SentinelOne Singularity Endpoint Reviews

Our main use case is to protect all the Linux servers. We use it only for servers, not for users.

SentinelOne Singularity Complete is one of the most mature solutions available. It shows great benefits over time.

We can install filters to analyze every alert, and make some whitelists, blacklists, and exceptions, thus helping reduce alerts.

It can reduce the organization's risk. It gives better control to our limited team resources.

It already has AI capabilities, which is one of their advantages.

When you select a policy for a type of server, such as an Active Directory, we can apply a dedicated policy. We can have a dedicated policy for Exchange Server and a dedicated policy for MS SQL, Oracle server, etc.

The interface of SentinelOne Singularity Complete is user-friendly, and we can quickly find what we need.

The main issue with SentinelOne Singularity Complete was the process memory used for Linux servers, which generated a lot of tickets and incidents due to the high load of disk consumption and memory. The problem was on all systems, but especially on Linux servers. It might have already been fixed.

SentinelOne Singularity Complete is the best EDR in the market, but it will evolve, though I have concerns about using US partners in Europe due to the geopolitical context. It is better to work with European companies.

I have been using SentinelOne Singularity Complete for approximately four years.

For stability, I would rate it a nine, as I have experienced only the issue of overload.

The technical support from SentinelOne Singularity Complete is very active and good, with a strong knowledge base available online. The response time of technical support is satisfactory and acceptable.

I would rate their support a nine out of ten based on reactivity and the solutions they provide; this is based on my team's interactions, not mine.

For Windows servers, we are using Defender. SentinelOne Singularity Complete is only used for Linux servers. 

The initial setup was not really complex; we only needed one on-premise management server to deploy to different servers. It took about two months for about 300 servers.

I am the third party assisting in the deployment.

I don't know about the licensing model. It seems easy, but it's not my area of expertise. I don't have information on how it compares to its competitors, but the pricing is per device.

We conducted some PoCs between SentinelOne Singularity Complete, Defender, and Carbon Black, and we decided to go with SentinelOne Singularity Complete based on usability. 

It is unclear if it has helped reduce our organization's mean time to detect or respond because we have a platform with four people, and we are using SOC as well. Our main activities are done by four people, and we don't have much time to conduct thorough investigations.

I cannot assess SentinelOne Singularity Complete's ability to be innovative because we stayed with it after choosing it and never compared it with others.

Overall, I would rate SentinelOne Singularity Complete a nine out of ten because nothing is perfect, but it is close.

Our customers are primarily seeking an XDR platform with Singularity Platform, which combines their EDR, next-gen antivirus, vulnerability management, and integration with their existing security portfolio. Singularity Platform is used for XDR requirements, extended detection and response, for their EDR, next-gen antivirus, vulnerability management, and the requirement to integrate with their existing security solutions like their firewalls and proxies from an XDR perspective.

From an overall security perspective, it is not related to supply chain processes as specific to the supply chain process. When customers have interactions or business relationships with their vendors or the third parties that they use as part of their business, Singularity Platform can be used to scan the internet traffic or through their XDR functionalities to determine what kind of data they are sending, if any vulnerabilities exist in their systems, and whether those vulnerabilities are exploitable or not. Those kinds of features can be mapped to a supply chain from Singularity Platform's perspective.

Singularity Platform's functionality for ransomware rollback is quite useful because if you have a ransomware attack, most EDR solutions do not have the feature to do a rollback and bring the system to its earlier state, but that is one of the unique features that Singularity Platform has which can be a game changer for customers.

Singularity Platform's customization feature is also strong; we were able to customize the dashboards and reports based on the different compliances that the customer has. We have customers in BFSI, manufacturing, and pharma, so based on their requirements, because every customer or every business has a different set of requirements, the customization of dashboard and reporting perspective is good in Singularity Platform. From an analyst level to a C-level executive, we can have different sets of dashboards with a specific set of purposes aligned with what roles they play.

The real-time monitoring capabilities in Singularity Platform are good. Some enhancements that could be made are to make it more readable or understandable to the person who is monitoring those dashboards, because sometimes what happens is it becomes too verbose or too much data is displayed from the monitoring perspective, especially from the EDR perspective. Analysts have to make sense of what logs or what alerts they are monitoring; they have to go through a lot of data before they can take any decision on whether it's a false positive or an actual threat that they should look at. If they make it easier and more understandable for the analyst, they can make an informed decision quickly. Currently, what Singularity Platform has is a bit clunky, verbose, and has too much data that might be useful or might not be useful based on the analyst, so if they simplify it, it will be more effective.

