SentinelOne Singularity Endpoint Reviews

For the major use cases for the client, I would mention EDR.

I have worked and implemented Purple AI. While we were in India, it is more about data privacy as a protection law which has been implemented. Purple AI is collecting all the information which needs to be evaluated and correlate this entire data and segregate and disseminate into different roles and privileges. We have utilized that. These are the mechanisms which are very new into the Indian market and customers and their team members created it and accepted it as well. That is one of the major reasons to sell SentinelOne Singularity Complete.

However, we have not implemented the SecOps feature in major installation as of now.

SentinelOne Singularity Complete helps to reduce alerts by almost fifteen to twenty percent. The false alert activation is much more effective in SentinelOne Singularity Complete in competition with all the comparative tools.

It helps to free up my people and staff for other projects. It depends on a project-to-project and team-to-team basis, but it really helps. I would estimate between thirty to fifty percent.

SentinelOne Singularity Complete helps to reduce MTTD by about twenty to thirty percent.

For MTTR, it is almost another way for between fifteen to twenty percent.

As a reseller and user, I would say that SentinelOne Singularity Complete is better than its competition. I have evaluated Palo Alto, Trellix, and CrowdStrike as well. SentinelOne EDR is much better than all of them. The capability and technical capabilities are superior. It is efficient and faster detection.

For ingestion and correlation across security solutions, the agent is quite heavier when compared to other competition. The agent has to be light-weighted. That is one of the drawbacks for the competition. They have to work quite a lot.

I have been selling the product for three and a half years.

As for stability, there are no issues. It is stable.

As for scalability, it is acceptable. The scalability depends entirely on how much security is required for it. It is easy to scale that.

I would say technical support from SentinelOne is excellent. Everyone in SentinelOne is known to us for the last many years.

I would rate support eight point five out of ten. One point five has been removed just because many times it has been delayed or the support has not been available due to vacation. That should be a challenge. Ten out of ten would not even be given to AWS.

SentinelOne stands out and is the best product among those, especially in India. There was a recent strike incident with Microsoft, and SentinelOne's approach is much better and much more effective.

It is easy to deploy. The deployment model depends on the type of organization. If it is government, then it has to be on-premises. If it is more like an enterprise and BFSI, that can be over the cloud. In India, it has to be done with the intent. It can be into the SentinelOne cloud with an instance in India, or whether it has to be AWS or Azure, they are acceptable in any format.

There is a chance to buy this product through AWS Marketplace, the CPPO. I did that previously.

It is neither too costly, but definitely, it is one of the advantages that SentinelOne is quite adapted towards the pricing.

I do sell SentinelOne Singularity Complete.

I am a Chief Security Officer for Technocentric.

I have been selling this product for the last three and a half years.

I have been involved in this domain for twenty-five years.

I would give SentinelOne Singularity Complete a rating of nine out of ten.

We bought the product for endpoint protection and platform use, where we have two environments: one is the endpoint with laptops, desktops, and VDI environment, and the other is our server environment. We are using CrowdStrike for the server environment, while for the desktops and VDI environment, we are using SentinelOne, Singularity Platform.

The benefits from the product include that Singularity Platform provides complete end-to-end visibility on our malware protection and our ransomware protection across our desktops, endpoints, and thin clients and VDI environments, allowing us to control zero-day protection across our environment. There is no need to do any signature patch or anything; we only updated the sensor and fine-tuned the policy here and there during the implementation. We focus on prevention and detection instead of only detection, and we do quarantining as well, leading to complete end-to-end protection across our desktops, laptops, and thin clients and VDI environments.

The real-time personalization feature provides protection against zero-day attacks. Real-time monitoring is very much available in Singularity Platform because once the agent is up to date, it protects critical assets across our network against malicious attacks. Malicious attacks pose a big challenge as if someone downloads malicious files, we face risks. Once an EXE file with vulnerabilities is detected during installation, it will be quarantined, indicating how effective real-time functions are in those scenarios.

From an operational perspective, the customizable dashboards are easy to use, but I face concerns with the alerts from the email ticketing system. We receive alerts for every event, such as USB access attempts, which can create unnecessary noise. We fine-tuned the alert mechanism after implementing the solution to reduce this noise.

The alerting mechanism could be improved in Singularity Platform as I want to fine-tune the alerts based on the specific environment. Each environment has different requirements, such as IoT or manufacturing, and we must adapt our policies accordingly.

