We use Singularity Complete as our EDR software. It's replacing our old antivirus solution. It covers about 80 endpoints.
IT Manager at a construction company with 51-200 employees
It's an innovative platform that addresses issues automatically
Pros and Cons
- "SentinelOne has improved the overall security posture of the firm without creating a lot of hassle for our end users. Everything is a bit more secure. We think Singularity Complete has helped us reduce our organizational risks."
- "I rate Singularity Complete a seven out of ten for affordability. It's more expensive than our previous solution, but it does its job well. At the same time, there is some room for improvement. Cheaper is always better."
What is our primary use case?
How has it helped my organization?
SentinelOne has improved the overall security posture of the firm without creating a lot of hassle for our end-users. Everything is a bit more secure. We think Singularity Complete has helped us reduce our organizational risks.
What is most valuable?
SentinelOne detects threats automatically and performs the remediation itself, so we don't need to constantly look at the logs. It reduces the meantime to respond because it automatically responds to the detected threats.
For how long have I used the solution?
We started using SentinelOne Singularity at the start of this year, so it has been nearly seven months.
Buyer's Guide
SentinelOne Singularity Endpoint
June 2026
Learn what your peers think about SentinelOne Singularity Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
903,871 professionals have used our research since 2012.
What do I think about the stability of the solution?
I have had no stability issues so far.
What do I think about the scalability of the solution?
We only started using it at the beginning of this year, so the number of users has stayed the same. I have no experience scaling it up, but it's easy to add more devices to the platform. I don't foresee having any problems with scalability.
How are customer service and support?
We receive technical support from our partner, so I have no experience with SentinelOne support.
Which solution did I use previously and why did I switch?
We previously used Bitdefender as our antivirus solution. We switched to SentinelOne because we wanted to improve the overall security of our endpoints. SentinelOne offers more advanced and comprehensive protection than a traditional antivirus solution.
How was the initial setup?
We contracted with a partner to deploy SentinelOne, so I wasn't involved in the deployment. Our partner also handles the maintenance.
What was our ROI?
SentinelOne is more expensive than our previous tool, but we're hoping to see a return by saving money on recovering from some kind of incident.
What's my experience with pricing, setup cost, and licensing?
I rate Singularity Complete a seven out of ten for affordability. It's more expensive than our previous solution, but it does its job well. At the same time, there is some room for improvement. Cheaper is always better.
Which other solutions did I evaluate?
Though Microsoft's solution was suggested, we only seriously considered SentinelOne. That was the one that stood out during research. Also, I heard from my peers that it was the best one, so I didn't look at other options.
What other advice do I have?
I rate SentinelOne Singularity Complete a nine out of ten. I recommend it. SentinelOne works as advertised. It's an innovative solution, but it's hard for me to compare it to other products because I don't have much security expertise. It's a mature solution that has no bugs that I've experienced. I have confidence in it.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
IT Manager at American Incorporated
The MDR service is convenient for a small team like ours
Pros and Cons
- "SentinelOne's managed detection response service Vigilance Respond is convenient for companies like ours with small IT teams. If something happens on the weekend, SentinelOne steps in and resolves the issue. It's a false positive 97% of the time, but at least they're resolved instead of hanging around for us to find on Monday."
- "In 18 months in with SentinelOne, we've seen the same lack of drama, with no endpoints compromised to the degree that it has negatively impacted our network."
- "Managing the false positives creates additional management overhead. The behavioral analysis engine might misinterpret real user behavior as malware. For example, a drafter was cleaning up a Revit folder and deleting 4,000 files. That looks like ransomware. The SentinelOne agent kicked his computer off the network."
- "Managing the false positives creates additional management overhead."
What is our primary use case?
We're a construction company using SentinelOne for endpoint security with endpoint detection and response. SentinelOne covers all of our endpoints and servers. It protects everyone across the company, even those not actively using an AV.
How has it helped my organization?
SentinelOne's managed detection response service Vigilance Respond is convenient for companies like ours with small IT teams. If something happens on the weekend, SentinelOne steps in and resolves the issue. It's a false positive 97% of the time, but at least they're resolved instead of hanging around for us to find on Monday.
We have the Ranger feature for network scans, allowing us to pick up any new devices that show up on a network. That was especially useful for us when we shifted to working from home.
If two or more agents are in a remote network, they will scan the network and give you an inventory of the MAC addresses and device types they see. This is handy when you have a small office or someone working from home. We do not allow employees to bring their own devices, but people are plugging their company computers into their home network, exposing them to risks. The ability to report on connections in remote networks is handy.
What is most valuable?
SentinelOne's machine learning engine is purely behavioral. The engine will shut down anything that's bad, isolate the system from the network, and alert everyone. We had tremendous success with CylancePROTECT for over five years. Zero successful attacks. In 18 months in with SentinelOne, we've seen the same lack of drama. No endpoints have been compromised to the degree that it has negatively impacted our network.
What needs improvement?
Managing the false positives creates additional management overhead. The behavioral analysis engine might misinterpret real user behavior as malware. For example, a drafter was cleaning up a Revit folder and deleting 4,000 files. That looks like ransomware. The SentinelOne agent kicked his computer off the network.
We interrupted that process and then isolated his computer and the file server. It was somewhat disruptive in the middle of the day. At the same time, it was a perfect simulation of what ransomware would do, so it was reassuring that SentinelOne stepped up and said, "Nope!"
It was not a malicious process running that was detected. It was simply behavior he shouldn't have done. Now, our drafters know to co my team when they're going to do some file cleanup. The false positives are just inherent in just the large amount of poorly written software that's out there. Any competent antivirus is going to have a behavioral, heuristic engine looking at what's actually being done.
It might be something bad done by the software you use. We used a machine learning engine for five years. The Wire Hauser Corporation builds subpar software because they're supposed to be building lumber products. It triggered a false positive, that's about the only negative for any modern AV is just false positives.
In the future, I would like to see SentinelOne implement integrated patch management. It would be great to manage endpoint patching through SentinelOne. We're on our third patch manager in three years because they are lackluster. It would be nice to have a new patch management tool.
For how long have I used the solution?
I have been using Sentinel One for about a year and a half.
What do I think about the stability of the solution?
SentinelOne is stable and constantly improving. Today I did a demo of a new acquisition they made for Active Directory. Ranger is the product that scans networks. This is a new product from a company they bought.
They do automated scans of your Active Directory infrastructure to identify fixable problems and anyone trying to take advantage of the unfixable problems. They're improving their core product while adding new functionality and products that I'm interested in.
What do I think about the scalability of the solution?
SentinelOne is highly scalable. I know folks with 10 times the number of endpoints we have, and they're pleased with it. One fellow I know has 4,000 endpoints under management.
How are customer service and support?
I rate SentinelOne support nine out of 10. I wish our other vendors had tech support as good as SentinelOne. I can only think of one other vendor that possibly has better tech support, but the vast majority of software companies have sub-par tech support. Little goes wrong, but get a quick turnaround time when something comes up.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We were using CylancePROTECT, one of the early innovators in machine learning next-gen AV. Then they added on an EDR component called CylanceOPTICS. CylancePROTECT was an outstanding product for us. It was extremely low overhead and highly efficient. It crushed it in the proof of concept and did an excellent job for us.