From the end user perspective regarding Singularity Platform, the deployment is very easy, which makes life easy for the administrator. Implementation doesn't require a reboot or these kinds of things after installing the agent, which is one more advantage. Additionally, it doesn't use many system resources and doesn't make the system heavy, but still works in a good way, so you're not using much of the CPU or RAM. The detection ratio is good, and we haven't seen many false positives or many attacks at our customers where Singularity Platform has been deployed. This is one added advantage because you need to spend less time on alerts or incidents, allowing your administrators to focus on different jobs rather than spending time analyzing on Singularity Platform. The deployment and installation are easy, which saves time and money from bandwidth and network perspectives and from the time that an analyst or administrator spends on deploying or installing the agent.

I do not recall a real-time personalization kind of feature in Singularity Platform.

If ranking is applied, I would rank CrowdStrike as one, Singularity Platform as two, and Palo Alto's Cortex as three. The issues mentioned in Singularity Platform are well taken care of in CrowdStrike, and CrowdStrike now has a bigger portfolio in terms of data security, identity security, and AI security. The new-age integrations are better in CrowdStrike, and I'm sure Singularity Platform will catch up, but as of now, CrowdStrike has an added advantage.

From an XDR perspective, if Singularity Platform could expand their existing set of supported log sources, that would be better. As of now, they have a limited set of security solutions that can be integrated as part of their XDR platform, and if they increase that, it would be better because not all customers will have the set of supported log sources that they have. Additionally, they don't have a scheduled scan feature; you have to do it through a different mechanism. If they can bring it as part of the platform, the scheduled scan feature would improve usability. Apart from that, from an operations or overall security perspective, we haven't found any such issues with the platform.

I have been working with Singularity Platform for three plus years.

I would rate stability for Singularity Platform as an eight from a better perspective.

Scalability is not an issue for Singularity Platform because it is delivered as a SaaS service, so scalability is taken care of by SentinelOne. I would rate it as a nine.

Technical support from SentinelOne is somewhat dependent on the engineer you are assigned. Some TAC cases are solved in a good time, but some cases faced challenges because the engineer was not competent or was not able to understand the issue or take it to its logical conclusion. I would rate it around six.

Positive

From the end user perspective regarding Singularity Platform, the deployment is very easy, which makes life easy for the administrator. Implementation doesn't require a reboot or these kinds of things after installing the agent, which is one more advantage. Additionally, it doesn't use many system resources and doesn't make the system heavy, but still works in a good way, so you're not using much of the CPU or RAM. That is one more benefit; additionally, the detection ratio is good, and we haven't seen many false positives or many attacks at our customers where Singularity Platform has been deployed. This is one added advantage because you need to spend less time on alerts or incidents, allowing your administrators to focus on different jobs rather than spending time analyzing on Singularity Platform. The deployment and installation are easy, which save time and money from bandwidth and network perspectives and from the time that an analyst or administrator spends on deploying or installing the agent. That is where I see more of the benefits.

From an XDR perspective, if Singularity Platform could expand their existing set of supported log sources, that would be better. As of now, they have a limited set of security solutions that can be integrated as part of their XDR platform, and if they increase that, it would be better because not all customers will have the set of supported log sources that they have. Additionally, they don't have a scheduled scan feature; you have to do it through a different mechanism. If they can bring it as part of the platform, the scheduled scan feature would improve usability. Apart from that, from an operations or overall security perspective, we haven't found any such issues with the platform.

It's a shadow process; they require our help during the initial implementation stage for Singularity Platform, but since it's quite easy to configure, it's a plug-and-play kind of thing. You just have to enable or disable the toggle buttons, and then you are good to go. From the deployment perspective or from the help perspective, at the initial level, they require our assistance. Once the training and handover process are done, they can easily manage it on their own.

I would compare Singularity Platform with CrowdStrike and Palo Alto's Cortex XDR.

I use SentinelOne Singularity Complete on our servers, specifically in our remote desktop services environment. I also use it alongside ESET for our workstations. Our environment isn't huge, with about 30 people, although we've had up to 50 users. I mostly use it as a security solution.

We have noticed a reduction in alerts since implementing SentinelOne Singularity Complete. 