I have been using the product for the past two years.

I see no particular areas of improvement for the product because, having used both SentinelOne and CrowdStrike, I find SentinelOne to be good as it performs its functions without requiring much manpower after deployment. The automation helps a lot, and once implemented, we face no further issues regarding stability or scalability; everything works absolutely fine.

Singularity Platform is scalable and stable, with no issues on that part.

The tech support from SentinelOne is great.

Positive

The installation process is quite easy, with no significant issues encountered.

We can achieve ROI in about nine months rather than one year. We save approximately 20%.

Singularity Platform is very affordable compared to other options.

I would say both SentinelOne and CrowdStrike are equally good, at a 50/50 assessment between them.

The impact of Singularity Platform on our supply chain processes is significant, as supply chain processes are a real headache for the complete organization. Whenever we face any supply chain challenges, we ensure that all end-user and end patch management are updated. We must ensure that particular patches do not have zero-day vulnerabilities or critical vulnerabilities. Ensuring proper IT hygiene is a challenge as well, as some users may not be using the latest patches or may have to stick to legacy applications that prevent upgrades. Protecting our networks and systems is crucial, especially when considering that older operating system versions may not be supported. The challenge in supply chain management is significant.

We use the fraud detection feature for financial services, where we provide financial applications and solutions to our customers. It helps with risk management as it comes with a complete structured approach whenever we implement Singularity Platform. We must ensure that the systems or agents are properly implemented in a tested environment. We first identify risks and then respond. Sometimes we only detect malware files, and depending on the use case, we do our risk assessment and develop a risk methodology to put policies in place based on whether we are using Windows, Linux, or legacy systems.

Regarding the implementation issue, moving from traditional signature-based antivirus solutions to an EDR solution means the new solution must do complete scanning on the initial implementation. However, EDR functions only when incidents occur, which is a change from the previous method used by typical antivirus solutions that scan all files. It is a challenge to explain this shift in expectations, but EDR only reacts when necessary, unlike traditional tools.

I believe Singularity Platform is perfectly fine overall. Some issues with report functionalities and latency are present in other solutions, but not here. The moment we implemented it, everything was clear. It is an excellent, robust tool for protecting our endpoints.

One small example of a challenge I faced is related to connecting my log management part, specifically SIEM. I encountered some issues with parsing when connecting SentinelOne to QRadar for log management.

I would rate this review a 9.

I mostly use Singularity Platform in incident response time, especially when there is a ransomware attack or when we want to recover any previous files. My other use case is when I have to investigate any files or EXE files that have been on the PC to deeply investigate what services they are using and what type of network connections they are establishing on the PC.

I use the Pro-detection feature in financial services, and it is a very good feature. There is no need to manage any complicated cases because the Pro-detection feature works by simply analyzing over time. It takes two to three days to investigate a specific issue thoroughly, and then it gives a conclusion based on that analysis, which helps determine the actions to take.

One of the likely features of Singularity Platform is that it is very user-friendly and easy to understand. The UI is indeed very user-friendly. Alerts and writing long queries are somewhat challenging. The predefined queries of SentinelOne can be very jargony to configure and hectic to write.

Singularity Platform's real-time personalization feature is a time-taking process and not a single setup process. It takes at least six to seven months to train the platform so it can be aware of the environment, after which there is some visibility over personalization setups.

The personalization feature has been good for customer experience strategies. People are very positive about that personalization feature because the machine learning offered by Singularity Platform is very good and easy to use. Once it fully adapts to the environment, customers don't even need to monitor their endpoint protection landscape, as it can automatically learn and mitigate any threats or problems with minimal human interaction.

Risk management efforts have improved significantly with Singularity Platform. Previously, a lot of time was spent investigating issues, but now this process has reduced investigation time from days to hours. The focus is on what type of recommendations and remediations to implement, which can be completed within an hour.

Singularity Platform's real-time monitoring capability has significantly improved decision-making. Previously, decision-making was more manual, but after integrating something called Purple AI, it doesn't hallucinate and provides accurate real-time decisions, pinpointing exact problems and suggesting what changes need to be made.

One of the main benefits from using Singularity Platform is that there are no over-alerts; there are very few false positives. Most triggers are by true positives, which helps manage alert fatigue effectively and allows focus on actual threats.

