SentinelOne Singularity Identity Reviews

We use SentinelOne Singularity Identity to end AD credential misuse when working from home. We wanted to make sure that our environment was secure and place any defection-based endpoints on lockdown. The solution ensured that we were able to detect AD attacks and steer attackers away. We also wanted to make sure we were hiding our local data.

We're a lot more secure with SentinelOne Singularity Identity. We're more confident that we're going to be on top of any threats, and we'll get alerted right away. Anytime a password expires, my coworker sets up a report. We're really on top of all our user AD accounts.

I was recently able to customize the UI, including the filters, based on my use case. Having high visibility into all of our network concerns and a customizable UI are the most valuable features. The solution only requires one reboot to finish the installation. The solution's real-time protection is also really beneficial for us.

The last time I called to receive support, it wasn't as fast as I wanted. The resolution turnaround from SentinelOne Singularity Identity's support should be improved.

I have been working with SentinelOne Singularity Identity since February 2022.

I found SentinelOne Singularity Identity a lot more friendly in terms of performance. The solution shows no lagging, and it works very well.

SentinelOne Singularity Identity has the ability to work with different operating systems devices.

I rate SentinelOne Singularity Identity's scalability an eight out of ten.

We raised a support case with the solution's technical support team. We called the support team and tried to get help to run a report to see which devices were actually utilizing SentinelOne. We also had another report question about how we could take a look at AD accounts with expired passwords.

The support agent on the other line didn't seem very familiar with the product, and that was pretty much it. When they told us they would get back to us with more information, it took a while. They got back to us three weeks later when we had already figured it out on our own.

Neutral

The solution's initial setup was very straightforward.

I was involved in the solution's deployment in our organization. The rest of our tier two team and I worked with the trainers, implementation coordinators, and agents at SentinelOne. They walked us through the setup, which took around three to four weeks. Since we deployed on the cloud, we didn't need to set up VMs for any SentinelOne servers. We just provided access to our AD and the information they needed, like our server names. We set them up with accounts with which they could get into our AD servers, and that was it.

We have seen a return on investment with SentinelOne Singularity Identity. The comfort level, the reports we get, and our confidence in the security of our AD accounts are definitely worth the investment in the solution.

The solution barely met the budget for this project. SentinelOne could find ways to help healthcare institutes by lowering the solution's cost for hospital implementations. The pricing is a bit high.

We didn't use a different solution before SentinelOne Singularity Identity, we just had an AD. One of the reasons why we chose to go with Singularity Identity is that we moved over our Outlook Mailbox 365 accounts to the cloud. Previously, we had on-site exchange servers with the mailboxes, and we moved all those mailboxes to the cloud.

Since they're all linked with the AD credentials, we needed something a lot more secure. We moved 800 mailboxes to the cloud, and Singularity Identity helped us with that transition. We never had a product like Singularity Identity just to monitor AD.

I would tell users to book a demo first. Then, if they do decide to implement SentinelOne Singularity Identity, they should work with support or even their vendor support for the network firewall.

We had to set up a lot of exclusions on our firewall and even Windows firewalls on our AD server to ensure we weren't blocking any network traffic when a rule was added or deleted. My advice to users would be to ensure they are careful with the network firewalls when deciding to move forward with implementation.

Singularity's console provides a unified view, which works very well. We're able to monitor all of the different areas in our infrastructure. We even have the ability to run reports where we're in touch with support and our trainers from SentinelOne. They ensure that we know how to use the product and show us how to make our infrastructure more visible.

This unified view is very important for our organization. We widened the net for compromised devices to include managed and unmanaged devices. Even if our server runs a different OS, we can get a lot of actionable information related to that asset. If I have a couple of MacBooks, it doesn't really matter what the OS is. I can store that information in Sentinel. The solution really allows us to have more functionality with an active directory.

SentinelOne Singularity Identity is doing a good job of protecting identities from exploitation. Identity-based threats are one of the biggest weaknesses of malicious attacks. We get a lot of spam emails, and at the end of the day, they're just trying to get AD credentials.

SentinelOne Singularity Identity really helps improve our identity security posture. We're able to provide the team and even the managers and IT director here with real-time alerting and deception capabilities. We really trust SentinelOne Singularity Identity.

We're really happy with Singularity Identity's ability to provide visibility into our attack surface risk. The amount of information the solution allows us to get and the real-time alerts are really helpful.