The security aspect is the most valuable feature for me. Although SentinelOne Singularity Complete is marketed as providing superior blocking capabilities, my experience has varied. It has helped reduce alerts compared to other security solutions, which can be a positive feature since constant alerts tend to be overwhelming. However, this also leads to uncertainty about whether the solution is doing its job effectively.

The solution could improve its notifications and communications. For example, I don't receive much information about what threats have been blocked. A weekly report logging blocked threats would be helpful. Additionally, there should be a balance between too many notifications and no notifications at all, as neither product I'm familiar with strikes a comfortable medium.

An agent of ours clicked a link in an email that initiated what appeared to be a ransomware attack. The only thing that prevented the attack from succeeding was a free version of Malwarebytes that was running on the session, which effectively protected against it. The MSP confirmed that SentinelOne failed to detect the threat, but the free Malwarebytes version ultimately prevented it from impacting or compromising our systems.

Singularity Complete's interoperability with other SentinelOne solutions works well, but it doesn't work well with other third-party tools. Initially, it conflicted with the ESET we use on our workstations and the staff computers, and then they had to set up a white list for that.

I have a year and a half of experience with SentinelOne Singularity Complete.

SentinelOne Singularity Complete sometimes conflicts with third-party solutions. Initially, it conflicted with ESET on my workstations, requiring a whitelist setup. This indicates room for improvement in stability when interacting with other solutions.

My deployment is relatively small, and SentinelOne Singularity Complete works within those constraints. However, it is more of an add-on than a tool for consolidating security solutions within my organization.

My experience with SentinelOne's customer support has been mixed. We were performing a software upgrade for our Office Suite, which required temporarily disabling SentinelOne on the server. This was necessary because we were removing and reinstalling software. However, we couldn't simply request that our MSP disable it immediately. SentinelOne's policy required the MSP to contact their company and schedule the deactivation at least 24 hours before. Although we notified the MSP 12 hours before our intended start time, we could still not proceed as planned. Consequently, we had to postpone the project by an additional 24 hours.

Neutral

We previously used ESET on our servers, but our managed service provider recommended switching to SentinelOne Singularity Complete. ESET provided more frequent notifications, alerting us when it blocked something, which was helpful, although sometimes a bit excessive, similar to Norton products. While not quite as intrusive, finding a comfortable balance between ESET's transparency and Singularity Complete's lack of communication is challenging. Neither product offers the ideal middle ground; it's either an overwhelming number of notifications or none at all.

The initial setup was handled by the MSP, and I was somewhat against it from the start because I had heard rumours about it being a significant resource hog. My only concern was that I didn't want anything that would negatively impact the environment and slow it down, as the agents don't have time for that. Unfortunately, right from the start, we experienced the very impact I feared. Agent logins, which usually took around ten seconds, took six to seven minutes.

The deployment was completed in one day.

My implementation involved three people: myself, the marketing VP, and a former IT staff member. I had to reboot the servers, which caused minimal downtime.

Other than some delays initially with the agents and then during a software upgrade, there hasn't been any significant impact on ROI.

I did not notice a significant increase in cost after adding SentinelOne. It was close to the previous year's cost, which could be an annual increase unrelated to SentinelOne.

I rate SentinelOne Singularity Complete seven out of ten.

When we first deployed SentinelOne Singularity Complete with remote desktop services on our RDS server, we encountered problems. The software was running multiple instances of itself, one for each user session, in addition to the instance running on the actual server hardware. This caused the server to run extremely slowly, with users experiencing login times of six to seven minutes before reaching their desktops. To fix this issue, the MSP changed it to where it wasn't running independent sessions. It would just run on the server itself. It took the MSP half a day to make the changes.

SentinelOne Singularity Complete can be a decent solution for environments with newer hardware that can handle the overhead. It has a reputation for being secure, but its impact on performance was not suitable for my environment.

As a company with 30,000 employees and 26,000 endpoints worldwide, we have diverse operational needs that SentinelOne Singularity Complete effectively addresses.

SentinelOne Singularity Complete effectively addresses numerous challenges. As a cloud-based SaaS solution, it seamlessly protects office and remote workers, safeguarding laptops and other devices. Its comprehensive coverage extends to cloud infrastructure across multiple operating systems like iOS, Linux, and Windows, including Kubernetes environments. This versatility, coupled with its ability to fulfill various use cases, has made SentinelOne Singularity Complete our trusted security solution for the past four years.