Blackberry acquired the solution in 2019, the last year of our three-year agreement. It was awful. Development essentially stopped. All of the intelligent people started leaving. I found out that some went to SentinelOne. It was clear my worst fears were realized: that Blackberry was going to screw up yet another good thing.
How was the initial setup?
I had prior experience with this kind of antivirus, so I thought setting up SentinelOne was very straightforward. We stood up three different products in the course of 60 days to do this test. I didn't think there was anything unusual or unexpected about setting it up. It's perfectly understandable if you know what you're doing.
We have automated tools for deploying software. The biggest problem was getting the old endpoint solution off and the new endpoint solution parked on top of it. We had a 30-day window to get it all done for 250 endpoints.
My IT group has four people, including me, but it's not hard to manage or deploy. It fits right within our normal imaging endpoints, so it's super-low overhead.
What about the implementation team?
We did the deployment in-house. I'm paranoid. I wouldn't let anybody touch our security software.
What's my experience with pricing, setup cost, and licensing?
We pay $30,000 a year for 275 endpoints. We're growing, so I plan to buy another 75 endpoints. There is still a year and a half left in my three-year subscription, so I'm going to increase my endpoint count by 30 percent.
I'm buying midterm. We're a little over our licensing right now—less than 10%—but we'll correct our device count and plan for future growth. We pay for additional managed detection and Ranger network scanning.
Which other solutions did I evaluate?
We started doing proofs of concept for a short list of candidates in October 2020 when things calmed down a little bit. In addition to SentinelOne, we were looking at Sophos Intercept X, and CrowdStrike Falcon, which I assumed would win the bake-off. I had every expectation that Falcon was going to be our new endpoint. SentinelOne was kind of a startup. CrowdStrike Falcon was number three. Our second choice would've been Sophos Intercept X.
We left behind traditional AVs like Symantec and Norton Antivirus in 2016. It's awful stuff. We would've been good with Intercept X or Falcon, but SentinelOne has just proven to be the right choice for what we're doing. I hope they don't get bought.
What other advice do I have?
I rate SentinelOne 10. It's an excellent next-gen AV with none of the signature-update nonsense. It'll kill anything that does something bad, which sometimes is an Adobe product, etc. False positives are expected in that situation, but it's not a problem.
If you're considering SentinelOne, devote time, money, and staff to a thorough proof of concept. If you don't test your use cases, You will regret it. Just assume it's going to be an exit project to do an endpoint security selection. Ignore Gartner's and the press. Don't pay attention to the big analysts. Read the peer reviews and the community feedback.
Do the heavy lifting with a proof of concept. If you think you're spending too much time on it, you're probably not spending enough. It's so important. Treat picking a product like you would any other big project.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Buyer's Guide
SentinelOne Singularity Endpoint
June 2026
Learn what your peers think about SentinelOne Singularity Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
903,871 professionals have used our research since 2012.
Chief Information Officer at a tech services company with 1-10 employees
Reduces alerts, allows data from everywhere, and helps to be as secure as we can be
Pros and Cons
- "The ability to quickly and easily identify threats on our machines is valuable. The fact that it protects the environment as a whole is also valuable. They have the ability to identify network nodes, and they have Ranger as a component of the solution that allows us to see the whole picture. We can see on what we have SentinelOne and on what we do not."
- "Interoperability with other SentinelOne solutions and other third-party tools is an area where you can run into some issues. Because of the way the agent works, there are sometimes things that are blocked or prevented from happening that are not identified as a threat, and therefore, not alerted in the console. Sometimes, we do have to dig through the logs, run tests, and adjust the whitelisting or exclusions to make sure that other applications will run properly."
What is our primary use case?
We use it for protection and endpoint detection across our entire customer base because we are a managed service provider. It is also for endpoint protection of our internal machines.
We have Linux, Mac, and Windows. It has essentially replaced our antivirus solutions. It is our full endpoint detection. We then work in and partner with our outside XDR and our SOC. We interface SentinelOne identifications and alerts into the SOC so that they can manage those for us.
How has it helped my organization?
It is very strong in terms of the ability to ingest and correlate across our security solutions. They have added cloud capabilities. Some of that is through acquisitions, but a lot of it is native. It allows us to bring in data from everywhere, analyze what we need to analyze, and make sure that we are as secure as we can possibly be. When we have SentinelOne running in an environment, it always makes us feel more comfortable. We require it for every one of our customers. They may have a license elsewhere, but regardless of that, we essentially say that if they are coming on and going to be a customer of ours, we are going to remove whatever they have, and they are going to SentinelOne just because it is a far superior product that we have tested and evaluated.
With SentinelOne, we have not consolidated security solutions, but we have reduced our TCO because we do not have to support customers utilizing other endpoint protection solutions. We simply would not work with other solutions. We enforce SentinelOne to be the only endpoint protection solution that is monitored or managed by us. That obviously has helped our TCO in terms of the knowledge base and being able to support and protect our clients, but we have not reduced any applications or vendors that we work with because we stuck with SentinelOne from day one.
We have used the Ranger functionality a little bit. It provides network and asset visibility. It lets us see everything else that may be on the network that we may not already have an idea of. Just by having an agent in the environment, it lets us see additional switches that may have vulnerabilities or new machines that may pop up on the network that we are unaware of. There is a large benefit to that, for sure.
The fact that Ranger requires no new agents, hardware, or network changes is crucial to it being effective because a lot of different solutions out there require you to have something else running on the network to be able to perform the functions of Ranger. However, the way they designed SentinelOne, we can essentially have the regular SentinelOne singularity agent installed on a machine out there and enable the Ranger functionality on the agent. It will then do the work for us. Rather than having an additional appliance or an additional software service running in the environment to capture the information that we are looking for, we get it from Ranger. Ranger can help to prevent vulnerable devices from becoming compromised, but we have not used it this way.
SentinelOne Singularity Complete without a doubt has helped reduce alerts. With the policies that we enable across the board for our customers through SentinelOne Singularity Complete, we can onboard new clients, and as we onboard them, we are able to quickly and easily protect their environment without filtering through a ton of random alerts that are typically false positives when you are onboarding a new customer. That, to me, has been a huge benefit to having SentinelOne and reducing our overhead to manage the new customers that we are bringing on.
SentinelOne Singularity Complete has helped free up our staff for other projects and tasks by reducing the false positives that we get for our existing customers and when we onboard new ones. It obviously allows us some engineering time to be focused elsewhere. We have been able to do more automation and tie in other protection solutions into SentinelOne, such as our XDR with our SOC.
SentinelOne Singularity Complete has reduced our mean time to detect (MTTD) without a doubt. We get alerts regularly from the console that get notified to our SOC and also internally. We are able to respond to those very quickly. In fact, on average, about 90% to 95% of the time, SentinelOne Singularity Complete automatically remediates the solution based on how it is set up with our policies. Therefore, we do not have to do anything other than verify that it was a legitimate threat that was blocked.
Our mean time to respond (MTTR) is a lot faster than what we experienced with other solutions in the near past. It is almost immediate. It sees the process kick off. It remediates it 90% to 95% of the time, and even when it does not remediate it, it alerts us immediately. We are not waiting for a weekly scan or a daily scan that the other solutions typically use because it is all in real-time with the Singularity agent.