Singularity Identity helped reduce our mean time to detect identity-based attacks. We have reduced the time we take to jump into servers and then run reports on our own because we've got the dashboard on a monitor in our office. We have real-time alerts right on the monitor. Anytime we see a red alert, we're on top of it. It makes monitoring a lot easier.

I would tell someone researching SentinelOne Singularity Identity that they need to do a demo with SentinelOne. There, they will be able to see the solution's pros and cons. They can see for themselves how it's a much more effective tool than Windows Defender.

If they book a demo, they will be convinced to get hold of a SentinelOne agent to look at some cost agreements and implementation. The bottom line is that SentinelOne Singularity Identity is the best anti-malware. It is a lot better than Microsoft Defender, and they would be convinced after a demo.

Overall, I rate SentinelOne Singularity Identity an eight out of ten.

One of the main use cases I describe is that we face lateral movement in our customer's server side. The customer is using 50 or more servers for the news channel, Daily Thanthi. Among those, one server does not have the SentinelOne Singularity Identity agent installed, and that server executes the malware file in the network lateral movement, specifically in the east-west traffic. Once we initiate the malware file, the classification detected is ransomware, leading to 1,200 incidents created in the SentinelOne Singularity Identity console page. I have founded the incident and protected the policy based on lateral movement. I have created the policy and mitigated actions in the policy side, which is the scenario I faced live on the customer end.

In terms of features, the most helpful feature is that SentinelOne Singularity Identity is very user-friendly; with one single policy, it can protect multiple servers.

SentinelOne Singularity Identity provides machine learning capabilities for threat detection. Among the use cases, I have found static AI, behavioral AI, and dynamic AI to help with malware detection, so there are three types of AI in the Singularity console agent.

Regarding benefits, I have seen improvements such as rollback options; if any attack occurs, we can roll back files.

Regarding improvements, I believe that API integration in third-party applications could be better. The Singularity tool uses its own credential in the record features.

I have been working with this tool for two years.

My opinion on the technical support team of SentinelOne Singularity Identity is very positive; they are a massive impressive team. When we encounter issues with legacy OS, when we download the agent and it fails to push to the end user, they take responsibility for providing solutions. We've had successful configurations on the end server side following ticket submissions, though my one concern is that they do not pick up calls immediately; typically, they follow up with an email or call within 24 hours.

Positive

The initial setup of SentinelOne Singularity Identity is not difficult at all; it is user-friendly and takes only a couple of hours. We download the agent, initiate the cloud, and since SentinelOne Singularity Identity only provides cloud-based solutions, we access the OEM side where they provide the agent, mapping the IP for download.

We push the agent through the AD server or any other method, and once the agent is configured, it shows up in the cloud console. After activating it, we run full disk scanning and schedule reports every Monday, generating weekly reports on threats and vulnerabilities. If there's an incident, we trigger notifications to the IT manager or vendor.

After checking incident classifications and SHA values, we use VirusTotal to evaluate scores, determining mitigation steps based on the Storyline that details any affected end-user machines, servers, and applications. Everything is outlined in the Storyline, and I will update by email with affected incidents and mitigation steps. Once quarantined in the SentinelOne Singularity Identity agent, if it turns out to be a false positive, we exclude the specific EXE or DLL files; if it's a true positive, we terminate that file.

Regarding competition, I find that CrowdStrike is a similar tool on the market; they offer next-generation SIEM, NGSIEM, and position themselves with robust policy control to inform customers that they provide policies to prevent ransomware in organizations. The SentinelOne Singularity Identity provides a rollback of files once a ransomware attack occurs, ensuring that ransomware does not affect servers and end-user machines while maintaining a robust policy.

In terms of difference between competitors, both SentinelOne Singularity Identity and CrowdStrike have lightweight agents that support legacy OS and will continue to support future single agents for both.

I work with the SentinelOne Singularity Identity products, as one of our customers is using it, and we utilize the TI, threat intelligence, and the record features, so we need to subscribe to the product that records features. Additionally, we are planning the Purple AI with core in the subscription pack on the OEM side.

I have two years of experience working with SentinelOne Singularity Identity. I don't have any integrated file in the Singularity; we only have the EDR. However, if in the future we integrate any customers, we may integrate any FortiGate firewall or any other syslog servers, Splunk, or other tools.