SentinelOne Singularity Complete integrates with our other security solutions, correlating data from NDR, ADR, SIEM, and XDR tools. All this information is consolidated within SentinelOne, providing a centralized access point.

SentinelOne Singularity Complete has helped us streamline our security operations by consolidating multiple solutions into a single platform. We are currently in the process of acquiring a threat intelligence platform to complete our security stack.

We use Ranger to monitor our network and track connected devices. This is crucial because it helps us quickly identify unauthorized machines connected to our infrastructure, including personal devices. We have additional security measures in place, but Ranger provides an extra layer of protection. It also alerts us if the SentinelOne Singularity Complete agent is missing from any new or existing machines, allowing us to take appropriate action.

SentinelOne Ranger's agentless and hardware-independent nature is crucial for our environment with 26,000 endpoints, as manual management of such a large number would be extremely challenging.

Ranger uses a multi-layered approach to prevent vulnerable devices from being compromised. We employ scanners, network configurations, and a risk scanner to assess devices, endpoints, servers, and cloud infrastructures. Vulnerability reports and timelines for remediation are shared with device owners or custodians. This proactive strategy enables us to address vulnerabilities efficiently and secure our infrastructure.

SentinelOne Singularity Complete has significantly enhanced our security posture. While no system is impenetrable, this solution has brought us closer to achieving a high level of protection, ensuring we maintain at least a 90 percent security level.

Our team is dedicated to refining alerts and eliminating false positives from our solutions. Additionally, a team is responsible for identifying and excluding alerts from the solution. We can manually expedite this process by reviewing these elements and utilizing our security tools. We have been able to reduce the alert volume by 20 percent.

Our 30-member Security Operations Center team has been able to redirect their focus to other tasks due to the time saved after implementing SentinelOne Singularity Complete.

SentinelOne Singularity Complete has helped us improve our mean time to detect threats, which we accomplish using the Vigilance service for detection and response.

SentinelOne Singularity Complete has helped us decrease our organizational risk. We utilize the Security Scorecard to manage our security posture, which has remained steady at 90 percent.

Unlike other endpoint solutions like Kaspersky or Trend Micro, SentinelOne's agents are exceptionally lightweight, updating seamlessly without consuming significant network or system resources. This ensures smooth operation and user-friendly control. Moreover, SentinelOne's support team is highly competent, providing timely assistance and going the extra mile to resolve any issues.

When SentinelOne Singularity Complete is used as the central hub for viewing alerts from all integrated security solutions, it is challenging to identify the specific solution that triggered each alert.

I have been using SentinelOne Singularity Complete for almost four years.

SentinelOne Singularity Complete is stable.

The technical support team is quick to respond to and resolve our issues.

Positive

Our hybrid environment has raised security concerns for management, leading them to seek an all-in-one solution. After conducting multiple proof-of-concept tests for endpoint security, they determined that Kaspersky was insufficient for their needs due to inadequate functionality and management complexity. As a result, they transitioned to SentinelOne Singularity Complete.

SentinelOne is actively developing new innovations and introducing additional integration platforms.

I would rate SentinelOne Singularity Complete nine out of ten.

SentinelOne Singularity Complete offers comprehensive endpoint security by automatically updating without impacting bandwidth. Unlike traditional signature-based solutions, it employs a behavior-based approach to detect and immediately address malicious or suspicious files and processes.

We are 100 percent confident with SentinelOne as a strategic security partner.

Maintenance has been seamless, and while SentinelOne does notify us in advance of any required downtime, I haven't experienced any interruptions in the past year and a half.

With 30,000 employees and 26,000 endpoints worldwide, our organization has implemented SentinelOne Singularity Complete across all endpoints.

We have it for all of our client machines and servers. It is the antivirus solution for all clients and servers. We are also looking into going further with their log analysis portion. We are working with them in terms of pricing.

The overhead on the CPU is minimalistic, not taking up too many system resources.

Making exceptions and exclusions through the console interface is smooth, providing a very good experience. The clients communicate with the web console in less than a minute, which is much faster than other solutions such as Malwarebytes.

SentinelOne has helped us with consolidation. We have Malwarebytes installed along with SentinelOne, and we are moving just to SentinelOne. SentinelOne has the most widespread and up-to-date coverage because of the fact that we can deploy it fairly quickly. Its rogue detection feature helps catch systems missed during initial deployment. We are the most up-to-date now. 

