SentinelOne Singularity Complete Valuable Features

Eddie Drachenberg - PeerSpot reviewer
Global Network and Infrastructure Manager at Bettcher Industries

I really like Ranger. I like the deep dive of Ranger in an incident section. Diving into each incident and being able to see complete visibility of when the action was taken against something that it deemed a threat is valuable. Using those incidents in Ranger is definitely up there on my list of favorite features. I have multiple locations all across the globe. Being able to separate my devices, per location, is super helpful.

It's good at ingesting data and correlating. It has zero issues with ingesting data with the agents installed. I've had no issues with that. Being able to go through and create exclusions for specific types of data, like SQL has been really tough in our environment. Being able to just go through and customize those exclusions and working with the support team is great. We also have Vigilance, which is another SOC that they offer. That's a fantastic service.

Everywhere I have an agent, it sees everything, and it does so when I deep dive into a threat or a proposed threat. It does pick out host names, and IP addresses, and it just gives you a really clear picture where you can read it.

I like that Ranger requires no new agents or hardware. Anytime you can keep it lightweight enough. If you add a function and you only pay for your yearly fee for an extra function without making changes in your environment, that's huge. 

I love the reporting. The reporting definitely helps me see the entire network and find what open ports are out there. I can work with my network team to get those things closed, which is fantastic. I like the ease of looking at the graphs and the reports.

The solution has helped reduce our alerts. Instead of waiting on a monthly basis and then executing a plan, I'm able to keep up with it all throughout and day to day. That granular control has left me very impressed.

It gives me peace of mind. My staff isn't really using it. I know I have 24/7 eyes on it. 

It has helped me reduce my mean time to detect. I would be lost without the tool. It definitely helps me figure things out really quickly. I can figure out the whole story very quickly. 

It helps with my mean time to respond. It definitely helps with that. I get an alert in my email immediately, which lets me just know that something happened to my environment. That's something that I previously did not have in my old tool set.

View full review »
Brian Fulmer - PeerSpot reviewer
IT Manager at American Incorporated

SentinelOne's machine learning engine is purely behavioral. The engine will shut down anything that's bad, isolate the system from the network, and alert everyone. We had tremendous success with CylancePROTECT for over five years. Zero successful attacks. In 18 months in with SentinelOne, we've seen the same lack of drama. No endpoints have been compromised to the degree that it has negatively impacted our network.

View full review »
AK
IT Security Engineer at a healthcare company with 5,001-10,000 employees

The rollback feature is the most valuable aspect of the solution. 

In terms of its ability to ingest and correlate across our security solutions, we're still early on. The implementation team has helped us turn on the XDR feature, however, we haven't utilized it as much as we should. We're still testing the capabilities. 

We did a pilot with the Ranger functionality. The organization opted not to purchase it just yet. Long-term, next fiscal year, we may adopt it. It does come at an extra cost. It may be added during the next renewal.

View full review »
Buyer's Guide
SentinelOne Singularity Complete
March 2024
Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
CM
SecOps Engineer at a media company with 10,001+ employees

What I found most valuable in SentinelOne Singularity Complete is the ability to connect to the terminal remotely. The solution is pretty handy because it allows my company to do investigations and whatnot, wherever the person may be. After all, I belong to a hybrid organization, which means you never know if someone will be in the office.

It is another tool in the tool belt for looking at some of the files, which means that even if the file is not a virus, you can go in and do some investigation.

SentinelOne Singularity Complete has excellent interoperability with other SentinelOne solutions, including third-party tools. I was pleasantly surprised with how in-depth the APIs go because it's almost integrated with my company's SOAR solution, consolidating all alerts in one place and triangulating more per case. In my company, SentinelOne Singularity Complete is integrated with a third-party tool.

My impression of the ability of SentinelOne Singularity Complete to ingest and correlate data across security solutions is good so far, though right now, my company only set up SentinelOne Singularity Complete. Still, it's good that the integration option exists because, in the future, who knows? My company might do some integration depending on what the timing allows.

My company has not consolidated solutions yet because SentinelOne Singularity Complete is just one of the many tools used within my company. It's a helpful tool, but it's not the only player.