SentinelOne Singularity Identity is a cost-effective tool; we are facing many Indian customers who are concerned about economic costs, and it only provides enterprise and mid-range solutions.

On the topic of pricing, they are on the same level; both provide MSSP, offering monthly-based subscriptions where customers purchase the specific modules they need. The subscription package varies; once we go with EDR, we then need to purchase additional modules based on the customer's pain points; there are around 40 to 60 modules available for customers.

I rate SentinelOne Singularity Identity a nine out of ten.

We wanted to add a detection tool for protecting our assets from any attack so that we could defend our domain. 

The solution provided us with an abundance of transparency, giving us awareness of attacker activity and anything targeting the critical domain server.

The responses were quite quick. The time that was defined in the SLA over the period of time we tested the solution was reasonable.

The solution widens the net for monitoring for possibly compromised devices. It covers all managed and unmanaged devices running within our operating system. 

We saw a lot of benefits in terms of actionable data. It provided a lot of visibility when defending our assets.

The Singularity Console provided us with a unified view of threats. It ensured limited access to only trusted and validated applications. It works with zero-trust programs. With zero-trust, the solution's ability to protect identities from exploitation is quite high.

It was easy to manage the environment using the Singularity Console.

The ability to provide visibility into our attack surface risk is quite good. Once you onboard your other resources, it basically handles unauthorized network reconnaissance. This module has a number of features. When it comes to data breaches, if something happens, it basically discovers the hidden elements in the network, and it gives you the results of its findings very fast. You will get a visual experience of the mapping of the networks, how the resources are connecting to any other resource, or if any incoming request is coming from a resource. It basically empowers security.

The solution's ability to detect and prevent threats is very good. It provides a lot of integrations. It also helps organizations to improve their identity security posture.

It's helped us improve our mean time to detect identity-based attacks. It limits the trust. It simply doesn't trust any outside requests. Then, we can control access management. It's reduced the potential for breaches by 90%.

The AI provides a futuristic ML model. That helps a lot when it comes to shifting security approaches and helps better forecast attacks. 

It has a lot of features in place. From my end, it isn't missing anything. 

They could always add a few more modules. 

Pricing could always be lower.

Support could be faster. They need a faster response time. 

We did do a POC for the solution. However, we are not using it at this time. It took us about 1.5 months or so to understand the product. We used it one year ago.

The solution was stable. I'd rate the stability 8.5 out of ten.

The scalability is very good. I'd rate the scalability nine out of ten.

Technical support was good. 

Positive

I previously used Palo Alto. The main difference is in the cost.

We deployed the POC, and within two months, we pretty much understood the product.

The product offers an easy implementation. It's frictionless, and the effort is quite low. The deployment is also flexible, and you can perform integrations easily. We were able to implement the POC in two weeks. We had two people working on the process and four people working with the solution post-implementation. 

We have witnessed an ROI in terms of time saved by 100%.

The pricing is okay when compared to other solutions. It's moderate, and the cost is not overly high or low. 

We were a customer and end-user during the POC. We just wanted to test it to see how it would operate.

If someone is looking at Singularity, and they already have Windows Defender, I'd warn them that Microsoft's cost is quite high. They may have better luck and pricing by shifting to Singularity.

I'd rate the solution nine out of ten.

We use SentinelOne Singularity Identity for the security of our whole network environment. We use the solution to protect the identity of our company. Before using SentinelOne, we had an incident where we were compromised. We went with SentinelOne to overcome such compromise issues and the safety of our environment because it had some good reviews.

We have not been compromised because of the solution. We have not faced any issues of hacking or malicious incidents. With SentinelOne Singularity Identity, malicious files get directly detected, and the system gets quarantined. The solution keeps our work very smooth. We're not having trouble with it or because of it at all. On the contrary, the solution makes our work easier.

SentinelOne Singularity Identity is very lightweight as an agent or software. It's very lightweight and doesn't consume resources from any computer. It's not a burden on a system, which makes it a very good agent or product to use. It's an efficient solution.

The solution's support is available 24/7. I'm in touch with the solution's support team since we recently got their mobile application protection. SentinelOne's support, APIs, marketplace, and response time are amazing so far.

A query raised with the solution's support team takes a day or two to get resolved. The solution's query resolution time could be reduced further, and a faster resolution could be provided.

We've been using SentinelOne Singularity Identity for one year and two months.

So far, we haven't faced any bugs or stability issues with SentinelOne Singularity Identity. We've been really happy with the solution.