SentinelOne Singularity Complete has helped reduce our organizational risk. It is one of those solutions that lets us sleep easier at night when we have it on a machine. Security, in general, is not set-it-and-forget-it. It is not a single layer. You have to have multiple layers. We have other solutions that we partner with SentinelOne to try and make the environment as secure as possible, but SentinelOne is definitely the starting point. It gets us protected, and it makes our lives easier with the device. We feel more confident that the device is secure from everyday end users who do not necessarily know the difference between a fake or a phishing email that has a fake Adobe or Word Document attached to it that they are going to download and try to run. It definitely makes our life easier, and in my role, it helps me sleep a little better at night knowing that all of our machines are protected by that, both internally and across the board of our customers.
What is most valuable?
The ability to quickly and easily identify threats on our machines is valuable. The fact that it protects the environment as a whole is also valuable. They have the ability to identify network nodes, and they have Ranger as a component of the solution that allows us to see the whole picture. We can see on what we have SentinelOne and on what we do not. There is always that concern that you protect what you know, but items can be brought into the network that you are unaware of because you are not sitting at every customer location every day or every office every day, so the ability to quickly identify anything new on the network has been a huge benefit to the application. It is something that they have added over time. It has been huge for us.
What needs improvement?
Interoperability with other SentinelOne solutions and other third-party tools is an area where you can run into some issues. Because of the way the agent works, there are sometimes things that are blocked or prevented from happening that are not identified as a threat, and therefore, not alerted in the console. Sometimes, we do have to dig through the logs, run tests, and adjust the whitelisting or exclusions to make sure that other applications will run properly. It is very effective, and it protects our environment like no other solution that we have ever worked with or tested. It is very strong, but you have to get in and look at the visibility reports and the information in the system, in the console, and on the dashboard to really identify if something is being blocked and causing a performance issue for a customer or on a machine. They have the flexibility there, but it can be a little frustrating at times to find the needle in the haystack until you get used to the console and understand how it works. So, there are times when it can impede the ability of an application. The way I typically look at that is that the application developer or whoever developed the app is probably using some functionality that is not standard, and that is why SentinelOne is effectively not allowing it. The only issue there is that we do not always know that SentinelOne is not allowing it. It could be impeding the traffic for an application or a database connection, but we do not know that initially. It does not flag that as a threat or block anything, so there is no alert.
They have device and network control that they have added over time. It allows you to take over control of the firewall through the network control, and you can block and manage CD-ROMs and USB devices. One thing that I always thought would be beneficial for device control is the ability to enforce encryption on USB and external hard drives. You do not have to have a separate agent to handle any of that even if it is just tying into BitLocker on Windows devices or BitLocker To Go capabilities. To me, that would be a huge benefit to the product so that there is no other application, and you do not have to privately manage BitLocker settings for USB devices or external hard drives.
Lastly, it would be very beneficial to have a solid SentinelOne agent for mobile devices that easily ties into the existing endpoint dashboards. With the proliferation of mobile and email threats that are exploited on mobile devices having a centralized console for managing these endpoints would be crucial in the future.
For how long have I used the solution?
Between my current organization and prior organization, I have been using SentinelOne for close to 12 years.
How are customer service and support?
We have not had any incidents where we have had to contact them for an emergency. There were no ransomware outbreaks and no major attacks or threats running through our environment, so I have not had to deal with that level of support. Typically, we reached out to their support when we had a question on interoperability or we were seeing some weird effects or an agent upgrade not wanting to push from the dashboard properly. For the most part, their support is pretty strong. The turnaround time is usually pretty good. We had only one ticket that had to be escalated above the initial tier 1 support. They get prioritized based on criticality, and even that ticket was closed within eight calendar days. To me, it was not a critical issue. I did not think it was an issue, but it took eight days. That was well within the expected time frames. I would rate their support a nine out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
In the past, I have used Trend Micro. This was prior to endpoint detection times. It was more than nine years ago. I used Trend Micro, Kaspersky, Norton, and McAfee. I have also used ESET and Malwarebytes. Typically, we were using those in layered approaches. We put ESET and Malwarebytes on the same machine because they served different purposes, but I have not used those in nine or ten years.
By implementing SentinelOne Singularity Complete, we were not necessarily trying to solve a problem. We wanted to try and find a best-of-breed solution that was more effective than legacy AV because legacy AV is based on somebody getting hit by the virus, and then it allows the fingerprint to be used to block hashes, etc. Somebody has to get hit, and then everybody else can benefit from that. That was the old model, and we wanted to go next-gen. We wanted to make sure that we were using something that could be as protective as possible on zero-day outbreaks. After reviewing many of the solutions out there, we felt like SentinelOne was the best of the breed. That is justified year over year, and that is why we have continued to stay with them both in my last organization and this one. When you review different reports that are out there every year, SentinelOne is the leader year after year.
What was our ROI?
It has helped us save a lot of soft dollar costs. I do not know if they offer it to everybody, but we have the ransomware insurance policy from SentinelOne that provides us a certain amount of reimbursements per endpoint should there actually be a ransomware outbreak. In all our time, we never had to use it because there simply has not been a ransomware outbreak on a single one of the machines that has SentinelOne properly installed on it.
What's my experience with pricing, setup cost, and licensing?
We buy the licensing in bulk. From a pricing standpoint, because we buy in bulk, we get very good pricing. Based on its functionality and capabilities, it is well worth the price. I do not think it is at all expensive based on what you get in the solution. We use the complete up to the core. Our pricing is probably a little bit more than somebody who is on the core. In general, it is well worth what you get for the price you pay.
What other advice do I have?
Overall, I would rate SentinelOne Singularity Complete a nine out of ten.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Dec 14, 2025
Flag as inappropriateIT Director at a wholesaler/distributor with 11-50 employees
Helps save us time, provides good service, and quick remediation
Pros and Cons
- "The most valuable feature is the quick response to attacks."
- "The SentinelOne portal is not user-friendly, which is one of its drawbacks."
What is our primary use case?
We use SentinelOne Singularity Complete to protect our environment.
How has it helped my organization?
SentinelOne Singularity Complete has helped us reduce the number of alerts we receive. I was attacked three times, and each time I received an alert. There were a lot of good features in SentinelOne that we were not aware of until we contacted them after we were hacked. SentinelOne took the role of fast response protection and took action.
SentinelOne Singularity Complete has freed up our staff's time to work on other tasks and projects. I made many changes to my department this year, including migrating all of my servers from on-premises to the cloud. With Singularity Complete, I was able to protect my cloud servers immediately and shut down my on-premises. I was also able to receive notifications of changes to IP addresses and users, which are common changes that occur during a migration. Sentinel was able to alert me every time there was a change.
What is most valuable?
In terms of service, SentinelOne has very great service. They respond immediately as soon as we open a ticket. I got attacked last year, and they were able to help me resolve my issues. So I got a fast response. Of course, we paid for it, but in terms of professionalism and support, they were extremely professional, and they have a lot of professional people working for them.
The most valuable feature is the quick response to attacks.
What needs improvement?
The SentinelOne portal is not user-friendly, which is one of its drawbacks. We have to search for options to disable and enable protection. We have to go through it on our own to find the options we need to add or remove notifications. SentinelOne did not tell us about these options until we encountered problems and had to contact them. We were not well informed. When we first implemented the solution all the options were turned off and we did not know that we had to navigate through and turn on what we required.