It saves time for the staff once it is up and running. Once the system has gotten used to everything, it just works. There is a six to eight-month learning curve for the system to get used to your servers and software.

In the beginning, we had a fair number of false positives coming across, but once the system got set up, it has been pretty much running on its own. If we are running a lot of internal IT scripts for applications that are triggering the antivirus, it might detect that as suspicious. We have to configure it to exclude things. Overall, it is pretty smart. Its automation is working fairly well for us that way. 

As a strategic partner, they have been very vocal with us. They have been communicative and supportive. The product itself is robust. We have not had any situation where it failed and broke the computer. There is no CrowdStrike-type scenario going on.

Based on the updates they have done, they are focused on advancing the product. There is a constant evolution going on. The system is getting more robust. We are advancing and not digressing anywhere in terms of technology.

We moved from ESET, and we find that the licensing scheme, particularly how the licenses are attributed to clients, is pretty nice compared to what ESET offers. We work in a highly virtualized environment. We have roughly 150 to 160 virtualized clients that are refreshed daily. Every night, the systems refresh. With the old antivirus solution, the licensing would count into the thousands, necessitating manual deletion. Luckily, SentinelOne has a feature to decommission automatically, which has been fantastic. 

One area for improvement is automated deployment. I use it through a group policy. I put in the PC name, and when the user logs in, if the PC is in that group, it attempts an MSI install through Active Directory via GPO. That seems to play a little havoc and can conflict with manual installs, causing issues where it wants to delete and reinstall the client. To resolve this, I remove the computer from the security group, and it then stops complaining. The automated installation could improve in this regard.

We have been using SentinelOne for one year.

I would rate their support an eight out of ten. The rating would be better if they picked up the phone and had someone talk immediately. We are using the automated email process for support, and they respond within an hour or two hours sometimes.

Positive

We had moved from ESET.

We have not been hit since using it. I have experienced a ransomware attack only once, a few years ago, with minimal damage. Since then, I have not faced any intrusions, which is one reason I chose SentinelOne over ESET.

It has not helped us save costs. We are increasing costs because we are going more toward the avenue of protecting as a city. We have been watching other cities around us get hit, so there is more focused attention on protection at this level. We are moving to the complete license solution and looking at expanding that into Vigilance.

When it comes to interoperability, we are going to look at some integration with our FortiGate system for the firewall to help analyze the logs that come through there. We are slowly moving from stopping the intrusion to more like a preemptive, preventative focus.

To those considering using this solution, I would advise digging into the console and taking the time to learn. Some people complain and find it confusing, but understanding the system's ins and outs is crucial. The console is well laid out, so it is worth taking the time to learn it.

The quantity of detection is quite a lot in the first few months. The product has a learning curve, so you have to guide it in the beginning so it gets used to the scripts and applications that are running in your system. We have created quite a list of exclusions, and I always take the time to look at each one. Since September 2024, false positives have been reduced to one every two weeks.

Overall, I would rate it a nine out of ten.

This is an Umbrella platform that provides endpoint security as well as cloud security and provides ingestion like identity and network protection. These are the use cases we work with our clients as per managed security services. It provides great endpoint and cloud security services.

With the AI-based capabilities and the high detection rate, the mean time to detect and mean time to resolve the complete dwell time is less on that particular point. This really directly helps in that area.

The feedback is very good. Detection time and mean time detection, all the security metrics like mean time to detect and dwell times, make SentinelOne Singularity Complete great from the Sentinel point of view. It also provides the MITRE ATT&CK metrics on the dashboard, which helps us to understand tactics and techniques.

There are multiple features such as network controls and device control. We can manage the device as well as detect any unprotected or rogue identity and rogue endpoints across the enterprise. All of these are great features from SentinelOne Singularity Complete.

It reduces the manual intervention time. It reduces the alert noise and now has the AI capabilities to drill down that particular event or incident.

In terms of enhancement, SentinelOne Singularity Complete may increase to include some agent for email protection.

I have demo experience, not production work on the AI Purple where we can take the data from multiple vendors or from Sentinel, and it will provide the enhanced observability and visibility. I have a couple of demo level experiences because that product we are not using right now.

Scalability is also a nine.

