No more typing reviews! Try our Samantha, our new voice AI agent.
Ashish Dubey - PeerSpot reviewer
Lead Security Analyst at SecurityHQ
Real User
Dec 13, 2022
Provides a better graph showing when the alert started, the process, the challenges, and the parameters; has an AI that segregates and categorizes events
Pros and Cons
  • "The most valuable feature of SentinelOne is the good graph it provides. It has a specific page where it detects the recent attacks on other machines or the hackers, for example, group APT28 and all."
  • "An area for improvement in SentinelOne is the search feature. You can't go beyond twenty thousand events, which ruins the task because it isn't enough when you're doing your investigation."

What is our primary use case?

Using SentinelOne isn't part of my daily tasks. My team only uses it when there's a detection, so the tool is only kept as a screenshot or wallpaper and is only used when there's an alert. It doesn't give us many alerts anyway.

My company uses SentinelOne for EDR purposes for alerts, detections, and patch deployment. For example, some clients ask my team to patch multiple devices and apply policies to the devices, so my team updates policies, applies patches, and updates machines per Windows and Mac updates.

My company also uses SentinelOne for EDR detections and investigations, including forensic purposes.

What is most valuable?

The most valuable feature of SentinelOne is the good graph it provides. It has a specific page where it detects the recent attacks on other machines or the hackers, for example, group APT28 and all. It shows the active group or predators in the market, the tactics the group uses, and the recent attacks the group performed.

My company even asked a particular client to onboard devices on SentinelOne because it's easier to graph the alerts. The tool can provide you with a better graph that shows when the alert started, the process, the challenges, and the parameters of the processes.

SentinelOne also has a knowledge base embedded in it. You have to visit the page to get the details.

I also like that you can see the activities performed for the alerts received from your end. You have a bunch of people working on SentinelOne, and you don't have to worry about not knowing who received and resolved the alerts because you can get information on the activities on the tool. You can view the actions on the alerts and who has taken action. This is a valuable feature of SentinelOne that's not usually provided on the other EDRs because it's unrelated to the investigations. I can see who recently closed or resolved a particular alert on SentinelOne because the name of the person who took action will appear on the activity page.

Another feature I like a lot about SentinelOne that I can't find in other EDR solutions is the AI segregation and categorization of events. You'll be directed to the logon events category if you're looking into logon-related events. If you're looking into network-related events, you'll be directed to another category, the appropriate one. Based on your search, the SentinelOne AI will segregate the results into categories. You can click on the category and view the categories related to your events. The segregated results then make it easier to do the investigations.

What needs improvement?

An area for improvement in SentinelOne is the search feature. It could be easier. For example, you can select the number of results that will be shown to you, such as two thousand events, and you can even go up to twenty thousand events for the search you've made, but you can't go beyond twenty thousand. You can only receive up to twenty thousand if you find login-related, detection-related, or process creation-related events. That's the limitation in the search feature of SentinelOne, which ruins the task because it isn't enough when you're doing your investigation.

The retention period of the tool also has room for improvement. The retention period is a time when you can patch up the logs, even older ones. Still, on SentinelOne, the retention period is only one week or one week up to twenty-eight days, and that period is insufficient, especially for a security breach. If a security breach occurs within the company, it could be six months to a year, so if you want to view the logs, you cannot go beyond the limit set by SentinelOne.

The retention period of the tool is way less than what other EDR solutions provide. SentinelOne and CrowdStrike come with a shorter retention period, which means you cannot go beyond one month when investigating the logs.

One month is the timeframe of the retention period, and one week is real-time, as scheduled by the vendor. For forensics purposes, the retention period is critical, so what would make SentinelOne better is a more extended retention period that lets you investigate logs. If you want to patch logs, you can directly call or reach out to the vendor who can provide you with the logs. If the vendor has no logs, you won't get the initial alert when the incident starts.

What I want to see from SentinelOne in its next release is a faster search. I also wish that the twenty thousand event limitation be removed.