Singularity Platform could be improved by providing a more comprehensive analysis part, particularly on the threat dashboard. If automated analysis in simple terms could be received to explain to customers what exactly is happening, it would be a great addition to the product.

Regarding customizable dashboards, there are predefined dashboards that provide good visibility, but customized dashboards are not that helpful. I would not recommend using them as they can become messier.

My advice for organizations considering Singularity Platform is to encourage the addition of a threat analysis part that integrates with their Purple AI, allowing explanation of specific threats in a simpler way for customers.

I have been using Singularity Platform for three years.

Experience with customer service and technical support has been primarily with tech support because, during the initial configuration time, there were many doubts. Tech support was mostly used, while customer service has not needed to be contacted. Direct contacts for technical support were available.

On a scale of one to ten, the technical support of SentinelOne would be rated as an 8.5.

Positive

The initial setup process for Singularity Platform is straightforward across all three platforms—Mac, Linux, and Windows—and doesn't require any prerequisites. It is a very lightweight agent, and the setup is easy to handle.

Singularity Platform does bring a good return on investment. First, proofs of concept are shown for the two EDRs, comparing what they offer. Large enterprises that can afford it often choose SentinelOne for its ease of management compared to other platforms.

Regarding the pricing, Singularity Platform is very high compared to other platforms that have been worked with, such as CrowdStrike and other Sophos EDRs. While it offers very good features at the enterprise level, it comes at a premium price. Licensing includes various tiers like Pro and Singularity, and while highly customizable, it is indeed expensive.

In comparison to other products, a key difference in Singularity Platform is the ability to push customizable scripts, which other platforms offer in their tiers. If detailed analysis were received instead of just a graph, showing a step-by-step explanation of each threat or process would enhance the digital forensics perspective.

From a features perspective, there are no missing functionalities in Singularity Platform; the features are quite good for now. The overall review rating for Singularity Platform is 8.

My use case for this solution is that we are an MSP. We take care of clients for small to medium-scale businesses. I think our current install base is around 7,000, maybe around there. Beyond that, we also are in the project business, so for larger customers, we handle it on a project basis.

My clients are small to medium businesses for the most part.

The best features I and my clients like the most about Singularity Platform are that, first of all, it's easy to handle. It doesn't take a lot of time to get into. There's no real obscurity. It's really easy to handle, takes a load of work from the team, and in most cases, you can literally just configure it once and leave it running until something comes up, and it will just work. There won't really be an issue in between then.

Singularity Platform saves me over 50% of my time or resources. If I have an incident I want to investigate, for example, I can just go in. I don't have to learn a complex query language. I can just ask the inbuilt Purple AI and ask about this situation. If I want to dive in deeper, I can, and it's really easy to do. I can very easily see the context, see what has happened, where it has happened, how it has happened, as opposed to other tools or even doing it manually. The time saved is almost immeasurable because it's just so much.

My thoughts on the real-time monitoring capabilities are that they are great. There's not really anything negative to say there; I like them.

When assessing the impact on supply chain processes, keeping it simple, it would basically be good. In use cases where customers are in a supply chain, the people who are concerned about them being in their supply chain usually have their concerns alleviated by SentinelOne being present.

My thoughts on the maintenance are that it is pretty easy. It is pretty much the way I would like it. If it works, you're not bothered by it. If it doesn't work, it's very easy and quick to figure out what is going wrong. The nice part about that as well is you can go the proper way and fix it as intended, or if that doesn't work, the wooden mallet is always an option to just fix it quick and dirty. Those work without issue.

The areas that have room for improvement in Singularity Platform include the fact that I am really not happy with the vulnerability management. I may or may not have a bit of a personal vendetta against vulnerability management as a whole. I feel that concept is a bit out of date in my opinion. But combine that with what I believe is absolutely subpar performance in the vulnerability management space. I just opened our console and am faced by a wall of red. We conduct regular internal pen tests on ourselves and our clients. I know those aren't able to be exploited, and seeing, even if I dive into the vulnerabilities, a good percentage of them isn't even real. Sometimes they may just be artifacts left over that are still being found and then identified. Last year, SentinelOne was awarded for best vulnerability scanner, and that was a bit amusing to me. But that's really the main part I would say could be improved. Other than that, there are a couple of minor features which I know are on the roadmap and I would like to see sooner.

