SentinelOne Singularity Endpoint Reviews

We are a solution provider and this is one of the products that we implement for our clients.

Sentinel One is being deployed as a replacement for any antivirus solution. In our case, we use it to primarily prevent ransomware and other malware from entering networks or computers, as they're deployed across the entire world now, in this new post-COVID environment.

We no longer have the luxury of the corporate firewall protecting everyone equally. This means that having SentinelOne on each box is providing a solution where we stop the badness before it can spread.

This is a cloud-based platform that we use in every capacity you can imagine. We use it on cloud components in both Azure and Amazon.

We have tested SentinelOne's static AI and behavioral AI technologies and it performs well. We actually put a laboratory together and we tested SentinelOne against CrowdStrike, Cylance, and Carbon Black side by side. We found that the only product that stopped every instance of ransomware we placed into the computers in the test lab, was SentinelOne. As part of the testing, we used a variety of actual ransomware applications that were occurring, live on people's systems at the time.

My analysts use SentinelOne's storyline feature, which observes all OS processes. They're able to utilize the storyline to determine exactly how the badness got into the network and touched the computer in the first place. That allows us to suggest improvements in network security for our clients as we protect them.

The storyline feature offers an incredible improvement in terms of response time. The deep visibility that is given to us through the storyline is incredibly helpful to get to the root cause of an infection and to create immediate countermeasures, in an IT solution manner, for the client. Instead of just telling them a security problem, we are able to use that data, analyze it, and give an IT solution to the problem.

SentinelOne has improved everybody's productivity because the design of the screens is such that it takes an analyst immediately to what they need next, to make the proper decision on the next steps needed for the client.

The most valuable feature varies from client to client but having absolute clarity of what happened and the autonomous actions of SentinelOne are what most people find the most assuring. The fact that it stops everything and lets you analyze it with great detail, including how it occurred, to improve your overall security infrastructure to prevent such an attack from occurring in the future, is really important to clients because it's almost like a security advisor or a security operation center in the tool itself.

When an event occurs, it gets stopped, and then they have a way to look into that data to find ways to improve the security of their network or what risk factors they need to tend to within the company through education or other means. For example, they may be constantly clicking on the wrong links or the wrong attachments in phishing emails.

Our people constantly use the Ranger functionality. The first thing we do is look for unprotected endpoints in the environment. This is critical because SentinelOne should be placed on everything in the environment for maximum protection. The second way we use it is if a printer or a camera or a thermostat is being used as a relay for an attack, through a weakness in that product, we are able to let them know exactly what product it is. The other advantage of Ranger is that it lets us put a block into the firewall of SentinelOne that's on every Windows computer, and we can stop the communications from the offending internet of things product to every system on the network with just a few clicks.

It's incredibly important to us that Ranger requires no new agents, hardware, or network changes. If you think about it, we're in the middle of an incident response every day. We have between 60 and 80 incident responses ongoing at any time, and having the ability to deploy just one agent to do everything we need to advise clients on how to improve their security and prevent a second attack, is incredibly important. It was a game-changer when Ranger came to fruition.

Various clients, depending on their business practices, are heavily in the IoT. Some are actually the creators of IoT and as they put new products on the air for testing, we're able to help protect them from external attacks.

As a cloud-based product, there is a minimum number of licenses that need to be purchased, which is unfortunate.

I have been using SentinelOne personally, on and off, for approximately three years.

SentinelOne is very stable and the agent rarely fails. The only time I've seen an agent fail is normally on a compromised system. The fact that it even works to protect a compromised system in the first place is amazing, but that's the only time that we actually see the failure of an agent. Specifically, it can happen when there's a compromise to the box prior to loading SentinelOne.

On a pristine new load of a workstation or server where it has no compromises and no malfeasance exists, the SentinelOne agent is incredibly stable and we rarely have any issues with the agent stopping in function. I will add that in this respect, the fact that the agent cannot be uninstalled without a specific code gives us higher stability than others because even a threat actor can't remove or disable the agent in order to conduct an attack against the network. It's a unique feature.