For how long have I used the solution?

I've been using SentinelOne for nine to ten months now.

Buyer's Guide
SentinelOne Singularity Endpoint
June 2026
Learn what your peers think about SentinelOne Singularity Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
903,871 professionals have used our research since 2012.

What do I think about the stability of the solution?

SentinelOne is a stable tool that never crashes. It's a good product.

Its stability is nine out of ten because, at times, the tool lacks robustness when searching. For example, if I want to search, it can take some time based on my ability to search. Searching on SentinelOne can be much faster because, search-wise, it could be a little laggy.

What do I think about the scalability of the solution?

The scalability of SentinelOne is much better than other tools, so it's a ten for me, scalability-wise.

How are customer service and support?

I haven't contacted the technical support for SentinelOne, but many of my colleagues had experience getting SentinelOne support. One case was about the retention period because a client had been compromised and needed more logs from SentinelOne, but the support team couldn't provide more logs as the retention period was too short.

Which solution did I use previously and why did I switch?

My company chose SentinelOne over other solutions because it's powerful in the areas of detection, flagging for alerts, and logs. The alert creation is stronger in SentinelOne, so my company went with this tool.

How was the initial setup?

The initial setup for SentinelOne was easy, and I manually performed it. It's easy to deploy a device onto SentinelOne. You have to run the agent, and the application, then the tool will be onboarded. It's that easy.

The deployment of SentinelOne hardly took me half an hour. Once you've learned how and executed the agent file on the machine, you'll start getting the logs. You'll test, configure, and collect the right resources and receive the logs.

What about the implementation team?

I implemented SentinelOne, so it's in-house.

What's my experience with pricing, setup cost, and licensing?

As a developer, I have no information on the pricing of SentinelOne.

What other advice do I have?

I'm using SentinelOne, the EDR solution.

SentinelOne is deployed on the cloud, probably the public cloud, though I wonder if it's private or public. It's on the cloud because it has many more features and doesn't use up many resources even when there's a high workload, and as a tool, SentinelOne performs very well. It may be on AWS or Azure, though.

Within the company, twenty people personally use SentinelOne daily.

My company is a partner of SentinelOne, so my team recommends it to clients, especially if clients require more detection and easy onboarding.

I'd tell anyone looking into implementing the tool that it's fun to learn and use. You can use it without needing many clicks to isolate the machine or perform your required activities. One of the best features of SentinelOne is that it has minimal mouse actions. For example, when you click on a machine, you'll get the hyperlink that shows you the machine details, the uptime, when it was first and last seen, the memory, and all the machine details. You get the details in one location, such as the applications installed on the machine, the network-related configurations of the machine, and the machine processes. You won't get as many features from other EDR solutions. You can isolate the machine, repair and update the machine, update the knowledge base and software, and onboard a particular device on SentinelOne. The tool has many more features. It's a good tool.

My rating for SentinelOne is nine out of ten. Still, if the twenty-thousand event limitation is removed, then that's the time I'd give the tool a score of ten because if there's no limit set, then you can get all process details related to your investigation.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
Principal Forensics Lead at Dotcom Security
Real User
Dec 5, 2022
The most valuable features are Deep Visibility, Remote Script Orchestration, and Ranger
Pros and Cons
  • "The solution is extremely stable."
  • "The solution can improve by adding more granular firewall capabilities."

What is our primary use case?

The primary use case of the solution is cybersecurity. The solution provides endpoint protection against direct threats and insider threats.

What is most valuable?

The most valuable features are Deep Visibility, Remote Script Orchestration, and Ranger.

What needs improvement?

The solution can improve by adding more granular firewall capabilities. I would like to see an interface where I can in one view change the security posture of all groups with one click. I would like to have a listing of all the groups and then apply what's relevant to all the groups at once.

For how long have I used the solution?

I have been using the solution for one year.

What do I think about the stability of the solution?

The solution is extremely stable.

What do I think about the scalability of the solution?

The solution is scalable.

How are customer service and support?

