SentinelOne Singularity Complete Reviews

SentinelOne Singularity Complete serves as our everyday Endpoint Defense solution. We oversee daily detections and manage Sentinels, workstations, and servers. We strive to safeguard our assets and environment, while also defending against malicious processes and files.

We utilize Visions and its services. Visions and SentinelOne Singularity Complete are closely linked because we are now monitoring not only our products, endpoints, and environment, but we have also engaged Visions as a form of Managed Security Services Provider. Another aspect I find particularly valuable is their API. As a result, we've seamlessly integrated this solution with our SIEM system, which is functioning effectively. This is undoubtedly a tool that we employ, both in conjunction with Visions and our SIEM products.

It's capability to ingest and correlate data across our security solutions is impressive. I utilize tools such as Visions and Sentinel whenever I need to access or retrieve any telemetry. These tools, along with the enhanced visibility they provide, enable me to proactively conduct threat intelligence, explore my environment, and query assets generating alerts.

SentinelOne Singularity Complete has assisted us in streamlining our security solutions. We now possess the capability to identify malicious threats, and the system will automatically safeguard the relevant information, quarantine the threats, and revert any alterations made by the threat. 

It has effectively defended our environment against numerous malicious actors. With a membership of over ten thousand, the solutions help safeguard their data effectively.

Singularity Complete has helped us reduce the number of alerts we receive by approximately 30 percent. The false positive issue has been addressed by working with Visions. We remediate these issues and then classify them as false positives, rather than repeatedly receiving alerts as in other solutions. As a result, we now experience fewer alerts than initially expected from day one. 

It has assisted in releasing our staff to focus on other projects and tasks. Visions reviews all alerts, forwarding only the true positives to my team for investigation and response.

The agents are live, so our Mean Time To Detect is in real-time.

Our mean time to respond is in real-time. If an issue is escalated by Visions, we receive it instantly. Once it's recorded on the disk, it promptly gets escalated to them. They detect it, review the matter, and subsequently escalate it to us. Then, we review it together, all in real time. There is no downtime during which we have to wait.

SentinelOne Singularity Complete certainly reduces costs for our organization, as we need fewer personnel and don't have to involve numerous analysts due to the presence of Visions. It has also decreased our organization's risk by approximately 30 percent.

I appreciate the network control as well as the device control. These two features are truly excellent. I occasionally utilize the custom rules as well.

I would love to see improvement in the integration of SentinelOne Singularity Complete and Visions to better utilize the information we receive.

The browser extension for SentinelOne Hunter is a product designed for monitoring and detecting at a browser level. This library is widely recognized. It should not only detect incidents but also proactively block them within the browser environment. Therefore, I would appreciate seeing the browser extension react more effectively to events, going beyond mere detection.

I have been using SentinelOne Singularity Complete for one year.

I rate the stability of Singularity Complete nine out of ten.

I rate the scalability of Singularity Complete nine out of ten.

We have used technical support a few times, and they were excellent and very competent.

Positive

We have seen a return on investment.

The organization assessed Carbon Black but found greater value in SentinelOne Singularity Complete.

I rate SentinelOne Singularity Complete nine out of ten.

SentinelOne Singularity Complete is a mature solution that offers a multitude of features and the potential to enhance security within an organization. This presents significant value for security professionals.

We have deployed SentinelOne Singularity Complete across multiple divisions, various business units, and numerous locations spanning Europe, the US, and Japan. As a global organization, Singularity Complete seamlessly integrates with any internet-enabled entity, providing robust agent support upon connection.

Two individuals are responsible for the maintenance tasks, which include updating agents, upgrading policies, and deploying packages.

Having SentinelOne as a strategic security partner is a positive development.

Before assessing Singularity Complete, we need to dedicate a substantial six-month period to thoroughly engage with the product. This entails working with it on a daily basis, comprehending its intricacies, and obtaining full administrative rights to explore and interact with all its features and functionalities.

I review the data logs from each SentinelOne agent using Skylight to develop queries. We have been using Star Alerts to create custom alerts based on those rules. We also partner with their Vigilance team for 24/7 monitoring.

We implemented SentinelOne Singularity Complete to gain widespread visibility into global markets and to facilitate easy agent deployment for EDR and XDR solutions.

SentinelOne Singularity Complete's interoperability with other SentinelOne and third-party applications is excellent. We recently used a proof of value to integrate some of our other email products, such as Proofpoint, with SentinelOne Singularity Complete. The ease of use has been amazing. Singularity Complete has been a great data ingestion platform, and we have already gained a wealth of data that we never had access to before.

Singularity Complete's ability to ingest and correlate data across our security solutions has been effective. We can see a significant number of events from our DNS logs, firewall logs, and email tenancy. Overall, it has performed very well thus far.