Right now, we have 54 analysts managing approximately 300,000 endpoints at any one time, globally. We operate 24/7 using SentinelOne.

The technical support team is probably the fastest in the industry at responding, and they do care when we have to call them or send them an email due to a new issue that we've discovered. Most of the time, the problem is the operating system that we're dealing with is not regular, but they're still very helpful to us when it comes to protecting that endpoint.

I would rate their customer server a nine out of ten. I could not give anybody a ten. They are a continuous process improvement company and I'm sure that they are constantly trying to improve every aspect of customer service. That is the attitude that I perceive from that company.

Primarily in the last year, the number one solution clients had, in cases where we replaced it, was probably Sophos. Next, it was CrowdStrike, and then Malwarebytes. The primary reason that these solutions are being replaced is ransomware protection.

Almost every client that I get involved with has been involved in a ransomware case. They've all been successfully hacked and we can place it onto their boxes, clean them up, along with all of the other malware that everyone else missed, no matter who it was. SentinelOne cleans up those systems, brings them to a healthy state, and protects them while we are helping them get over their ransomware event. This gives them the peace of mind that another ransomware event will not occur.

Personally, of the EDR tools, I have worked with Cylance, Carbon Black, and CrowdStrike. I've also worked with legacy antivirus solutions, such as McAfee and Symantec. However, this tool outshines all of them. It has ease of use, provides valuable information, and protects against attack. The autonomous nature of SentinelOne combined with artificial intelligence gives us the protection we cannot experience with any other EDR tool today.

The initial setup is very straightforward. SentinelOne has incredibly helpful information on their help pages. They are probably the fastest company that I know of in the entire EDR space for responding to a client's email or phone call when you need to do something new or complex.

We have covered everything from Citrix networks to more complicated systems that work by utilizing the Amazon and Azure cloud to spin up additional resources and spin down resources. We were able to protect every one of those assets with it. The agent is easy to load and configure and the library allows us to quickly pivot on a new client and get their exclusions in fast enough to not impede business as we're protecting them.

When we were at a point of 50 clients, which is an average of 10,000 endpoints, we needed four analysts using Cylance. When we switched to SentinelOne for that same protection, the 50 clients could be covered by two analysts. We dropped our need for analysts in half.

The average cost of a security incident involving ransomware is a minimum of $50,000 USD, and this is something that SentinelOne can prevent.

The product has a rollback feature, where you can take a machine that's been attacked and partially damaged, and you can roll it back to a previously healthy state. That saves endless hours of system administrators' time rebuilding systems. That alone can reduce the cost of an incident from $50,000 down to $20,000. There is a cost because you still have to determine exposure and other factors with an incident response to determine if the threat actor has taken any data, things like that, but on the damage to the equipment, with the rollback feature and the restoration features built in the SentinelOne, and the fact that it stops everything but the most sinister lateral movements today, just means that an incident never has to occur.

This means that there is a great return on investment for a lot of companies. Another important thing to mention is that they don't lose people. Approximately 60% of businesses that are hit with a ransom attack go out of business within six months. If SentinelOne is preventing those incidents from occurring, that return on investment is worth almost the value of the entire company in some cases.

It is difficult to put an exact number on something like that, but the lack of pain and suffering of the employees of the company, because they didn't have to go through an incident response, and the lack of expense for the company to hire lawyers and professional companies to come in and help them during an incident, as well as their increased insurance costs of having an incident is also another factor.

Overall, it's difficult to judge but it's a true factor in the return on investment of owning SentinelOne and utilizing it to protect your environment.

The pricing is very reasonable. Unfortunately, because it's a cloud-based product, it has a minimum count for licensing, but other than that, I've found their pricing to be incredibly reasonable and competitive with tools that are very similar.

Considering the invaluable nature of SentinelOne's autonomous behavior, I don't believe anyone else can measure up to that. That makes it an incredible bargain when compared to the cost of an incident for any company.

There are organizations such as MITRE and ESET Labs that have been doing testing that is similar to what we did three years ago. We just look at those results for the same truth that we discovered in the beginning, and the product continues to improve its performance.