The tech support is brilliant.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup is straightforward. It takes about four weeks to deploy.

What about the implementation team?

The implementation was done in-house.

What was our ROI?

The ROI is good. Once you go through the stabilization phase and get to know and understand the customer's environment and configure accordingly to what the customer needs, the return is there immediately.

What's my experience with pricing, setup cost, and licensing?

The license is paid annually and is competitive. There are features that are not included in the licensing cost but it does include Vigilance and STAR.

What other advice do I have?

I give the solution a nine out of ten.

On average, once the implementation phase is complete the solution only requires two people to maintain it.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
Buyer's Guide
SentinelOne Singularity Endpoint
June 2026
Learn what your peers think about SentinelOne Singularity Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
903,871 professionals have used our research since 2012.
Tim Bosman - PeerSpot reviewer
Chief Information Officer at Amadys
Real User
Nov 26, 2022
Simple deployment and the solution just works
Pros and Cons
  • "SentinelOne is a stable solution."
  • "We made the switch because SentinelOne is not signature-based, it's an AI solution."
  • "There is room for improvement with the management interface. It could be more user friendly."

What is our primary use case?

Our primary use case for SentinelOne is antivirus and malware protection. 

What is most valuable?

I found the detection the most valuable. 

What needs improvement?

There is room for improvement with the management interface. It could be more user friendly. 

For how long have I used the solution?

I have been using SentinelOne for less than a year but more than six months. 

What do I think about the stability of the solution?

SentinelOne is a stable solution. 

What do I think about the scalability of the solution?

SentinelOne is a scalable solution. We have some 300 people using it in our organization and plan to increase usage as the company grows. Every machine we roll out gets that product.

Which solution did I use previously and why did I switch?

We used Trend Micro before we switched to SentinelOne. We made the switch because SentinelOne is not signature-based, it's an AI solution. 

How was the initial setup?

The initial setup was straightforward. It entails simple installers and we deployed it through policies. We deployed it as a package on all PCs and servers and it took two weeks.

What about the implementation team?

Deployment can be done in-house with one technical person. 

What other advice do I have?

I recommend it. It just works. 

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Vijay Mohan - PeerSpot reviewer
Senior Manager INFOSEC AND Risk ASSESSMENT Engineering at Atlas Systems
Real User
Oct 18, 2022
Beneficial ransomware blocking, simple deployment, and easy to use
Pros and Cons
  • "SentinelOne Singularity has hundreds of features. The most valuable feature of the solution is the ease of use and threat control."
  • "Ransomware blocking is a better feature in SentinelOne Singularity."
  • "The training for SentinelOne Singularity should be free. The solution has a lot of features but we do not know how to use them all. The moment someone purchases the solution they should contact them and provide them with a feature session on how to use the features."
  • "The training for SentinelOne Singularity should be free."

What is our primary use case?

We use SentinelOne Singularity for cybersecurity. For example, ransomware protection. It protects our network against the latest cybersecurity threats, continuous monitoring, and real-time checks of our network. 

There are many things that we consider in a solution, such as how often it updates and does patches, and what issues are there in the network or on the desktop or OS. If any patch is missing, it should inform me and send me CVSS and CVSE scoring of my threat perspective.

What is most valuable?

SentinelOne Singularity has hundreds of features. The most valuable feature of the solution is the ease of use and threat control.

What needs improvement?

The training for SentinelOne Singularity should be free. The solution has a lot of features but we do not know how to use them all. The moment someone purchases the solution they should contact them and provide them with a feature session on how to use the features.

When we connect the solution to our patch management system they should explain to us how to do it. Additionally, it should be notifying me what patch is missing in my system.

For how long have I used the solution?

I have been using SentinelOne Singularity for approximately six months.

What do I think about the stability of the solution?

SentinelOne Singularity is stable.

What do I think about the scalability of the solution?

We have approximately 250 users using this solution in my organization.

How are customer service and support?

I have used the support team from SentinelOne Singularity.