The MTTD has room for improvement. I was attacked last year and did not receive an alert from SentinelOne Singularity Complete until 24 hours after the attack occurred.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete for two years.
What do I think about the stability of the solution?
SentinelOne Singularity Complete is stable and we have not encountered any issues.
What do I think about the scalability of the solution?
I would rate SentinelOne Singularity Complete's scalability an eight out of ten.
How are customer service and support?
We do not have a support package, so we pay per use, which is expensive. However, they are very professional and follow up well. They took charge immediately, found a solution immediately, and blocked the ransomware attack. They also gave us details on what to do next. Two to three days later, they called my department back and followed up with the system administrator to make sure everything was okay. Overall, I am satisfied with their service.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I previously used Microsoft Defender and Sophos. SentinelOne is a much better solution than Defender and has a quicker response time to alerts and attacks than Sophos.
How was the initial setup?
The initial deployment was straightforward. Implementing SentinelOne was not complicated, and more user-friendly than the others.
The deployment was completed by myself and one admin.
What about the implementation team?
i did,it is OkiOk and unfortuantely was not a good experience thats i move to another reseller and it is ESI which also did have a good experience with their sale person at the end.
What was our ROI?
of course, when it comes to any security solution there is always a good return on this investment especially in our current situation and all the threats that we receive daily and attacks.
What's my experience with pricing, setup cost, and licensing?
SentinelOne Singularity Complete is expensive compared to Microsoft but not Sophos. However, it is worth the price for its quick response and immediate remediation options.
Which other solutions did I evaluate?
i did evaluate Sophos, i didnt find a big difference but i felt more comfortable with sentinel one.
What other advice do I have?
I would rate SentinelOne Singularity Complete nine out of ten. SentinelOne is one of the best security solutions I have worked with. I would rank it in the top three best platforms for security.
SentinelOne Singularity Complete is an aggressive and accurate security solution.
No maintenance is required except for updates that we push out to all end users.
For organizations that want an aggressive security partner, I recommend SentinelOne Singularity Complete.
Although SentinelOne Singularity Complete is expensive, I have no qualms about investing more money in the security of my department and data. I would definitely recommend SentinelOne Singularity Complete. It gives me peace of mind knowing that my data is safe.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Dec 9, 2025
Flag as inappropriateDirector of information technology at Stuart & Branigin LLP
Allows users to see and manage infections from the web-based admin panel, is reasonably priced, and has more advanced technology and multiple features
Pros and Cons
- "What I like best about SentinelOne Singularity Complete is its web-based admin interface, which allows me to go into the platform, look at the entire organization, particularly all of the sentinels or endpoints, and manage everything from there."
- "SentinelOne Singularity Complete takes up a lot of memory in Google Chrome, which sometimes causes it to lag, so this is an area for improvement. The solution could be improved by increasing its efficiency within the web browser."
What is our primary use case?
SentinelOne Singularity Complete is an endpoint protection solution that my company deployed on all workstations and servers to protect against ransomware, malware, and other types of infection.
How has it helped my organization?
SentinelOne Singularity Complete has saved us too many times to count. The most recent save happened shortly before 1:30AM. A user had downloaded a ransomware payload that tried to detonate in the middle of the night when no one was was awake to even notice. I woke up the next morning with a notification email from SentinelOne telling me that it had discovered the infected file and removed it before it could do any damage. I was beyond thankful.
What is most valuable?
What I like best about SentinelOne Singularity Complete is its web-based admin interface, which allows me to go into the platform, look at the entire organization, particularly all of the sentinels or endpoints, and manage everything from there. For example, if someone is infected, I can manage the whole operation and process from the admin panel.
I also find SentinelOne Singularity Complete beneficial in its interoperability with other SentinelOne solutions and third-party applications. This helps the solution stand out.
The ability of SentinelOne Singularity Complete to ingest and correlate across security solutions is also a great feature.
The solution has not reduced any of the alerts for my company, but I'm happy to see when the alerts come through on the platform. As for the mean time to detect, SentinelOne Singularity Complete helped reduce it by ninety percent.
I noticed the mean time to respond has been reasonably quicker after using SentinelOne Singularity Complete, plus the organizational risk has been reduced.
In terms of quality and maturity, SentinelOne Singularity Complete has been around for a while and is a trusted solution. I have a colleague who works for another organization that was hit with ransomware, and the consulting company working with his team recommended SentinelOne Singularity Complete as one of the changes to implement immediately so from that standpoint, I truly enjoyed hearing that knowing that my company is also a SentinelOne Singularity Complete customer.
As a strategic security partner, I found the solution great, primarily because all of its features work well.
What needs improvement?
Update: SentinelOne Singularity Complete now works much more efficiently inside of Google Chrome. The lag times are gone and I'm able to navigate without issue.
----------------------------------
SentinelOne Singularity Complete takes up a lot of memory in Google Chrome, which sometimes causes it to lag, so this is an area for improvement. The solution could be improved by increasing its efficiency within the web browser.
Another area for improvement in SentinelOne Singularity Complete is technical support, particularly the response time when dealing with non-critical issues.
For how long have I used the solution?
We've been using SentinelOne Singularity Complete for over two years now.
What do I think about the stability of the solution?
I didn't experience crashing and downtime from SentinelOne Singularity Complete, so I find it stable.
What do I think about the scalability of the solution?
For my company's use, SentinelOne Singularity Complete is great and has no issues scalability-wise.
How are customer service and support?
The technical support provided for SentinelOne Singularity Complete is a seven out of ten because the team takes longer to deal with non-critical support issues. Response time could be faster.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
My company was looking for a solution encompassing a wide range of protection, and SentinelOne Singularity Complete matched what the company was looking for. The company used another product, particularly Webroot, and then moved to this solution.
Moving to SentinelOne Singularity Complete was my company's decision as it had more features, was more advanced and was more suitable for an enterprise application. Hence, the solution was ultimately a better fit when compared to Webroot.
How was the initial setup?
I was involved in the initial deployment of SentinelOne Singularity Complete, which was very straightforward.
What about the implementation team?
SentinelOne Singularity Complete was implemented in-house. I did it all by myself.
What was our ROI?
Anytime my company doesn't get infected with ransomware, there's ROI from SentinelOne Singularity Complete, as being infected with ransomware is pretty costly.
What's my experience with pricing, setup cost, and licensing?
I find the licensing cost for SentinelOne Singularity Complete fair.
Which other solutions did I evaluate?
I evaluated CrowdStrike. They would not sell me the lower number of licenses that I needed at the time and priced them out of competing against SentinelOne.
What other advice do I have?
I've never used the Ranger functionality of SentinelOne Singularity Complete.
In my company, SentinelOne Singularity Complete has a hybrid deployment.
From a maintenance perspective, I have to ensure the solution is working and looks good, but I only have to go in and check occasionally. In SentinelOne Singularity Complete, the upgrade is automated.
My rating for SentinelOne Singularity Complete is nine out of ten.
I'd tell others looking into SentinelOne Singularity Complete that it provides complete protection and has yet to fail my company, so it's a solution that I recommend. I'd tell others to go with SentinelOne Singularity Complete.
