I used SentinelOne Singularity Complete for endpoint security, and we selected it because we were looking for an AI-powered cloud solution.
Technical Account Manager at a computer software company with 11-50 employees
Endpoint protection has reduced ransomware impact and streamlines daily threat hunting
Pros and Cons
- "My advice for others looking into purchasing SentinelOne Singularity Complete is that I would definitely recommend it."
- "One of the negatives we have found is that we receive quite a lot of false positives."
What is our primary use case?
What is most valuable?
The best features of SentinelOne Singularity Complete include a ransomware rollback feature that can be used on infected machines, which we have used before and appreciated. The deployment is fairly straightforward as well.
SentinelOne Singularity Complete's ability to ingest and correlate across our security solutions has not presented any problems. This capability provides a benefit when hunting for threats and leveraging the AI side of the platform.
Regarding alert reduction, I would not say the impact has been massive. One of the negatives we have found is that we receive quite a lot of false positives.
Overall, SentinelOne Singularity Complete saves me time, and I would say the time savings are approximately 10 to 15 percent.
What needs improvement?
The reporting in SentinelOne Singularity Complete could be improved as it is still somewhat clunky and lacks customization. Support response times could also be better.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete for approximately 18 months.
Buyer's Guide
SentinelOne Singularity Endpoint
June 2026
Learn what your peers think about SentinelOne Singularity Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
903,871 professionals have used our research since 2012.
What do I think about the stability of the solution?
I would rate the stability of SentinelOne Singularity Complete as an eight out of ten.
What do I think about the scalability of the solution?
I would rate the scalability of SentinelOne Singularity Complete as an eight out of ten.
How are customer service and support?
I would rate the support of SentinelOne Singularity Complete overall as a six out of ten.
Which solution did I use previously and why did I switch?
SentinelOne Singularity Complete was already in place when I joined.
How was the initial setup?
The deployment of SentinelOne Singularity Complete was straightforward and easy. It took approximately one day to implement SentinelOne Singularity Complete, based on the number of clients we had.
What's my experience with pricing, setup cost, and licensing?
Regarding pricing for SentinelOne Singularity Complete, on a scale where one is cheap and ten is expensive, I would rate it as an eight.
Which other solutions did I evaluate?
When comparing SentinelOne Singularity Complete with other vendors, we use it for client-specific purposes, while other clients may use Microsoft or similar solutions. I have noticed it works well.
What other advice do I have?
SentinelOne Singularity Complete has not helped us consolidate any security tools that I am aware of.
We do not use the Ranger functionality in SentinelOne Singularity Complete as we use other solutions for that purpose.
Maintenance of SentinelOne Singularity Complete is straightforward to perform. Approximately 60 users use the solution, and all users are local. SentinelOne Singularity Complete requires some maintenance as part of our internal checks to ensure policies are up to date, which we perform on a weekly basis.
We do not use Purple AI.
My advice for others looking into purchasing SentinelOne Singularity Complete is that I would definitely recommend it. I would rate this review an eight out of ten overall.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Mar 23, 2026
Flag as inappropriateSoc Analyst at Softcell Technologies Limited
Advanced detection has strengthened endpoint protection and simplifies real-time threat response
Pros and Cons
- "The main benefits that SentinelOne Singularity Endpoint brings to the table are enhanced security and improved operational efficiency."
- "I would like to see some improvements in SentinelOne Singularity Endpoint; there are features that are currently missing that I would like to see included or enhanced in the future."
What is our primary use case?
I use it primarily for endpoint protection, and I utilize it in various security scenarios. I work with SentinelOne Singularity Endpoint. I do use Purple AI, and data privacy and security are very important when utilizing Purple AI; it meets these needs well.
What is most valuable?
What I appreciate about it are its advanced detection capabilities and user-friendly interface; those are the best features in it.
My impressions of SentinelOne Singularity Endpoint's ability to ingest and correlate across my security solutions are very positive; it works effectively. SentinelOne Singularity Endpoint has helped me consolidate my security solutions significantly. I have examples about the consolidation of my security solutions with SentinelOne Singularity Endpoint; I appreciate discussing the threats that we have encountered.
I use the solution's Ranger functionality, and it has been helpful. SentinelOne Singularity Endpoint has helped to reduce alerts for me, making it easier to manage. SentinelOne Singularity Endpoint has helped to free up my staff for other projects and tasks, and I have seen time-saving aspects; I can share how much time it saved us.
It detects threats in real-time, which does not require prior scenarios. If we observe multiple false positives, we reach out to clients directly if the alert is serious; SentinelOne Singularity Endpoint does the remaining part for us by identifying and securing the client's endpoint, so we do not have to do any manual work.
Purple AI amplifies team knowledge effectively in my environment, and it has been very helpful. I assess Purple AI's capability in providing synthesized threat intelligence and contextual insights as strong. Purple AI's ability to streamline threat investigations has a positive impact on my SecOps workflows.
The main benefits that SentinelOne Singularity Endpoint brings to the table are enhanced security and improved operational efficiency.
What needs improvement?
I would like to see some improvements in SentinelOne Singularity Endpoint; there are features that are currently missing that I would like to see included or enhanced in the future.
For how long have I used the solution?
I have been using SentinelOne Singularity Endpoint more than a year.
What do I think about the stability of the solution?
Regarding the procurement aspect, I do not know where I bought it from, but I have not experienced any crashes, downtimes, or performance issues with SentinelOne Singularity Endpoint.
