No more typing reviews! Try our Samantha, our new voice AI agent.
PeerSpot user
Cibersecurity Analyst at a consultancy with 11-50 employees
Real User
Top 20
May 31, 2026
Advanced endpoint protection has optimized incident response and reduced analyst workload
Pros and Cons
  • "Singularity Complete has helped me free up time for my staff, allowing them to focus on other projects or tasks; it has saved a lot of time, because normally, when you do checks in a standard console for another solution, SentinelOne Singularity Endpoint reduces review time by about 50–60% of the tasks, since it's such a robust tool and at the same time has such an easy-to-understand interface."
  • "Regarding necessary improvements for support, there have been cases where support doesn't fully understand what I'm saying or sometimes what I request ends up being very redundant, because even though I manage many clients, when a case is opened for the same issue, they ask me for the same information even though it's already been handled before."

What is our primary use case?

My main use case for SentinelOne Singularity Endpoint includes ransomware attacks, server management, disk scans, anti-attacks, and reviewing threats or events generated by some attack.

What is most valuable?

I consider the best features that SentinelOne Singularity Endpoint offers to include its robust protection and the very detailed breakdown of all the events generated on devices, as well as how fast and effective its method of action is—whether that's blocking, deleting, or rolling back to a previous version from before the threat appeared. That makes it very flexible and very robust for protecting sensitive machines such as servers, databases, and AD, among others.

Singularity Complete has helped me free up time for my staff, allowing them to focus on other projects or tasks; it has saved a lot of time, because normally, when you do checks in a standard console for another solution, SentinelOne Singularity Endpoint reduces review time by about 50–60% of the tasks, since it's such a robust tool and at the same time has such an easy-to-understand interface. That makes it much easier to understand, reviews are much faster, and with fewer alerts, there are fewer alert reviews on devices.

What needs improvement?

I think SentinelOne Singularity Endpoint could be improved; I have seen that SentinelOne Singularity Endpoint has an artificial intelligence feature, but so far I haven't been able to apply it. I don't know if it's enabled for all consoles. At the moment, in my company, I manage around five consoles and so far I haven't seen an AI, or I haven't seen details on how to use the AI to improve event analysis. Even though SentinelOne Singularity Endpoint outputs all the events in a very detailed way, it's understandable that it's a huge amount of data, and you can't easily detect a pattern with the human eye, maybe across one or several machines. A specific guide on how to use that AI in these cases would be beneficial.

Regarding necessary improvements for support, there have been cases where support doesn't fully understand what I'm saying or sometimes what I request ends up being very redundant, because even though I manage many clients, when a case is opened for the same issue, they ask me for the same information even though it's already been handled before. This generates frustration both for me and my staff and for the end client, because what we're looking for is a quick response. Additionally, sometimes the response time is quite long for certain incidents—response time can be two to four hours, based on my experience. Response times or attention could certainly be improved, at least for cases that are already known.

I give it a nine because even though the tool is very robust, it still lacks an AI component, as I mentioned earlier. We're in the AI boom right now, and it's really necessary for companies given the amount of information they handle. Since SentinelOne Singularity Endpoint gives you a very detailed breakdown, it would be good to have AI as an additional tool for response and information extraction. Also, what's missing to reach 10 is support and response time, because while sometimes they respond, other times they take too long or don't fully understand what you're trying to say, and that makes things difficult. Since I'm primarily a Spanish-speaker and not so fluent in English, there are also some communication issues. The tool itself, as an antivirus solution, seems very good to me.

I've also seen that SentinelOne Singularity Endpoint only keeps an account active for 90 days of inactivity and then removes it. If no one logs into the organization, then nobody has access and you have to open a case with the vendor. Sometimes that's really annoying. Ideally, there should be an account without an expiration date so you don't lose all console management. I've had two clients where this happened. The 90 days don't always fully pass, but after 40 or 50 days, nobody can log in and you have to open a case with the vendor. Sometimes they have to run checks, so an improvement would be to add a primary account or maybe two primary accounts if a third party is the one that contracts SentinelOne Singularity Endpoint, so that you don't lose overall management and have to open a case with the vendor. That often takes a long time and depends on who purchased it, under whose name it's registered, and that creates frustration on both sides.

How are customer service and support?

My impression of SentinelOne Singularity Endpoint's ability to ingest and correlate information across my different security solutions is very good, because we associate it with a SIEM, but even then the SIEM gives us almost the same information. We use SentinelOne Singularity Endpoint itself to correlate information and we do see a big difference compared to other endpoint security solutions. Its capability as an antivirus and incident response tool is very extensive. I think, of all the solutions I've seen, SentinelOne Singularity Endpoint would be first, then Cortex, then Kaspersky, and so on.

Buyer's Guide
SentinelOne Singularity Endpoint
June 2026
Learn what your peers think about SentinelOne Singularity Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
903,871 professionals have used our research since 2012.

Which solution did I use previously and why did I switch?

I have used other solutions before SentinelOne Singularity Endpoint; we've actually used a lot of technologies. In this case, we haven't strictly replaced an antivirus. For workstation machines, more general technologies are used, like Cortex, Kaspersky, and Trend Micro. However, for sensitive machines with very sensitive information or that are highly exposed to attacks, we've used SentinelOne Singularity Endpoint. Because we know it's a more robust technology, it allows us to have better analysis and better security on those more sensitive devices. Since the number of such devices isn't very large, we focus on providing better security there.

What was our ROI?

I have seen a return on investment from implementing SentinelOne Singularity Endpoint; we've seen time optimization and fewer staff needed. Since our company provides services, analysts can dedicate themselves to other requests, because with clients that have SentinelOne Singularity Endpoint, we almost never have to deal with incidents, as SentinelOne Singularity Endpoint itself blocks them. Most of the time what they contact us for is account enablement.

What's my experience with pricing, setup cost, and licensing?

My experience with licensing costs, pricing, and configuration of SentinelOne Singularity Endpoint is that I haven't really seen the licensing prices. I have seen the configuration side, and it's very quick to implement. At least in the implementations I've been involved in, I haven't had many problems—almost never. I don't know about pricing, because I'm in support and analysis, not in sales or pre-sales.

Which other solutions did I evaluate?

Before choosing SentinelOne Singularity Endpoint, I did evaluate other options; the other options we consider are: if the machines are sensitive, like servers or databases, SentinelOne Singularity Endpoint is the primary choice. If not, we go to Cortex; if not, to Kaspersky, Trend Micro, and so on. The main ones are SentinelOne Singularity Endpoint and Cortex.

What other advice do I have?