I have been a proponent of SentinelOne for many years. When I learn about somebody who has been hacked and wants to have protection against problems such as ransomware occurring, this is the one solution that I recommend.

The SentinelOne team is open to suggestions. They listen to the analysts and managers that are using their product and they innovate constantly. The improvements to the SentinelOne agent have enhanced its ability to catch everything and anything that comes in, including the detection of lateral movement attacks, which are the worst-case scenario.

When an unprotected agent penetrates the firewall and attacks a network, that unprotected asset has no protection on it so that the hacker can do whatever they want from that box with no impedance. But, the detection of it attacking from a lateral basis has been improved immensely over the last three years.

The improvement in the exclusions library has been phenomenal to help us get the new systems on the air with the new software. It allows the end-user to almost seamlessly get SentinelOne loaded and operational without impacting their business, which is incredibly helpful.

SentinelOne is working on something right now in the Ranger space that is going to allow us to remotely load endpoints that need the SentinelOne protection through the Ranger portion of the application. This is going to significantly improve the security of all of our clients, whether they be in long-term care or short-term incident response, it will help us protect them better. It's a significant improvement to our ability to protect the client.

Of all the products on the market today, I can say that they are the ones that I trust the absolute most to protect my clients.

I would rate this solution a ten out of ten.

There are four use cases:

1. Endpoint visibility.
2. Endpoint protection, which includes detection, protection, and error response. We use this for protection endpoints as well.
3. Provides historical loss of any events or changes in files that may have happened in the last 90 days.
4. Threat hunting, which we use to troubleshoot applications.

There are different versions. The SaaS portal has a different version. The agents for each operating system have a different version. For the SaaS platform, we are on the current release. For the agents, we are one behind the current GA release.

We have another tool for network analysis. Last night, it detected some suspicious network activity for a machine that was making an outbound action to a spacious external entity. So, it raised an alert. Other than being a network tool, it couldn't provide any information as to why it suddenly started doing this. As far as response and running through our playbook, the first steps were for the SOC to go and reach out to our engineering teams to see if any users caused what happened. That took them almost until the end of the day. Finally, they came back, and said, "There is nothing that we can see." Then, I went into SentinelOne, spending about 15 minutes, and was able to determine exactly:

• What process caused the activity.
• The reason for it. 
• The user.
• The command line running that caused it.
• What addresses it tried to communicate out, since the network tool wasn't able to capture all the IP addresses. 

We were able to determine it was a process that one of our engineers had set up and forgot about. It took us almost an entire day for the SOC to get a response from a person on that. Whereas, we were able to get that information directly from SentinelOne in less than 15 minutes.

SentinelOne's automation has increased analyst productivity. It can automate actions on a threat, such as, kill/quarantine, remediate, and then roll back. All those automation processes have significantly helped us in making our SOC more effective.

All the features are valuable. Their core product, EDR, is pretty good. We utilize the entire functionality of the feature set that they have to offer with their core product. For EDR, we are using all their agents: the Static AI and Behavioral AI technologies as well as their container visibility engine.

We use SentinelOne’s Storyline feature to observe all OS processes quite routinely. When we want to know a bit more details about any threats or want to investigate any suspicious event types, that is when we use the Storyline quite a bit. Its ability to automatically connect the dots when it comes to incident detection is useful. It significantly simplifies the investigation and research related to threats.

Today, we automatically use Storyline’s distributed, autonomous intelligence for providing instantaneous protection against advanced attacks for threat detection. The AI components help tremendously. You can see how the exploits, if any, match to the MITRE ATT&CK framework, then what actions were taken by the AI engine during the detection process or even post detection actions. This is good information that helps us understand a little about the threat and its suspicious activities.

We use the solution’s one-click remediation for reversing unauthorized changes. In most of the groups, we have it automatically doing remediation. We seldom do manual remediation.

There is an area of improvement is agent health monitoring, which would give us the ability to cap and manage resources used by the SentinelOne agent. We had issues with this in our environment. We reached out to SentinelOne about it, and they were very prompt in adding it into their roadmap. A couple of months ago, they came back to us and got our feedback on what we thought about their plan of implementing the agent health monitoring system would look like, and it looks pretty good. So, they are planning to release that functionality sometime during the Summer. I have been amazed with their turnaround time for getting concepts turned into reality. 