How are customer service and support?
I would evaluate customer service and technical support as an 8 on a scale of 1 to 10.
How was the initial setup?
The initial setup process is straightforward for me; I do not find any complexities with the setup.
What was our ROI?
Regarding the pricing aspect, I have experience with it, and I have seen ROI with it.
Which other solutions did I evaluate?
The main differences, both pros and cons of SentinelOne Singularity Endpoint compared to other endpoint protection products I have worked with, are notable.
What other advice do I have?
I use the solution's Ranger functionality, and it has been helpful. Given my experience with SentinelOne Singularity Endpoint, my advice for organizations considering it would be to certainly assess its capabilities. I rate this product as a 9 overall.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Last updated: Apr 23, 2026
Flag as inappropriateBuyer's Guide
SentinelOne Singularity Endpoint
June 2026
Learn what your peers think about SentinelOne Singularity Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
903,871 professionals have used our research since 2012.
Customer Success Manager at Digitank Technology
Has improved threat hunting through query suggestions and contextual incident storylines
Pros and Cons
- "SentinelOne Singularity Complete has shown a return on investment with its ability to detect threats at approximately 99% efficiency."
- "The main area for improvement relates to Linux compatibility. When deploying on a Linux system, the process isn't as seamless compared to other operating systems."
What is our primary use case?
I have used SentinelOne Singularity Complete in a SOC environment where most customers were utilizing it.
How has it helped my organization?
The solution has been helpful especially for the infrastructure security team. They can focus their energy on other business projects and priorities while having peace of mind knowing that even without real-time operation, SentinelOne Singularity Complete can detect vulnerabilities and contain threats until they intervene. This allows them to work on other projects, develop security policies, and strengthen their defense. The team can address other security loopholes while SentinelOne Singularity Complete manages their infrastructure.
What is most valuable?
One of the features I particularly appreciate is the hunting capability, specifically being able to use deep visibility for threat hunting.
It's quite elaborate. It allows you to create and manage queries easily. Even if you're not very proficient in the language being used, it suggests the correct syntax when you type in plain text. If there's an error, it points out where you're wrong, enabling you to adjust the syntax. This feature is particularly beneficial for threat hunting using the deep visibility feature of SentinelOne Singularity Complete.
Additionally, the platform allows for compartmentalization, which is great because we use it for about 13 customers. It enables us to manage different environments from a single console and download relevant data for each customer.
What stands out is that this solution is not just about detection; it's also about response and containment. When it addresses an incident, it explains what occurred and suggests actions to take before further investigation.
Another excellent feature is its ability to filter events from the same company, helping to reduce noise. For instance, if a single user performs various actions that would typically trigger hundreds of alerts, this system consolidates those activities under that one user. This approach allows for tracking related events together rather than generating multiple alerts. As a result, you can analyze an incident from a holistic perspective rather than just viewing individual alerts in isolation. Overall, these capabilities enhance the effectiveness of threat management and incident response. That's my take on it!
It's capable of integrating with SIEM and other solutions. It offers enhanced interoperability.
What needs improvement?
The main area for improvement relates to Linux compatibility. When deploying on a Linux system, the process isn't as seamless compared to other operating systems. They could enhance this by providing an easier way to implement or deploy on Linux OS systems.
For how long have I used the solution?
I have used SentinelOne Singularity Complete for four years.
What do I think about the stability of the solution?
There have been no stability issues at the moment.
What do I think about the scalability of the solution?
It's scalable.
How are customer service and support?
Their support is very good. When we encounter an issue, we quickly raise support tickets, and the response time is very good.
How would you rate customer service and support?
Positive
How was the initial setup?
It's not complex. It's straightforward, and the support is very good.
What was our ROI?
SentinelOne Singularity Complete has shown a return on investment with its ability to detect threats at approximately 99% efficiency.
What's my experience with pricing, setup cost, and licensing?
It's affordable. The pricing is competitive.
SentinelOne Singularity Complete has proven beneficial in a specific case. In one instance, a customer had Microsoft licenses that were very expensive at the enterprise level. By implementing SentinelOne Singularity Complete, they were able to reduce their license plans and focus on this solution because it offered more robust features than their previous solution.
What other advice do I have?
I would rate SentinelOne Singularity Complete a ten out of ten. It's a good solution.
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Assistant Manager Cyber Security Engineer at a tech services company with 51-200 employees
Automated threat detection has reduced response times and has restored critical files from attacks
Pros and Cons
- "We can manage multiple tools including next-gen SIEM, identity security, cloud security, EDR, and XDR in a single platform with a single agent, so we do not need to manage multiple products."
- "Sometimes the firewall policy and device control policies are not working properly, so they need to work on this part."
What is our primary use case?
My main use case for SentinelOne Singularity Endpoint is to use the VSS Shadow Copies, which help us regain access to files that are deleted or modified by threats.
Once in our network, there was an attack, something similar to ransomware, which affected files in our endpoints. VSS stores the shadows of every file and takes a backup every four hours. I used the ShadowExplorer app to re-export those files and gain access to those deleted, quarantined, or modified files.
What is most valuable?
SentinelOne Singularity Endpoint is very useful because it has lightweight agents and a single agent works on multiple platforms including Identity, EDR, XDR, DLP, firewall control, and device control.
It has the capability to showcase the telemetries gathered from all the endpoints or devices in the network and shows every attack chain in the XDR dashboard.