Technical support is also good. I would rate it around nine. When we have any escalation or something, it is very helpful in that area.

Positive

It is a simple process.

We are the managed service provider, so we help our clients. Sometimes it requires some advanced level of configuration or implementation.

CrowdStrike is the main competitor, along with Palo Alto Cortex and Microsoft Sentinel. These are the three main competitors for the product range from SentinelOne.

It is very hard to compare on this point until we have any kind of detailed one-to-one comparison. It actually depends on the use case on how we are implementing and which services we are opting. SentinelOne provides MDR and EDR detection, so it is a very great portfolio when compared. However, every peer competitor is also evolving day by day, so it is very hard to tell on that point.

It is helpful because it provides the data ingestion from other vendors also. SentinelOne Singularity Complete, from the end user perspective, provides the complete security protection, which is the first thing we are looking for. It has very few false positives. With device control, we can manage the device inventory as well as compliance as per the standard working. These are the features which SentinelOne Singularity Complete provides.

SentinelOne Singularity Complete is a very great product. Network discovery and device control and these features are very helpful for administrators and cybersecurity analysts to help the cybersecurity portfolio correctly.

I would rate this review a nine overall.

As a company, we are using Singularity Platform to manage the data on the platform.

We use Singularity Platform as a unified view where we can see all the data from our applications in one place. It manages everything into one place and we have automations, so we can perform certain actions and we have rules in there where if we want to perform these actions, they can happen automatically via the Playbook functionality.

The impact of Singularity Platform on our supply chain processes streamlines it quite well. It helps in the processes. It is basically integrated into our pipeline and it helps us to push product more quickly and more securely.

Singularity Platform's real-time personalization feature has helped our customer experience strategies by allowing us to have different workspaces where we have custom views, and depending on the use case because we have many products that use Singularity Platform, they interact with the UI in different ways, producing different elements and giving us tailored views for different products.

Customizable dashboards have helped optimize operational efficiency for us because we have different products and different UIs for different products, allowing us to focus on the things that matter for different occasions. Since we are working with multiple data sources and multiple products, we needed customized solutions to really pay attention to the things that matter. These customized dashboards make it faster to work with certain products. It is easier to identify what is wrong with the product or where we need more resources.

Since starting to work with Singularity Platform, I have seen really good integration and control from the platform itself. You can perform many actions remotely through the agent, which helps with the administrative work of checking the versions of the software on the computer and what software and services are running. This really helps us collect this information on an organization-wide level.

I think the ability to automate actions and workflows is the best solution out of Singularity Platform. Other solutions are quite static in this case. You cannot really set up steps and gather information, certain pieces of information, filter them out, and based on that data, perform actions. However, Singularity Platform makes it very simple.

Singularity Platform's real-time monitoring capability has indeed helped me in decision making, as it is one of the best features of the platform. It is working really well, and while the software could seem a little bit invasive because it is working on a kernel level, it really detects a lot of things, perhaps too many things. Sometimes, these customized solutions our developers develop also get flagged in real time, and the processes get stopped and are blocked, and we have to whitelist the processes. However, for enhanced security, we definitely want this.

I think some parts of Singularity Platform could be improved or enhanced, as you most likely need to know the platform quite well to write queries and search for information. There are a few too many similar fields, such as the storyline ID and the storyline, which sometimes gets confusing. Perhaps the distinguishing could be better, but correlation in general is done very well with the storyline because it is the platform's own field for correlating data.

We have been using the solution for two and a half years.

I have noticed only a few occasions where the features, particularly the search feature, are not working with Singularity Platform. The automations, however, are working. I did not notice that they announced maintenance in advance, so it was more that I was not prepared and did not read about planned maintenance. Other than that, everything else is good and stable, apart from short windows of four to eight hours of maintenance they do every month.

If I have to rate the stability level of Singularity Platform from one to ten, I would say it would be a strong nine.

I have not run into any issues regarding how scalable Singularity Platform is, so I do not see any limitations for scalability. It is probably doing very well in that regard.

It is important to have the scalability that we have with Singularity Platform because we are always expanding and onboarding new computers. Definitely, new employees come in, and it takes a small amount of time, probably twenty minutes to set up new workers.

My experience with the technical support of Singularity Platform is that they write us back semi-quickly. If I were to rate it out of ten, I would say they are quite helpful, perhaps an eight.