We ended up getting rid of QRadar and relied heavily on Singularity Complete. Singularity Complete allowed us to deploy the SentinelOne agent on a significant number of domain controllers and collect much more information than we could with QRadar alone. We needed to purchase additional licenses to quantify the data more effectively. However, Singularity Complete provided the same if not even more enrichment because it allowed us to see a lot of things about the transitioning of IP ranges, the ingressing of traffic from different IP ranges if they are open to the internet, and who is contacting those ranges via different endpoints. Overall, Singularity Complete has provided a significant improvement in data ingestion over our previous solution of QRadar.

Overall, we have seen a quicker response time with Singularity Complete. We are able to drill down into events in a much more granular way. This allows us to respond better, correlate the information that Singularity has gathered, and come up with a definitive answer to certain questions. Because of Singularity's enrichment of the data that we currently have, we are able to answer these questions more accurately, carefully, and with more specific timestamps. Since we have some of these deployed globally, it is very important for us to get the centralized time zones correct so that we know exactly when an event occurred.

Singularity Complete has helped us reduce the number of false positives. It provides us with a wealth of data enrichment, which allows us to distinguish between normal and abnormal events in our environment. This is important because we have billions of events happening every ten minutes across our many deployed endpoints. In the past, we would waste analyst time investigating alerts that turned out to be false positives. However, with Singularity Complete, we can now quickly identify which alerts are most likely to be legitimate and prioritize those for investigation. For example, if Singularity Complete tells us that a particular event has been seen a thousand times on one endpoint but only twenty times on another endpoint, we know that the twenty occurrences on the second endpoint are more likely to be abnormal and worth investigating.

Singularity Complete has helped free up our staff's time for other projects. With all the data enrichment that Singularity Complete has provided us, we are no longer chasing false positives. We are able to set our custom Star rules so that we receive the alerts that are most relevant to our organization, rather than broad alerts that may or may not be relevant. This allows us to focus our attention on what matters most and to investigate more accurate alerts. As a result, we are able to dedicate time to other projects. Before Singularity Complete, our analysts spend two to four weeks. With Singularity Complete in place, we've seen a reduction of two to three weeks, depending on the vendor. On average, analysts now spend three to ten days analyzing logs.

Singularity Complete substantially reduced our MTTD.

Our MTTR has been substantially reduced by Singularity Complete. We are now able to respond within the hour of receiving the alert.

Singularity Complete has helped our organization save costs by eliminating the need to replace equipment infested with malware. We can now detect, remediate, and roll back malware attacks as needed, thanks to the visibility that Singularity Complete provides. We can drill down into actual alerts, not just false positives, and eradicate any malware that may be infecting our systems.

Singularity Complete has reduced our organizational risk by providing us with much broader visibility into various endpoints deployed globally. This allows us to see what is normal in our environment, rather than reacting to what may not be normal.

The most valuable aspects of SentinelOne Singularity Complete are the ease of deployment with the Sentinel Agent and the enhanced visibility with Skylight, which provides correlation of logs and all endpoint data in a centralized location.

The ingestion and correlation of data would be improved by integrating with email security solutions such as Proofpoint or our email security solution. We do not yet have a marketplace integration, so we had to build it from scratch. As a result, it has been somewhat difficult for this particular use case, but the data is available and we are able to correlate it with users, not necessarily with endpoints, but we are making progress.

We often experience interruptions to our investigations in SentinelOne Singularity Complete. It would be helpful if we could resume our search query from where we left off, even if we lose internet connectivity or the platform is caching results. This would reduce our MTTR by eliminating the need to wait for the platform to load results again. We expect some load times due to the amount of data in our environment, but the current load times are too long and sometimes produce no results. We would like to see the overall response time of the platform improved.

One area for improvement would be per-user dashboarding. This may be a permissions issue, but we currently only have organization-wide dashboards. I think per-user dashboards would be beneficial because they would allow users to focus on their specific investigations. For example, when a user opens Singularity Complete, they can see a dashboard that is tailored to their current investigation.

I have been using SentinelOne Singularity Complete for three years.

I would rate the stability of SentinelOne Singularity Complete as a seven out of ten. We have sometimes encountered problems where queries do not load or take an abnormally long time to load, especially when we are narrowing down the search range to a fourteen-day period, which is standard for us. We have also seen queries that run for twenty minutes or so and then log us out. Additionally, the time narrowing feature, or at least the custom time slots, where we can specify a date, such as September 18, may not work depending on how we write the query. We have had to get used to the custom syntax for the time stamps. Finally, we have sometimes seen data that does not update as often as it should.

We have not experienced any problems with scalability. We are able to onboard new machines, and within a day or two, we see more data populate for those machines. So far, scaling has been very helpful for us. This is one of the reasons why we wanted to onboard with Singularity Complete, to get that visibility and to get it right away.