Normal detection does not show which back-end process or child process is malicious. By using the telemetry and the attack chains in the graph, I can explore more about how the attack is progressing in our environment, from which application to which process, which registry changes, which domains, or hosted IPs are working in the back end.
Singularity Endpoint's AI capabilities help us detect more advanced threats in our environment, and it helps us gain less time to respond to those attacks. I use Purple AI to create multiple reports and can ask anything to generate reports or logs.
It provides mostly accurate results.
SentinelOne Singularity Endpoint is deployed in our organization in a public cloud. It can integrate with multiple third-party solutions which help us gain multiple logs from across the network, including firewall and SIEM. It helps us detect faster and hidden threats.
It did help us consolidate our security solutions. We can manage multiple tools including next-gen SIEM, identity security, cloud security, EDR, and XDR in a single platform with a single agent, so we do not need to manage multiple products.
I use the Ranger functionality in SentinelOne. It provides full visibility of both unprotected and protected devices. It also helps push the agent directly to unprotected devices, which is very important.
Singularity Complete has helped reduce alerts.
It saved much more time because we can take action on multiple solutions from a single management console.
Mean Time to Detect is reduced by fifty percent.
Mean Time to Respond is reduced by forty percent.
SentinelOne Singularity is used mostly for its detection models, AI engines, and machine learning engines, and it has the capability to run multiple tools in a single platform.
What needs improvement?
Its agent gets offline multiple times, mostly in Windows 7 which has legacy versions.
I chose nine out of ten for SentinelOne Singularity Endpoint because the endpoint is getting offline multiple times. Sometimes the firewall policy and device control policies are not working properly, so they need to work on this part.
For how long have I used the solution?
I have been using SentinelOne Singularity Endpoint for four years.
What do I think about the stability of the solution?
SentinelOne Singularity Endpoint is a stable tool.
How are customer service and support?
Customer support is good.
Which solution did I use previously and why did I switch?
I used Trend Micro Endpoint Security, which is very complex to use in the management console.
After changing from Trend Micro, we are observing fewer attacks.
There are multiple positive changes. Trend Micro's agent is very heavy and consumes more CPU, RAM, and storage. SentinelOne has a lightweight agent that also helps us regain the quarantined or modified files affected by viruses. Trend Micro does not have that feature.
What was our ROI?
I have seen a return on investment.
What's my experience with pricing, setup cost, and licensing?
The pricing and setup costs are not high but in the medium range.
Which other solutions did I evaluate?
I evaluated other options, which are CrowdStrike and Cortex XDR.
What other advice do I have?
I gave this product a review rating of nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Last updated: Jul 7, 2026
Flag as inappropriateSecurity Engineer at a comms service provider with 11-50 employees
Endpoint protection has reduced response times and now frees my team for deeper investigations
Pros and Cons
- "My favorite feature about it is the full visibility into telemetry."
- "It's easy to deploy, but the documentation about the Linux part could be better because it's a little complicated only on the Linux part, specifically on Ubuntu; it could be clearer and simpler."
What is our primary use case?
I use SentinelOne Singularity Endpoint as HDR, as the product is designed.
What is most valuable?
My favorite feature about it is the full visibility into telemetry.
SentinelOne Singularity Endpoint has helped reduce alerts, but false positives could be less.
It has helped me in my investigation to free up my staff for other projects.
I have seen a reduction in mean time to respond.
What needs improvement?
I think the visibility on Storyline could be better.
I could not comment on the Ranger functionality because I don't use it.
I have seen a reduction in mean time to respond and it has helped me in investigations to free up my staff for other projects.
I tried using the Purple AI feature.
I think it's great and it's working very well and has helped reduce the mean time to respond. The description is great; it's not too specific and not too much reduced. The long summary is excellent; it provides a great summary.
For how long have I used the solution?
I have been working with SentinelOne Singularity Endpoint for eight months.
What do I think about the stability of the solution?
The stability of SentinelOne Singularity Endpoint is great and I would rate it 10.
What do I think about the scalability of the solution?
SentinelOne Singularity Endpoint is very scalable and I would rate it 10.
How are customer service and support?
I have had to contact technical support and it worked well.
I think the quality of their support is 10 and the speed could be nine.
If I were to put together an overall score for the support, I would give them nine.
Which solution did I use previously and why did I switch?
I have used many products as alternatives to SentinelOne Singularity Endpoint.
How was the initial setup?
I am involved in the initial deployment and it's working great.
It's easy to deploy, but the documentation about the Linux part could be better because it's a little complicated only on the Linux part, specifically on Ubuntu; it could be clearer and simpler.
SentinelOne Singularity Endpoint requires a little bit of maintenance on the agent upgrade, so a feature to auto-deliver updates month by month would be great.
What about the implementation team?
SentinelOne Singularity Endpoint consolidated the environment.
What was our ROI?
I can give 30% as a number for the reduction.
Which other solutions did I evaluate?
The product closest in terms of quality and features to SentinelOne Singularity Endpoint is CrowdStrike.
I prefer CrowdStrike over SentinelOne Singularity Endpoint.
I prefer CrowdStrike because I could see a lot more information in the detection part and the false positives are reduced.
What other advice do I have?
Data privacy and security are very important for us when using Purple AI because we work with some Italian government companies or government-related companies, so privacy and European regulation are very important.
SentinelOne Singularity Endpoint consolidated the environment.
Endpoint protection solutions were consolidated now that I don't need them.