My company is a SentinelOne customer.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Dec 9, 2025
Flag as inappropriateCISO at Katholische Universität Eichstätt-Ingolstadt
Robust security with efficient threat detection, minimal false positives and user-friendly features, empowering organizations to safeguard their systems effectively
Pros and Cons
- "The platform is user-friendly, easy to administer, and aligns well with GDPR requirements, which is crucial for us."
- "It primarily operates on local machines, monitoring processes, and not always providing detailed insights, relying on external information to determine the nature of a file."
What is our primary use case?
Our primary use cases involve Endpoint Detection and Response and Extended Detection and Response.
How has it helped my organization?
My positive experience with SentinelOne lies in its comprehensive version, allowing for rollback and replay of events, which is especially useful for EDR. The strength of behavior-based solutions like SentinelOne, CrowdStrike, CyberArk, and others lies in their ability to reveal the consequences of opening a file. Witnessing the impact of a virus gaining control over a computer or understanding the ramifications of opening a file adds a layer of insight.
It stands out for its seamless interoperability with other SentinelOne products and tools, facilitated by REST interfaces. This integration is particularly potent when connecting SentinelOne as an endpoint solution to firewalls like Fortinet, allowing the firewall to receive insights from SentinelOne clients. In today's landscape, where file transfers often occur through encrypted channels, traditional firewalls face challenges in inspecting these streams effectively. SentinelOne's endpoint security addresses this by analyzing downloaded files in their decrypted form, providing a crucial layer of protection. The bidirectional information flow between the firewall and endpoint security, enabled by SentinelOne's REST API, empowers proactive threat prevention and detection, contributing to a robust cybersecurity posture.
Utilizing SentinelOne has significantly reduced the number of alerts for us. We might have experienced more false positives and missed potential attacks without it. Its alert system is efficient, with a low rate of false positives compared to other solutions I've heard about. Managing alerts is straightforward, and the platform allows for creating white lists to handle false positives, such as those related to old printer drivers. The administration is user-friendly, offering features like multi-factor authentication for secure connections to the console and automatic updates within the SentinelOne interface.
It has proven to be a time-saver for our staff, significantly reducing the likelihood of falling victim to various cyber threats. By addressing the spectrum of attacks, from initial malware infiltration to potential worst-case scenarios like Active Directory compromise, SentinelOne has played a pivotal role. It effectively diminishes the probability of becoming a target for attacks that exploit stolen passwords, infiltrate the company's IT infrastructure, and escalate privileges, ultimately leading to severe consequences such as a randomized Active Directory.
What is most valuable?
The platform is user-friendly, easy to administer, and aligns well with GDPR requirements, which is crucial for us. What makes SentinelOne stand out is its speed and efficiency, consuming minimal computing resources. It operates by checking data only when it's accessed, synchronizing with the process that opens the data which is well-designed and effective.
I don't actively use SentinelOne's Ranger functionality because we haven't implemented it university-wide. While we've employed it in specific cases, my experience with it is limited. However, it provides valuable insights into past events, allowing you to trace the history of a virus download or malware activity. For instance, you might discover that a virus was downloaded two weeks ago using the Safari web browser, saved to the computer, and later opened with Excel, triggering certain actions before SentinelOne intervened. The ability to roll back such ransom actions is a valuable capability provided by SentinelOne.
What needs improvement?
It primarily operates on local machines, monitoring processes, and not always providing detailed insights, relying on external information to determine the nature of a file. This limitation becomes apparent in more complex scenarios, such as analyzing or assessing the content of files at the byte level, especially in cases involving files like Excel, where there may be some difficulty in discerning potential issues. They should consider incorporating a cloud-based service where users can upload suspicious links, documents like Excel sheets, or ambiguous files to observe their behavior in a sandbox environment. Currently, with SentinelOne, the process involves setting up a separate network and machine for this purpose, requiring users to upload the file and monitor its behavior on the dedicated machine. Offering a free and accessible service like this would be a noteworthy enhancement to their product, providing users with a convenient and efficient way to analyze potentially harmful content.
For how long have I used the solution?
I have been working with it for four years.
What do I think about the stability of the solution?
I would rate its stability capabilities ten out of ten.
What do I think about the scalability of the solution?
I would rate its scalability abilities nine out of ten.
How are customer service and support?
I am highly satisfied with their technical support; it is truly excellent. I would rate it ten out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Comparatively, SentinelOne has certain drawbacks, particularly when measured against CrowdStrike. CrowdStrike offers a free sandbox at hybrid-analysis.com, allowing the examination of links and downloaded files on a virtual machine. This proves especially valuable in assessing potential phishing emails. Uploading the file or link to hybrid-analysis.com provides a detailed analysis, complete with screenshots of what transpires on the virtual machine. This includes actions like the opening of links, prompting CEO impersonation attempts, and other background information. While SentinelOne may lack these specific features, its advantage lies in being an all-encompassing solution, whereas CrowdStrike functions primarily as a managed service, which may not align with specific preferences.
How was the initial setup?
The initial setup was straightforward.
What about the implementation team?
The deployment of Singularity Complete involved some consultation, as we collaborated with a partner who facilitated the onboarding process with SentinelOne. While the partner occasionally provides support, larger issues are infrequent, and overall, the deployment has been relatively smooth. We have implemented it across various locations. There is some maintenance involved in managing Singularity Complete.
What was our ROI?
It's challenging to quantify precisely, but the implementation of Singularity Complete has significantly reduced organizational risks. Currently, we employ it on critical systems, constituting approximately fifty percent of our infrastructure.
What other advice do I have?
Creating separate groups for various types of computers, like Windows servers and clients, enables efficient management and customization of security configurations tailored to specific needs. Overall, I would rate it ten out of ten.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
IT Solutions Specialist at a non-tech company with 11-50 employees
Great real-time alerts, deep visibility, and threat-hunting modules
Pros and Cons
- "I am particularly interested in the new app vulnerability module that is included with the Singularity Complete edition."
- "I would appreciate it if they would consider providing a comprehensive vulnerability assessment report that goes beyond just application vulnerabilities."
What is our primary use case?
We deploy SentinelOne Singularity Complete as an EDR on our customers' endpoints for real-time monitoring and incident response.
How has it helped my organization?
SentinelOne Singularity Complete has reduced our alerts by up to 15 percent.
SentinelOne Singularity Complete has enabled our staff to redirect their time toward other projects and responsibilities. We do not have a dedicated SOC team, but we utilize SentinelOne to manage security incidents. The incident volume is manageable for our team to handle, and we do not require full-time staff solely dedicated to security tasks. Instead, we rotate incident management and response responsibilities among our team members.
SentinelOne Singularity Complete has reduced our MTTD and MTTR. The initial and immediate response required to collect foreign evidence or logs is handled by SentinelOne. This provides us with the locations or parts where the infection spread and where the incident originated, which helps us in troubleshooting or at least getting a vague idea of where to start. We can then dive into the threat setting to see what kind of information we can gather from the logs. So, I would say that SentinelOne has assisted us in this way. Additionally, we have Proofpoint in our environment because we use it as a backup defense.
What is most valuable?
The real-time alerts, deep visibility, and threat-hunting modules are the most valuable features.
I am particularly interested in the new app vulnerability module that is included with the Singularity Complete edition. We are currently evaluating its capabilities to determine its suitability for our needs.