Most of the technical support team members I have spoken to at the level two and level three levels of support have been very helpful and willing to share resources and documents from the help portal and knowledge base articles.

Positive

We previously used IBM Security QRadar but it did not provide the level of data ingestion we required so we switched to SentinelOne Singularity Complete.

We have seen a return on investment from SentinelOne Singularity Complete, based on our reduced time to detect and respond to threats, as well as the overall risk reduction to the organization.

Our organization is very satisfied with SentinelOne Singularity Complete, especially compared to other options available. It is very affordable and easy to license, and it allows us to onboard new analysts quickly, with a turnaround time of one day at most.

We evaluated CrowdStrike, but the way their deployment platform worked would not work for our organization.

I would rate SentinelOne Singularity Complete eight out of ten.

We just started using Ranger this week. So far, we've done small test use cases to see what our endpoints can communicate with. Ranger has identified a significant number of machines, including printers, other endpoints, and personal machines, which gives us a better understanding of our network security.

SentinelOne Singularity Complete has come a long way. I believe it used to be called Power Query or even Data Set at one time. We're currently using the Skylight portion of Singularity Complete, which is a newer addition. Compared to where it was, Singularity Complete is now leaps and bounds ahead. It's the product we use when we need a lot of raw data and the ability to customize what we're looking for in our environment. The wealth of information that we get from every endpoint with the Singularity Complete agent installed allows us to create a large number of custom rules and alerts. This saves us a lot of time, especially for our analysts, who no longer have to respond to as many false positive alerts. 

We have a maintenance process in place for our custom rules and alerting. We have a dedicated team of members who are responsible for maintaining these aspects, but overall, we have not encountered any major issues that have impacted our team. A lot of this maintenance does occur outside of office hours.

With SentinelOne Singularity Complete, experiment and use it to its fullest potential, even if a mistake is made. It is a robust platform, so causing any serious damage is unlikely. Some specific features to play around with include custom roles, alerting, fields, power queries, search queries, data retention, and customized displays for the analysts. Tailoring the platform to specific needs will help get the most out of it. Singularity Complete collects a lot of data, so make sure to parse and categorize it in the most efficient way for the organization.

We use it for protection and endpoint detection across our entire customer base because we are a managed service provider. It is also for endpoint protection of our internal machines. 

We have Linux, Mac, and Windows. It has essentially replaced our antivirus solutions. It is our full endpoint detection. We then work in and partner with our outside XDR and our SOC. We interface SentinelOne identifications and alerts into the SOC so that they can manage those for us.

It is very strong in terms of the ability to ingest and correlate across our security solutions. They have added cloud capabilities. Some of that is through acquisitions, but a lot of it is native. It allows us to bring in data from everywhere, analyze what we need to analyze, and make sure that we are as secure as we can possibly be. When we have SentinelOne running in an environment, it always makes us feel more comfortable. We require it for every one of our customers. They may have a license elsewhere, but regardless of that, we essentially say that if they are coming on and going to be a customer of ours, we are going to remove whatever they have, and they are going to SentinelOne just because it is a far superior product that we have tested and evaluated.

With SentinelOne, we have not consolidated security solutions, but we have reduced our TCO because we do not have to support customers utilizing other endpoint protection solutions. We simply would not work with other solutions. We enforce SentinelOne to be the only endpoint protection solution that is monitored or managed by us. That obviously has helped our TCO in terms of the knowledge base and being able to support and protect our clients, but we have not reduced any applications or vendors that we work with because we stuck with SentinelOne from day one.

We have used the Ranger functionality a little bit. It provides network and asset visibility. It lets us see everything else that may be on the network that we may not already have an idea of. Just by having an agent in the environment, it lets us see additional switches that may have vulnerabilities or new machines that may pop up on the network that we are unaware of. There is a large benefit to that, for sure.

The fact that Ranger requires no new agents, hardware, or network changes is crucial to it being effective because a lot of different solutions out there require you to have something else running on the network to be able to perform the functions of Ranger. However, the way they designed SentinelOne, we can essentially have the regular SentinelOne singularity agent installed on a machine out there and enable the Ranger functionality on the agent. It will then do the work for us. Rather than having an additional appliance or an additional software service running in the environment to capture the information that we are looking for, we get it from Ranger. Ranger can help to prevent vulnerable devices from becoming compromised, but we have not used it this way.

SentinelOne Singularity Complete without a doubt has helped reduce alerts. With the policies that we enable across the board for our customers through SentinelOne Singularity Complete, we can onboard new clients, and as we onboard them, we are able to quickly and easily protect their environment without filtering through a ton of random alerts that are typically false positives when you are onboarding a new customer. That, to me, has been a huge benefit to having SentinelOne and reducing our overhead to manage the new customers that we are bringing on.