There was another case when there was a ransomware attack on a machine that didn't have any security solution, no antivirus installed, and a ransomware attack was detected. I installed SentinelOne Singularity Endpoint on it, and when I completed the installation and the disk auto-scan ran, it detected a threat that was active there. I isolated the server in that case and let SentinelOne Singularity Endpoint keep running to see if there were any other threats. Because there was already a vulnerability and I installed SentinelOne Singularity Endpoint afterward, I couldn't do much more, so based on what SentinelOne Singularity Endpoint showed me about that threat, I also carried out checks on the other servers. Fortunately, thanks to that detection SentinelOne Singularity Endpoint made, I was able to find several servers that had no security components installed, which was due to an oversight by that company's security staff. I installed SentinelOne Singularity Endpoint on the other servers, ran a full disk scan, and from there reviewed the detailed events for everything that's generated, because SentinelOne Singularity Endpoint shows you every event that's detected. Based on that, I was able to detect some anomalous patterns or port connections to devices and queries. Based on that, I implemented best practices on both the firewall and the endpoint.

The advice I would give to other professionals who are considering implementing SentinelOne Singularity Endpoint is first to review the company's budget for endpoint implementation across the whole organization. If there are many devices and they can afford SentinelOne Singularity Endpoint, they should go for it. If not, they should opt for a lower-tier, more economical technology, and focus on using SentinelOne Singularity Endpoint specifically on the most vulnerable or sensitive devices—in this case, servers and databases. While SentinelOne Singularity Endpoint is somewhat expensive, as far as I know, it's very good in terms of protection. If they can't afford SentinelOne Singularity Endpoint for the entire company, they should deploy a cheaper technology for workstations and focus on acquiring at least SentinelOne Singularity Endpoint for, say, 100–120 licenses for servers and sensitive devices. That will help a lot in mitigating many threats and service availability issues that are critical for the company. It's better to spend a bit more money protecting your sensitive machines than protecting them with something cheaper and having potential problems, outages, or impacts. I give the tool a rating of 9 out of 10.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer. Socio
Last updated: May 31, 2026
Flag as inappropriate
PeerSpot user
Krishnakumar Mahadevan - PeerSpot reviewer
EA & CISO at a non-tech company with 10,001+ employees
Real User
Top 5
May 29, 2026
Endpoint protection has reduced ransomware impact and now saves time with automated response
Pros and Cons
  • "My general view is that Singularity Complete does help to save time and free up my staff for other projects and tasks."
  • "On the negative side, I find that SentinelOne is expensive compared to some other options like Orca Security, which is cheaper."

What is our primary use case?

My usual use case is to employ Antivirus plus EDR plus automated incident response. This solution employs one single agent, and that is one of our key activities.

What is most valuable?

I appreciate the one-click rollback feature of SentinelOne Singularity Endpoint. In case of any issues, it will roll back and restore the system. Just yesterday, I was struggling with a ransomware incident where clients were using SentinelOne Singularity Endpoint. They asked if they could restore it, and their backup systems are very strong. I said to go ahead and restore, and they restored it. It took some time as the number of servers was large. If the servers are fewer, we could handle it within 24 hours. We restored a mid-range company with around 16,000 employees within two days, but they lost about four hours of work. They have not opted for our RTO and RPO services for security. Now they are considering that.

One of the features we use normally is the ability to ingest and correlate across security solutions for triages, training, and customer demonstrations. We demonstrate that feature to customers, and they usually express interest in deploying the same solution in their system.

SentinelOne Singularity Endpoint helps to consolidate security solutions in general. My general view is that Singularity Complete does help to save time and free up my staff for other projects and tasks. Significant time is saved through the use of the product.

Regarding Mean Time to Detect (MTTD), it is reduced with the help of SentinelOne Singularity Endpoint, and the same applies for Mean Time to Respond (MTTR); those numbers are comparable.

The Purple AI part in SentinelOne is important for clients concerning data privacy and security. It meets customer needs well, as we call it SecOps for security operations, incorporating network, third-party tools, identity, cloud, and EDR aspects. Purple AI amplifies team knowledge and is effective in the environment. It allows for threat hunting with natural language, and we used it in certain scenarios during the current ransomware incident. It features Auto Triage, which is very useful during high-risk incidents. Purple AI provides contextual insights, synthesizes threat intelligence, and includes autonomous responses, next-generation capabilities, device isolation, process killing, and remediation workflows— all key aspects on my mind.

SentinelOne Singularity Endpoint operates with Ranger, which connects with network and asset visibility.

What needs improvement?

On the negative side, I find that SentinelOne is expensive compared to some other options like Orca Security, which is cheaper. Cost reduction could be a consideration since the pricing is not competitive compared to Check Point or Palo Alto; however, it is more expensive compared to Orca Security or Fortinet.

I would say there could be added features in the future for SentinelOne, such as a CNAPP version of Singularity, which would nicely incorporate all-in-one offline security features onto a single dashboard.

For how long have I used the solution?

I have been working on SentinelOne Singularity Endpoint for the last five years.

What do I think about the stability of the solution?

I have not heard any complaints from my clients regarding stability. There has been no problem at all.

What do I think about the scalability of the solution?

SentinelOne Singularity Endpoint is obviously scalable since we only receive the agent; we are not limited as everything is pushed through group policy or from third-party tools.

How are customer service and support?

Regarding technical support from the vendor, CrowdStrike is number one. SentinelOne support is adequate, but compared to CrowdStrike, no other vendors seem as strong. I would rate their support at eight out of ten.

Which solution did I use previously and why did I switch?

None of my customers are using Check Point. We are using a different solution that I have forgotten the name of at this time.

How was the initial setup?

In terms of deployment for SentinelOne Singularity Endpoint, it is quite straightforward. All setups are external, and the vendor provides the main setup. They give us the agent, which we push, and they write some code, XML, JSON, or similar that we patch. For the client, deployment is not tough at all— it is very easy across all companies.

What about the implementation team?

I do not work with SentinelOne as a reseller, as only resellers do not make money in India. I work with resellers and integrators instead.

Which other solutions did I evaluate?

Technically, if you compare SentinelOne Singularity Endpoint to competitors like Orca, CrowdStrike is more advanced. They operate in a completely different manner from Singularity, and I can appreciate Microsoft Defender for Cloud as a good product as well, personally. CrowdStrike is the market leader due to their lightweight agents that sit in every machine and utilize AI for automating triages, investigations, and their 24/7 managed threat intelligence and threat hunting services like Overwatch, which would have helped manage a ransomware attack more effectively.

What other advice do I have?

Check Point is part of my portfolio, and specifically, we use Email Security. Before it was called Harmony Email & Collaboration, which is the Harmony solution.

Today, I manage some XDR and EDR products as I am a CISO. I have to work on everything, but since all these things are already there, Palo Alto is not involved anymore because it is already there. It is only the SIEM team and the SOC team taking care of it.

In terms of XDR, I am working with Trend AI or SentinelOne.