I would rate this review 9 overall.
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
Last updated: May 28, 2026
Flag as inappropriateConsultant at a tech services company with 1,001-5,000 employees
Has improved threat detection and streamlined integrations through strong XDR and forensic capabilities
Pros and Cons
- "I've seen a lot of improvements and simplifications, and Google SecOps has recently moved into Gartner's as the highest one for visionaries."
- "A weakness seen with one large customer was that the detections were too intrusive, blocking many applications that should have been working, which led to many false positives."
What is our primary use case?
I'm only dealing with Google SecOps right now, not other Google Cloud products. On a limited scale, I think we use Microsoft Defender for one particular customer; for the others, we are using SentinelOne Singularity Complete and Palo Alto Cortex.
What is most valuable?
I've seen a lot of improvements and simplifications, and Google SecOps has recently moved into Gartner's as the highest one for visionaries. The AI, agentic AI, integration with SOARs, and simplified SKUs and pricing are noteworthy. Most customers who have various platforms for cybersecurity do not choose Azure Defender unless they are on a Microsoft stack right now. SentinelOne Singularity Complete is the most capable in terms of detection and response, and I use it quite extensively for forensic capabilities.
SentinelOne Singularity Complete can be quite intrusive, but it has strong detection capabilities. The Ranger functionality of SentinelOne Singularity Complete for the EDR is extensively used for customers. Microsoft Defender has recently upgraded to XDR capabilities.
What needs improvement?
For Azure Sentinel, the main issue that needs improvement is the pricing; it's quite unpredictable right now in terms of cost. The use of many components within Azure itself is confusing, especially with the recent move in terms of the console from Azure Sentinel to the Defenders. The highlight is more into the pricing; it is too expensive and unpredictable right now.
For Google SecOps, the only improvement I suggest is in terms of the reporting, especially for out-of-the-box reporting that seems very lacking right now. There aren't too many useful reports coming from out-of-the-box; we have to develop them ourselves right now.
SentinelOne Singularity Complete needs to work more on increasing true positive detections to make it closer to 10. A weakness seen with one large customer was that the detections were too intrusive, blocking many applications that should have been working, which led to many false positives.
How are customer service and support?
I think technical support is quite good; we have been in contact quite occasionally, and they provide expected answers.
How would you rate customer service and support?
Positive
How was the initial setup?
I find the initial setup quite straightforward for SentinelOne Singularity Complete.
Which other solutions did I evaluate?
SentinelOne Singularity Complete can be quite intrusive; that's one of the drawbacks. It's also the first thing that we recommend right now. We prefer to use other EDR platforms such as SentinelOne Singularity Complete and Palo Alto Cortex right now.
What other advice do I have?
I'm using Google SecOps. If you want, I can leave my opinion on Google SecOps.
While the others will be on the cyber threat intelligence, the primary is Google SecOps, and I think the other one is Azure Sentinel.
There is room for improvement for these solutions. It's mostly SIEM and MDR for SentinelOne Singularity Complete. I haven't used Vigilance MDR; I only know the name.
We mainly focus on SentinelOne Singularity Complete and Cortex, while the other EDRs that we have managed are less significant. It's almost similar since both SentinelOne Singularity Complete and Cortex have EDR and XDR capabilities.
In terms of non-locked XDR platforms, the best one is SentinelOne Singularity Complete right now for their XDR capabilities. Other ones such as Palo Alto Cortex or even CrowdStrike are locked into their own ecosystem right now since they have many products within that ecosystem. In terms of integration, even though it looks quite open, some are tightly coupled into their own ecosystem, especially for Palo Alto Cortex.
We haven't had that in-depth experience in terms of ingesting and correlating for SentinelOne Singularity Complete; we mainly use it right now for their EDR capabilities. Since we provide the MDR services, we mainly integrate those with Google SecOps right now for the overall SOC services. I think they are the most capable in terms of detection and response.
We only tried Purple AI but haven't used it quite extensively. I find the pricing very reasonable, especially right now compared to other top-tier EDR platforms at the same level. I usually recommend the product for both smaller and bigger organizations. My overall rating for this review is 9.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Last updated: Nov 4, 2025
Flag as inappropriateCybersecurity Engineer at a tech services company with 51-200 employees
Automated detection and response have reduced investigations and protect endpoints in real time
Pros and Cons
- "Since deploying SentinelOne Singularity Endpoint, I have seen faster threat detection and response, better visibility across our endpoints, and less time spent investigating security incidents."
- "SentinelOne Singularity Endpoint can be improved in some areas."
What is our primary use case?
My main use cases for SentinelOne Singularity Endpoint are endpoint detection and response, real-time threat prevention, and incident investigations. It helps us protect laptops, desktops, and servers from malware, ransomware, and other advanced threats while providing centralized visibility into endpoints and their activity. I also use its automated remediation capabilities to quickly isolate infected devices, roll back ransomware where applicable, and reduce the manual response effort.
I can provide a specific example of how my team used SentinelOne Singularity Endpoint in a real situation. We received an alert from SentinelOne Singularity Endpoint indicating suspicious PowerShell activity on an employee's laptop. The platform correlated the behavior with a malicious Office document that had launched the script attempting to download additional payloads. SentinelOne automatically killed the malicious process, quarantined the file, and isolated the endpoint from the network to prevent lateral movement. Using the process timeline, the security team quickly identified the root cause, confirmed that no other endpoints were affected, removed the malicious document, and returned the device to service. The entire incident was contained within minutes without any ransomware encryption or data loss.