Positive

Before using Singularity Platform, I was not aware of any different solution for the same use cases. When I came to the company, we moved relatively recently to Singularity Platform. We were basically fully migrated from SentinelOne.

The process of onboarding new data points to Singularity Platform is quite easy to ingest. It is really simple to add new computers to the network; you just have one command to install the agent on the computer, and it automatically appears on the platform with data coming in. It is quite easy in terms of integration and expanding the existing network. Setting up the automation rules is not so easy initially, but once you know how to set up one rule, it becomes much easier to set up more advanced actions and automatic removals of certain software or scanning.

Before choosing Singularity Platform, we were evaluating other options, and we were using Microsoft side by side. Microsoft Sentinel was quite all right, but SentinelOne had more searching capabilities and threat hunting and more automation built in.

Regarding Singularity Platform, I would go for the platform. I am most familiar with that one.

I do not currently know what version of Singularity Platform I am using. I will have to check. Probably I am using the latest version because we have automatic updates.

We are not using the fraud detection feature in financial services, as we are not doing any financial services.

Regarding Singularity Platform's real-time personalization feature, we are using it.

Overall, if I had to rate Singularity Platform from one to ten, I think an eight would be appropriate. It is quite up to our standards. I would rate this review an eight overall.

We use SentinelOne Singularity Complete for all of our endpoints, including virtual machines, physical servers, and laptops.

The solution gives us a good sense that the systems are secured against malware, drive-by fileless attacks, and advanced behavioral attacks. This is our primary reason for having the product, and it does a good job in that regard.

It does not require a lot of management. It is hard to quantify the time savings but it does not require a lot of our time. If I spend an hour a week on it, that is a lot.

It is hard to quantify the reduction in the mean time to detect unless you are a pretty big organization and you are tracking that. However, it has been able to detect things and alert about them pretty much instantly in the console. We also get emails right after that. In terms of the Vigilance MDR service, one Saturday morning, I tripped an alert for something I was doing. I thought of waiting and seeing how long it would take on a Saturday morning at 10 AM for them to jump in and figure it out. They took about 20 minutes.

Any good endpoint security product should reduce your organizational risks, and SentinelOne Singularity Complete has done that. It is almost impossible to quantify the reduction.

We were able to easily realize its benefits within 30 days.

The console is light years better than the CrowdStrike console, which had just a bunch of different screens cobbled together. It is much more unified and much easier to work with. It is very nicely designed. It is one of the better user interfaces I have ever seen for web application management. 

The product is pretty easy to manage and pretty easy to deploy. It also has a pretty low resource footprint.

The false alerts can be annoying, especially during administrative tasks. We have had a number of occasions where the software impacted a third-party application, so the application would either not run or exhibit other technical issues. We were also not getting any alerts in the console to indicate that SentinelOne was having a negative interaction with the product. Finally, after hours of troubleshooting, we turned off the endpoint security for the product, and the application just started working fine. We have probably had a good half dozen of those. It is quite annoying.

I have had experience with SentinelOne Singularity Complete for two years.

Their support is top-notch. I have been in the business for thirty years, and I have dealt with just about every support company out there. I am used to mediocre enterprise support, but SentinelOne's support is very good, deserving a ten out of ten.

Positive

We were running CrowdStrike prior to SentinelOne. We were using CrowdStrike Complete, but it was simply way too expensive to sustain for our budget. We were looking for something that was equally capable and did not have a huge price tag with it, so we ended up going with SentinelOne and their Vigilance MDR service.

SentinelOne Singularity Complete has not helped us consolidate other solutions. It was a one-for-one replacement for CrowdStrike. It has not helped us to get rid of anything at this point.

I have used Bitdefender in the past. We had their GravityZone Ultra, which had XDR Complete, but there were so many alerts. We would literally spend hours. We would pick a day a week or a day every couple of weeks and try to trace down alerts and clear out the console. From that perspective, SentinelOne does give off fewer false positives. However, when we are dealing with administrator or network administrator or developer tools, for obvious reasons, they tend to trip the alerts on the product. For normal end-user work, there are seldom any false positives or alerts that are not valid. It is almost never. I am the IT director, and it is always tripping on things I am doing. When I install some encryption software or disk wipe software, I get many alerts in SentinelOne, but for the actual end-users, typically, we do not get any false positives.

We use their public cloud. We deploy the agents ourselves. We do the updates through their public cloud, but we do the initial deployment ourselves.