What needs improvement?
Given that SentinelOne is primarily a host-based intrusion prevention system, I would appreciate it if they would consider providing a comprehensive vulnerability assessment report that goes beyond just application vulnerabilities. Currently, the scope of the vulnerability assessment seems limited, and I don't believe it adequately covers the full spectrum of vulnerabilities that may exist on endpoints. This is a capability that I feel SentinelOne is still lacking, and it's the reason why users still need to rely on other tools for certain isolated cases. If SentinelOne could provide this functionality, it would eliminate the need to look beyond their solution for vulnerability assessment. Apart from the vApp component of Singularity Complete, I believe SentinelOne is already excelling in other areas. However, this is one area where I believe they could introduce additional features to make SentinelOne a truly comprehensive security solution.
I would like to generate a vulnerability assessment report that leverages the national vulnerability database or, if possible, calculates the CDSS score by conducting an endpoint assessment using the SentinelOne agent that is already deployed and resides on endpoints 24/7. I prefer not to deploy additional applications solely for information gathering, as the SentinelOne agent provides ample data for this purpose.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete for three years.
What do I think about the stability of the solution?
I would rate the stability of SentinelOne Singularity Complete nine out of ten.
What do I think about the scalability of the solution?
I would rate the scalability of SentinelOne Singularity Complete nine out of ten. I have not encountered any issues when deploying for our clients.
How are customer service and support?
The technical support is generally good, but there are instances when they need to consult with the development team before providing a resolution, which is understandable. However, there have been occasional issues with the IVR system not functioning properly.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have experience using Cisco Nexus and the Nmap Scripting Engine to identify vulnerabilities and strengthen security postures. I have also used Wazuh, primarily for its comprehensive PCIBSS SOC and GDPR compliance reports, which provide detailed vulnerability listings and mitigation strategies. I believe this focus on compliance is crucial as cybersecurity standards become increasingly mandatory for businesses.
We discontinued using Wazuh because we were unwilling to pay $25,000 annually for a product that provided only CIS benchmark support, a basic vulnerability report, and essentially replicated capabilities we already possessed. I believe a Nexus subscription would be a more cost-effective alternative, costing only a quarter of Wazuh's price while still fulfilling our vApp exercise logging requirements. I am capable of conducting vulnerability assessments, applying patches, re-scanning for vulnerabilities, and proceeding to penetration testing. Our primary goal is to provide vApp capabilities to our clients, and that is where we are seeking a solution. If SentinelOne offered this functionality, we would not need to explore alternative options. However, since SentinelOne lacks this crucial capability, we must seek solutions elsewhere.
How was the initial setup?
The deployment is straightforward. We have scripts to do the automatic installation while onboarding. The deployment takes no more than ten minutes.
What other advice do I have?
I would rate SentinelOne Singularity Complete eight out of ten. I've been using the solution for three years now. It's been generally reliable, but certain capabilities are needed in today's environment that are lacking.
Our clients primarily utilize Office365, we also assess Microsoft Defender for 365 to ascertain if it might be a more viable option, especially if clients intend to enroll with Intune and MDM. This option would be more cost-effective as it is already included within their existing licenses.
Most of our clients are small to medium-sized businesses. This is why the logs and the number of endpoints are not very high. So, unless we specifically require the use of Ranger, we don't need it. However, cybersecurity compliance standards are becoming increasingly stringent. As a result, we are looking into obtaining a solution that can help us perform at least the vulnerability assessment and patching tasks, along with complaint handling.
SentinelOne is an innovative cybersecurity solution. In terms of reputation, SentinelOne excels, particularly in passing third-party and independent audits. Having SentinelOne in our environment gives us the confidence to say that our EDR capabilities are well-managed. So, in that regard, SentinelOne is outstanding. Feature-wise, while SentinelOne's patch and new feature releases aren't always perfect, I would rate them an eight out of ten.
SentinelOne is a well-established product in the market. The addition of new features and modules to the existing platform is a significant step forward. The positive reviews of the product further reinforce its value.
The maintenance revolves around moving to the next stable version. Our standard practice is to always test the version before rolling it out. Therefore, internally, we generally update all the endpoints as soon as we have identified the next stable version. This is the only maintenance that is required, as we are using the cloud version.
SentinelOne is a reliable tool that we rely on. However, when it comes to strategic solutions, we need a tool that can provide us with the capabilities to have a broader discussion with the company's management. I'm not sure if SentinelOne can export reports that could be presented to upper management. If we are seeking management approval for a security budget, we can't simply base our conversation on an EDR solution. We need to address a wider range of security concerns as well. Another drawback of SentinelOne is its lack of support for SysLog from network devices. This is a limitation that often leads people to consider integrating SentinelOne with other solutions, such as a SIEM. My feedback is that if I have to deploy SentinelOne and pay $70,000, I would expect it to provide comprehensive capabilities so that I don't need to look for additional solutions. Otherwise, it becomes tough for technicians and the company as a whole to manage multiple solutions for different security modules.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Chief Innovation Officer
Integrates well, reduces organizational risk, and saves our staff time
Pros and Cons
- "The most valuable aspect of SentinelOne Singularity Complete is the protection it provides."
- "Everything is now offered as a service, so the console and the licensing model can be improved to make things easier, especially when updating new versions of the software."
What is our primary use case?
We use SentinelOne Singularity Complete to protect all of our servers and cloud workloads, whether they are on-premises or hosted in the cloud.
We were transitioning from our legacy antivirus protection system, which required a lot of overhead to maintain, ensure they were up to date, and verify their performance. It also tended to hurt system performance. We therefore sought to move to a modern EDR solution that did not rely on that type of outdated technology. We migrated to SentinelOne, which gave us better protection without the adverse consequences of legacy AV products.
SentinelOne Singularity Complete is deployed on workstations, data centers, servers in the public cloud, and all of our mobile devices, which are very numerous.
How has it helped my organization?
The integration between SentinelOne and IBM QRadar, our security operation center SIEM, is important and works extremely well. It means that if there are any alerts on the SentinelOne platform, they will be sent to QRadar, where a stack analyst will review them. This allows us to start working on incidents quickly, without having to have people continuously monitoring the SentinelOne console. Another benefit of the integration is that it makes it easy to deploy new or upgraded versions of the SentinelOne software to all of our endpoints and servers. We simply notify the data center run by the customer success team, and they take care of the deployment. This eliminates the need for IT overhead to keep everything up to date, which is important from a governance perspective.
The integration with other SentinelOne products and third-party tools is very good.
SentinelOne Singularity Complete's ability to ingest and correlate data from our other security solutions is good. If we look at a diagram of our security operation systems, we can see that the SIEM is at the center of everything. All other products, such as SentinelOne, Chain, patch management, and abnormal security for email, feed into the SIEM, which is where the stack measures everything. Therefore, SentinelOne does not integrate with other solutions directly, but rather through the SIEM.
In the three years since we began using SentinelOne Singularity Complete, we have not had a major security incident. We have observed malware entering browsers through websites, but SentinelOne has always dealt with it effectively. Therefore, we see the benefits of the platform in the absence of any significant events. As long as SentinelOne Singularity Complete continues to operate quietly, we are happy with its performance.