I've been using Singularity Platform since 2020.

When rating the stability, let me preface this by saying that thanks to the architecture of SentinelOne being not really cloud-dependent, it won't report to the cloud if the cloud is down. Thanks to that, I don't really care about occasional downtime on the console too much. That being said, I know there have been a couple of issues in the recent months, but those are getting a lot better. I would rate stability a nine.

I rate the scalability of Singularity Platform a 10.

From one to ten, I would rate the technical support an eight.

Positive

I don't have any personal experience with CrowdStrike, sadly, but when comparing Singularity Platform to other solutions, one of the main parts is that performance is just so much better. Not just in threat detection and mitigation but also in regards to endpoint performance. If it works, nobody's going to complain, but the moment that performance is impacted just a tiny bit, it will come up. Even in those rare cases when that isn't optimal, it can very quickly be improved and worked around again. Looking at reports from MITRE ATT&CK, you can see that it works. That's what I enjoy so much about it; it's one of those things that let me sleep easy at night.

Five specialists work with Singularity Platform in my organization.

My thoughts on the customizable dashboards are somewhat detached on a general basis. I see the use for the dashboards; however, we have a bit of a unique issue because, as I mentioned, we are an MSP. We don't just have one console, but I think at this point we have 10, 13 or something consoles, all across different URLs. So I personally can't really use the dashboard customization for a lot of things. We are using it to some degree to monitor the full-service clients, but I generally recommend larger companies we onboard on a project business to utilize the customizable dashboards, especially for data ingestion. That's a real plus point to quickly visualize how much data and what types of data you ingest and where necessary, trim down on unnecessary data.

The minor features I would like to see sooner include, for example, the exclusions. When they trigger, I would like to know in retrospect and be able to see how often a certain exclusion has triggered in the past, let's say, year. So I could say that this hasn't triggered at all and I can just remove it. Also, for the upgrade policies, I would like to just be able to set that I want to upgrade agents on maybe one version behind, one major, one minor version behind, always update service packs, update with a delay of X weeks, and just do that automatically rather than having to adjust the target version manually all the time. But those are very, very minor gripes. That's pretty much all I would have as feedback.

I would rate Singularity Platform overall a 9 out of 10, as there are still some minor things that I think could be a tiny bit better.

The advice I would give others looking into Singularity Platform is that I would definitely recommend it. First off, it is easy to use. You can integrate it with everything, and you can integrate everything with SentinelOne. That isn't even an exaggeration. If you have anything that produces data, you can integrate it. That is what I love so much about it; it's just awesome. My advice would be to definitely do a proof of concept. Figure out the three to four main use cases or main causes of concern for your company, do a classic proof of concept, proof of value, figure out the key areas that you want to protect, and see if the agent plays nice with it and come to the conclusion that it does.

Public Cloud

Amazon Web Services (AWS)

I have worked with Singularity Platform, and I'm well-versed with Cloud Security, but I have not worked with the AI CM. Singularity Platform comprises three things: Identity Security, Endpoint Security, and Cloud Security. The platform has multiple products including Singularity Identity, Singularity Complete, and the AI-powered Singularity XDR. I have experience with Singularity Identity, Singularity Endpoint, and Singularity Complete products, and we will continue to work because we have more opportunities on this.

Purple AI provides features and functionalities that have been asked for by customers, and we have given those functionalities to them using Singularity Platform.

When we manage Identity Security and Endpoint Security, it's from a single console. We get data and visibility on everything happening in our environment and how it is related. We can integrate many other solutions such as Fortinet firewalls and Palo Alto firewalls. Singularity Platform provides a marketplace with many kinds of integrations with mail security solutions and firewall solutions that are very helpful for customers from the XDR point of view. We haven't used the SIM as of now, and we have not given the AI SIM to customers, but we have evaluated the product. To my knowledge, I think it's good, but when it comes to use cases, we will be able to tell how it exactly addresses the client's requirements, how it gives alerts, and how it stores data on correlation time. We need to implement it in the client's environment in order to get proper feedback.

These were the features and functionalities which have been asked for by customers, and we have provided those functionalities to them using Singularity Platform.

For the past three years, after Corona, we have started using Singularity Platform.