SentinelOne Singularity Complete has helped free up our staff for other projects and tasks by reducing the false positives that we get for our existing customers and when we onboard new ones. It obviously allows us some engineering time to be focused elsewhere. We have been able to do more automation and tie in other protection solutions into SentinelOne, such as our XDR with our SOC.

SentinelOne Singularity Complete has reduced our mean time to detect (MTTD) without a doubt. We get alerts regularly from the console that get notified to our SOC and also internally. We are able to respond to those very quickly. In fact, on average, about 90% to 95% of the time, SentinelOne Singularity Complete automatically remediates the solution based on how it is set up with our policies. Therefore, we do not have to do anything other than verify that it was a legitimate threat that was blocked.

Our mean time to respond (MTTR) is a lot faster than what we experienced with other solutions in the near past. It is almost immediate. It sees the process kick off. It remediates it 90% to 95% of the time, and even when it does not remediate it, it alerts us immediately. We are not waiting for a weekly scan or a daily scan that the other solutions typically use because it is all in real-time with the Singularity agent.

SentinelOne Singularity Complete has helped reduce our organizational risk. It is one of those solutions that lets us sleep easier at night when we have it on a machine. Security, in general, is not set-it-and-forget-it. It is not a single layer. You have to have multiple layers. We have other solutions that we partner with SentinelOne to try and make the environment as secure as possible, but SentinelOne is definitely the starting point. It gets us protected, and it makes our lives easier with the device. We feel more confident that the device is secure from everyday end users who do not necessarily know the difference between a fake or a phishing email that has a fake Adobe or Word Document attached to it that they are going to download and try to run. It definitely makes our life easier, and in my role, it helps me sleep a little better at night knowing that all of our machines are protected by that, both internally and across the board of our customers.

The ability to quickly and easily identify threats on our machines is valuable. The fact that it protects the environment as a whole is also valuable. They have the ability to identify network nodes, and they have Ranger as a component of the solution that allows us to see the whole picture. We can see on what we have SentinelOne and on what we do not. There is always that concern that you protect what you know, but items can be brought into the network that you are unaware of because you are not sitting at every customer location every day or every office every day, so the ability to quickly identify anything new on the network has been a huge benefit to the application. It is something that they have added over time. It has been huge for us.

Interoperability with other SentinelOne solutions and other third-party tools is an area where you can run into some issues. Because of the way the agent works, there are sometimes things that are blocked or prevented from happening that are not identified as a threat, and therefore, not alerted in the console. Sometimes, we do have to dig through the logs, run tests, and adjust the whitelisting or exclusions to make sure that other applications will run properly. It is very effective, and it protects our environment like no other solution that we have ever worked with or tested. It is very strong, but you have to get in and look at the visibility reports and the information in the system, in the console, and on the dashboard to really identify if something is being blocked and causing a performance issue for a customer or on a machine. They have the flexibility there, but it can be a little frustrating at times to find the needle in the haystack until you get used to the console and understand how it works. So, there are times when it can impede the ability of an application. The way I typically look at that is that the application developer or whoever developed the app is probably using some functionality that is not standard, and that is why SentinelOne is effectively not allowing it. The only issue there is that we do not always know that SentinelOne is not allowing it. It could be impeding the traffic for an application or a database connection, but we do not know that initially. It does not flag that as a threat or block anything, so there is no alert.

They have device and network control that they have added over time. It allows you to take over control of the firewall through the network control, and you can block and manage CD-ROMs and USB devices. One thing that I always thought would be beneficial for device control is the ability to enforce encryption on USB and external hard drives. You do not have to have a separate agent to handle any of that even if it is just tying into BitLocker on Windows devices or BitLocker To Go capabilities. To me, that would be a huge benefit to the product so that there is no other application, and you do not have to privately manage BitLocker settings for USB devices or external hard drives.

Between my current organization and prior organization, I have been using SentinelOne for close to nine or ten years.

We have not had any incidents where we have had to contact them for an emergency. There were no ransomware outbreaks and no major attacks or threats running through our environment, so I have not had to deal with that level of support. Typically, we reached out to their support when we had a question on interoperability or we were seeing some weird effects or an agent upgrade not wanting to push from the dashboard properly. For the most part, their support is pretty strong. The turnaround time is usually pretty good. We had only one ticket that had to be escalated above the initial tier 1 support. They get prioritized based on criticality, and even that ticket was closed within eight calendar days. To me, it was not a critical issue. I did not think it was an issue, but it took eight days. That was well within the expected time frames. I would rate their support a nine out of ten.