SentinelOne Singularity Identity is a scalable solution.

Before SentinelOne Singularity Identity, we were using CrowdStrike. We switched to SentinelOne Singularity Identity because of functionalities since we were compromised while using CrowdStrike.

SentinelOne Singularity Identity's implementation was simple.

The deployment was done with the assistance of SentinelOne's professional team, and it was not complex. The solution's deployment was done within a few hours, and only I was involved from our company in the deployment process.

It's only been a year since we started using SentinelOne Singularity Identity. Considering the services and peace of mind we are getting against the amount we paid for the solution, the return on investment has been good.

SentinelOne Singularity Identity's pricing is cheaper than CrowdStrike and is really good.

SentinelOne Singularity Identity console provides a unified view. It makes your work faster and easier to get an overview of your whole organization. It helps us to see where the problems are, what needs to be fixed, or if everything's fine. It does help us save time.

It's very easy to manage our environment using the Singularity console.

SentinelOne Singularity Identity’s ability to protect identities from exploitation is very good. We had a few incidents where it blocked even ransomware attacks for us. It did a really great job of protecting us and keeping us safe.

SentinelOne Singularity Identity provides deep visibility into our attack surface risk.

SentinelOne Singularity Identity's ability to detect and prevent threats is really good. It blocks and notifies the IT team if it finds anything malicious or suspicious running in the processes. Then, we can assess whether it's malicious or not. If we analyze something as a false alarm, the solution keeps that thing in mind and does not bother us again for the same issues in the future.

Singularity Identity has helped reduce more than 50% of our mean time to detect identity-based attacks. It gives deep visibility on where and how something initiates so we can directly go to the root cause instead of finding out how or where it started. So, it does give us a boost in our time.

I have not used Windows Defender, so I cannot comment much on it. SentinelOne Singularity Identity has been much easier to use, understand, and contact support than the other third-party protection software we used. I would recommend others to try it at least for a week or a month to see the difference. They can observe how its AI learns, behaves, improves your work environment, protects it, and keeps it safe.

Based on my experience, I have been really enjoying this solution. I recommend that people try SentinelOne Singularity Identity for at least a week and then compare and evaluate it with other competitors. There will definitely be a huge change in their perspective.

Overall, I rate SentinelOne Singularity Identity ten out of ten.

I primarily use the solution for endpoints. I can monitor if any situations develop.

It's really more of an assurance. We don't need it to solve any issues. We can look at various threats or agents and items of that nature. It helps increase our security posture. 

The product saves us a lot of time so that we can focus on other things.

It gives us a lot of flexibility in terms of agent usage for EDR. I can decommission agents and put them somewhere else. It also gives us deep visibility. 

The incident and threat logs are great. I might have to restart an agent. I might have to decommission an agent. To be able to do that very quickly saves me a lot of time. The product gives me a lot of deep visibility.

The solution provides a good unified view. I do know exactly where I need to go. The layout is good. 

It's extremely easy to handle the management console. I can see what is up and cross-correlate easily.

The product's ability to protect identities from exploitation is good. It does a fair job. I'm not saying it's the best, however, it does a fair job. Vulnerabilities are detected every day.

We do get visibility into our attack surface risk. It is decent. There are other solutions out there that do a little better job. However, it's okay.

Its ability to detect and prevent threats is pretty good. Sometimes we do get a lot of false positives. We'll have to go through it and see things on a deeper level. It's fairly good.

The product has helped reduce our mean time to detect. It has definitely saved us a good couple of hours for a week for sure.

Dealing with customer support, if we do have an issue can take time. In one case, a couple of agents weren't working and we didn't know why. We needed more response customer service. 

Sometimes I get kicked out of the console. I don't know why.

Other than that, the solution is good and there are no missing features. 

I've used the solution for one year and eight months.

The stability is very good.

The solution has good scalability.

Given how fast our industry works, if we could get a response within 24 hours, that would be great. Often, support will refer us to an article. That's great, yet not helpful. We've had situations where we submitted three or four tickets and had to get someone on the phone. We had to go through three levels and in the meantime, we still had the issue with some of our agents. They need to offer a quicker response.

Neutral

I was not involved in deployment.

The solution saves us time and money and therefore we have witnessed a positive ROI.

The pricing is a bit higher than what we expected. However, we were recommended this solution.

We did evaluate other options. 

I'm an end-user.