During the time of attacks, if there is any data loss, we were able to easily roll back those attacks and retrieve that data for the client with a single click. That's how Singularity Platform works for endpoint security. When it comes to Identity Detection and Response, it also gives much more visibility on what identities are weak. It scans all usernames and passwords in the Active Directory or Azure Directory. If you have Azure Directory, integrating with the Identity Security or Posture Management solution allows us to find out what users are in a vulnerable state and all the users to which they might have received five to ten attempts. If those kinds of attempts are received, that particular user account will be locked. We were able to write these kinds of rules from Singularity Identity itself. When it comes to threat intelligence, Singularity Platform holds its own threat intelligence data lake, and they have introduced Purple AI, which is very useful for us when dealing with attacks.

For many of our customers who got attacked after installing SentinelOne, they were not impacted on a larger scale. The impact of a ransomware attack typically encrypts all critical data and stops production. If one day of production is stopped, it sums up to, for an enterprise customer, a minimal margin of two to three crores. With this rollback functionality, we were able to address that and revert that particular endpoint to the previous good configuration state.

Singularity Platform does help with risk management. It refers to the MITRE ATT&CK framework and analyzes what the vulnerable points are in an endpoint. When it comes to cloud security through Singularity Platform's cloud capabilities, workload security or native security can scan accounts and find misconfigurations in the cloud. If there are containers, workloads, or instances, it scans everything and pinpoints any IAM roles that need to be configured, letting us know which things have not been configured for those workloads. This makes it easy for us to spot loopholes before they are exploited.

Singularity Platform has an easy-to-use console. When it comes to customization, it has some options, but I wouldn't say it is very customizable. If you are asking if this is fully customizable, I would say it is partially customizable, not fully customizable. In some places, I can understand from a security background that they have kept those features considering security. However, it lacks customization and could enable much more than that.

Even though Singularity Platform has multiple integrations with multiple solutions, it still needs more because competitive vendors such as CrowdStrike and Trend Micro provide more integrations than SentinelOne.

The first thing I would say about the negative side of Singularity Platform is that it lacks some customization and integrations compared to competitors. We can integrate Fortinet and Palo Alto, which are big players, but there are many other small companies. Even Zoho is a significant player in our market, but there are no integrations for Zoho.

For the past three years, after Corona, we have started using Singularity Platform.

In SentinelOne, we have not received reports regarding outages. Until now, we have not experienced any issues regarding stability. The product is pretty stable, and even if the agent is offline, it will handle the threats. This is pretty solid and stable.

Singularity Platform has flexible licenses, and it is also easily scalable.

The technical support from SentinelOne is very good.

One of our customers had an attack and they were using CrowdStrike. We proposed the SentinelOne alternative solution, and we were able to manage to get some details about the attack and present it to the customer.

This is a straightforward approach. Singularity Platform provides pretty much everything that is easy to configure, even by a fresher. If a fresher has basic experience in configuring endpoint security, they would be able to handle SentinelOne. The console and the configuration part are that easy, but for an endpoint security specialist, an understanding of how threat vectors evolve and how they are attacked is necessary. The console view and everything, even writing queries in the XDR, are pretty simple.

Singularity Platform is hybrid and has both on-prem deployment as well as SaaS deployment. However, when it comes to the implementation or deployment part, they recommend cloud. We have done only cloud because even from the SentinelOne team, they tell us that they do not recommend on-prem. I will say that the cloud version is better since we haven't done any on-prem deployments, and I don't believe they recommend that for customers.

For many of our customers who got attacked after installing SentinelOne, they were not impacted on a larger scale. The impact of a ransomware attack typically encrypts all critical data and stops production. If one day of production is stopped, it sums up to, for an enterprise customer, a minimal margin of two to three crores. With this rollback functionality, we were able to address that and revert that particular endpoint to the previous good configuration state.

It's average. It's not cheap, but not expensive—average cost and quite affordable.

Singularity Platform does help with risk management. It refers to the MITRE ATT&CK framework and analyzes what the vulnerable points are in an endpoint. When it comes to cloud security through Singularity Platform's cloud capabilities, workload security or native security can scan accounts and find misconfigurations in the cloud. If there are containers, workloads, or instances, it scans everything and pinpoints any IAM roles that need to be configured, letting us know which things have not been configured for those workloads. This makes it easy for us to spot loopholes before they are exploited.

My remarks are purely based on feedback from my clients.