SentinelOne Singularity Complete helped free up staff for other projects and tasks and is time-saving, though I don't have specific data on that.

The tool has also helped reduce my organization's mean time to detect. However, I can't give an approximation just because SentinelOne Singularity Complete is the only solution my organization uses. The tool has also helped reduce my organization's mean time to respond because, together with the SOAR solution, SentinelOne Singularity Complete allows my company to go in and correlate everything to find out where the threat came from, so my company can go in and take the appropriate measures to shut down threats more reliably.

SentinelOne Singularity Complete has helped reduce organizational risk because it's one of the modern architecture tools, which gives more confidence in the detections my company sees. The tool also reduces the number of false positives and false negatives, so my company knows that if the tool shows a hit, then that truly warrants further investigation.

I'd give SentinelOne Singularity Complete an eight out of ten in terms of its ability to innovate because it's very much on par with a few other options out there, though I can't recall the names right now.

SentinelOne is an excellent strategic security partner that quickly incorporates my organization's feedback. My organization hasn't had any problems. If my team is looking for a feature, for example, SentinelOne either edits a roadmap or makes the change pretty quickly if there's bandwidth.

View full review »
Austin Estrada - PeerSpot reviewer
Cybersecurity Analyst at Brady Corporation

The terminating or killing remediation process that they use is top-notch. Pretty much anything that is even remotely malicious gets blocked by it within seconds. That is important for us. We have thousands of endpoints with tens of thousands of users. It is hard to do good security for that many people without some kind of automated detection and response. That is what SentinelOne does for us. It helps us automate that process.

View full review »
MY
IT Manager at a financial services firm with 51-200 employees

The best feature of SentinelOne Singularity Complete is that you don't need to configure a lot with it because it provides an unmatched layer of protection out of the box.

Implementing SentinelOne Singularity Complete is a competitive bid process. As part of the competitive bid process, SentinelOne Singularity Complete stands alone. I work for an enterprise, and the company has old software. CrowdStrike Falcon Pro is a great competitor of SentinelOne Singularity Complete, but CrowdStrike Falcon Pro doesn't fit my company's needs because of its very aggressive deportation policy. If you ever run any software not in the standard manufacturer support or some support package, Crowdstrike cuts you off from updates. In real life, that doesn't work because my company builds software. Some of the company's cluster apps run on Red Hat 7, old Linux kernel,   CentOS, or other distros around that era. My company has significant old technologies that it needs to secure.

A pro of SentinelOne Singularity Complete is the approach that it knows isn't the best, but it will still give you the best it has.

I also find that SentinelOne Singularity Complete gives a significant layer of security on top of SD-WAN, mandatory access control, and general information management, which is very helpful.

In assessing the solution's interoperability with other Sentinel One solutions and third-party tools, my company started utilizing Scalar and has a history of using Scalar and other providers. SentinelOne acquired Scalar, an enterprise log management platform, which is very good for the price. Scalar may not be the best platform in the world, but it's very good for the price. SentinelOne, having acquired Scalar, has gone and built an excellent integration for all logging so that you can get the SIEM logs into the Scalar pipeline and run it through a general log analysis platform, so it's unmatched.

In general, I'm pleased with the ability of SentinelOne Singularity Complete to ingest and correlate across my company's security solutions, especially with its price point. I only found very few antivirus or EDR solutions that can compete with SentinelOne Singularity Complete, but I generally prefer working with the solution because of its interoperability.

Another reason why I like the solution is because it works. It doesn't require an Internet connection. The remediation is automated, and the alerting function is excellent. Support for the platform is also great, including multi-tenancy, role-based access control, and automated deployments.

I don't have much bad feedback about SentinelOne Singularity Complete, while in contrast, I've been quite disappointed by many technical aspects of other antivirus solutions, such as the Deep Instinct Antivirus. As for MSP machines, I used to work at MSP and had many problems. I also find the CrowdStrike sales representative incredibly annoying.

I find that SentinelOne Singularity Complete works pretty well for what I want, and it always hits the right price point and options that suit my company's general, overall security platform and management of that platform.