The deployment model depends on the customers, as some may prefer EDR, which requires local deployment and policy configuration, while others might opt for XDR or MDR solutions that take less time. I give this review a rating of eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer. MSP
Last updated: May 29, 2026
Flag as inappropriate
PeerSpot user
Buyer's Guide
SentinelOne Singularity Endpoint
June 2026
Learn what your peers think about SentinelOne Singularity Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
903,871 professionals have used our research since 2012.
Likhith Varma - PeerSpot reviewer
Senior Security Analyst at Areté Associates, Inc.
MSP
Top 20
Jul 3, 2026
Centralized threat hunting has improved incident response and now reduces investigation time
Pros and Cons
  • "The best aspect of SentinelOne Singularity Endpoint is its integration with AI, which provides initial analysis of alerts, gives an overview of what the alert or threat is about, and provides insight into what is happening."
  • "When retrieving results for logs in the AI SIEM of SentinelOne, there is a limitation where I can download up to 10,000 columns at a time, and the same constraint applies to vulnerability data."

What is our primary use case?

I am currently working with SentinelOne products, specifically SentinelOne EDR and AI SIEM solutions. I have been working with SentinelOne Singularity Endpoint for the past nine months.

My use cases for SentinelOne Singularity Endpoint involve integrating multiple log sources from clients into a centralized platform. The platform has predefined rules, and I write custom rules based on threat hunts we are conducting. I analyze threats and alerts triggered by the platform to understand and respond to security incidents.

I work with the Ranger functionality for network and asset visibility in SentinelOne Singularity Endpoint.

SentinelOne Singularity Endpoint helps consolidate my security solutions in a different way than other products on the market. It offers new perspectives regarding threat fingerprinting and handling certain aspects of security. There are some limitations, but it is a growing product, and the team has made significant improvements since I joined, with new features continuously being developed.

What is most valuable?

The best aspect of SentinelOne Singularity Endpoint is its integration with AI, which provides initial analysis of alerts. It gives an overview of what the alert or threat is about and provides insight into what is happening.

SentinelOne Singularity Endpoint's ability to ingest and correlate across security solutions is valuable because it correlates data from the EDR module with custom rules I have defined. This correlation provides a complete overview of the incident and the overall capability.

SentinelOne Singularity Endpoint has helped me reduce alerts by correlating multiple data sources and grouping related alerts. This grouping makes it easier to investigate multiple incidents simultaneously.

SentinelOne Singularity Endpoint helps save time and free up my staff for other projects and tasks. It provides a brief description of each alert, which reduces investigation time so my team can focus on other priorities and increases overall productivity.

SentinelOne Singularity Endpoint has reduced my average MTDD and MTTR. The platform detects threats quickly, lowering the Mean Time to Detect, and provides brief alert descriptions that help close incidents faster, improving overall MTTR.

What needs improvement?

When retrieving results for logs in the AI SIEM of SentinelOne, there is a limitation where I can download up to 10,000 columns at a time, and the same constraint applies to vulnerability data. This product limitation needs improvement in future updates.

I would like to see these limitations removed in SentinelOne Singularity Endpoint. Additionally, the device control feature needs improvement. The EDR is solid, but there are several areas where the quality of work could be enhanced.

For how long have I used the solution?

I have been using SentinelOne Singularity Endpoint for the past 9 months.

What do I think about the stability of the solution?

SentinelOne has not presented many stability issues. However, when searching for long-range queries, such as logs spanning three to four months, the platform sometimes takes extended time to retrieve the logs. Other than this, I have not encountered significant stability problems with the product.

What do I think about the scalability of the solution?

I find SentinelOne Singularity Endpoint scalable.

How are customer service and support?

I am aware of SentinelOne's tech support team. When I encounter agent issues, I create support cases, and the team usually provides a very good response with rapid turnaround. The support is available around the clock.

Which solution did I use previously and why did I switch?

I have used other tools apart from SentinelOne, including CrowdStrike, Microsoft Sentinel, Microsoft Defender, and Carbon Black.

Having worked with tools like Defender and CrowdStrike, I can identify key differences in both pros and cons of SentinelOne. In Defender, you have limited information related to events, but in SentinelOne Singularity Endpoint, you have everything. When hunting on a specific device, you get all events including device events, network events, IP connections, and separate indicators to identify any indicators of compromise. SentinelOne has done significant work correlating these data points and keeping them separate so I can check each category independently while investigating alerts.

How was the initial setup?

I am not certain how SentinelOne Singularity Endpoint was initially set up because the organization had been using it for the past five or six years before I recently joined them.

What about the implementation team?

With new clients, I have not encountered many problems. From the EDR perspective, I did face some challenges related to SentinelOne Singularity AI SIEM where I had to find new ways of integrating all log sources, but I experienced nothing from the EDR perspective.

Which other solutions did I evaluate?

Purple AI plays a role in amplifying team knowledge and is quite effective in my environment. For example, when I receive an alert and want to see surrounding activities, if I am a person with no prior knowledge of SentinelOne Singularity Endpoint, building the query would be difficult to get new context and results. Purple AI helps by allowing me to provide a normal query or prompt, and it generates the query along with the results.

The key benefits from using SentinelOne Singularity Endpoint are that I have everything in a single platform. I have Ranger, the EDR module, AI SIEM, Purple AI to retrieve results, and vulnerability capabilities. I can correlate a single threat with all of these components to get a clear picture of what is happening in the environment.

What other advice do I have?

I am using the SaaS deployment model for SentinelOne.

Ranger is important because it gives me visibility into how many devices in my network are unprotected. It provides security posture information showing how many detections exist, how many devices are protected, and how many are not. It gives an overview of what devices need protection and allows me to review why certain devices are not protected and identify any limitations.

The company name is SentinelOne.

I use Purple AI in SentinelOne.

Purple AI is an AI developed by SentinelOne that helps me correlate or build queries for those who have not used SentinelOne Singularity Endpoint before. It also provides information about the product without sharing confidential information. SentinelOne has a policy ensuring that all data and queries are kept internally and not shared with any third party.

Regarding workflow, Purple AI helps overall in my day-to-day operations by assisting with how alerts are triggered, retrieving results for alerts, providing alert descriptions from connected devices, and helping mitigate threats. I gave this review a rating of 8 out of 10.

Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Last updated: Jul 3, 2026
Flag as inappropriate
PeerSpot user
Network Security Engineer at Softcell Technologies
Real User
Top 20
Jun 24, 2026
Automated endpoint protection has reduced manual effort and improves real-time threat response
Pros and Cons
  • "Everyone should go for SentinelOne Singularity Endpoint because at the price range that they are offering their services, it is the best that we can ask for."
  • "Initially, it creates a lot of false positive alerts, which can be improved."

What is our primary use case?

We are working for SentinelOne Singularity Endpoint. We are using SentinelOne Singularity Endpoint for endpoint detection to detect any suspicious malware detected in any PDF or file that users download and access. SentinelOne Singularity Endpoint marks suspicious or malicious files and takes appropriate action by quarantining that file in real time. This is the basic purpose that we are using SentinelOne Singularity Endpoint for.