Positive

In the past, I have used Trend Micro. This was prior to endpoint detection times. It was more than nine years ago. I used Trend Micro, Kaspersky, Norton, and McAfee. I have also used ESET and Malwarebytes. Typically, we were using those in layered approaches. We put ESET and Malwarebytes on the same machine because they served different purposes, but I have not used those in nine or ten years.

By implementing SentinelOne Singularity Complete, we were not necessarily trying to solve a problem. We wanted to try and find a best-of-breed solution that was more effective than legacy AV because legacy AV is based on somebody getting hit by the virus, and then it allows the fingerprint to be used to block hashes, etc. Somebody has to get hit, and then everybody else can benefit from that. That was the old model, and we wanted to go next-gen. We wanted to make sure that we were using something that could be as protective as possible on zero-day outbreaks. After reviewing many of the solutions out there, we felt like SentinelOne was the best of the breed. That is justified year over year, and that is why we have continued to stay with them both in my last organization and this one. When you review different reports that are out there every year, SentinelOne is the leader year after year.

It has helped us save a lot of soft dollar costs. I do not know if they offer it to everybody, but we have the ransomware insurance policy from SentinelOne that provides us a certain amount of reimbursements per endpoint should there actually be a ransomware outbreak. In all our time, we never had to use it because there simply has not been a ransomware outbreak on a single one of the machines that has SentinelOne properly installed on it.

We buy the licensing in bulk. From a pricing standpoint, because we buy in bulk, we get very good pricing. Based on its functionality and capabilities, it is well worth the price. I do not think it is at all expensive based on what you get in the solution. We use the complete up to the core. Our pricing is probably a little bit more than somebody who is on the core. In general, it is well worth what you get for the price you pay.

Overall, I would rate SentinelOne Singularity Complete a nine out of ten.

We have deployed SentinelOne Singularity on each end-user machine, as well as on the majority of our servers, utilizing it as an antivirus solution. Additionally, we employ SentinelOne Vigilance for our Security Operations Center. Moreover, we extensively utilize this solution across all our machines for tasks such as inventory control, asset tracking, and software monitoring. Furthermore, we have incorporated Ranger AD to enhance security within our active directory setup.

We use Ranger and Ranger AD. We incorporate the data from our SentinelOne Singularity into our SIEM. Moreover, in terms of Ranger, they are both accessible through the same console. When I click, the information is readily available. It's quite straightforward. Furthermore, concerning the transmission of logs to our SIEM, I don't believe we've ever encountered any problems with the initial setup or ongoing functionality.

Ranger offers visibility into our network and assets, which is quite significant. While other tools are available, having this functionality integrated is advantageous since we have it incorporated into a couple of our tools. This covers everything from our switches onward; although there are different options available, Ranger stands out because we are already using Singularity for other purposes. Hence, having it included is beneficial. While it may not be a decisive feature, it's something we always keep enabled.

It is important that Ranger does not necessitate new agents, hardware, or network changes. The fact that it's present, and functions seamlessly, alleviates any need for concern on my part. Furthermore, it effectively identifies new elements.

SentinelOne Singularity Complete has helped improve our response time. In areas where we don't have twenty-four-seven support, VigilanceOne will take over. We use VigilanceOne through SentinelOne, and it ensures constant monitoring. This makes me feel more at ease, knowing that there's continuous surveillance. With the addition of Ranger, Ranger AD, and VigilanceOne, I believe we have gained better insight into our entire network. This combination offers us an added layer of comfort.

It has helped reduce our MTTD and MTTR.

It has helped reduce our risk overall.

SentinelOne Singularity Complete is exceptionally proficient at alerting and identifying any anomalies or unusual behaviors on the machines. While we do encounter false positives, it has successfully detected several instances of malicious activities on the machines. Having the capability to gain insights across our network, observe all our machines, and have a centralized view of what's protected and where things are is incredibly advantageous.

The process of uninstalling and reinstalling older agent updates needs improvement. I am aware that the newer versions of SentinelOne that they have been working on are more effective. One of our major frustrations arises when we attempt to remove SentinelOne Singularity Complete from a machine and it only partially uninstalls.

The initial tier of support, when we call or engage with them in conversation, assigns a representative to assist us. However, we have occasionally encountered difficulties with the initial person, either due to their lack of knowledge or failure to follow through. In such cases, we have had to seek assistance from others or navigate through basic support on our own. Despite this, it appears that everything is progressing in the right direction. This is why we chose to renew our contract with them and even expand our range of products with their company.

I have been using SentinelOne Singularity Complete for three years.

I would rate the stability a nine out of ten.

I would rate the scalability a ten out of ten.

My feelings are moderate towards the technical support.

Neutral

We had Sophos Intercept X Advanced Cloud Security initially. We had acquired all these tools through a different program. Despite having these tools, a virus managed to get through and bypass all our defenses. This is why we opted for SentinelOne Singularity Complete – we wanted to test the effectiveness of the AI-based approach compared to the traditional signature-based method.