SentinelOne Singularity Complete alerts when it should, and those alerts are sent to the SIEM. I don't approach EDR or SentinelOne from the perspective of wanting to reduce alerts, because I want those alerts. I rely on peripheral systems like SentinelOne to always tell the SIEM anything it needs to know. So, I'm not approaching this from an alert minimization perspective. Instead, I approach it from this perspective: If we have a high, medium, or low alert, it's up to us to decide how we're feeding our highest rate and mediums, but we don't need to feed in the lowest alerts because we don't see the benefit of that. It's up to us to make that judgment. And obviously, our high and medium alerts will be smaller, and our lows will be higher. It's up to the customer to decide how much they want to send over to the team.
SentinelOne Singularity Complete has helped free up our staff time around one day per week.
SentinelOne Singularity Complete helps reduce our MTTD.
SentinelOne Singularity Complete has reduced our MTTR by 25 percent. It is a more reliable product, so we receive alerts and respond to them more quickly than we did with the previous product.
SentinelOne Singularity Complete has reduced our organizational risks by five percent.
What is most valuable?
The most valuable aspect of SentinelOne Singularity Complete is the protection it provides. We get endpoint protection without the IT team workloads and the negative impact on end-user rotation servers. This is because of the way SentinelOne has implemented the technology.
What needs improvement?
One of my criticisms of SentinelOne is the Ranger functionality. If Ranger were part of the core product, we would be able to identify endpoints or servers that need to be protected with our licenses. However, to get Ranger, we need to buy more licenses, which doubles our costs. I would like to have Ranger, but I challenge the way that SentinelOne licenses it. I believe that Ranger should be a core part of the product. If we run Ranger today and find that 100 devices on our network are not protected by SentinelOne, we would then need to add on those 100 licenses to cover them.
The licensing model is too complex, whether we agree with all parts of it or not. Everything is now offered as a service, so the console and the licensing model can be improved to make things easier, especially when updating new versions of the software.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete for three years.
What do I think about the stability of the solution?
SentinelOne Singularity Complete is stable.
What do I think about the scalability of the solution?
SentinelOne Singularity Complete is highly scalable.
How are customer service and support?
We are happy with SentinelOne's technical support.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We previously used a legacy solution. The migration over to SentinelOne Singularity Complete was relatively trouble-free.
How was the initial setup?
Once all testing was complete, the deployment was straightforward. Eight part-time employees completed the deployment in three months.
What was our ROI?
The only return on investment we can point to with any EDR is that we have not been attacked.
What's my experience with pricing, setup cost, and licensing?
SentinelOne Singularity Complete is reasonably priced. Compared to other products I've used in the past, such as CrowdStrike, it is significantly less expensive. I can easily find evidence of this price difference, so I believe that SentinelOne is a fairly priced product.
What other advice do I have?
I would rate SentinelOne Singularity Complete eight out of ten.
SentinelOne Singularity Complete is a mature solution of the highest quality.
We have deployed SentinelOne Singularity Complete worldwide in airlines from Australia, throughout Europe, and across Africa in a complex environment.
We have 4,500 endpoints and around ten active users.
The maintenance level for SentinelOne Singularity Complete is relatively low.
SentinelOne is good as a security partner. They do exactly what we expect of them and it protects us.
I would always conduct a proof of concept for these types of products, as each environment is different. Even though SentinelOne Singularity Complete works well, a POC should always be done.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Cybersecurity Manager at a comms service provider with 10,001+ employees
Helps reduce the number of incidents generated
Pros and Cons
- "The most valuable feature is the rollback functionality, which is highly impactful. We can roll back deleted or compromised files. The Ranger feature is also interesting. It enables the solution to visualize the logs and assets that are not yet covered by the platform. Ranger also enables deployments and revisions. It doesn't always work, but it's effective 90 percent of the time."
- "SentinelOne is making a lot of moves to acquire various companies, but the roadmap isn't clear, and it is still uncertain how the new acquisitions will integrate. For example, SentinelOne recently acquired a mobile security solution, but there is no real integration between the platforms."
What is our primary use case?
I am not an end-user of Singularity Complete. I'm a service provider. We have a complete team that focuses on handling incidents from this platform for our customers. We are an extension of their team, and they outsource these tasks to us.
Singularity has multiple mechanisms to identify threats and transform them into incidents. The solution not only detects but also prevents threats. On the investigation side, it helps our analysts analyze events to understand exactly what's happening and why these events have been generated.
How has it helped my organization?
Singularity helps reduce the number of incidents generated. We can configure it to reduce false positives, but we also need to implement a SOAR platform to automate the resolution of some frequent incidents.
Singularity Complete saves us some money because we don't need to implement any other additional solutions. SentinelOne is more powerful than an antivirus and can secure the environment without the need to implement an IPS, IDS, or a next-gen firewall. It's a good choice for a medium-sized business. The solution reduces organizational risks in terms of the continuity of activity, maintaining confidentiality, and external threats like malware and ransomware.
What is most valuable?
The most valuable feature is the rollback functionality, which is highly impactful. We can roll back deleted or compromised files. The Ranger feature is also interesting. It enables the solution to visualize the logs and assets that are not yet covered by the platform. Ranger also enables deployments and revisions. It doesn't always work, but it's effective 90 percent of the time.
Ranger doesn't require us to deploy an agent on our architecture or integrate anything. We activate and configure it, and everything works. You can choose to visualize assets that have no agent installed so we can get full coverage of all the assets. You can also tell it to block connections to any assets that aren't covered.
We can identify activities and sensitive connections that we can isolate from the network. We can set all our agents to not communicate with certain IP addresses or assets without the agent. For example, we can limit IoT devices, surveillance cameras, printers, etc. This functionality is critical for covering the gaps.
What needs improvement?
SentinelOne is making a lot of moves to acquire various companies, but the roadmap isn't clear, and it is still uncertain how the new acquisitions will integrate. For example, SentinelOne recently acquired a mobile security solution, but there is no real integration between the platforms.
We also have a SOAR platform that helps us reduce the number of incidents that our analysts must handle manually. It would be nice if Singularity Complete had native security automation and integrated mechanisms to reduce the number of false positives.
For how long have I used the solution?
I have used Singularity for about three years.
How are customer service and support?
I rate SentinelOne support eight out of 10. SentinelOne offers excellent support.
How would you rate customer service and support?
Positive
What other advice do I have?
I rate SentinelOne Singularity Complete eight out of 10 overall. It needs some improvement in some areas, such as backup functionality and performance, but it's a good solution.
Disclosure: My company has a business relationship with this vendor other than being a customer. partner
IT Manager at a construction company with 11-50 employees
Alerts us instantaneously, provides granular information, and has competitive pricing
Pros and Cons
- "Being able to keep track of the endpoints and the data that is available from the endpoints is valuable. We can see the patch levels, whether Windows endpoints are active or inactive, and who is the last user that was logged on. We get a lot of granular information that is valuable even what we are not talking from a security standpoint."
- "The agent update is not the most intuitive process, but I understand why they do it. We have a pretty vertical 64-bit environment for Windows. That is pretty much all we have, but we get alerts for things like the new Linux endpoint or things that do not apply to us. That is probably the only thing that I do not like. There may be some way to turn that off so that I do not get endpoint update alerts from platforms that are not applicable to our system, enterprise, or network."
What is our primary use case?