We have integrated SentinelOne Singularity Endpoint with third-party tools such as our ManageEngine ticketing portal and a few other security devices. It works very well and we have not faced any issues yet.

What is most valuable?

The foremost thing would be that the response is very fast, and capability-wise, it is highly capable. Its automated features, behavioral analysis, and machine learning features are numerous, and I feel SentinelOne Singularity Endpoint is best for these aspects.

SentinelOne Singularity Endpoint has a faster response, so the mean time to detect is remarkably better than other products. This has improved the overall productivity for our organization, which is a plus point using SentinelOne Singularity Endpoint.

Because it is fully automated, the moment any threat is detected on any file or system, that very second it marks the alert and takes appropriate automated action on it. If any manual human intervention is required, then we, the analysts, are responsible for drafting a mail to our client. This has overall reduced our manual effort significantly, making it very beneficial.

What needs improvement?

I feel that it can be much better. Initially, it creates a lot of false positive alerts, which can be improved. SentinelOne Singularity Endpoint does not have any custom dashboard feature, so adding that would be better for us. We could create our own customized dashboard rather than using the default dashboard that SentinelOne Singularity Endpoint has.

Regarding CPU utilization, in a few of our clients, we have observed that the disk usage and utilization gets very high because they have lots of endpoints integrated on that particular client. This can be improved in that scenario as well.

For how long have I used the solution?

It has been a few months that I have been using SentinelOne Singularity Endpoint, and I have had a great experience with it.

What do I think about the stability of the solution?

As far as I am concerned, I have not seen any downtime in SentinelOne Singularity Endpoint. There has not been any scenario where we have to wait to see whenever the device gets back up and running. There has not been any issue on that.

What do I think about the scalability of the solution?

It is very much scalable. SentinelOne Singularity Endpoint charges on a per-endpoint basis, so whatever the requirement is, it charges the client on that basis. We can scale up and scale down whenever we want. If we want to scale up to a higher endpoint, then it is very much easy to scale up and scale down.

How are customer service and support?

There have been a number of scenarios where I have felt that this is not my area of expertise to manage. In those kinds of times, I have been connected with the OEM and the customer support team of SentinelOne Singularity Endpoint. These scenarios include when creating a new rule or finding out IOCs on a client's endpoint. I would rate the customer support a 10 out of 10 because their response was very quick, within a day.

Which solution did I use previously and why did I switch?

I have not been aware of other EDR or XDR solutions. This is my first EDR endpoint detection response team, so I am not aware of what other vendors are providing.

How was the initial setup?

From what I am aware of, the deployment is very easy. You just have to install SentinelOne Singularity Endpoint agent on the desktop, laptop, server, or whatever device it is. Before installing, we have to allow its IP address and port in the firewall for better services. After that, we have to install SentinelOne Singularity Endpoint on the desktop and laptop.

What was our ROI?

Our return on investment is very much high. Our company is basically an MSSP, and we are providing managed services to our clients. By using SentinelOne Singularity Endpoint and providing its features to our clients, our company makes a huge amount of money. It is a great return of investment for our organization.

What's my experience with pricing, setup cost, and licensing?

What SentinelOne Singularity Endpoint is offering for the price range is very remarkable. They are pricing on the basis of per endpoint. They charge around six to ten dollars based on the required amount of endpoints that are necessary. At this price range, the type of solution we are getting is the best that we can ask for.

What other advice do I have?

We have a dedicated threat hunting team for that kind of thing, so I have never been a part of that threat hunting procedure in our team.

The analytics bar allows us to view every threat that has been observed in whatever time frame it is. By seeing that, we can directly assess whatever threats that have been observed on any endpoints and take a particular action on that.

There has been a scenario when SentinelOne Singularity Endpoint automatically remediated a threat, but the client confirmed us that the file is genuine and necessary for them. During that time, we used the rollback feature to get it back to the original state. By doing that rollback, we can roll back to our default settings. For that purpose, we use the rollback feature.

The rollback feature has saved us quite a bit of time. Doing it manually would have taken much more time. By directly doing the rollback, it has saved us more than an hour of time.

Everyone should go for SentinelOne Singularity Endpoint because at the price range that they are offering their services, it is the best that we can ask for. Everyone should keep SentinelOne Singularity Endpoint as their security device for their firm or their own personal purpose as well. I would rate this review a 9 out of 10 overall.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: MSP
Last updated: Jun 24, 2026
Flag as inappropriate
PeerSpot user
Krishna R - PeerSpot reviewer
DGM. Technical Security at a tech services company with 10,001+ employees
Reseller
Top 5
Oct 28, 2025
Automation has simplified threat detection and enabled seamless hybrid deployments
Pros and Cons
  • "The biggest benefit for my customers is that it is autonomous, where mostly everything is automated, and the threat detection, as well as auto-remediation rules, are set up."
  • "Sometimes, SentinelOne Singularity Complete takes time to reflect on some machines, which could be due to poor network connectivity."

What is our primary use case?

The main use cases for SentinelOne Singularity Complete include EDR, XDR, and NGSIEM.

SentinelOne Singulality Complete has the ability to ingest and correlate across security solutions extensively.

SentinelOne Singularity Complete seamlessly ingests logs from various other technologies besides the SentinelOne EDR platform. We have integrated with several firewalls, different firewalls. We have integrated with cloud ingestion, such as AWS and GCP, which is seamless. There are other solutions that can be integrated with SentinelOne Singularity Complete, incorporating security log ingestion.

The XDR platform helps to consolidate different security solutions.

Regarding Ranger functionality, it provides network and asset visibility and can ingest logs from network sources, capturing any threat metrics, including IOCs.

I cannot confirm if SentinelOne Singularity Complete reduces alerts as I have not worked heavily on that aspect. The system captures different telemetry from network devices.

Customers mainly use SentinelOne Singularity Complete on both public and hybrid cloud. This is advantageous, as we can use a relay agent to commit updates for computers that do not have internet access. Those telemetry can also be received, which is a clear value differentiator.

What is most valuable?

The rollback feature is the most useful feature of SentinelOne Singularity Complete. When a machine is infected, we have the option to roll back to the earliest date, providing ransomware protection. The second biggest differentiator is the hybrid implementation, which means unlike other EDRs, all machines need not be connected to the internet. We can have a local relay agent that can perform updates and upgrades to machines that are not connected to the internet directly, which is very helpful for updating air-gapped implementations.

The installation of SentinelOne Singularity Complete is very seamless. We are able to implement fresh rollouts of thousands of machines in a matter of one or two days, provided the machines are available. We are immediately able to see the telemetry and ingestions of the log taking place.

The biggest benefit for my customers is that it is autonomous, where mostly everything is automated, and the threat detection, as well as auto-remediation rules, are set up. Hence, minimum intervention is required from our side in case of known threats. I consider the automation and autonomous decision-making as the cornerstone.