I rate the support from SentinelOne Singularity a four out of five.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used two solutions for the comparison, CrowdStrike and McAfee. We did do tests before going to SentinelOne Singularity in many areas, such as ease of use, technical comparison, scanning capabilities in terms of cybersecurity perspective, and ransomware protection. Ransomware blocking is a better feature in SentinelOne Singularity.

We have a team of people who have a set of parameters that we use to scan all these tools. They perform comparisons on each and every aspect and SentinelOne Singularity scored better. 

How was the initial setup?

The deployment of SentinelOne Singularity is straightforward and very easy. The whole process of deployment took four hours.

What's my experience with pricing, setup cost, and licensing?

When it came to the price compared to other solutions we tested, SentinelOne Singularity gave us the price of our expectations whereas CrowdStrike could not.

What other advice do I have?

First-time users of this solution should prioritize what they want to protect, and establish if they have the expertise to maintain it. The solutions don't require any high-end expertise to be deployed or maintained but a normal IT system administrator is needed to do it.

I would recommend this solution to others.

I rate SentinelOne Singularity a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer1935105 - PeerSpot reviewer
Cybersecurity Consulting Lead at a tech services company with 51-200 employees
Real User
Aug 23, 2022
Good pricing and security but needs better support
Pros and Cons
  • "The best thing is it has a secure shell command that you can use to get into any endpoint and do some jobs."
  • "The only problem I have is they don't manually review the threat files. That's the only thing I'm concerned about."

What is most valuable?

It's pretty good. The best thing is it has a secure shell command that you can use to get into any endpoint and do some jobs. That's a pretty cool feature. 

It's pretty much the same as similar typical solutions. It is a CrowdStrike, or SentinelOne, or Windows Defender. They do the same thing. 

The pricing is pretty good. 

What needs improvement?

It's probably not that top-notch like CrowdStrike or Microsoft Defender. However, it's okay, it's not bad. 

The only problem I have is they don't manually review the threat files. That's the only thing I'm concerned about.

The support needs improvement. There are some limitations. 

For how long have I used the solution?

I've used the solution for less than six months. 

What do I think about the stability of the solution?

It is a very stable product. There are no bugs or glitches, and it doesn't crash or freeze. It is reliable. I'd rate it a nine out of ten. 

No matter what software you use, you need to do some fine-tuning.

What do I think about the scalability of the solution?

The solution is scalable. You can pretty much deploy to anywhere.

How are customer service and support?

In terms of if we need to send them some actual threat, they cannot manually verify it. That's the limitation of the company. However, for Microsoft, or Symantec, or CrowdStrike, you can actually submit a threat file, then they can manually review it. That's the only thing I've found so far with SentinelOne. The support is not that good. Obviously, probably eventually, they will get it in one year or two years' time; however, right now, it's not there.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I've used CrowdStrike, Carbon Black, and Microsoft Defender as well. 

SentinelOne, CrowdStrike, and Carbon Black do the pretty much same thing. It all depends on the money.

The good thing about Microsoft and CrowdStrike is they can detect the device based on the traffic they're coming from. This is one of the advantages you have. With SentinelOne, this is where they're lacking. For example, for Windows Defender, if you're using your phone, you can figure out it's coming from your phone, or as long as it's coming to your enterprise network, you will know where it's coming from. This is one of the things I could not find in SentinelOne. You can only define it once you deploy it. However, without a proper deployment, you can't actually see it. For the other technologies, even though you don't deploy them, you can actually have a good understanding of the entire fleet and what's happening. For example, all emails are going to Office 365, so that's another way you get an excellent picture of the inventory assets. That's a very good NDM thing that you got it for free. With SentinelOne, they're not to that level yet.

How was the initial setup?

The initial setup is easy. It's even simpler than, for example, Windows Defender. 

The maintenance is very low. It depends on how big the organization is. The false positive rate is very low. Obviously, it should be maintained by a team. Regardless, if it's Windows Defender, CrowdStrike, SentinelOne, or Symantec, it has to be built and looked after by a soft team.