We use SentinelOne Singularity Complete as an endpoint protection solution. It is our primary endpoint protection solution for our workstations and servers for protection from any kind of threats that may appear on those systems.
We have some localized virtual machines that it is running on. We do not have any cloud workloads.
How has it helped my organization?
SentinelOne Singularity Complete is pretty good in terms of being able to fine-tune the alerting that you get. It is better than other solutions that are super noisy to the point that it is difficult to drill down. If you get an alert of something that is actionable, it is better than getting one alert and then getting five others right behind it. This solution is pretty good at not being noisy.
Luckily, I do not spend a ton of time with SentinelOne Singularity Complete unless there is an alert or a potential breach, but that just does not happen very often. Email security is the front door of protection, and that takes the brunt of any kind of security concerns. Luckily, most things are not hitting our network right now.
SentinelOne Singularity Complete is pretty good at picking up things that are not necessarily malicious and alerting me that somebody or something is using something that needs attention. That happens instantaneously. It is pretty quick.
SentinelOne Singularity Complete is as fast as we can ask. I can see the alert and get on it. It does not take very long, so I am not sure how we can improve more when it comes to our time to respond. We are a small enterprise. It does not take us too long to respond to things.
What is most valuable?
Being able to keep track of the endpoints and the data that is available from the endpoints is valuable. We can see the patch levels, whether Windows endpoints are active or inactive, and who is the last user that was logged on. We get a lot of granular information that is valuable even when we are not talking from a security standpoint.
What needs improvement?
The agent update is not the most intuitive process, but I understand why they do it. We have a pretty vertical 64-bit environment for Windows. That is pretty much all we have, but we get alerts for things like the new Linux endpoint or things that do not apply to us. That is probably the only thing that I do not like. There may be some way to turn that off so that I do not get endpoint update alerts from platforms that are not applicable to our system, enterprise, or network.
For how long have I used the solution?
We have had it for a couple of years now.
What do I think about the stability of the solution?
I have not had any issues related to downtime, uptime, or responsiveness of their infrastructure. I have not seen any reports where something was not working the way it was supposed to.
What do I think about the scalability of the solution?
They would far outpace the scale of what we would be looking at.
How are customer service and support?
I contacted their technical support at the very beginning when I was rolling things out, but it was not a major issue. It was just about me getting up to speed with how they do things. I do not have a negative impression of how that interaction went.
SentinelOne is a good partner. I had a few other technical support questions, and they answered them pretty quickly. They were pretty minor things, and they were always pretty quick to respond.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We were using another solution previously. It was long ago. We were using Berkeley, which was bought by Alert Logic. The Berkeley product was pretty good, but when they were bought by Alert Logic, I did not like the way they did things. It was complicated. It was not intuitive. Their sales program was a little shady. We got locked into a contract that was not intentional. It was not a great experience. They have a product that is not a direct competitor to SentinelOne. We tried it, and it was super noisy for alerts. If I tried to clear all the alerts in the system, I would not have time for anything else. We were not necessarily looking for it, but because of the platform that we were on, we tried the other offerings that were included in the platform, and it just was not a good fit.
SentinelOne is a much more robust platform than Berkeley or Alert Logic in terms of endpoint protection. In terms of the ability to be innovative, SentinelOne provides tools. If we had stronger security requirements, they have other tools that we could utilize, such as Ranger.
How was the initial setup?
The portal is cloud-based, but the agents are on-prem.
I was involved in its deployment. I am a one-man IT shop. It was pretty straightforward. You get the agent that you want to install, and there is a code that you put in that locks it to your portal. It installs pretty easily.
It requires very little maintenance. Occasionally, I check to make sure that the agent version is pushed out because that is not automatic. I get to choose when the agent gets pushed out. If there is an update, I update them when I want to.
What about the implementation team?
We did not need any help at all. It was just me.
What was our ROI?
We do not put a price on security, but we have to choose between different products that are on the market. We are constantly evaluating other products every year. Endpoint protection is not something with which there is a huge opportunity cost by moving from one vendor to the next. Our security stack is not so integrated with SentinelOne. If, for some reason, they were not the best option, we could move to another option fairly easily. The fact that we are sticking with SentinelOne is a testament that it is not broken. It is still working for us. It gives us good peace of mind about the product line, where it is going, and the protection that it provides.
What's my experience with pricing, setup cost, and licensing?
It is very competitive with other solutions that are on the market. At least the last time we renewed, it was very competitive.
Which other solutions did I evaluate?
I try to stay abreast of different platforms. I reached out to SentinelOne, and they put me in touch with a reseller, so I went out and found it.
The biggest thing was how well SentinelOne ranked versus the other platforms. There was also a cost-benefit of a solution like SentinelOne. We thought it would be effective for endpoint protection.
It certainly was a cost-effective solution as compared to some of the other endpoint protection solutions that were available at the time. I would not have gone with SentinelOne if it was not a good value.
What other advice do I have?
It is a very robust platform. It is a great candidate to serve small business environments. They do not target small businesses. They do not market it to small business environments with 50 users or less, but being a little more technically-minded, I wanted something that was enterprise-ready. Even though our environment is small, it was a good fit for us.
It did not require a lot of in-place support from the integrator or the reseller, but they did provide a large amount of presale decision-making help in terms of what I was getting into and what they could provide. That was very helpful. Talking to an integrator or a reseller so that you can put a person to the discussion is helpful.
In terms of integrations, we have looked into some of the integrations, such as with Mimecast. We have had some interest in that, but we have not utilized any of those third-party integrations. We also looked at the possibility of using some things with log management and being able to have a single source of how protected we are across the enterprise, but we have not yet pulled the trigger on anything like that.
Overall, I would rate SentinelOne Singularity Complete a nine out of ten.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Download our free SentinelOne Singularity Endpoint Report and get advice and tips from experienced pros
sharing their opinions.
Updated: June 2026
Product Categories
Endpoint Detection and Response (EDR) Endpoint Protection Platform (EPP) Anti-Malware Tools Extended Detection and Response (XDR) AI-Powered Cybersecurity Platforms AI ObservabilityPopular Comparisons
CrowdStrike Falcon
Cortex XDR by Palo Alto Networks
Microsoft Defender for Endpoint
IBM Security QRadar
Elastic Security
Huntress Managed EDR
HP Wolf Security
Trellix Endpoint Security Platform
WatchGuard Firebox
TrendAI Vision One
TrendAI Vision One – Cloud Security
Microsoft Defender XDR
Buyer's Guide
Download our free SentinelOne Singularity Endpoint Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the biggest difference between Carbon Black CB Defense, CrowdStrike, and SentinelOne?
- Which is better - SentinelOne or Darktrace?
- What do you recommend to choose when replacing Symantec EDR: SentinelOne or CrowdStirke Falcon?
- Cortex XDR by Palo Alto vs. Sentinel One
- Which solution do you prefer: CrowdStrike Falcon or SentinelOne Singularity Complete?
- Does SentinelOne have a Virtual Patching functionality?
- What is the biggest difference between EPP and EDR products?
- What is the difference between EDR and traditional antivirus?
- What is your recommendation for a 5-star EDR with low resource consumption for a financial services company?
- Which is the best EDR for a logistics company with 500-1000 employees?
