What needs improvement?

Sometimes, SentinelOne Singularity Complete takes time to reflect on some machines, which could be due to poor network connectivity. However, I don't see any major problems.

It takes time for updates to reflect on the central console when putting in a new machine.

Regarding recommendations, they have acquired a company called Prompt Security, which is working on AI gateway and AI security posture management. I want to see how it gets integrated with the SentinelOne platform, and I am looking forward to what they will do with Prompt Security.

My customers have not calculated a return on investment because most purchases happen as a mandate. It is imperative for organizations to move from antivirus to EDR and XDR platforms. The decision is mostly for corporate security rather than based on a return on investment.

For how long have I used the solution?

I have been working with SentinelOne Singularity Complete for three years.

What do I think about the stability of the solution?

I have not come across big disruptions or breaches with SentinelOne Singularity Complete. Whatever known viruses exist are automatically eliminated, similar to a usual antivirus. I have not used threat hunting situations and have not been exposed to that currently.

There are not many stability issues regarding upgrades. Everything is managed automatically, so there is no user interference needed for upgrades.

What do I think about the scalability of the solution?

SentinelOne Singularity Complete is very scalable. I have seen customers scaling up to 25,000 users very easily without challenges.

How are customer service and support?

I have contacted SentinelOne support via TAC lines for understanding suspicious behavior, and they help drill down further. We get support directly from the TAC line for any false positives or to understand whether it is a true positive or false positive alert.

I would rate the support from SentinelOne Singularity Complete as an eight out of ten.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup of SentinelOne Singularity Complete is straightforward and very easy. All we need to do is set up a tenant, create the package file, and once we install it, it automatically connects. We can set up the entire system in a matter of one hour for a large customer.

What's my experience with pricing, setup cost, and licensing?

SentinelOne Singularity Complete is not expensive; they are very aggressive when it comes to price points.

Compared to Microsoft and other competing solutions, SentinelOne Singularity Complete is very aggressive price-wise.

The cost depends on a per-device basis.

The full-fledged platform should be around $7 to $10 per device per month.

What other advice do I have?

I have had limited experience with Purple AI, which gives copilot-features wherein I can use a pull-down menu to identify based on any IOCs present. The retrieval time is very fast. I can ask certain copilot questions, frame certain queries on the drop-down menu, and immediately see whether those telemetry match in my systems.

Predominantly, my customers buy SentinelOne Singularity Complete from us. Small customers may purchase from the AWS marketplace, but enterprise customers mostly buy through partners.

I recommend SentinelOne Singularity Complete as a good investment where you can rely on the technical support. There is always a human voice available if we get stuck somewhere, and I am very happy about the solutions and interactions we have. You are bound to have clarity when alerts come in, and you need a vendor who can answer and troubleshoot those situations and clarify what the alert is all about. If you are looking for more TAC line support for incidents, go ahead with SentinelOne Singularity Complete.

I rate SentinelOne Singularity Complete eight out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Last updated: Oct 28, 2025
Flag as inappropriate
PeerSpot user
Ricardo Sousa da Silva - PeerSpot reviewer
Cyber Security Expert at Nestle
Real User
Top 5
Jan 29, 2026
Centralized security management has reduced response times and improves threat containment
Pros and Cons
  • "At this point, SentinelOne Singularity Complete delivers everything it promises to do."

    What is our primary use case?

    I used SentinelOne Singularity Complete in the past and applied it to many customers in the Caribbean region. The use case was to implement SentinelOne Singularity Complete as a tool to replace the old antivirus systems that customers had. When we presented SentinelOne Singularity Complete, most customers appreciated it because the price was very competitive. They decided to provide this as a managed security service, which was very beneficial for them.

    What is most valuable?

    I appreciated the centralized dashboard that we used to manage the solution and the straightforward deployment process. We could deploy using Group Policy Objects to install the clients, which made the process very easy.

    I loved the way that we could collect information and trigger actions when we identified a malicious file or a threat. Ranger was excellent for identifying other assets in the network that did not have the solution deployed, allowing us to create a map of the network. It was very important for us to identify workstations and servers that were not protected.

    SentinelOne Singularity Complete reliably identifies real threats, which is a significant advantage as we could detect threats that other tools missed. The alerts are excellent for receiving notifications, and we could integrate with SIEM tools. This made it easy for us to create dashboards and see whenever we had an issue, and we could also create automations that could disconnect the device from the network or take other preventive measures to stop the spread of a virus.

    What needs improvement?

    I think dashboards could be improved with a dashboard creator feature that would allow us to select the information we want to extract and generate customized dashboards.

    For how long have I used the solution?

    I worked with SentinelOne Singularity Complete for approximately three years.

    What do I think about the stability of the solution?

    SentinelOne Singularity Complete is very easy to deploy and implement.

    What do I think about the scalability of the solution?

    SentinelOne Singularity Complete is very scalable for our needs.

    How are customer service and support?

    Support was very good. When we needed assistance, we received it in a timely manner and the issues were resolved.

    Which solution did I use previously and why did I switch?

    I worked with Defender and other tools including CrowdStrike, with particular experience managing CrowdStrike.

    How was the initial setup?

    We implemented the complete solution in customer environments to integrate with their existing infrastructure.

    What was our ROI?

    SentinelOne Singularity Complete offers a very competitive price. When we implemented it, we could reduce costs with the total cost of ownership compared to other solutions.

    What's my experience with pricing, setup cost, and licensing?

    When we presented SentinelOne Singularity Complete, most customers appreciated it because the price was very good. They decided to provide this as a managed security service, which was very beneficial for them.

    What other advice do I have?

    When we implement SentinelOne Singularity Complete, we always create automations so that detection is very efficient in terms of timing. When we identified a threat, we could create rules to block the machine and put it in quarantine. This made it easy to investigate and we could have a broad overview of when the issue started, allowing us to manage issues in a shorter timeframe.

    The mean time to respond was reduced in our security operations center. We used it to handle alerts and could act as soon as we received them. When we managed other vendors, it was time-consuming, but with SentinelOne Singularity Complete, it is much better.

    Having a centralized tool like SentinelOne Singularity Complete allowed us to manage not only Windows desktops but also servers, MacBooks, and an entire environment. The integration with other SIEM tools is excellent, allowing us to create dashboards, analyze results, and receive alerts as soon as they are triggered.

    At this point, SentinelOne Singularity Complete delivers everything it promises to do. We have deployed it from AWS and also created a tenant directly from the portal. SentinelOne Singularity Complete is easy to use, and the dashboards and portal are very user-friendly, which is why I prefer it. I would recommend that others try SentinelOne Singularity Complete because once they do, I believe they will love it. I would rate this review a 9 out of 10.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    Last updated: Jan 29, 2026
    Flag as inappropriate
    PeerSpot user
    Senior Cybersecurity Manager at Ernst & Young
    Real User
    Top 20
    May 30, 2026
    Endpoint protection has improved compliance and response times but still needs fewer false alerts
    Pros and Cons
    • "In general, the solution helps to save time and free up staff for other projects and tasks, freeing up approximately 15% of staff time and reducing mean time to detect by approximately 10% and mean time to respond by approximately 20%."
    • "Regarding alerts, SentinelOne Singularity Endpoint sometimes produces too many false positives, and sometimes produces true positives."