The Ranger functionality of SentinelOne Singularity Complete works well in providing network and asset visibility, especially as my company is a Microsoft Azure AD company at the core, so most of the company's Mac and Windows endpoints are managed, and monitoring the cloud ID and posture is essential. However, I don't need to check it daily because the solution manages itself well. SentinelOne Singularity Complete works very well for active directory management and posture matching.

I appreciate that the solution can consume at an API level, but I don't care as much whether it runs an agent or doesn't because I can automate agent deployment to the fleet. If the agent works, then great. An agentless solution is suitable for old platforms that don't have the most up-to-date technologies. Whenever you try to run an agent on various environments, it might not be the ideal platform for that agent so you could run into unexpected problems. Being agentless makes SentinelOne Singularity Complete better, but I wouldn't be upset if it were a good and solid agent-based solution.

In terms of how significantly the solution helped reduce alerts depends on how many alerts my company was paying attention to before and how many alerts it is paying attention to now. I'm unsure about that because one reason for implementing the SentinelOne Singularity Complete stack at the company has been to increase the security footprint and security posture. My company might have had several useless alerts before and maybe fewer alerts now, but did the company pay more attention to the alerts now? I'm unsure if the alert reduction or paying more attention to the alerts makes a difference.

About SentinelOne Singularity Complete helping to free up staff for other projects and tasks, that isn't easy to tell, as I have a team of four, and some of the work changed upon implementation. For example, instead of fighting with specific agent installs or trying to figure out how to get logs into another system, some of that workload is reduced, but now my team may be paying more attention and uses the same amount of time for alerts, remediations, or other more important aspects, so it is possible that the amount of time spent after the SentinelOne Singularity Complete implementation wasn't really reduced. That would depend on your perspective.

As to SentinelOne Singularity Complete helping the company reduce the mean time to detect, my company didn't record the mean time to detect before implementing the solution. I feel that it is effective, but right now, I don't have a basis of comparison that allows me to point to that periodically says my company reduced the meantime to detect or that it was increased by some percentage.

SentinelOne Singularity Complete has been very effective in helping reduce organizational risk for my company, especially regarding budgetary footprint. The solution has been very effective at what it does and has helped reduce the company's cyber insurance premium. My company is a SOC 2-certified institute and has to go through an annual compliance process with auditors, so going through and being able to explain and show how the company has automated and deployed solutions and minimized its risk profile has been very helpful.

The company I work with now spends slightly less than it did and gets more value from SentinelOne Singularity Complete. Though the cost may not be that different from others, the value provided by the solution is very different. In the past, my company had several decentralized alerts and platforms. Still, after implementing SentinelOne Singularity Complete, the solution could bring and tie them together through an automated platform. It works, and when it comes to enterprise security, for every company you work for, you're not the one who built that network or solution. You have no idea what's going on, so your ability to maintain control relies on understanding the threat surface and how to control it, which SentinelOne Singularity Complete is good at.

My background is in Linux administration, and I've gone through several security tools over the years. I built out mandatory access controls and messy Linux policies. I've worked with a lot of different companies over time. SentinelOne Singularity Complete supports Linux systems really well, which is crucial because I work for a company that builds software with an ecosystem of applications, cluster apps, and containers on Linux.

Some other solutions were stuck a decade ago, particularly running Windows and .NET and other affordable systems, and though I love Windows and Mac, those are user endpoints, and endpoints extend beyond user endpoints, for example, endpoints include servers and the full scope of internet-connected devices in a company.

If you're trying to implement a zero-trust framework and a system resilient to failure across a Swiss cheese layer of multiple problems. In that case, finding one solution capable of dealing with that kind of threat is complicated. You look at Microsoft Defender, and Microsoft has improved its security over the last decade. Obviously, Microsoft still has ways to go, given that it still keeps losing its signing keys. Still, the reality is that, similar to Windows and Azure, Microsoft has improved its security footprint. Microsoft Defender went from being a joke of a product to a very viable solution. That's great, but I can't run that on Mac, and I can't run that on Linux clusters.