The key unique selling points for SentinelOne are its patented rollback option and offline protection. Even when an agent is offline, we are still able to protect it. There are some protection events happening even when the agent is offline, which is not available with most vendors that expect the agents to be online. That's a good thing about SentinelOne. Additionally, we have not received any complaints regarding performance issues. I rate this solution an 8 out of 10.

I used SentinelOne Singularity Complete for endpoint security, and we selected it because we were looking for an AI-powered cloud solution.

The best features of SentinelOne Singularity Complete include a ransomware rollback feature that can be used on infected machines, which we have used before and appreciated. The deployment is fairly straightforward as well.

SentinelOne Singularity Complete's ability to ingest and correlate across our security solutions has not presented any problems. This capability provides a benefit when hunting for threats and leveraging the AI side of the platform.

Regarding alert reduction, I would not say the impact has been massive. One of the negatives we have found is that we receive quite a lot of false positives.

Overall, SentinelOne Singularity Complete saves me time, and I would say the time savings are approximately 10 to 15 percent.

The reporting in SentinelOne Singularity Complete could be improved as it is still somewhat clunky and lacks customization. Support response times could also be better.

I have been using SentinelOne Singularity Complete for approximately 18 months.

I would rate the stability of SentinelOne Singularity Complete as an eight out of ten.

I would rate the scalability of SentinelOne Singularity Complete as an eight out of ten.

I would rate the support of SentinelOne Singularity Complete overall as a six out of ten.

Neutral

SentinelOne Singularity Complete was already in place when I joined.

The deployment of SentinelOne Singularity Complete was straightforward and easy. It took approximately one day to implement SentinelOne Singularity Complete, based on the number of clients we had.

Regarding pricing for SentinelOne Singularity Complete, on a scale where one is cheap and ten is expensive, I would rate it as an eight.

When comparing SentinelOne Singularity Complete with other vendors, we use it for client-specific purposes, while other clients may use Microsoft or similar solutions. I have noticed it works well.

SentinelOne Singularity Complete has not helped us consolidate any security tools that I am aware of.

We do not use the Ranger functionality in SentinelOne Singularity Complete as we use other solutions for that purpose.

Maintenance of SentinelOne Singularity Complete is straightforward to perform. Approximately 60 users use the solution, and all users are local. SentinelOne Singularity Complete requires some maintenance as part of our internal checks to ensure policies are up to date, which we perform on a weekly basis.

We do not use Purple AI.

My advice for others looking into purchasing SentinelOne Singularity Complete is that I would definitely recommend it. I would rate this review an eight out of ten overall.

Public Cloud

Microsoft Azure

I have used SentinelOne Singularity Complete in a SOC environment where most customers were utilizing it. 

The solution has been helpful especially for the infrastructure security team. They can focus their energy on other business projects and priorities while having peace of mind knowing that even without real-time operation, SentinelOne Singularity Complete can detect vulnerabilities and contain threats until they intervene. This allows them to work on other projects, develop security policies, and strengthen their defense. The team can address other security loopholes while SentinelOne Singularity Complete manages their infrastructure.

One of the features I particularly appreciate is the hunting capability, specifically being able to use deep visibility for threat hunting. 

It's quite elaborate. It allows you to create and manage queries easily. Even if you're not very proficient in the language being used, it suggests the correct syntax when you type in plain text. If there's an error, it points out where you're wrong, enabling you to adjust the syntax. This feature is particularly beneficial for threat hunting using the deep visibility feature of SentinelOne Singularity Complete.

Additionally, the platform allows for compartmentalization, which is great because we use it for about 13 customers. It enables us to manage different environments from a single console and download relevant data for each customer.

What stands out is that this solution is not just about detection; it's also about response and containment. When it addresses an incident, it explains what occurred and suggests actions to take before further investigation.

Another excellent feature is its ability to filter events from the same company, helping to reduce noise. For instance, if a single user performs various actions that would typically trigger hundreds of alerts, this system consolidates those activities under that one user. This approach allows for tracking related events together rather than generating multiple alerts. As a result, you can analyze an incident from a holistic perspective rather than just viewing individual alerts in isolation. Overall, these capabilities enhance the effectiveness of threat management and incident response. That's my take on it!

It's capable of integrating with SIEM and other solutions. It offers enhanced interoperability. 