We have been using SentinelOne since early 2020.

It has been very stable. There have been no issues so far.

One person is needed for maintenance (me).

It is scalable with the caveat that we have had some challenges within our infrastructure for 20 agents across Linux servers. Beyond that, scalability is not an issue.

8,000 to 9,000 people are using the solution across our entire organization.

We are using SentinelOne as our de facto endpoint protection software. As a result, it is a requirement for every machine in our infrastructure, except for the devices that do not support their agents. So, as our infrastructure continues to grow or shrink, the users of SentinelOne will either increase or decrease, depending on the state of our infrastructure at that specific point in time.

The technical support is good and very responsive. 99.99 percent of the time, they have been able to provide satisfactory responses. Whenever we have asked them to join a call that requires their assistance on a priority basis, they have been able to join the call and provide assistance. Whenever they felt that they do not have enough information, they were upfront about it, but they realistically cannot do anything about it because there is a limitation on either SentinelOne agent software or deeper logs would need to be captured in order to provide more information. There has been no situation where support provided an unsatisfactory response.

We were previously using Sophos. The primary reason that we switched was Sophos did not provide us the extended capabilities we needed to support our infrastructure, both on-prem and on the cloud. Sophos did not support any of the Kubernetes cluster environmental containers systems on the cloud. It did not have the advanced AI engines that SentinelOne does. Overall, Sophos was very bulky, needing a lot of resources and a number of processes. In contrast, SentinelOne was thinner, very lightweight, and more effective.

The deployment and rollout of SentinelOne are pretty simple. In our environment, we deployed the agents, then we had to remove them from some of the machines because the agent was impacting the performance of those machines. At that time, we found out it wasn't the SentinelOne agent rather an underlying issue on our own system or even the environment that it was in. We had to take SentinelOne out to troubleshoot the root cause, which delayed us a bit in rolling it out to our other infrastructure. That was completely fine. Looking at it from a global and world perspective, the rollout was very simple. 

About 6,000 to 7,000 endpoints took us six to seven months to deploy. Linux took a bit longer to deploy because the tools are not as good for deployment as what is available for Windows and Macs. Using a script, we were able to take care of that. However, we could only do that during maintenance windows, otherwise we couldn't deploy the agents without an approval change.

We did the implementation ourselves. We have several teams responsible for each area:

• Two to four people for workstations. 
• Two people for a retail environment
• Two people for the server infrastructure. 

This provided resource continuity. In case one resource would be unavailable for any reason, then the other resource would be able to continue. Essentially, the deployment needed three people, but we had six for continuity.

We saw a return of investment during the first year. We far exceeded our ROI expectations, meeting our ROI expectations within the first year.

The Storyline feature has significantly affected our incident response time. Originally, what would take us hours, now it takes us several minutes.

From an overall perspective, it has reduced our mean time to repair in some cases to less than seconds to a maximum of an hour. Before, it would take days.

The licensing is comparable to other solutions in the market. The pricing is competitive.

We subscribe to the Managed Detection and Response (MDR) service called Vigilance, which is like an extension of our SOC. Vigilance's services help us with mitigating and responding to any suspicious, malicious threats that SentinelOne detects. Vigilance takes care of those. 

We also pay for the support. The endpoint license and support are part of the base package, but we bought the extended package of Vigilance Managed Detection and Response (MDR) services.

Sophos was eliminated very early on in the PoC process. Then, we looked at: 

• SentinelOne
• FireEye
• CarbonBlack
• CrowdStrike. 

Out of these solutions, we selected SentinelOne. Their ability to respond quickly in terms of feature functionality was the biggest pro as well as their fee for agents in the cloud. The other solutions' interpretation of a cloud solution did not match with our expectations. From an overall perspective, we found SentinelOne's methodology, its effectiveness, its lightweight agents and their capabilities far exceeded other solutions that we evaluated.