What's my experience with pricing, setup cost, and licensing?

For the functionality you get, the pricing is pretty good. I'd rate it four out of five in terms of affordability.

Which other solutions did I evaluate?

I was actually evaluating Windows Defender. I just want to check to see the selling points and the advantages of having Defender over Symantec products.

What other advice do I have?

I didn't do a technical job; I just evaluated the product. I don't have a partnership with SentinelOne. 

I'd rate the solution seven out of ten. They are pretty good overall. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
Product Manager at a tech services company with 11-50 employees
Reseller
Top 5
Aug 22, 2022
Granular, reasonably priced when compared with CrowdStrike, but the EDR is less detailed
Pros and Cons
  • "The ability to get queries by pressing the "tab" button is a plus for SentinelOne."
  • "It is difficult to manage users in SentinelOne."
  • "SentinelOne makes it more difficult to define users. It is more granular than CrowdStrike, but it is not preferred because you have to check hundreds of roles."

What is our primary use case?

In comparison to CrowdStrike, they use a lot of ICANN fees in the UI. But this isn't a problem for me because I am already familiar with CrowdStrike's interface and navigation panel. I still don't use the hamburger mini version of CrowdStrike because I am used to the old panels.

The rollback issue isn't marketed by CrowdStrike. I'm certain of it. We can, however, do it indirectly. If you want to do rollback in craft with RTR over Windows shadow copies, there is a workaround. 

This is an argument I occasionally use against SentinelOne. If you use rollback, your system has already been infected. CrowdStrike claims, that they don't do this, they are not a backup solution, and they don't allow any ransomware to work in their systems. 

By the way, rollback is a plus in the eyes of customers.

If CrowdStrike can do it with a single click, it will be a great turn of events.

What is most valuable?

The ability to get queries by pressing the "tab" button is a plus for SentinelOne.

What needs improvement?

SentinelOne makes it more difficult to define users.

It is difficult to manage users in SentinelOne.

There are many defining roles. It is granular, but it is also complicated. It is more granular than CrowdStrike, but it is not preferred because you have to check hundreds of roles. It's a challenge.

This user assignment feature would be more efficient. It would be fantastic if they could design it.

In comparison to CrowdStrike, EDR is less detailed. CrowdStrike provides more information about an adversary than SentinelOne.

Having a good EDR is a huge plus. In my opinion, it earns two points. The number will be nine if they can expand it with a more detailed one. 

I could complain about SentinelOne's pricing right now, but I am sure CrowdStrike is using its own staff to provide its clients with a complete solution. Being expensive is a little more reasonable than you think. 

Most people want to know why CrowdStrike is more expensive than other options.

CrowdStrike can assist you with their technical personnel, and CrowdStrike is the only provider who can assist you with their own threat hunters. SentinelOne is not currently doing this.

For how long have I used the solution?

I have been using SentinelOne for three weeks.

I deployed it on my computer. I am testing it and trying to evaluate what is missing between the two products. I would like to see both of their advantages and disadvantages, which are not written. I am trying to gain real-life experience with these products. I have a lab. 

On these virtual machines, I have at least ten vendors. Some are legacy antiviruses, while others are next-generation antiviruses. I have worked with a variety of brands. These labs are being used for comparison.

I use automatic updates. As a result, it's most likely the most recent version.

What do I think about the stability of the solution?

The thing is, I can't say a thing about it because I need to digest a lot of data and launch a lot of attacks on SentinelOne, which I haven't done much of. Two or three assaults.

It was successful in prevention and detection, but I need to try some other methods to see if I can bypass SentinelOne.

What do I think about the scalability of the solution?

This solution is currently being used by only two people. Myself and one of my teammates.

How are customer service and support?

Not right now because things will be different in the real world, but we are only two computers with SentinelOne. So we didn't have that kind of experience right now.

How was the initial setup?

When compared to CrowdStrike, the initial setup is more complex.