The main area for improvement relates to Linux compatibility. When deploying on a Linux system, the process isn't as seamless compared to other operating systems. They could enhance this by providing an easier way to implement or deploy on Linux OS systems.

I have used SentinelOne Singularity Complete for four years.

There have been no stability issues at the moment.

It's scalable.

Their support is very good. When we encounter an issue, we quickly raise support tickets, and the response time is very good.

Positive

It's not complex. It's straightforward, and the support is very good. 

SentinelOne Singularity Complete has shown a return on investment with its ability to detect threats at approximately 99% efficiency.

It's affordable. The pricing is competitive. 

SentinelOne Singularity Complete has proven beneficial in a specific case. In one instance, a customer had Microsoft licenses that were very expensive at the enterprise level. By implementing SentinelOne Singularity Complete, they were able to reduce their license plans and focus on this solution because it offered more robust features than their previous solution.

I would rate SentinelOne Singularity Complete a ten out of ten. It's a good solution.

I'm only dealing with Google SecOps right now, not other Google Cloud products. On a limited scale, I think we use Microsoft Defender for one particular customer; for the others, we are using SentinelOne Singularity Complete and Palo Alto Cortex.

I've seen a lot of improvements and simplifications, and Google SecOps has recently moved into Gartner's as the highest one for visionaries. The AI, agentic AI, integration with SOARs, and simplified SKUs and pricing are noteworthy. Most customers who have various platforms for cybersecurity do not choose Azure Defender unless they are on a Microsoft stack right now. SentinelOne Singularity Complete is the most capable in terms of detection and response, and I use it quite extensively for forensic capabilities.

SentinelOne Singularity Complete can be quite intrusive, but it has strong detection capabilities. The Ranger functionality of SentinelOne Singularity Complete for the EDR is extensively used for customers. Microsoft Defender has recently upgraded to XDR capabilities.

For Azure Sentinel, the main issue that needs improvement is the pricing; it's quite unpredictable right now in terms of cost. The use of many components within Azure itself is confusing, especially with the recent move in terms of the console from Azure Sentinel to the Defenders. The highlight is more into the pricing; it is too expensive and unpredictable right now.

For Google SecOps, the only improvement I suggest is in terms of the reporting, especially for out-of-the-box reporting that seems very lacking right now. There aren't too many useful reports coming from out-of-the-box; we have to develop them ourselves right now.

SentinelOne Singularity Complete needs to work more on increasing true positive detections to make it closer to 10. A weakness seen with one large customer was that the detections were too intrusive, blocking many applications that should have been working, which led to many false positives.

I think technical support is quite good; we have been in contact quite occasionally, and they provide expected answers.

Positive

I find the initial setup quite straightforward for SentinelOne Singularity Complete.

SentinelOne Singularity Complete can be quite intrusive; that's one of the drawbacks. It's also the first thing that we recommend right now. We prefer to use other EDR platforms such as SentinelOne Singularity Complete and Palo Alto Cortex right now.

I'm using Google SecOps. If you want, I can leave my opinion on Google SecOps.

While the others will be on the cyber threat intelligence, the primary is Google SecOps, and I think the other one is Azure Sentinel.

There is room for improvement for these solutions. It's mostly SIEM and MDR for SentinelOne Singularity Complete. I haven't used Vigilance MDR; I only know the name.

We mainly focus on SentinelOne Singularity Complete and Cortex, while the other EDRs that we have managed are less significant. It's almost similar since both SentinelOne Singularity Complete and Cortex have EDR and XDR capabilities.

In terms of non-locked XDR platforms, the best one is SentinelOne Singularity Complete right now for their XDR capabilities. Other ones such as Palo Alto Cortex or even CrowdStrike are locked into their own ecosystem right now since they have many products within that ecosystem. In terms of integration, even though it looks quite open, some are tightly coupled into their own ecosystem, especially for Palo Alto Cortex.

We haven't had that in-depth experience in terms of ingesting and correlating for SentinelOne Singularity Complete; we mainly use it right now for their EDR capabilities. Since we provide the MDR services, we mainly integrate those with Google SecOps right now for the overall SOC services. I think they are the most capable in terms of detection and response.

We only tried Purple AI but haven't used it quite extensively. I find the pricing very reasonable, especially right now compared to other top-tier EDR platforms at the same level. I usually recommend the product for both smaller and bigger organizations. My overall rating for this review is 9.

Public Cloud

Other