 90 percent. We were able to address those alerts and remove a lot of malicious files that our previous solution didn't recognize. We saw a significant advantage in the first year. We've experienced a massive improvement in our mean time to detect. We have a large user base, but Singularity Complete performs better than our previous solution.
What is most valuable?
Singularity has the same features as other antivirus products, but it provides an added layer of security and vulnerability protection. It's also light on resources. Singularity doesn't use a lot of CPU or memory. We can consolidate our security solutions into one centralized platform, and monitor all our workstations and servers from one place.
What needs improvement?
SentinelOne is causing a problem with the data service that causes one of our applications to crash randomly. We're still looking for a permanent fix, but we have implemented a temporary workaround that excludes that application from the scan.
For how long have I used the solution?
I have used Singularity for 4 or 5 years.
What do I think about the stability of the solution?
I rate Singularity Complete 9 out of 10 for stability.
What do I think about the scalability of the solution?
I rate Singularity Complete 9 out of 10 for scalability.
How are customer service and support?
I rate SentinelOne support 9 out of 10 because they're very responsive.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I previously worked with Sophos and ESET. The primary reason we prefer SentinelOne is that it doesn't consume a lot of resources.
How was the initial setup?
Deploying Singularity is straightforward, and it doesn't require you to restart the servers in the latest version.
What's my experience with pricing, setup cost, and licensing?
Singularity isn't cheap, but it's worth what we pay for it.
What other advice do I have?
I rate SentinelOne Singularity Complete 9 out of 10 overall. Singularity performs as well as expected, and it's less resource-intensive than other products.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
CTO at CyberTek MSSP
Helps to concentrate on what is needed and provide a better response to our customers
Pros and Cons
- "The overview is valuable. There are a lot of instances out there, but Singularity Complete cuts the noise down by giving us graphics and color-coding information instead of massive tech dumps. It helps us concentrate on what is actually needed versus just the noise."
- "The improvement could be in terms of reducing more noise and continuing to cut that down. AI seems to be the big thing with Purple. We are excited to get our hands on that."
What is our primary use case?
We are an MSSP.
How has it helped my organization?
First of all, it helps us with a better response to the end users. Customers are depending on us to make sure we are making the right call, and then we are leaning on SentinelOne to make sure they are giving us the right call by giving us the right tools.
Singularity Complete has absolutely helped free up our staff for other projects and tasks. The amount of time that we are spending doing work that does not keep us on target is just a waste of time. The more it reduces that noise, the better it is for us and our customers. We have been using it long enough, so it is hard to tell how much time it has saved, but we feel that we have a better solution than most of the competitors that we are dealing with.
Singularity Complete has helped reduce alerts over time. We do not have a lot of the frustrations that some of our competitors do, which is our advantage. We have been using it for so long, so we do not have much to compare it to in terms of alert reduction. We are also partners with a competitor. We had to do that for a contract, and we get a lot of false positive noise coming out of that one.
Singularity Complete has helped reduce our organizational risk, but because we have been with it for so long, it is hard to compare it to others.
Singularity Complete helps us save on costs. We continue to get more volume, reduce our costs, and reduce our waste of time, but it is hard to compare the cost savings because we have been using it for so long. We have smooth operations, and we are just keeping it going. We are enjoying all the added features.
SentinelOne is our main strategic partner when it comes to the protection of our customer's data. We have not had a bad incident, and with the reputation that SentinelOne has in the vertical we deal with, it is the gold standard. We start with that, and then we are viewed as more of a serious partner than some of the lesser products that are out there.
In terms of Singularity Complete’s interoperability with other SentinelOne solutions and other third-party tools, we are an MSSP, so we have to deal with a lot of other tools. The integrations are huge for us. It sounds nice to say this is the only solution and you have to use x tools, but it does not work in the real world, so you have to have those integrations.
What is most valuable?
The overview is valuable. There are a lot of instances out there, but Singularity Complete cuts the noise down by giving us graphics and color-coding information instead of massive tech dumps. It helps us concentrate on what is actually needed versus just the noise. There is just so much noise. It brings us the information we need to look at quickly.
What needs improvement?