I have many use cases for SentinelOne Singularity Endpoint.
How has it helped my organization?
Since deploying SentinelOne Singularity Endpoint, I have seen faster threat detection and response, better visibility across our endpoints, and less time spent investigating security incidents. The automated containment and remediation features have reduced manual work for our security teams, and the centralized console has made it easier to monitor endpoint health and respond to threats.
I have seen faster detection with better context. Keeping our most critical security incidents in mind, the biggest improvement has been reduced investigation time thanks to the storyline features and automated remediation, allowing analysts to focus on the higher-priority security alerts.
What is most valuable?
The best features SentinelOne Singularity Endpoint offers that stand out to me the most are its behavioral AI detection, automated response capabilities, and detailed incident visibility. The storyline features, in particular, give a response timeline, while the process storyline makes it much easier to investigate the incident and understand exactly what happened.
SentinelOne Singularity Endpoint has behavioral AI detection, automated remediation and ransomware rollback, network isolations, storyline technology, threat hunting, remote response, and centralized management as the main features.
What needs improvement?
SentinelOne Singularity Endpoint can be improved in some areas. The management console can be complex for new users, and some advanced features require a learning curve to use effectively. Organizations with large environments may also want more flexible reporting and dashboard customization. While false positives are generally low, behavioral detection can still require analyst review and tuning to reduce unnecessary alerts.
I would like to see more customizable dashboards for executive reporting, simpler policy management and reduced false positives, faster support response times, deeper native integrations, more granular permissions, and easier onboarding and training.
For how long have I used the solution?
I have been working in my current field for the last one year.
I have been using SentinelOne Singularity Endpoint for one year.
What do I think about the stability of the solution?
SentinelOne Singularity Endpoint is generally stable and reliable.
What do I think about the scalability of the solution?
SentinelOne Singularity Endpoint has good scalability, ranging from small deployments to large enterprise environments. The cloud-based management model makes it easier to onboard, manage, and monitor large numbers of endpoints without needing additional backend infrastructure.
How are customer service and support?
Customer support for SentinelOne is generally good, with knowledgeable technical teams and useful resources for troubleshooting and deployment questions.
Which solution did I use previously and why did I switch?
I previously used another endpoint security solution and switched to SentinelOne Singularity Endpoint because I needed stronger behavior detection, faster incident response, and better automations. The previous solution provided basic endpoint protection.
What was our ROI?
I have seen a return on investment from SentinelOne Singularity Endpoint. The main value has come from reducing manual security operations, improved incident response time, and consolidating multiple endpoint security tools into one platform.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing is that the licensing model was relatively straightforward and cost-effective compared to my past solutions.
Which other solutions did I evaluate?
Before choosing SentinelOne Singularity Endpoint, I evaluated several endpoint security solutions including Microsoft Defender for Endpoint and CrowdStrike.
What other advice do I have?
My advice to others looking into using SentinelOne Singularity Endpoint would be to clearly define your security goals and how SentinelOne Singularity Endpoint would fit into your existing security operations and deployment. I would rate this product a 9 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Jul 7, 2026
Flag as inappropriateSoc Analyst at Softcell Technologies Limited
Endpoint protection has cut alerts and detection time while streamlining ransomware response
Pros and Cons
- "SentinelOne Singularity Endpoint has helped reduce alerts for us by almost 50%."
- "For SentinelOne Singularity Endpoint, the first issue I dislike is the high CPU utilization, and the second is a very high number of false positive alerts from the EDR."
What is our primary use case?
SentinelOne Singularity Endpoint's main use case is that it includes EDR, XDR, and NGSM. SentinelOne Singularity Complete has the ability to ingest and correlate across security solutions extensively. It functions as an EDR, XDR, and MDR mix with Purple AI and NGSM real-time monitoring tools.
Ranger functionality is a network discovery and control feature. Its primary role is to identify and manage unmanaged devices on the network. It detects devices in our network, ingests logs from network sources, and captures threat metrics, including IOCs. Ranger functionality is effective for identifying rogue devices in our network.
What is most valuable?
What I appreciate most about SentinelOne Singularity Endpoint is the fastest response of EDR and the rollback VSS capability. The rollback feature is my top preference, followed by the fastest response from the EDR side.
SentinelOne has helped reduce alerts for us by almost 50%. Before implementing SentinelOne Singularity, my colleague told me that we were using an AV, but I do not have knowledge about which AV we were using. After using SentinelOne Singularity platform, the time has reduced by 50%.
There is up to 30 to 40% mean time reduction in MTTD.
For mean time to resolve, whenever we get the alert from the console, we integrate SentinelOne Singularity with a sub-console, so it raises the alert within five minutes.
What needs improvement?
For SentinelOne Singularity Endpoint, the first issue I dislike is the high CPU utilization, and the second is a very high number of false positive alerts from the EDR.
Data security is very important in today's organizations when using Purple AI with endpoints in the SentinelOne Singularity network and applications everywhere. However, SentinelOne Singularity does not have strong features for data security. Purple AI is used to find IOCs, hashes, zero-day vulnerabilities, or CVEs found in the network. We use it for that purpose only. From a data security perspective, SentinelOne Singularity does not have a major role. With Purple AI, we ask questions about an IOC or provide a query and receive answers from Purple AI, but that is the extent of its functionality.