The initial setup was quite straightforward. During the initial phases of deployment, we had a couple of helpful individuals assisting us with the solution deployment, which resulted in a relatively smooth process.

The deployment was carried out by two administrators collaborating with one or two individuals from SentinelOne. Subsequently, we needed to initiate the installation and verify the installs. Consequently, I assembled a team of technicians for this task as well. To be specific, there were around two administrators and possibly four to six technicians dedicated to checking and ensuring the proper functionality of the setup. This was necessary due to the replacement of the old solution across twelve hundred machines within a limited timeframe.

The implementation was completed in-house.

I believe that the current pricing and licensing structure is fair. While it may not be a budget-friendly solution, I think it's reasonable considering what we are receiving.

We evaluated other solutions through online research, but we were recommended SentinelOne Singularity Complete by a company with which we were collaborating. Since the solution performed effectively during our cleanup process, we decided to continue using it.

I would rate SentinelOne Singularity Complete a nine out of ten.

SentinelOne Singularity Complete has matured over the last two years and is a more complete product.

Moderate maintenance is required to keep up with the end users.

I do consider SentinelOne a partner. I do believe that their program is developing, but I wouldn't use them for all purposes everywhere. This is due to my mindset. Nonetheless, I do perceive that SentinelOne is increasingly becoming more of a partner.

We provide SOC services for mostly UK clients and use SentinelOne to monitor our clients' endpoints and remedy threats. Some threats are remedied automatically, but others require investigation. We analyze the file and log any new vulnerabilities in our threat intel account. 

Singularity Complete is a one-stop solution that encompasses all the endpoint protection solutions from SentinelOne. We've eliminated about 99 percent of our other solutions by switching to Singularity. It's easy to integrate SentinelOne logs, and we don't need any other tools for threat hunting or SIEM. Everything is on one platform. You can fully realize Singularity's benefits after about 3 months of deployment and training.

The solution is supported by Vigilance, SentinelOne's MDR service. They monitor 24/7 since we have other things to do. We have an SLA that threats will be mitigated within 45 minutes to an hour after detection. Singularity has virtually eliminated our organizational risk from threats. 

Singularity's threat-hunting platform is user-friendly, and I like the built-in remote access feature. External parties can log in securely via the S1 agent. It's easy to integrate S1 logs with our SIS. That's one good thing. We don't need to use any other tools, like a SIEM. 

I would like SentinelOne to add a threat-hunting report and more UEBA features. They could add more SIEM functionality. It would be nice to have the ability to easily drag all the logs from the agents, so there's no need for multiple agents installed on the endpoint. 

I have used Singularity Complete for a year and a half. 

We haven't seen any downtime outside of normal maintenance windows every few months. 

Singularity's scalability is good. 

I used CrowdStrike before, but SentinelOne is easier because I can do more stuff on that. For example, let's say I want to fetch some files from an end user's machine or install something, but I do not manage the machine as a security person. If we need to do something inside, I can do a full scan and use remote access to see everything. 

The SentinelOne suite is appropriate for our use case. If the scope and tasks were different, another EDR might be better. CrowdStrike has built-in UEBA, but it's not as user-friendly as SentinelOne. 

I'm not involved with purchasing decisions, but I believe Singularity must be cost-effective because the management selected it. 

I rate SentinelOne Singularity Complete 9 out of 10. It's an excellent solution for monitoring and managing endpoints. I recommend doing SentinelOne's training to familiarize yourself with how to leverage the entire product. 

We use SentinelOne Singularity Complete for incident management planning to protect against insider and outsider threats, monitor threats, block websites across our branches, and manage assets.

Before implementing SentinelOne Singularity Complete, we could not track our assets, manage the threat insights, or block USB devices. Now we can manage and handle all our assets and keep them healthy. We can also protect our data from malware and ransomware attacks.

The SentinelOne Singularity Complete reporting suite is essential for providing comprehensive visibility into the security posture of an organization.

We realized the benefits of SentinelOne Singularity Complete two months after we deployed it. We knew after the proof-of-concept that SentinelOne Singularity Complete would be useful in our environment.

SentinelOne Singularity Complete helps our organization track all our systems. We receive an automated weekly threat report on our systems, which helps us manage incidents before they occur. We automatically receive insight threat reports in our emails, which is a great way to identify and track issues so that we can remove the affected asset from the environment to protect our systems and network.

SentinelOne Singularity Complete has helped reduce our organizational risk. 

SentinelOne Singularity Complete has a valuable feature that allows us to install the agent on every endpoint and extract all asset information for reporting purposes in our live inventory.

SentinelOne's XDR service is valuable. We use them to find the root cause of an issue.

I would like to have a remote desktop feature added so we can remotely access our endpoints.