It only took me 10 minutes to install it on two PCs.

What's my experience with pricing, setup cost, and licensing?

At this time it is only a trial. After the trial period, I am going to purchase two licenses from SentinelOne. To make comparisons too and continue investigating both products.

Which other solutions did I evaluate?

We simply want to compare in real-life conditions CrowdStrike, SentinelOne, Microsoft, and other legacy antiviruses such as McAfee, Micro, and so on.

What other advice do I have?

If you are running an enterprise business, you should definitely go with CrowdStrike, but if you are on a tight budget, you could look into SentinelOne, but CrowdStrike is the better option. If you can stretch your budget.

If you need next-generation antivirus and EDR solutions or if your budget is limited, you can consider SentinelOne, but if you can increase your budget or convince your management to increase your budget, CrowdStrike would be ideal.

I am simply checking. I am not a customer. I am not a partner. I'm a CrowdStrike partner. I am only using it for my own needs. Because people frequently inquire about the differences between other brands and CrowdStrike. 

People come to me for CrowdStrike assistance. And I have to explain the key differences between the two products. And BattleKart does not accurately reflect the information. When compared to BattleKarts, the real-time experience is more valuable.

I would rate SentinelOne a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
System Engineer at Dr. Marc Daenen
Real User
Aug 16, 2022
Provides good security and protection against ransomware
Pros and Cons
  • "Offers good protection against ransomware."
  • "We chose SentinelOne because of the protection it offers against ransomware, providing good security that gives peace of mind."
  • "The anti-ransomware technology takes up a lot of disc space."
  • "The volume of shadow copies becomes too large and we have to manage that."

What is our primary use case?

This is an anti-malware and threat management product. We are customers of SentinelOne and I'm a system engineer.

What is most valuable?

We chose SentinelOne because of the protection it offers against ransomware. It provides good security that gives peace of mind.

What needs improvement?

We sometimes have issues with the disc space and that's because of the anti-ransomware technology they use. The volume of shadow copies becomes too large and we have to manage that. 

For how long have I used the solution?

I've been using this solution for two years. 

What do I think about the stability of the solution?

This is a stable product. 

What do I think about the scalability of the solution?

The solution is scalable, we have around 500 users in the company. 

How are customer service and support?

I have issued some tickets to technical support and they were very responsive. 

How would you rate customer service and support?

Positive

How was the initial setup?

We use an in-house person along with a third-party consultant for implementation.

What's my experience with pricing, setup cost, and licensing?

I believe that SentinelOne is quite an expensive solution. 

What other advice do I have?

This is a good product, but it has some issues so I rate it eight out of 10. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Jared Ochieng - PeerSpot reviewer
Information Technology Security Specialist at infoark
Real User
Top 5Leaderboard
Aug 1, 2022
Automatic update alerts, with minimal computer resources consumed, and is easy to use
Pros and Cons
  • "The initial setup is very straightforward and easy."
  • "For me, the experience has been very good."
  • "There are features that I would like them to add. They have little to do with endpoint protection, but if they could add encryption and DLP on, it would make it even better."

What is our primary use case?

I use it for company computers in reference to end-point protection scanning for malware, hunting for malware on the network, and on the devices. 

How has it helped my organization?

One is the behavioral engine and the AI are both built into the agent, so it doesn't need the internet. 

What is most valuable?

The interface is good and it is easy to use. The engine that they use to look for malware and for viruses is very good. 

What needs improvement?

There are features that I would like them to add. They have little to do with endpoint protection, but if they could add encryption and DLP on, it would make it even better. 

For how long have I used the solution?

I have been working with SentinelOne for just over a year now.

What do I think about the stability of the solution?

Yeah, it is stable. It does not use a lot of computer resources, even though the engine is built into the agent. If there are new updates, it alerts you when the updates are there and need to be installed. SentinelOne is an efficient solution.

What do I think about the scalability of the solution?

Yes, it is scalable.

How are customer service and support?

I have not had any issues that I needed to talk to customer support about.