The improvement could be in terms of reducing more noise and continuing to cut that down. AI seems to be the big thing with Purple. We are excited to get our hands on that.
For how long have I used the solution?
I have been using Singularity Complete since its inception. It was probably 2016.
What do I think about the stability of the solution?
Its stability is fantastic. We have no problems.
What do I think about the scalability of the solution?
We have not hit the top end. We are probably running 10,000 agents and have not seen any degradation in the portal.
How are customer service and support?
Their support is very good. We have not had anything come up against that, and our staff has learned to depend on SentinelOne, which, as management, is a little uneasy because we are operating without a net besides SentinelOne in some cases. What we are paying for it is worth it. There is this peace of mind. I would rate their support a ten out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Years ago, we were probably running four to five solutions, but then we kept comparing it with them. We were like, "This is the noise we are getting from X. Let us load SentinelOne." The noise reduced with SentinelOne. That proof of concept worked for us.
We currently have an agreement with a competitor where we have to pick up the remaining part of their contract. That is not a place where we are going to increase our expenditure, but we are waiting for that contract to come to an end. The customer knows SentinelOne, but they are tied into another solution till the end or mid of 2024. We are just waiting for that. What makes SentinelOne Singularity Complete different from others for us is the peace of mind. We know we are covered, and we feel that we are covered. Anytime we have had an incident or event, they have always been there for us. They have responded quickly, and we have not had any flashbacks or second attempts at it. Usually, we could stop it the first time, and that has worked for us in all the years we have been with SentinelOne.
How was the initial setup?
It is easier now than it was back then. We deploy it every month on somebody new. We have enjoyed that.
Just yesterday, we had a customer convert from a separate partner to us, and that migration from company to company within SentinelOne was flawless. It was just us doing the migration. We have been there for so long, so we just bring it straight across. The process is very straightforward and easy. This partner of SentinelOne was going to uninstall the agents, and I paused them and asked them to just transfer. They had never gone through that before. We took that over and moved all the agents over without any loss of coverage to the actual customer.
What about the implementation team?
For deployments, we have a staff of 40, but onboarding is a no-brainer.
What was our ROI?
We have seen an ROI. It is a very profitable investment for us. SentinelOne is very valuable, and with our price being lower than the expectations gives us a great margin.
What's my experience with pricing, setup cost, and licensing?
We have not been beaten in the market by pricing, so we have been feeling good about that. The discussions we have had over the years keep us at a very low price per unit. It can always get better, but we also know there is a cost to the backend.
What other advice do I have?
To someone who is researching Singularity Complete, I would say that you can read all the information, but the proof is in the actual work and the history that it has so far. We have got no complaints about the quality and maturity of this solution.
Make sure you are comparing it to whatever you have because that gives you comparative data. If you walk in, sometimes, you do not know you are getting the best of breed right there.
It is a ten out of ten for me, and it gives me peace of mind.
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller

Buyer's Guide
Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros
sharing their opinions.
Updated: August 2025
Product Categories
Endpoint Detection and Response (EDR) Endpoint Protection Platform (EPP) Anti-Malware Tools Extended Detection and Response (XDR)Popular Comparisons
CrowdStrike Falcon
Microsoft Defender for Endpoint
Fortinet FortiEDR
Microsoft Defender XDR
IBM Security QRadar
HP Wolf Security
Cortex XDR by Palo Alto Networks
Fortinet FortiClient
Elastic Security
WatchGuard Firebox
Trellix Endpoint Security Platform
Symantec Endpoint Security
Buyer's Guide
Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the biggest difference between Carbon Black CB Defense, CrowdStrike, and SentinelOne?
- Which is better - SentinelOne or Darktrace?
- What do you recommend to choose when replacing Symantec EDR: SentinelOne or CrowdStirke Falcon?
- Cortex XDR by Palo Alto vs. Sentinel One
- Which solution do you prefer: CrowdStrike Falcon or SentinelOne Singularity Complete?
- Does SentinelOne have a Virtual Patching functionality?
- What is the biggest difference between EPP and EDR products?
- What is the difference between EDR and traditional antivirus?
- What is your recommendation for a 5-star EDR with low resource consumption for a financial services company?
- Which is the best EDR for a logistics company with 500-1000 employees?