Looking at CrowdStrike Falcon Pro, it is a great product. It has a very annoying sales team, but it is excellent. The problem in enterprise, however, is that sometimes, you have to run old technology, and when you cut off the solution from working on old technology, that's not helpful and makes everything worse, so I appreciate the aspect of SentinelOne Singularity Complete supporting even the old technology my company is on, which is a significant differentiator that is very useful about the platform.

When you think of Carbon Black and VMware, each platform is good, works quite well on Mac and Windows, and has some capabilities, but the level is not the same as SentinelOne Singularity Complete. SentinelOne Singularity Complete can be a stand-alone product versus other products.

If you're running a decent company, you should be able to invest in security and be willing to spend whatever it takes to have a very competent solution. Since I control the budget, SentinelOne Singularity Complete provides more value for the dollars spent and a more cohesive structure than what you can get from other solutions.

I'm unsure if SentinelOne Singularity Complete is amazingly the best, but it's the best overall product because it fits my company's needs. I work for a SaaS building enterprise company that does financial transactions, which has public internet-facing applications that get constantly attacked. If I can't run a comprehensive security product across all systems, I'd have to look in three different places, which means I lose some of that robust information. I lose some of that ability to correlate threats and figure out what's happening, and so do automated platforms. An automated platform can lose the ability to correlate the different events it doesn't know about, and this is where SentinelOne Singularity Complete really shines. It's a cohesive, widespread solution that's great in various aspects.

In terms of being innovative, SentinelOne Singularity Complete is quite innovative. I grew up with the internet and have seen different generations of security products and ideas. When SentinelOne Singularity Complete came to market, it was significantly different than the other solutions. SentinelOne could either be acquired or build very useful products, taking interoperability between different products to a level you won't find in other companies.

With how my company uses SentinelOne Singularity Complete and the Scalar platform for all its servers, the company logs into Scalar and runs alerts and rejects, flags alerts, and also gets to ingest all SIEM logs from SentinelOne Singularity Complete into Scalar, and then gets automated alerts. This means that my company gets multiple layers of visibility across its stack and analysis pipeline. My company then gets to log push to S3 after the hot tier access is over, which means it gets to retain all security alerts and problems for up to seven years, just in case, which is essential for a financial services company like the one I work for. Doing that is much more complex with other solutions versus SentinelOne Singularity Complete, so I chose it because, currently, it is the best.

I care about aspects that other people don't care about, such as supporting old Linux distros and being able to run the solution in some weird cloud environments easily. I care about SentinelOne Singularity Complete working with my company's log analysis platform, which makes the process easier.

View full review »
RM
Senior Information Security Engineer at a retailer with 5,001-10,000 employees

All the features are valuable. Their core product, EDR, is pretty good. We utilize the entire functionality of the feature set that they have to offer with their core product. For EDR, we are using all their agents: the Static AI and Behavioral AI technologies as well as their container visibility engine.

We use SentinelOne’s Storyline feature to observe all OS processes quite routinely. When we want to know a bit more details about any threats or want to investigate any suspicious event types, that is when we use the Storyline quite a bit. Its ability to automatically connect the dots when it comes to incident detection is useful. It significantly simplifies the investigation and research related to threats.

Today, we automatically use Storyline’s distributed, autonomous intelligence for providing instantaneous protection against advanced attacks for threat detection. The AI components help tremendously. You can see how the exploits, if any, match to the MITRE ATT&CK framework, then what actions were taken by the AI engine during the detection process or even post detection actions. This is good information that helps us understand a little about the threat and its suspicious activities.

We use the solution’s one-click remediation for reversing unauthorized changes. In most of the groups, we have it automatically doing remediation. We seldom do manual remediation.

View full review »
Maxwell Essuman. - PeerSpot reviewer
Country Manager at Platview Technologies

The offline protection offered by SentinelOne Singularity Complete for my devices is valuable.

The automatic mitigation features are incredibly valuable. Over the past two months, receiving alerts on my laptop about mitigated attacks has been one of the key benefits. It's fantastic that I don't have to manually intervene in the mitigation process, yet I'm still informed about potential threats and assured that I'm protected.

The detailed history logs allow us to easily detect malicious behavior within the network.