Windows Defender is great, however, if a company is looking for deeper visibility, this is a good solution. 

I'd rate the solution seven out of ten. 

The product will be different for everybody. People need to go in with their eyes wide open.

We were using the solution more as an endpoint security. It protects against cyber threats and offers improved protection against particular cyber threats. It has SIM capabilities and XDR. We use the security based-incident management and the capabilities of XDR in terms of threat hunting and threat intelligence.

The XDR capabilities are very good. 

If you get attacks and need to cross-correlate across attacks, it's very helpful.

It offers quality threat intelligence. You can look into it very fast. 

If a threat has happened many times, we can automate remediation for that specific threat.

When it comes to security operations, we can show a complete integrated dashboard that shows risk, score, value, and threat status.

It provides us with a unified view. The cross-sectional correlation is good. That's technically what it is. It shows when attacks are happening or when attacks are happening. We can do comparisons and find resolutions or figure out a time to resolution. You can centralize it or use it from an endpoint. 

Managing the environment is okay. You can't manage it with one singularity console. It doesn't have observability capability or event correlation. As part of a bigger solution, it does its job. However, you need to use multiple solutions for a holistic approach. It will improve the visibility of threats, however, to eliminate blind spots and help you understand threats better.

The threat detection, investigation, response, and hunting are good. It helps provide visibility across the stack. 

Whenever a threat is detected, it can quickly find a resolution with respect to MTTR. It looks into the entire history of the logs and coordinates with the source system. There will be a resolution to resolve the root cause. Then, you can automate it, so that, in the future, if there are any similar attacks, the solution will get triggered. This helps with our overall mean time to resolve. When you have an SLA< you'll need to have a resolution within the SLA. It helps us to ensure there's a workaround so we can get a resolution within 30 minutes. You can achieve 99% of issues if it's already a part of the attack vectors. 

The root cause of automation could be better. If you have a complex ecosystem, you need an automated threat response mechanism. We'd like an automated correlation of threats.

The SOC efficiency could be better. It would help improve the MTTR.

I've been using the solution for the last three or four years.

They still need to work on a fully integrated solution, which they are planning to build over time. 

The solution has been scalable for me. However, it depends on how it is interacting with security-based orchestration. If an organization keeps expanding, there needs to be scalability between vendors in the case of third-party integration. 

Technical support knows the product and its functionality. The problem is during practical scenarios when the product is integrated with third-party products. It's very easy for Microsoft to say it's not their particular problem or that they can't pinpoint the problem due to the third party.

Neutral

There are a lot of good solutions, such as Elastic, which is open-source. With the same agent, you'd get search, security, et cetera, so you won't need multiple licenses. 

Sumo is another good tool that's good for both SMBs and enterprises. It has correlation and search capabilities. The events are correlated, and alerts are separated and that's given to you out of the box.

There are Microsoft solutions that don't have as many tools out of the box. 

Doing a business case analysis, retooling is required for an end-to-end scenario if you use Microsoft. 

I validated the design and configuration. I wasn't hands-on with the implementation. 

If it is a Microsoft shop, it's a straightforward setup.

Integrations make the setup more complex. If the customer has a hybrid scenario, you need to have certain configurations. When you get into SOAR, you may run into issues. Out-of-box integrations will not be clear. 

When you write workflows, these workflows have a breakage, or you have siloed data streams. You don't have a mechanism for monitoring these. There has to be a mechanism for monitoring, otherwise, you won't know something is not working until it has broken down. Microsoft does not offer something like this out of the box. 

We have various people qualified to handle implementations. We have our own integrators. 

It's hard to break down the ROI on an individual product with fewer capabilities. 

If a company is a Microsoft shop, it makes sense to stick with Microsoft tools. It doesn't have mature SIEM capabilities or root cause analysis. It does not have a seamless integrated log management solution within various environments. Large enterprises might have Linux and Unix-based solutions. Then it makes sense to look for solutions that offer more end-to-end security options. Microsoft may look like a cheaper solution; however, when you break it down, it won't be less expensive. You'll need more tools. 

Windows Defender comes by default with Windows. When you are using Sentinel One on top, it depends on the firewall solution you are using in between. From an endpoint perspective, if these are going to your endpoints, you may have a choice of having separate antivirus solutions, and Defender may be disabled. Singularity still works as it's a centralized solution. 

I'd rate the solution six out of ten.