SentinelOne had the highest detection rates and the ability to roll back certain ransomware, where other solutions were not even close to doing that.

It is a very good tool that is easy to deploy and manage. The administration over it is little to none. However, depending on the environment and whoever is trying to deploy the agents, they should test it with the vendor environment before they go and deploy it to production. The reason why is because SentinelOne has the ability to be tuned for optimization. So, it is better to understand what these optimizations would be before deploying them to production. That way, they will be more effective, and it will be easier to get buy-in from the DevOps team and the infrastructure team managing the servers, thus simplifying the process all around. Making the agents and configurations optimized for specific environments is key.

The Storyline feature has affected our SOC productivity. Though, we have yet to fully use the Storyline feature in a SOC. We are using it on a case-by-case basis. However, as we continue to deploy agents throughout our infrastructure and train our SOC to use the tool more effectively, that is when we will start using the Storyline feature a bit more. Currently, this is on our roadmap.

I am very familiar with the Ranger functionality, but we haven't implemented it yet for our environment. Ranger does not require any new agents nor hardware. That is a good feature and functionality, which is helpful. It can also create live, global asset inventories, which will be helpful for us. Unfortunately, we have not yet had an opportunity to roll that out and capture enough information from our infrastructure to be able to maximize the effectiveness of that functionality. We are still trying to get SentinelOne core services fully deployed in our environment.

Now that we have SentinelOne, we cannot go without it. 

Compared to other solutions in the market, I would rate it as 10 out of 10.

We have been growing, but we are still a pretty small team. We have integrated it with our other software, and we are getting logs out of it. We go into threat hunting and do a deep watch. We go in there, see those logs, and make more sense of things. It has been a real help.

In terms of its deployment model, we have private companies. It is mostly on-prem, but each plant is a little bit different. Anything and everything that touches our corporate environment gets it.

For the most part, it gives us time to react by getting things off the network and getting that account locked down for a minute. We can let a member of our team take a look at it and move on from there instead of letting something fly under the radar and letting the incident take place or continue to happen. We can put the spotlight on the incident, make someone take a look at it, and then we can get going.

The integrations I have been working with work great. They do exactly as advertised, and they have been helping me with my threat hunting and seeing what is out there. There are always things lurking in the weeds that you just do not know about, so being able to have that correlation and more insights is always helpful.

Singularity Complete has helped free up our staff for other projects and tasks. It is a small team. I am more of a one-man SOC. A lot of the incidents either come through me or someone else on the team if I am not there for vigilance, so being able to dive down and get an issue resolved quickly is helpful. I can then go back to another incident. Usually, they come in batches, so being able to go to the next one or go back to working on a major project has helped a great bit.

Singularity Complete has not helped to reduce alerts. To my knowledge, it stayed about the same. We have fewer false positives, but there are some other ones that I would rather look into. They are more on the identity side. Now that we have Singularity Identity, I am intrigued by what we will see there in terms of weird logins and other things. Now that we have the integration set up, I will get some alerts from there to go track down.

Singularity Complete has helped reduce our organizational risk. When you get these new tools, you see everything that is wrong, and then you are like, "Oh, man," but at least we are seeing them and fixing them. In that sense, it has helped to reduce risks. I do not have the metrics, but we have been able to tackle some vulnerabilities and issues that have been big known ones.

Singularity Complete would help our organization save on its costs if we were not trying to expand so much. We are into manufacturing, and we grow a lot by mergers and acquisitions, so anywhere we can get security funding is a great point. It has helped us identify some things that we can do without. We can either reduce or eliminate those other tools and cascade down, so overall, it has reduced costs.

The Microsoft integrations are most valuable right now. One that I still have in the testing is putting user accounts into the high risk and letting our policies on that take place, and then have SentinelOne put it into network isolation as well until an incident is resolved.

There could be more integrations with more software. We have been looking at Palos and getting those put into the data lake. If there was a native integration for that, that would help a lot. They can just continue adding more integrations with these big brands and software security products. 

I have been with the company for two years, and it has been there since the time I have been there, so I can only say two years at most.