For how long have I used the solution?
I have been working with this solution for eight months.
What do I think about the stability of the solution?
SentinelOne Singularity Endpoint protection runs continuously. I heard news about one or two years ago that CrowdStrike had a blue screen issue, but I have not heard any news about SentinelOne lagging or crashing. I have been using it for the last eight months with no issues from the Singularity application.
What do I think about the scalability of the solution?
Scalability with SentinelOne depends on your organization and how many licenses you have. I am a co-worker of Softcell, and we have a license for 7,000 to 8,000 endpoints. Currently, we have only 6,000 endpoints implemented for our customers and for our use only. Scalability-wise, it is very scalable and depends on how many licenses your organization has purchased from SentinelOne.
How are customer service and support?
Support is very important for SentinelOne Singularity Endpoint. Because it is a SaaS product, whenever we get stuck, we require a TAC team or support team. For instance, two days ago, one of our customers was hit by a ransomware attack. We required the support team to help us with root cause analysis to find out why the ransomware entered our client's organization. The support team helped us all night, standing with our customer while providing support to us. Support is very important for SentinelOne, and the TAC team is essential.
If I were to rate the support on a scale from one to ten, I would give it a nine. Support is important for us.
Which solution did I use previously and why did I switch?
Before SentinelOne Singularity Endpoint, I used an AV, but I do not have knowledge about which AV it was.
How was the initial setup?
SentinelOne Singularity Endpoint's initial deployment is very easy. I have eight months of experience with it and take on some admin responsibilities. We have to set up the tenant, though I do not have access to do so. I am downloading the packages during our initial deployment. Downloading the packages and installing them is very easy. We just require the site token from the management console. For our organization's pilot deployment, I downloaded some SentinelOne Singularity Endpoint packages on laptops. With eight months of experience as a fresher, I can install the endpoints on laptops. The initial setup is very straightforward.
Which other solutions did I evaluate?
I have not used any alternatives to SentinelOne Singularity Endpoint. I have knowledge of other solutions, but I am using SentinelOne for the first time. Before this company, I was a college student, so this is my first company and my first tool.
What other advice do I have?
SentinelOne Singularity Endpoint has helped reduce alerts for us by almost 50%. Before implementing it, my colleague told me that we were using an AV, but I do not have knowledge about which AV it was. After using SentinelOne Singularity platform, the time has reduced by 50%.
There is up to 30 to 40% mean time reduction in MTTD.
For mean time to resolve, whenever we get the alert from the console, we integrate SentinelOne Singularity with a sub-console, so it raises the alert within five minutes.
I would rate this solution a 9 out of 10 overall.
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Last updated: Apr 30, 2026
Flag as inappropriatePresales Manager at a manufacturing company with 201-500 employees
Ransomware rollback has protected endpoints and real-time monitoring now reduces investigation time
Pros and Cons
- "Singularity Platform's functionality for ransomware rollback is quite useful because if you have a ransomware attack, most EDR solutions do not have the feature to do a rollback and bring the system to its earlier state, but that is one of the unique features that Singularity Platform has which can be a game changer for customers."
- "Technical support from SentinelOne is somewhat dependent on the engineer you are assigned. Some TAC cases are solved in a good time, but some cases faced challenges because the engineer was not competent or was not able to understand the issue or take it to its logical conclusion."
What is our primary use case?
Our customers are primarily seeking an XDR platform with Singularity Platform, which combines their EDR, next-gen antivirus, vulnerability management, and integration with their existing security portfolio. Singularity Platform is used for XDR requirements, extended detection and response, for their EDR, next-gen antivirus, vulnerability management, and the requirement to integrate with their existing security solutions like their firewalls and proxies from an XDR perspective.
From an overall security perspective, it is not related to supply chain processes as specific to the supply chain process. When customers have interactions or business relationships with their vendors or the third parties that they use as part of their business, Singularity Platform can be used to scan the internet traffic or through their XDR functionalities to determine what kind of data they are sending, if any vulnerabilities exist in their systems, and whether those vulnerabilities are exploitable or not. Those kinds of features can be mapped to a supply chain from Singularity Platform's perspective.
What is most valuable?
Singularity Platform's functionality for ransomware rollback is quite useful because if you have a ransomware attack, most EDR solutions do not have the feature to do a rollback and bring the system to its earlier state, but that is one of the unique features that Singularity Platform has which can be a game changer for customers.
Singularity Platform's customization feature is also strong; we were able to customize the dashboards and reports based on the different compliances that the customer has. We have customers in BFSI, manufacturing, and pharma, so based on their requirements, because every customer or every business has a different set of requirements, the customization of dashboard and reporting perspective is good in Singularity Platform. From an analyst level to a C-level executive, we can have different sets of dashboards with a specific set of purposes aligned with what roles they play.
The real-time monitoring capabilities in Singularity Platform are good. Some enhancements that could be made are to make it more readable or understandable to the person who is monitoring those dashboards, because sometimes what happens is it becomes too verbose or too much data is displayed from the monitoring perspective, especially from the EDR perspective. Analysts have to make sense of what logs or what alerts they are monitoring; they have to go through a lot of data before they can take any decision on whether it's a false positive or an actual threat that they should look at. If they make it easier and more understandable for the analyst, they can make an informed decision quickly. Currently, what Singularity Platform has is a bit clunky, verbose, and has too much data that might be useful or might not be useful based on the analyst, so if they simplify it, it will be more effective.