    What is our primary use case?

    As an integrator, my use cases are to reduce the attack surface and ensure that all endpoints, workstations, and servers are compliant with security standards. We have integration with the SOC as well, providing 24/7 monitoring. We serve a critical customer with many use cases.

    How has it helped my organization?

    In general, the solution helps to save time and free up staff for other projects and tasks. Approximately 15% of staff time is freed up. Regarding mean time to detect (MTTD), the solution also reduces MTTD by approximately 10%. As for mean time to respond (MTTR), this is something which is amazing, providing approximately a 20% reduction.

    What is most valuable?

    As an integrator, the biggest advantages of SentinelOne Singularity Endpoint that really stand out to me are that it supports on-premises deployment where we will not have to send the traffic back to the cloud. It only requires updates. This is why we selected it over CrowdStrike and other alternatives. EDR integration and memory protection to guard against attackers is valuable. It can detect lateral movement and other technical aspects.

    Regarding the solution's ability to ingest and correlate across security solutions, we are approaching this differently. On the customer side, we have Splunk SIM (now owned by Cisco). We are ingesting all the traffic towards Splunk to have clear visibility from EDR. We are integrating with the SIM rather than the other way around.

    What needs improvement?

    Regarding alerts, SentinelOne Singularity Endpoint sometimes produces too many false positives, and sometimes produces true positives. We have to ensure that if there is an event flagged as a false positive, we have a layer two analyst conduct incident response investigation to verify whether it is a false positive or a real alert.

    Regarding the Ranger functionality in SentinelOne Singularity Endpoint, I am not really working with this part. Regarding the AI part of the product, there is Purple AI for SentinelOne Singularity Endpoint. I am asking whether Purple AI is a separate product or included within SentinelOne Singularity Endpoint, or if it is a separate license product.

    For how long have I used the solution?

    I have been using the solution for one year.

    What do I think about the stability of the solution?

    Regarding stability, I would say the product is approximately 95% stable. We first implemented it in detection mode (passive mode) and then transitioned to preventive mode.

    What do I think about the scalability of the solution?

    Regarding scalability, I would say it is very easy to scale up and scale out. SentinelOne Singularity Endpoint is indeed scalable.

    How are customer service and support?

    Regarding technical support from SentinelOne, my team is working on that aspect. They have not reported any issues so far. We have not opened any support cases yet. We are working with the local team on SentinelOne Singularity Endpoint for deployment, and they are doing the deployment work. Everything has gone smoothly because professional services are provided by the SentinelOne team.

    Which solution did I use previously and why did I switch?

    We have on-premises deployments for the product.

    How was the initial setup?

    The deployment itself is not easy because we operate in a very critical telecom environment. We have to manually install the product because we do not have Active Directory or patch management solutions yet. We have to select the servers and workstations manually and then perform manual installation on each. This takes considerable time for the installation process.

    What about the implementation team?

    As an integrator, we are implementing the product.

    What was our ROI?

    Even though it is a security product, it is not possible to observe any return on investment yet. I have not conducted this analysis exercise yet.

    What's my experience with pricing, setup cost, and licensing?

    Regarding pricing and licensing cost, I would say SentinelOne Singularity Endpoint pricing is medium.

    Which other solutions did I evaluate?

    When comparing solutions among themselves, the main reason for selecting SentinelOne Singularity Endpoint was because of on-premises deployment capability. CrowdStrike is an amazing solution, but it does not support on-premises deployment. It must be cloud-based through their Falcon service. Enterprises which have hybrid cloud environments and are using SASE solutions where all people are connecting from various locations rather than coming to the office would benefit more from CrowdStrike than SentinelOne Singularity Endpoint.

    What other advice do I have?

    Summarizing everything that I have told you about the product, I can give SentinelOne Singularity Endpoint a rating of seven out of ten. Regarding deployment and stability to some extent, these areas could be improved. SentinelOne Singularity Endpoint should be able to provide integration with network detection and response (NDR). They should also be able to provide AI solutions built into the product rather than as a separate product. This is something that I am looking for.

    Disclosure: My company has a business relationship with this vendor other than being a customer. Integrator
    Last updated: May 30, 2026
    Flag as inappropriate
    PeerSpot user
    Manoranjan Rana - PeerSpot reviewer
    Business Head at Ivalue Infosolution
    Real User
    Top 20
    Mar 2, 2026
    Advanced endpoint protection has reduced alerts and has enabled rapid rollback and threat response
    Pros and Cons
    • "SentinelOne Singularity Complete has positively impacted my company by being hassle-free, providing good ROI, giving the best security with its rollback feature, offering extensive integration with other solutions, and using such a lightweight agent that it does not cause any system slowness."
    • "Sometimes I get a response from them, but at times they may not have answers and defer to the engineering team, which can prolong the resolution time beyond expectations for customer satisfaction."

    What is our primary use case?

    My usual use cases for SentinelOne Singularity Complete revolve around EDR and XDR, focusing on protecting end machines, including servers, particularly for users with critical applications running on endpoints. It is crucial for them to know how to protect those systems. If at any point phishing or an attack happens, I can provide data protection and restoration to my customers. Those are the primary use cases.

    The feature I find most valuable in this solution is its rollback feature.

    What is most valuable?

    The rollback feature is incredibly valuable because if my organization gets hacked, I can restore complete data from up to half an hour back by clicking a one-click rollback option available in SentinelOne Singularity Complete.

    SentinelOne Singularity Complete's ability to ingest and correlate across my security solutions is significant. It correlates with all other services, for instance with Netskope or Forcepoint. It also correlates with Proofpoint and many other endpoint machines like CyberArk, which is PIM/PAM, along with Netskope, Forcepoint, and Proofpoint, which involve DLP.

    SentinelOne Singularity Complete helps me consolidate my security solutions overall, though the consolidation only happens at the endpoint level, not at all levels.

    My impression of the Ranger functionality in SentinelOne is that it is a good product that is helpful for my AD environment. It effectively protects my AD machines in that environment.

    In my experience, SentinelOne Singularity Complete helps reduce alerts significantly. If any machine comes up, I will receive a notification. So in a day, I might get a thousand emails or alerts. What Singularity does is filter those alerts and provide me with the top 10 or top 15 threats to understand and mitigate the risk. That is a lot of help from Singularity. The reduction in alerts has been around 60 to 70%.

    What needs improvement?