I would rate it a ten out of ten in terms of stability. It is great in terms of stability and agents working as long as you do your due diligence and you do not leave it there to run just like every other product. If you leave it there with no attendance, it is going to do what it does, but if you are in there, doing your due diligence and making sure things are set, it is great. Auto updates are something I know that was implemented. That has been super helpful, so if you are doing what you need to do, it is a ten out of ten.

I would rate it a ten out of ten in terms of scalability, especially because we have Ranger deployed. If we need to or if we have a merger, we can get them to put SentinelOne on a couple of devices for us and give us creds so that we can deploy to the rest from there in case they cannot get us in the SCCM or whatever else they are using.

Their support is great. Keith Fields and Mitch Milligan are always there. They have been super helpful. I knew Keith before Mitch was even part of our account. I have been working with Keith for a little bit, and he has been super insightful on different things that I did not know the tool could do or quicker ways to do things. Mitch has also been super helpful in getting us set up. 

We just bought Singularity Identity, and Keith, Mitch, and Paul have been there to give us those meetings on what we need. They really understand what our business is, and they look into our console to help us out at times as well. It has been great. I would rate their support a ten out of ten.

Positive

It was already in place when I joined the organization. We run Defender as well. It is like a dual-stack. We have E5 for other reasons, and we use it because it is already there, but our team has gone for SentinelOne. We have had other people, especially the research teams, who want to use their own agent, but we are so comfortable with SentinelOne's abilities and what we have set up to keep us secure that we have looked away from those other SIEMs who want their agent. We have looked away from other software in the realm of MDR that may not work with SentinelOne. It is a staple piece for us that would be a hard buy to remove.

It works great. One thing I wish I had done more in college is hands-on with EDR agents. I went to Purdue for the cybersecurity network engineering major. They had classes and labs for forensics, but one thing we did not get too much hands-on was EDR. I believe they lived in the world of Microsoft for their operations there. Since I have been working here, Singularity Complete has been a great product. We are expanding. We have gone into these other modules and platforms, and we have always had a great experience.

It is a mature solution. It has been here longer than ten years. I graduated from college in 2021 and from high school in 2017. It has been around longer than I have known cyber practices. It is a good one. Always do your research and compare, but it is definitely a top one. I believe it is up there on the Gartner's Quadrants as well. It is up there for a reason.

We will use it more as we get more tools and integrate it. Currently, some of the things are still in beta. I am not leveraging it to its full capability because things are either in testing or we are looking at the software that is going to be connected. From what I have seen and based on the demos and how the beta is going, I have to give it a ten out of ten.

We use the solution for endpoint threat detection. 

The tool has helped us streamline and centralize things with a single solution. We are a small organization with a handful of people managing multiple sites. It is a simple tool with an easy-to-use UI. The product has an intuitive and up-to-date GUI. 

SentinelOne Singularity Complete's most valuable feature is reporting. People with less technical knowledge can understand the things happening. 

SentinelOne Singularity Complete should focus on analytical data. Backend aggregation can make things faster in the front end. 

I have been using the product for a year. 

I have not used support yet, which is a good thing. 

SentinelOne Singularity Complete tries to go above and beyond to integrate with different vendors, which is good. It is very nice to pick a different vendor for my needs and pull in all the information I need. It is very beneficial to have a single point of activation. 

As with any tool, figuring it out has a learning curve. However, getting the information easily and quickly from the same tool is nice. It is also nice to login to a single platform instead of multiple ones, which was the case in my previous company.

SentinelOne Singularity Complete does a good job of reducing alerts. We run attack tests against our network. We can create a real-world scenario. 

The product has reduced our organizational risk. Any tool designed around security mitigates risk. 

SentinelOne Singularity Complete has centralized things and helped us save costs. It makes getting information in and out of the system easier for a small group of people. 

I like everything that the product has done as a strategic security partner. They are willing to work with other companies and are not afraid of being groundbreaking. They are working on AI. 

I rate it an eight out of ten. 

Every five years, we research tools that could replace our old software. We combine our AV and intrusion detection. We were trying to find out if there’s an agent for the whole nine-yard, and we came across SentinelOne.