From the end user perspective regarding Singularity Platform, the deployment is very easy, which makes life easy for the administrator. Implementation doesn't require a reboot or these kinds of things after installing the agent, which is one more advantage. Additionally, it doesn't use many system resources and doesn't make the system heavy, but still works in a good way, so you're not using much of the CPU or RAM. The detection ratio is good, and we haven't seen many false positives or many attacks at our customers where Singularity Platform has been deployed. This is one added advantage because you need to spend less time on alerts or incidents, allowing your administrators to focus on different jobs rather than spending time analyzing on Singularity Platform. The deployment and installation are easy, which saves time and money from bandwidth and network perspectives and from the time that an analyst or administrator spends on deploying or installing the agent.
What needs improvement?
I do not recall a real-time personalization kind of feature in Singularity Platform.
If ranking is applied, I would rank CrowdStrike as one, Singularity Platform as two, and Palo Alto's Cortex as three. The issues mentioned in Singularity Platform are well taken care of in CrowdStrike, and CrowdStrike now has a bigger portfolio in terms of data security, identity security, and AI security. The new-age integrations are better in CrowdStrike, and I'm sure Singularity Platform will catch up, but as of now, CrowdStrike has an added advantage.
From an XDR perspective, if Singularity Platform could expand their existing set of supported log sources, that would be better. As of now, they have a limited set of security solutions that can be integrated as part of their XDR platform, and if they increase that, it would be better because not all customers will have the set of supported log sources that they have. Additionally, they don't have a scheduled scan feature; you have to do it through a different mechanism. If they can bring it as part of the platform, the scheduled scan feature would improve usability. Apart from that, from an operations or overall security perspective, we haven't found any such issues with the platform.
For how long have I used the solution?
I have been working with Singularity Platform for three plus years.
What do I think about the stability of the solution?
I would rate stability for Singularity Platform as an eight from a better perspective.
What do I think about the scalability of the solution?
Scalability is not an issue for Singularity Platform because it is delivered as a SaaS service, so scalability is taken care of by SentinelOne. I would rate it as a nine.
How are customer service and support?
Technical support from SentinelOne is somewhat dependent on the engineer you are assigned. Some TAC cases are solved in a good time, but some cases faced challenges because the engineer was not competent or was not able to understand the issue or take it to its logical conclusion. I would rate it around six.
How would you rate customer service and support?
Positive
How was the initial setup?
From the end user perspective regarding Singularity Platform, the deployment is very easy, which makes life easy for the administrator. Implementation doesn't require a reboot or these kinds of things after installing the agent, which is one more advantage. Additionally, it doesn't use many system resources and doesn't make the system heavy, but still works in a good way, so you're not using much of the CPU or RAM. That is one more benefit; additionally, the detection ratio is good, and we haven't seen many false positives or many attacks at our customers where Singularity Platform has been deployed. This is one added advantage because you need to spend less time on alerts or incidents, allowing your administrators to focus on different jobs rather than spending time analyzing on Singularity Platform. The deployment and installation are easy, which save time and money from bandwidth and network perspectives and from the time that an analyst or administrator spends on deploying or installing the agent. That is where I see more of the benefits.
From an XDR perspective, if Singularity Platform could expand their existing set of supported log sources, that would be better. As of now, they have a limited set of security solutions that can be integrated as part of their XDR platform, and if they increase that, it would be better because not all customers will have the set of supported log sources that they have. Additionally, they don't have a scheduled scan feature; you have to do it through a different mechanism. If they can bring it as part of the platform, the scheduled scan feature would improve usability. Apart from that, from an operations or overall security perspective, we haven't found any such issues with the platform.
What about the implementation team?
It's a shadow process; they require our help during the initial implementation stage for Singularity Platform, but since it's quite easy to configure, it's a plug-and-play kind of thing. You just have to enable or disable the toggle buttons, and then you are good to go. From the deployment perspective or from the help perspective, at the initial level, they require our assistance. Once the training and handover process are done, they can easily manage it on their own.
Which other solutions did I evaluate?
I would compare Singularity Platform with CrowdStrike and Palo Alto's Cortex XDR.
What other advice do I have?
Disclosure: My company has a business relationship with this vendor other than being a customer. reseller
Last updated: Feb 15, 2026
Flag as inappropriateDirector, Information Technology at Premier Realty Group
Secures our environment with reduced alerts but better threat notifications needed
Pros and Cons
- "The security aspect is the most valuable feature for me."
- "We have noticed a reduction in alerts since implementing SentinelOne Singularity Complete."
- "The solution could improve its notifications and communications."
- "The only thing that prevented the attack from succeeding was a free version of Malwarebytes that was running on the session, which effectively protected against it. The MSP confirmed that SentinelOne failed to detect the threat."
What is our primary use case?
I use SentinelOne Singularity Complete on our servers, specifically in our remote desktop services environment. I also use it alongside ESET for our workstations. Our environment isn't huge, with about 30 people, although we've had up to 50 users. I mostly use it as a security solution.
How has it helped my organization?
We have noticed a reduction in alerts since implementing SentinelOne Singularity Complete.
What is most valuable?
The security aspect is the most valuable feature for me. Although SentinelOne Singularity Complete is marketed as providing superior blocking capabilities, my experience has varied. It has helped reduce alerts compared to other security solutions, which can be a positive feature since constant alerts tend to be overwhelming. However, this also leads to uncertainty about whether the solution is doing its job effectively.