I have been using SentinelOne Singularity Complete for six months.

We previously used Kaspersky, but we found that it could not clearly identify all of our assets and risks. With SentinelOne Singularity Complete, our environment is more secure.

The initial deployment was straightforward. 

We used a third party for the implementation.

SentinelOne Singularity Complete is expensive, but we must be willing to pay for it if we want a high level of protection.

I would rate SentinelOne Singularity Complete nine out of ten.

We recommend that people evaluate SentinelOne Singularity Complete before buying it. At a minimum, they should compare it to their current solution and other products to see the difference. They should do a small comparison of the major points that each product covers and does not cover. Once they have a good understanding of the options, they can have a demo or proof-of-concept before making a purchase. Additionally, it is helpful to check which companies are currently using SentinelOne Singularity Complete in their live environment for a long period of time without experiencing any challenges.

We are a partner of SentinelOne and we provide demo proofs of concept to customers. Most of our customers use traditional antivirus software, which does not have the capability to perform zero-day analysis, block ransomware, or block zero-day attacks. SentinelOne, on the other hand, is an endpoint detection and response and endpoint protection platform solution, which means that it has the capability to block zero-day attacks, ransomware, and machine learning-based threats. SentinelOne Singularity Complete does not have antivirus technology, but rather it is an anti-malware solution.

Our customers switched to Singularity Complete primarily for security and ease of use. It is easy to install, troubleshoot, and upgrade. Singularity Complete is purely cloud-based for our customers.

Singularity Completes' interoperability is straightforward. They have easy API integrations with all major integration platforms, so it's simple. There are no complications.

SentinelOne can ingest and correlate data well. It has its own EDR and XDR technologies, so it provides threat defense, detection, and monitoring. The models work like a SIEM for endpoints, so customers can correlate logs, identify patterns, and visualize everything. It is very visible.

I deployed Ranger for one of our customers with a large infrastructure. Ranger provides clear network and asset visibility.

Singularity Complete was very helpful to our customers during the COVID-19 pandemic because many of their employees were working from home. When employees work from home, they often need to open ports from outside to active networks, which can make those networks more vulnerable to ransomware attacks. One of my customers had a traditional antivirus running, but it was unable to detect the ransomware. I deployed Singularity Complete to understand the attack pattern and block it. The customer was so happy with SentinelOne Singularity Complete that they renewed their subscription for four years in a row.

Singularity Complete increases the number of true positive alerts by detecting attacks that antivirus software misses.

Singularity Complete helps save time.

Singularity Complete has reduced the MTTD by ten percent.

Singularity Complete has reduced the MTTR. Where a traditional antivirus may take ten minutes, Singularity Complete takes two to three minutes.

Singularity Complete helps reduce organizational risk.

The anti-ransomware capability to analyze the threats and user-friendliness are the most valuable features.

When comparing SentinelOne to CrowdStrike, I find that CrowdStrike has more comprehensive vulnerability assessment tools. It offers a variety of Falcon tools, including deep inspection, while Singularity Complete does not have all of these features. It still sticks to EDR or EDP. Therefore, I need improvements to match the features that CrowdStrike offers, such as a higher level of vulnerability assessment and a better understanding of the IOCs in our system so that we can apply fixes.

SentinelOne Singularity Complete needs improvement on Linux machines. We identified a few issues with most of our Linux customers' machines. Specifically, the application is not working properly after installation.

A major area of Singularity Complete that needs improvement is the restart option. We do not need a restart after installing a CrowdStrike agent. So for organizations that are running 24/7 and can't restart their machines, we do not recommend SentinelOne Singularity Complete.

I have been working with SentinelOne Singularity Complete for five years.

I would rate the stability of Singularity Complete nine out of ten.

Singularity Complete can scale easily. 

Overall the technical support is good but we sometimes have difficulty getting a hold of them.

Positive

We previously used CrowdStrike Falcon, but SentinelOne Singularity Complete is easier to deploy. CrowdStrike Falcon has many features and policies that need to be configured, while Singularity Complete is straightforward. It has a single policy and is very easy to deploy compared to CrowdStrike Falcon. However, CrowdStrike Falcon offers more features.

The initial deployment is straightforward. We receive a URL extension from the company and we set the policies and install the agent.

I deploy the solution for POCs using 20 machines. We demonstrate the deployment methods, and the customer completes the rest of the process. We typically complete this task in two days. For larger organizations that have a lot of departments and branches, the deployment can take up to 15 days.

SentinelOne Singularity Complete is cheaper than CrowdStrike but more expensive than any traditional anti-virus solution.

I would rate SentinelOne Singularity Complete eight out of ten.

The Ranger functionality is not that important because it is optional, and most customers already have a solution for understanding their environment.