The product has an automated process where we find security issues. It’s a 24/7 behavior analytical tool to execute certain actions. The tool deletes the problem-causing process and prevents issues. It discovers, kills, and protects. The software is good. I don't see much of an issue with it.

They should train their own people so that they can train us better. The theory is good. If the product is good, but we cannot rely on it or pass it along to the customer, it's useless. When we purchased the solution, we were told that certain functions could be done. I understand it is part of sales, but I feel like I'm being fooled. We couldn't test it because it was in production. We first had a proof of concept but didn't connect it to our Azure portion.

I have been using SentinelOne Singularity Complete since February.

The product's stability is okay.

The tool's scalability is average.

The support people of SentinelOne do not know the different products offered by SentinelOne. How can they support their customer if one person knows one thing and the other doesn't? They tell us the issue does not come under them and point us to a different team.

There is a SentinelOne support team and a Singularity support team. SentinelOne's support team is okay. Once, the technical support and help desk director got involved with all our issues. However, the director got involved after we strongly complained about the issues. That's not the way it's supposed to be.

Neutral

I have used Arctic Wolf.

The initial deployment was good. The solution is cloud-based.

We took help from SentinelOne to deploy the solution. We paid for it, but it was not worth the money we paid for. Two people from our company are required for the deployment. The solution requires maintenance.

The licensing is okay. I don't see any issues with it.

We evaluated other options. We were trying to have one solution for everything. We heard that SentinelOne purchased another company. Other products like Rapid7 provide multiple solutions and products for our needs. We saw that SentinelOne provided us with one product and one support system. However, even while using SentinelOne, I have to contact different teams.

When we purchased the solution, it did not do what we expected. We didn't use all of the features. It has quite a few options. There are a bunch of more add-on modules. Other products from SentinelOne are not good. I am really disappointed with them. The user must understand the solution by just reading the training documents. The team claims it is professional, but it lacks a lot of functions.

The integration is fine, but the feature is not how they market it. It looks good on paper, but it's not what we think it is. It's not a ready product in marketing. I am disappointed with it. The interoperability is still under development. Not many people know or understand it, including people from SentinelOne. When we call and try to figure out what's going on with the solution, not many understand what it is. There is a lack of training on their products and services.

The Ranger functionality is fine. It’s only been six months since we started using it. We're still learning as it goes. I think Ranger is probably better than Singularity. Sometimes, they send false positives. It's not really a big feature for us. It's good. They're trying to prevent any networking attack, but I don't think it’s there yet. They're just trying to discover what is on the network, but we already have other tools for that.

It is important for us that Ranger requires no new agents, hardware, or network changes. Ranger is just trying to discover whatever issues we have. I don't think it can prevent it. I don't think it can block issues or protect our devices.

Overall, I rate the product a seven out of ten.

Our primary use case would be for active XDR protection. We wanted an innovative XDR to keep up with the rising dangers of malware, ransomware, et cetera.

Our visibility and response to a lot of the things that come with an enterprise network have improved. We have users doing multiple things across different platforms. There are applications, servers, endpoints, and certain things that fit in the wild, and it does a really good job protecting all of them.

It has saved time for my team because of what we can do in terms of device control that it provides externally. We have total control.

When it comes to detection, we have email alerts when a threat comes across, so it's pretty quick. And if we have predefined responses to certain threats, then obviously, our response is instantaneous. But in a lot of cases, we like to have our administrators take a look at it and make sure it gets remediated as quickly as possible.

As for security, SentinelOne Singularity puts us in a better place than most solutions. We can look at platform reviews that keep us in the loop regarding what's not considered a good solution.

The visibility and, obviously, the protection aspects are second to none when it comes to speed. Another thing we fall back on is the option to roll back an endpoint if it is infected. There is a shadow copy so that if a PC downloads malicious content, we can roll it back to the state it was in before that package was imported.

It also has a lot of flexibility with its ability to ingest things.

And the AI feature of the solution is prompt in how it learns a certain network and how it responds to certain things. If you do come across false positives, it's relatively easy to get around them.

There are some obstacles you have to overcome when it comes to whitelisting and the like, but that's true of every XDR platform.