    SentinelOne is definitely improving, with a lot of new versions coming out and patches happening on a regular basis. They are acquiring a lot of AI companies and conducting R&D backend work, which is ongoing. By the end of this year, I believe a fully-fledged product will be available. One area needing enhancement is on the commercial front, especially considering the major competition with CrowdStrike. Hence, we must address some challenges, at least for the Indian market.

    For how long have I used the solution?

    My experience with SentinelOne Singularity Complete spans four years.

    What do I think about the stability of the solution?

    I can rate how stable and reliable SentinelOne Singularity Complete is as a 9.

    What do I think about the scalability of the solution?

    I can rate the scalability of SentinelOne Singularity Complete as a 10. Whether it is 50, 5,000, or 5 lakh endpoints, it remains scalable.

    How are customer service and support?

    I do not often communicate directly with the technical support of SentinelOne, but my technical team does.

    I would rate SentinelOne's technical support as an 8. Sometimes I get a response from them, but at times they may not have answers and defer to the engineering team, which can prolong the resolution time beyond expectations for customer satisfaction. Overall, it takes a couple of days longer than desired, but the rest of the service is good.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    Before my experience with SentinelOne Singularity Complete, we worked with different technologies such as Trellix and Trend Micro.

    How was the initial setup?

    I usually participate in the initial setup and deployment of SentinelOne Singularity Complete.

    I can describe the initial setup process, but I am not deeply involved in the technical details because my technical team takes care of that. I am mainly focused on the business side.

    From my perspective, the initial setup is straightforward. During a demo POC, they showcase the complete process, and the presentation along with the dashboard walkthrough helps the customer partner understand everything. It is not that complex.

    What was our ROI?

    SentinelOne Singularity Complete has positively impacted my company by being hassle-free. It provides good ROI, which stands for return on investment. It gives the best security, ensuring that if anything happens, I can utilize the rollback feature. Moreover, it offers a lot of integration scope with other solutions. The agent is so lightweight that it does not cause any system slowness when in use, making everything good.

    The ROI I have experienced is straightforward. If I want to buy it for one year or three years, safeguarding it for three or five years down the line means my investment reduces. That is nothing but the ROI. Additionally, if I engage five engineers for this project and implement SentinelOne, then only one resource is needed to manage the dashboard and criticality alerts. This is how ROI materializes in my organization.

    Which other solutions did I evaluate?

    The decision to switch from the previous solutions was primarily driven by customer base comfort, customer adoption, and market responsiveness. Since SentinelOne is relatively new in India, having been around for five years, the customer adoption rate and ease of use made it easier for many customers to agree to replace Trellix, Trend Micro, and others. This led to a significant switch on their part.

    What other advice do I have?

    SentinelOne Singularity Complete has definitely helped free up employees for other projects and tasks, both for me and for my customers.

    SentinelOne Singularity Complete has greatly aided in reducing my mean time to detect. It is actually very fast because the agent works as an AI agent. It detects any kind of malicious activity or threat in a pretty fast way. It is very fast, and as it is an AI agent, it runs automatically, ensuring rapid detection.

    Regarding the mean time to respond, my time is getting reduced by 80, 85, or even 90 percent, which is good.

    When considering stability and reliability, if CrowdStrike can replace Trend Micro, then similarly, if SentinelOne can replace Trend Micro and Trellix, the same way CrowdStrike could potentially replace SentinelOne, indicating that the market remains highly flexible.

    Based on everything I have described, I rate SentinelOne Singularity Complete as a 10 because I have to promote it, so I present it as my best product.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: My company has a business relationship with this vendor other than being a customer. partner
    Last updated: Mar 2, 2026
    Flag as inappropriate
    PeerSpot user
    Marcelo Simoes - PeerSpot reviewer
    Head of Cybersecurity at Italtel
    Real User
    Top 5
    Apr 27, 2026
    Unified security platform has improved threat visibility and supports swift incident response
    Pros and Cons
    • "SentinelOne Singularity Cloud Security has positively impacted my organization through the ease of use of the tool and the protection that it provides."

      What is our primary use case?

      My main use case for SentinelOne Singularity Endpoint is the implementation inside of IT Brazil for around 100 users.

      I use SentinelOne Singularity Endpoint day-to-day by having a team look at its platform to monitor our equipment and environment, and we also use it to block USB ports, which are the main uses here in Brazil.

      Our team relies on SentinelOne Singularity Endpoint for both threat detection and response, though it does not happen very frequently. We keep our eyes on the application within the platform, and when it occurs, we connect SentinelOne Singularity Endpoint with our ITSM in the cloud.

      SentinelOne Singularity Endpoint supports our operations as we are using the platform for control.

      What is most valuable?

      The best features that SentinelOne Singularity Endpoint offers include the ability to see the path of how malware contaminates equipment, allowing me to follow the entire path to mitigate problems.

      This visibility helps my team by being very useful when we talk about threats; we can see the complete path from the start of a malware attempt, and we can run a remote search tool, making it very useful.

      The API integration is very helpful for our platforms, including the ITSM I mentioned earlier, and I believe the API connection between platforms is very useful.

      SentinelOne Singularity Endpoint has positively impacted my organization through the ease of use of the tool and the protection that it provides.

      When I mention the protection that comes with using SentinelOne Singularity Endpoint, I find that the ease of detection is very fast in our platform, especially in our ITSM. We enter the SentinelOne Singularity Endpoint platform and search for anything related to malware directly on the computers, ensuring that nothing passes through SentinelOne Singularity Endpoint EDR.

      What needs improvement?

      Currently, I have nothing to suggest for improvements to SentinelOne Singularity Endpoint; we are very happy with the tool.

      If I had to imagine one thing that could enhance my experience with SSentinelOne Singularity Endpoint, I would pick an easier way to view or follow the XDR platform, as I had some difficulties with it in the past.

      I think that training would be beneficial for using the XDR, as we have a lot of information available there.

      For how long have I used the solution?

      I have been using SentinelOne Singularity Endpoint for two years.

      What do I think about the stability of the solution?

      SentinelOne Singularity Endpoint is stable.

      What do I think about the scalability of the solution?

      Scaling within SentinelOne Singularity Endpoint is very easy; if we acquire more licenses, the platform automatically distributes them to our equipment.

      How are customer service and support?

      Customer support is very good; we opened a few tickets in the last month and received everything we needed from the support team.

      Which solution did I use previously and why did I switch?

      We previously used Microsoft Defender and switched because it is not an advanced EDR, leading us to change to SentinelOne Singularity Endpoint.

      Before selecting SentinelOne Singularity Endpoint, we evaluated other options such as Sophos and CrowdStrike, finding CrowdStrike to be very expensive and Sophos not meeting our requirements.

      What was our ROI?

      I believe we have seen a return on investment, particularly in terms of money saved compared to another tool.

      What's my experience with pricing, setup cost, and licensing?

      My experience with pricing, setup cost, and licensing is good; the setup is very easy, and the license is per equipment, so it feels fair.