What needs improvement?
The solution could improve its notifications and communications. For example, I don't receive much information about what threats have been blocked. A weekly report logging blocked threats would be helpful. Additionally, there should be a balance between too many notifications and no notifications at all, as neither product I'm familiar with strikes a comfortable medium.
An agent of ours clicked a link in an email that initiated what appeared to be a ransomware attack. The only thing that prevented the attack from succeeding was a free version of Malwarebytes that was running on the session, which effectively protected against it. The MSP confirmed that SentinelOne failed to detect the threat, but the free Malwarebytes version ultimately prevented it from impacting or compromising our systems.
Singularity Complete's interoperability with other SentinelOne solutions works well, but it doesn't work well with other third-party tools. Initially, it conflicted with the ESET we use on our workstations and the staff computers, and then they had to set up a white list for that.
For how long have I used the solution?
I have a year and a half of experience with SentinelOne Singularity Complete.
What do I think about the stability of the solution?
SentinelOne Singularity Complete sometimes conflicts with third-party solutions. Initially, it conflicted with ESET on my workstations, requiring a whitelist setup. This indicates room for improvement in stability when interacting with other solutions.
What do I think about the scalability of the solution?
My deployment is relatively small, and SentinelOne Singularity Complete works within those constraints. However, it is more of an add-on than a tool for consolidating security solutions within my organization.
How are customer service and support?
My experience with SentinelOne's customer support has been mixed. We were performing a software upgrade for our Office Suite, which required temporarily disabling SentinelOne on the server. This was necessary because we were removing and reinstalling software. However, we couldn't simply request that our MSP disable it immediately. SentinelOne's policy required the MSP to contact their company and schedule the deactivation at least 24 hours before. Although we notified the MSP 12 hours before our intended start time, we could still not proceed as planned. Consequently, we had to postpone the project by an additional 24 hours.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We previously used ESET on our servers, but our managed service provider recommended switching to SentinelOne Singularity Complete. ESET provided more frequent notifications, alerting us when it blocked something, which was helpful, although sometimes a bit excessive, similar to Norton products. While not quite as intrusive, finding a comfortable balance between ESET's transparency and Singularity Complete's lack of communication is challenging. Neither product offers the ideal middle ground; it's either an overwhelming number of notifications or none at all.
How was the initial setup?
The initial setup was handled by the MSP, and I was somewhat against it from the start because I had heard rumours about it being a significant resource hog. My only concern was that I didn't want anything that would negatively impact the environment and slow it down, as the agents don't have time for that. Unfortunately, right from the start, we experienced the very impact I feared. Agent logins, which usually took around ten seconds, took six to seven minutes.
The deployment was completed in one day.
What about the implementation team?
My implementation involved three people: myself, the marketing VP, and a former IT staff member. I had to reboot the servers, which caused minimal downtime.
What was our ROI?
Other than some delays initially with the agents and then during a software upgrade, there hasn't been any significant impact on ROI.
What's my experience with pricing, setup cost, and licensing?
I did not notice a significant increase in cost after adding SentinelOne. It was close to the previous year's cost, which could be an annual increase unrelated to SentinelOne.
What other advice do I have?
I rate SentinelOne Singularity Complete seven out of ten.
When we first deployed SentinelOne Singularity Complete with remote desktop services on our RDS server, we encountered problems. The software was running multiple instances of itself, one for each user session, in addition to the instance running on the actual server hardware. This caused the server to run extremely slowly, with users experiencing login times of six to seven minutes before reaching their desktops. To fix this issue, the MSP changed it to where it wasn't running independent sessions. It would just run on the server itself. It took the MSP half a day to make the changes.
SentinelOne Singularity Complete can be a decent solution for environments with newer hardware that can handle the overhead. It has a reputation for being secure, but its impact on performance was not suitable for my environment.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Buyer's Guide
Download our free SentinelOne Singularity Endpoint Report and get advice and tips from experienced pros
sharing their opinions.
Updated: June 2026
Product Categories
Endpoint Detection and Response (EDR) Endpoint Protection Platform (EPP) Anti-Malware Tools Extended Detection and Response (XDR) AI-Powered Cybersecurity Platforms AI ObservabilityPopular Comparisons
CrowdStrike Falcon
Cortex XDR by Palo Alto Networks
Microsoft Defender for Endpoint
IBM Security QRadar
Elastic Security
Huntress Managed EDR
HP Wolf Security
Trellix Endpoint Security Platform
WatchGuard Firebox
TrendAI Vision One
TrendAI Vision One – Cloud Security
Microsoft Defender XDR
Buyer's Guide
Download our free SentinelOne Singularity Endpoint Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the biggest difference between Carbon Black CB Defense, CrowdStrike, and SentinelOne?
- Which is better - SentinelOne or Darktrace?
- What do you recommend to choose when replacing Symantec EDR: SentinelOne or CrowdStirke Falcon?
- Cortex XDR by Palo Alto vs. Sentinel One
- Which solution do you prefer: CrowdStrike Falcon or SentinelOne Singularity Complete?
- Does SentinelOne have a Virtual Patching functionality?
- What is the biggest difference between EPP and EDR products?
- What is the difference between EDR and traditional antivirus?
- What is your recommendation for a 5-star EDR with low resource consumption for a financial services company?
- Which is the best EDR for a logistics company with 500-1000 employees?


