Their documentation could afford to be a little bit better communicated. A lot of times we have to look at things in the knowledge base, and much of that could be communicated better, but that would probably be the only thing that needs to be improved.

We've been using SentinelOne Singularity Complete for about three years.

I would give it an A-plus in stability. A lot of times, when you download a new endpoint protection agent or an AV agent, you might run into a lot of compatibility issues or programs kind of freezing up.

I would give it an A-plus for scalability as well.

Our experience with their technical support has been straightforward and good. We got good, timely responses.

As a strategic partner, they're "the new guy on the block." There is some talk of them being bought out. I have heard some rumors like that. But from what I've seen, SentinelOne is just as good as, or better than, any other security partner out there.

Positive

We did use an endpoint protection platform, but I can't comment on which one we used.

I was involved in the whole process of deployment. One thing that wasn't SentinelOne's forte was compatibility with a script for an on-premises software distribution tool. Most of what we did was homegrown to deploy the agents to the machines.

We did it in-house. There were a handful of us involved, probably 10 at least.

I don't deal with the cost side of things, but the licensing, as far as endpoints go, is a pretty straightforward and simple process.

We looked at a couple of other solutions but, again, I can't disclose more about those.

The speed and user friendliness that this platform offers break down some complex aspects of the security industry, and the solution lays them out in a way that a general user can understand.

Definitely compare and contrast Singularity with other solutions. It depends on what fits best for you, what industry you're in, how mobile your network is.

I mainly focus on endpoint security. Customers often ask me about solutions to detect malware threats, and SentinelOne is one of the options I recommend. The main focus is detecting malware threats on endpoints.

The AI solution makes it easy for customers to detect and manage policies, as well as documents that help customers manage their platform.

I would like to have the same features such as ransomware that are available on the cloud version of SentinelOne also made available for the on-prem version because a lot of people in our region are not ready for cloud solutions.

I have been using the solution for one year.

Our clients range from small, medium, to large scale and the solution is stable for all of them. I give the stability a ten out of ten.

The solution is highly scalable. I give the scalability a ten out of ten.

The technical support is very good, and quick.

The initial SentinelOne setup is easy to set up in the environment and also easy to download the packet to install. 

We do not encounter a lot of issues with the pricing of SentinelOne. The pricing is reasonable.

The solution offers a standard licensing fee.

I give the solution a ten out of ten.

The solution is agent-based, so it's on service, and it's a cloud solution.

We are using its API capabilities for our server for protecting us from cyber security threats and attacks.

Earlier, we used some internal protections. However, we moved to HD information for the cyber security portion. It's helped us to mitigate security attacks and provide solid defense.

We like the file-less monitoring and filtering are great in the context of security.

The setup is very straightforward. 

It is stable. 

The product can scale if the licensing is correct.

SentinelOne has some inputs, some traditional NPRs, or models like IPS and IDS. We can configure individual rules for particular machines. In a sense, control is not from the console.

There should be more integration models with different security operations tools or soft tools. It could provide a single pane for integration with the firewall, or a soft solution should be there.

I'd been using the solution for eight months.

It's a stable, reliable product. there are no bugs or glitches. It doesn't crash or freeze. 

The product can scale. However, it depends on the license. 

We have 500 users on the solution right now.

Right now, we don't have plans to increase usage as we already have some buffer limit there.

While I haven't directly contacted support, I have used their documentation surrounding KPIs and have found them helpful.

Positive

Earlier, we were using Symantec and the One Protection Suite.

The solution is easy to set up. It's not an overly complex process. We had no issues at all. 

One system engineer which has some knowledge of network security can handle the implementation.

We handled the deployment in-house. 

SentinelOne has a very good XDR product, and it can also integrate with different security components. It's a single pane of glass for cyber security posture management. The ROI is good.

The licensing is handled by another team. I can't speak to the exact cost of the product.

We also looked at CrowdStrike before choosing this product.

Someone interested in the product should first do POC, and depending upon their OIS environment, they should consider this first before going for any XD solution.

I'd rate the solution eight out of ten.