The initial setup was pretty straightforward. There are some nuances to the product, naturally. It is an enterprise-class endpoint security product, so there are things that you need to learn and understand about how it works. The same is true of CrowdStrike, Palo Alto Cortex, or any other product in the same category.

We have multiple locations with about 35 remote users.

We used their onboarding service, which was very helpful because we would have meetings every week or two with the actual SentinelOne employee engineer to talk about our deployment and ask questions about particular features and best practices. It was worth the extra expense.

I had one other network administrator working on it with me, and I just assigned him the task of deploying software and working with me on some of the policy configurations.

I do most of the maintenance on it. The maintenance typically requires adding an exclusion here or there, troubleshooting an issue, or uploading logs for support to look at an issue or a question that we have. I do not spend 50 hours a year on it.

SentinelOne is significantly less expensive than CrowdStrike. I recently did a price comparison between CrowdStrike and SentinelOne to determine where we are going for the next three years. CrowdStrike is 200% to 300% the cost.

For their complete service, we were paying CrowdStrike 45K for 85 endpoints for a year. We have stepped down, and we are doing MDR and not having SentinelOne manage our policies and things. We have 200 endpoints, and our yearly cost is 17K, so we have gone from 45K to 17K. From a detection standpoint, depending upon which MITRE framework tests you look at, both vendors jockey up and down in the top ten. They are pretty comparable from a performance and efficacy standpoint, so there is not a 200% to 300% gap there.

I always do a round-robin. My final three ended up being Palo Alto Network's Cortex product and CrowdStrike's Falcon product, the lesser version of their MDR Overwatch product.

The thing that I did not like about Overwatch was that they would tell you that something was going on and here is what you should do, but they would not help you with it. SentinelOne was a little bit more helpful in terms of hopping in. Ultimately, Palo Alto is not support-friendly. I use Palo Alto Firewalls, and their support is not that great. It has not been for a while, so I hesitate to go into their endpoint security as well. It is also expensive. It requires a lot more infrastructure and cost to deploy. It is probably more akin to CrowdStrike from a cost perspective.

I briefly considered Bitdefender's MDR solution using GravityZone where they did the MDR piece of it. It was probably half or a third of what we would have spent for SentinelOne, but I did not have the sense that it was quite the next-gen product that I was looking for, even though it scored pretty well.

All these are very similar because they base their activity on what a piece of software is trying to do on the system. It is a real-time behavioral analysis. They do not use predefined signatures from the last 25 years. They are trying to do things in real time. In terms of how long it takes to have visibility into what an application is doing and how quickly they can lock it down once they have the visibility, each vendor scores differently, but each of these three would generally be considered in anybody's top five.

SentinelOne is fairly innovative. I like what they are doing with the integration of their Purple AI for being able to do real-language queries of their telemetry data. You do not need to know all the correct syntax, which helps us non-SecOps folks who have to dabble in it periodically. We can do real-world queries. I have not asked for pricing on that. It is probably more than I want to pay for it, given that we do not get too much use out of this kind of feature, but they are continuing to innovate in that regard. From that perspective, it is a good product.

SentinelOne Singularity Complete is very mature at this point.

We have not yet had an occasion to integrate it, although, in a couple of weeks, we are going to be integrating their Cloud Funnel service with another MDR provider, Red Canary. We have not done that yet, and we have not made use of their other interoperability pieces.

They have two Ranger products. One is the Ranger Identity Protection product, which is kind of an add-on product, and the other one is more of a rogue detection product. We did subscribe to the Ranger Identity Protection product, but it was so difficult to work with that we finally stopped using it. It was a subscription.

Our correlation is whatever is going on in the endpoints. We are not pulling in Palo Alto firewall telemetry, or Okta or O365 data at this point, but we are moving in that direction. We are simply using it for endpoint security and for their Vigilance MDR service.

SentinelOne is good as a strategic partner. We are in the third year of our three-year contract and plan to continue with them. We are not going to go directly to them. We are going to go through one of their partners, Red Canary, but we will be using the SentinelOne Complete product and then using Red Canary to do the MDR along with active remediation and SIEM ingestion of our Okta data, our Palo Alto firewall data, and our O365 data. They can then begin to cross-correlate events and attacks across different attack surfaces of ours.

I would rate SentinelOne Singularity Complete a nine out of ten.