How was the initial setup?

The initial setup is very straightforward and easy. Once you install it, auto-updates are initialized. When you put in watches, you are searching for items, you need customization, and you add or remove rules, which is quite easy.

What about the implementation team?

I use in-house implementation.

What was our ROI?

We are seeing a return on our investment.

What's my experience with pricing, setup cost, and licensing?

The licensing is okay. I don't think it is bad. Depending on which one you get, I think it is fifty dollars for each user annually. The more users you have, the cheaper it is.

Which other solutions did I evaluate?

I use all security tools from SIMS to DAMs, to DLP solutions, firewalls, etc.

What other advice do I have?

For me, the experience has been very good. I would rate SentinelOne a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer1663419 - PeerSpot reviewer
Head of Information Technology at a healthcare company with 201-500 employees
Real User
Jul 24, 2022
Responsive support with complete and total protection
Pros and Cons
  • "It has saved us from a couple of ransomware attacks already."
  • "It is very effective so far, it has saved us from a couple of ransomware attacks already, and the responsibility is taken off of us and onto them completely with complete and total protection."
  • "If they can extend their product further on the DLP side of it so that I don't have to have another agent run exclusively for DLP production, that would be ideal."

What is our primary use case?

We primarily use the solution for security. It’s for endpoint and response detection.

It is primarily protecting all my servers now, and most of the end users are connected to SharePoint OneDrive and emails, which are already taken care of from Microsoft through endpoint security. I don't have to really worry too much from the end-user point of view. Still, in case if they ever happen to click on any of the phishing emails or malicious files, it will block their computer immediately without even coming through the server level.

How has it helped my organization?

It is covering one of my IT audit purposes - not only from the protection of the data and doing security through my network but also addresses most of the compliances from an audit point of view.

What is most valuable?

It is very effective so far. It has saved us from a couple of ransomware attacks already. I'm very impressed.

They support most of the operating systems that we use - not just Windows or not just prominent versions of Apple or Linux. I have various versions that support almost all the operating systems in the market.

If there is any suspicious activity, they just straight away block the computer from further infection. The moment we call the support, they investigate everything in detail. Only then will they release it - if they find it is okay. During their own verification, they’ll see how it works and will not give access to the IT admin or to me. Only they will enable it when they are sure it is safe. The responsibility is taken off of us and onto them completely.

It is all automated. If any user or any Sentinel client is having an issue, the email alert will come, and we'll have to just look at it.

It's complete and total protection.

What needs improvement?

I cannot speak to any missing features. It has what we need.

If they can extend their product further on the DLP side of it so that I don't have to have another agent run exclusively for DLP production, that would be ideal.

For how long have I used the solution?

I’ve been using the solution for a bit more than six months now.

What do I think about the stability of the solution?

The solution is absolutely stable. There are no bugs or glitches.

What do I think about the scalability of the solution?

I haven't seen all the features. However, I will probably start looking at it since it has saved us from a couple of cyber attacks. Probably I will take a walk-through again from the technical team to understand if there are any further scalable options to implement on my infrastructure.

We are using it for service only right now. However, we have decided to scale up for all the end users.

How are customer service and support?

Support is very good, and their help is immediate.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I'm still using VDAT on Windows endpoints. We use Defender. Windows is comprehensive as well. Most Windows users with personal PCs have Windows Defender, and it works well. That said, I was not sure and still am not sure how well it will protect the servers if there is any ransomware attack on the network.

How was the initial setup?

It’s very easy to implement the solution. It’s not complex at all. I’d rate it a five out of five in terms of ease of implementation.

For me to implement across eight servers, it took maybe a day. Two days at a maximum.

It’s on the cloud and therefore doesn’t require maintenance.

What about the implementation team?

They did the implementation. However, I installed the agent. Everything and the configuration were already set. They just guided me through how exactly it was set up. They did the walk-through of the complete product, and that's it.

What was our ROI?

We’ve already seen a 100% ROI even after just a few months. I’d rate it five out of five.