I would say that 90 percent of SentinelOne Singularity Complete is a quality product with only ten percent with room for improvement.

SentinelOne will not sell to organizations with fewer than 100 endpoints. Most of our clients are mid- to enterprise-level.

Maintenance is required, but the SentinelOne team maintains the cloud deployments, so we don't need to worry about it. The endpoint agents must be upgraded whenever an upgrade is available or when we have to fine-tune policies for customers to reduce false positives. One IT support person can handle any maintenance for the endpoints.

I suggest always doing a POC. If the customer is currently using traditional antivirus technology, they may not understand EDD, EPP, or EDR technology. Therefore, I always recommend a POC to help the customer understand these technologies. Customers should never implement an endpoint solution without a POC, because we don't know what endpoints are running on their system or how compatible the new solution will be with other endpoints. For example, if we are implementing a DLP solution, we should ask for a POC with all available agents, or we can deploy a test machine to understand the solution before implementing it in production.

We use SentinelOne Singularity Complete to provide endpoint protection for all endpoint servers and Kubernetes clusters in our environments where SentinelOne is supported. We also use SentinelOne to help manage our systems and provide visibility into the assets in our environment.

We have found that Singularity Complete integrates well with our existing SIEM solution, Splunk, and some of our other system management tools, such as Okta and Armis. We are also looking forward to the additional future integrations that are planned.

I appreciate Singularity Complete's ability to ingest and correlate data across our security solutions. I use this feature quite often, either to perform deep visibility searches to correlate data across different sources if I have specific concerns about security events, or even to track running or operational issues as well. Singularity is not only a security product but it can also be used for troubleshooting non-security and related issues on devices.

Compared to the previous EDR solution, Cylance Protect, we had substantially fewer false positives when we implemented Singularity Complete.

Singularity Complete has reduced our MTTD.

Singularity Complete has reduced our MTTR somewhat compared to our previous EDR solution.

Singularity Complete has reduced our organizational risk by 20 percent, specifically the risk profile associated with malicious activities on protected devices.

The most valuable features, of course, are the protection and support for the devices. In addition to that, the ability to see the last log-on dates for time-tracking purposes has been helpful. The most useful feature of all is deep visibility. I think it was recently renamed to something else, but it is the ability to run IOC queries across all devices and gain information to look at any kind of potential events that might occur.

We have had cases where Singularity Complete has caused applications to malfunction. The existing interoperability rules have not necessarily been sufficient to resolve those conflicts. SentinelOne needs to work on interoperability with other systems and on the interoperability rule set.

I have been working with SentinelOne Singularity Complete for one year.

We have not had any stability issues in our environment with Singularity Complete.

Singularity Complete is scalable.

With any support service, it depends on the person we get on the line. Some are better than others. But overall, I find the technical support team to be good, comparable to other good technical support teams I've seen from other vendors.

Positive

We implemented SentinelOne Singularity Complete to move away from a legacy EDR platform, Cylance Protect, that did not perform as well as a modern EDR solution should.

The initial deployment was complex due to the complex environment. I would agree that deploying to a single device would be straightforward, but we have a manufacturing environment that requires bespoke applications, which makes any migration complex.

Fifteen people were required for the deployment.

The implementation was completed in-house.

The pricing and licensing make sense. We worked with a third party to help us with licensing, and the licensing we obtained through that process was ultimately reasonable and comparable to other products on the market.

We evaluated Microsoft Defender, CrowdStrike, and Cortex XDR by Palo Alto Networks.

I would rate SentinelOne Singularity Complete ten out of ten.

We are considering the possibility of using SentinelOne to consolidate some of our security solutions, but have not moved in that direction just yet.

Singularity Complete has not yet saved our staff time because it takes more time to deploy and migrate to the point where we have time savings. I think it will in the next couple of years.

We see a lot of innovation from SentinelOne. They are acquiring many other products that are integrating with the platform we looked to adopt in the next couple of years if it works out well. New features and functionalities are also regularly released. So, in terms of innovation, that's one of the reasons we chose SentinelOne Singularity Complete in the first place.

Singularity Complete is a mature product that can sufficiently protect our assets. I would say that the core features associated with that functionality are in place and work well.

Maintenance is relatively low, but systems need regular updates, and we need to troubleshoot all of them. So, there is some work involved.

SentinelOne is a good strategic security partner. We appreciate the direction of their product roadmap and its current coverage. One area where they could improve is in having their EDR support teams reach out to us. We don't believe we have an EDR or anything similar setup, but it would be helpful if they offered quarterly or semi-annual meetings to check in, see how we're doing, and give us an opportunity to provide feedback.

People researching Singularity Complete should first understand their environment and deployment goals to ensure compatibility between their existing solutions and the new product. They should also evaluate multiple competitors before making a commitment.