      One noticeable benefit is that SentinelOne Singularity Endpoint is cheaper than other tools available in the market.

      What other advice do I have?

      I do not have anything else to add about my main use case or how SentinelOne Singularity Endpoint fits into my workflow.

      The unified platform experience certainly helps streamline our security operations, making things easier for my team.

      In terms of adaptability to new and unknown threats, I believe SentinelOne Singularity Endpoint is the tool I have used the most, and while I cannot compare right now since I have only used CrowdStrike once, I find SentinelOne Singularity Endpoint easier to use than CrowdStrike.

      I was not aware of the possibility to use an Offensive Security Engine, but I will seek more information on it.

      Having built-in integrations that unify various aspects of cloud security is very significant for my team, as it makes everything easier to manage.

      I advise others looking into SentinelOne Singularity Endpoint to check the ease of usage of the tool, as the platform is very helpful and the protection it provides is truly exceptional. I have given this review a rating of 10.

      Which deployment model are you using for this solution?

      Public Cloud

      If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

      Microsoft Azure
      Disclosure: My company has a business relationship with this vendor other than being a customer. Partner and Reseller
      Last updated: Apr 27, 2026
      Flag as inappropriate
      PeerSpot user
      Karsh Trivedi - PeerSpot reviewer
      Security Engineer at Payatu
      Real User
      Top 5Leaderboard
      Jul 9, 2026
      Automation has reduced alert overhead and speeds up endpoint investigations for my team
      Pros and Cons
      • "SentinelOne Singularity Endpoint has helped reduce my team's time in analyzing alerts and determining what is wrong with endpoints, and it also makes investigations easier without disrupting users."
      • "They could still work on optimizing their agent."

      What is our primary use case?

      My usual use cases for SentinelOne Singularity Endpoint are to manage and deploy it on the endpoints across my organization. I also use it for automations, which represents my primary use case.

      I use SentinelOne Singularity Endpoint mostly with my EDR. I am not heavily focused on cloud at this time as I am still in the development and learning phase of cloud deployment and cloud telemetry collection. Seeing alerts on a single pane of glass and resolving incidents has helped me significantly. It provides a better ecosystem with the AI team and all the capabilities already included.

      What is most valuable?

      The EDR feature of SentinelOne Singularity Endpoint and their detection features are excellent. They perform very well at endpoint detection and resolution. Their automated response capability is equally strong. There is also granular control over endpoint detection policies, which is valuable.

      I have integrated SentinelOne Singularity Endpoint with Splunk, and the ingestion and correlation of logs and telemetry from endpoints is strong. It provides a good perspective on what exactly happened. This really helps me as a SOC analyst to investigate what has occurred on an endpoint if there is malware or a malfunction on that particular endpoint.

      SentinelOne Singularity Endpoint has reduced the overhead of my alerts with the enhanced telemetry provided. I do not have a precise count, but it has had a significant impact. I estimate that I experience approximately twenty to thirty percent less alert overhead as they are automatically enriched and resolved.

      SentinelOne Singularity Endpoint has helped reduce my team's time in analyzing alerts and determining what is wrong with endpoints. It also makes investigations easier without disrupting users. Mean time to detect and mean time to respond are metrics where I cannot provide exact numbers, but I can say that SentinelOne Singularity Endpoint has had a noticeable positive impact, making detection and response much faster than the very manual and tedious process we had before.

      The positive benefits from using SentinelOne Singularity Endpoint include reduced effort required to interact with users during critical investigations. It has provided automation capabilities and advanced telemetry from endpoints to investigate any issues that arise. My team interacts less directly with users, so the impact to user business is minimized when cyber incidents occur and investigations are needed.

      What needs improvement?

      They could still work on optimizing their agent. Additionally, they do not appear to provide a free trial. If they could provide a free trial for one or two endpoints, it would be a better option for testing.

      For how long have I used the solution?

      I worked with SentinelOne Singularity Endpoint at Infosys for two years and have continued using it recently, for a total of approximately three years.

      What do I think about the stability of the solution?

      SentinelOne Singularity Endpoint is reliable and stable. It does not create many issues.

      I measure the stability and reliability of SentinelOne Singularity Endpoint based on how well it detects threats and how stably it performs in user environments. I do not want an EDR tool or agent to consume excessive resources from the endpoint. SentinelOne Singularity Endpoint manages this well. It would be better if it were more optimized, but overall it performs well.

      What do I think about the scalability of the solution?

      SentinelOne Singularity Endpoint is scalable and easy to scale. We simply deploy it and it scales itself.

      Scaling out might be a concern, but I have not had a need to scale down, so this has not been an issue.

      How are customer service and support?

      I am not currently in touch with technical support for SentinelOne Singularity Endpoint as I am in the early deployment phase and am learning and brushing up on the platform myself. My peers have had interactions with technical support, and they have reported that it is excellent. Technical support is overall very strong, and though I do not have direct contact with them, the feedback I have received has been positive.

      Which solution did I use previously and why did I switch?

      I previously used Quick Heal Endpoint and Quick Heal EPS, which were not sufficient for our advanced threat protection needs. We switched to SentinelOne Singularity Endpoint because of these limitations.

      How was the initial setup?

      SentinelOne Singularity Endpoint is fairly straightforward to set up and has an intuitive user interface. A clear vision of your security policies is necessary, and a phased rollout is recommended. You cannot roll out the solution to everyone at once as it might impact many people simultaneously. A phased approach with policies tailored to your organization works best.

      What's my experience with pricing, setup cost, and licensing?

      The cost of SentinelOne Singularity Endpoint is reasonable and appropriate for the features it provides. It is not too expensive or cumbersome. However, it would be beneficial if they could provide a free trial at some point.

      Which other solutions did I evaluate?

      I was considering Trend Micro Vision One as an alternative option, but SentinelOne Singularity Endpoint stood out.

      I was evaluating Trend Micro Vision One and determined that SentinelOne Singularity Endpoint was the better option for my use case with one of my particular clients. As a consultant at a service-based firm, my role is to advise organizations on what will suit them best. For that particular client, this was the optimal choice, though other clients might benefit from different options. SentinelOne Singularity Endpoint was one of my top considerations for endpoint security along with Microsoft Defender for Endpoint for Windows-only environments.

      What other advice do I have?

      SentinelOne Singularity Endpoint is a SaaS-based platform that I deployed on-premises. I would rate this solution a ten out of ten.

      Disclosure: My company does not have a business relationship with this vendor other than being a customer.
      Last updated: Jul 9, 2026
      Flag as inappropriate
      PeerSpot user
      Buyer's Guide
      Download our free SentinelOne Singularity Endpoint Report and get advice and tips from experienced pros sharing their opinions.
      Updated: June 2026
      Buyer's Guide
      Download our free SentinelOne Singularity Endpoint Report and get advice and tips from experienced pros sharing their opinions.