What's my experience with pricing, setup cost, and licensing?

We pay to license every year. However, I’m not sure of the pricing. They might cost $100 each. It’s reasonably priced. I’d rate it four out of five in terms of affordability.

Which other solutions did I evaluate?

I did compare it to other solutions and found this product to be more compatible with more operating systems.

What other advice do I have?

We are using the latest version of the solution.

I highly recommend the solution to others.

We’re just customers.

I’d rate the solution nine out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Jeffrey Agomate - PeerSpot reviewer
Information Security Engineer at Infoprive
Real User
Jul 8, 2022
Easy to set up with great AI and helpful technical support
Pros and Cons
  • "The product can scale."
  • "SentinelOne technical support is awesome."
  • "I'd like to see more documentation."
  • "Sometimes it causes a blue screen and causes the device to crash. It causes servers or computers to crash."

What is our primary use case?

We primarily use the solution for EDR to protect critical devices.

What is most valuable?

The AI feature is great, as are its automatic features. The solution can scan for malware easily. And then the ransomware protection is excellent.

It's pretty easy to set up.

The technical support is great.

The product can scale.

What needs improvement?

The solution just needs to step up and take on other solutions. Some are a bit stronger in comparison.

My improvements have been qualitative. For example, previously they didn't have a mobile device solution. However, two months ago, or three months ago they released the mobile version. Previously, they could only cover Linux, Windows, and macOS. However, two months, three months ago roughly, they start supporting mobile devices.

I'd like to see more documentation. 

SentinelOne documentation is only available to partners or people who own SentinelOne. There is no public documentation of SentinelOne. With other EDRs you can literally fix your problem by going to the documentation publicly. There is always public documentation. However, with this product,  public documentation is hidden from subscribers. If you Google some SentinelOne issue, you don't find any answers. There needs to be more public information about the product.

We added some sessions with a customer to go through testing, including a UAT session and testing session of the solution, and the customer listed some things they wanted to see in the solution. 

For how long have I used the solution?

I've been dealing with the solution for 14 months. 

What do I think about the stability of the solution?

Overall, the solution is between 90%  and 95% stable. Sometimes it causes a blue screen and causes the device to crash. It causes servers or computers to crash. That's a huge gamble. You could install SentinelOne on your computer and if you do, there's the risk that your production machine could go down when SentinelOne came on. Stability is a gamble for SentinelOne. There's more chance of crashing your computer. And the only solution when that happens is to go and install it through safe mode.

What do I think about the scalability of the solution?

The product is actually scalable.

Our customers are small, medium, and enterprise companies. We support all of them, both small and medium enterprising arms.

How are customer service and support?

SentinelOne technical support is awesome. If there is a five-star option, I'd give them six stars. They give good support.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I'm also working with CrowdStrike Falcon. I have worked with Carbon Black as well. SentinelOne is better than Carbon Black.

The priority of EDR before any complex feature is the ability to detect and then prevent malware attacks. That will be main reason of an EDR. SentinelOne does a very good job of detection of online threats. Once you get targeted by a ransomware attack, SentinelOne will notice that. Carbon Black doesn't do that.

How was the initial setup?

The implementation process is pretty easy. 

What's my experience with pricing, setup cost, and licensing?

The pricing is reasonable. I'm an engineer and therefore can't speak to exact pricing. 

What other advice do I have?

We're a partner.

We sell SentinelOne. We implement and deploy. We have a partnership, basically. 

I'd rate the solution eight out of ten.

My advice to other users is if you are going to any solution out there, number one is to make sure if there are issues tey can be easily fixed. With this product, you won't have to have a problem going for three months unsolved or going for two months unsolved. 

Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
Buyer's Guide
Download our free SentinelOne Singularity Endpoint Report and get advice and tips from experienced pros sharing their opinions.
Updated: June 2026
Buyer's Guide
Download our free SentinelOne Singularity Endpoint Report and get advice and tips from experienced pros sharing their opinions.