View full review »
Michael Grissom - PeerSpot reviewer
Director of Cyber Security at Tidewater Mortgage Services

There's not one particular item that stands out the most besides the availability of the product itself. We're a small organization. Having the visibility and the protection that it provides helped out greatly. Plus, it fits with our requirements.

The product does not have to go across a lot of different solutions. We don't have a cloud or anything like that where we have to push it in terms of visibility. The deployment is fairly simple. In the end, the overall visibility of it is very simple and the usability has been very simple for us as well.

So far, it helped to reduce our alerts. Based on the application that we would utilize prior to this product, the alert reduction is similar. It is not 100% the same, just similar. They gave us some visibility into what was going on, which provided a 30%, if not more, alert reduction.

It helped free up staff time. Using this solution, we don't have to keep our eyes on it 100% of the time.

It reduced our mean time to detect and respond. 

The product helped reduce organizational risk.

The overall product quality is good. I'd give it three and a half stars out of five. It checked all of our boxes. It met the requirements of the security we needed.

If for some reason, we were breached, it gave us the comfort of knowing that we could either automatically set the product to fix the issue or at least record it and let our team go in and resolve the issue. However, it also has the data to hunt the threat if need be. It's given us so much more than we would have expected from a product. Their dashboard is great. We log in and we get everything we need to know right out of the box on our dashboard. If we have anything that's infected it will tell us all of that information in real time. In our environment, it works without giving us any issues or slowing down our productivity in the process. The agent that runs on the system is not heavy. It's easily portable.

View full review »
JR
CEO at a tech services company with 11-50 employees

The most valuable feature is the machine learning capability, as opposed to the traditional rule-based antivirus. This is essential for effectively stopping malware attacks.

View full review »
Rashid Torrence - PeerSpot reviewer
Principal Manager of Business Services at ATC Communications (Idaho)

The ease of use and has some integrations within their marketplace. Those come in handy. The GUI is really easy to use.

The storyboarding gives you a play-by-play of how an instance or alert came to be.

Some of the automation tools are really good. 

Singularity's ability to ingest and correlate across our security solutions is great. I don't see a platform that does it better. At least from an MDR standpoint. It really is a central tool to ingest that data to begin with and correlate and then it's pushed out other solutions like Splunk or other solutions.

Singularity has helped reduce alerts. The automation tools have been able to lower the number of alerts. We desensitized alerts as there are too many of them. Sentinel One has helped repair it with our team to do that. Just the ability for the automation tools to be in use has been really helpful.

Singularity has helped free up our staff for other projects. The automation tools have really helped there.

Our security team is about ten people. Two people no longer have to worry about anything. We've saved about 20% to 30% of our labor, our staff. 

Singularity helped reduce our organization's mean time to detect. We're able to detect or even dive in and look for issues. We have the freedom to look and inspect. We're proactive now.

Our mean time to respond is good. It helped us fill operational procedures.

Singularity helped save costs. We've saved in terms of operational costs or even salary in terms of time-savings. We didn't save on platform to platform, yet we saved on time. 

It's helped us reduce organizational risk. We're able to monitor our networks better.

They are probably the most mature product at the moment. For the price point, we're getting a good middle ground of price and value. 

View full review »
Kevin Mabry - PeerSpot reviewer
CEO, Author, Cyber security best practices at Sentree Systems, Corp.

When it comes to security, the telemetry, the information that you get from the EDR part of it, and the ability to be able to parse it and use it is great. I really like their platform. You're able to go in and do some of the research and study. If there's an incident response needed, you can handle it with SentinelOne. That's what I really like about it.

It's just as good, if not better, than Bitdefender. The one thing I do like more about SentinelOne is working with their tech support. It's really easy to get to them and easy to work with them. 

Their platform is really easy to work with. It's easy to navigate and use. 

View full review »
Sumit Saxena. - PeerSpot reviewer
Senior Consultant at a consultancy with 10,001+ employees

The threat detection and prevention capabilities are valuable, providing development programming support that enables us to perform fair investigations. SentinelOne also provides security for installed devices for all operating systems, including Mac, Windows, and Linux, for users who cannot install SentinelOne themselves and need to connect with the administrator.

View full review »
TH
Director or IT Security at a educational organization with 11-50 employees

The single pane of glass is probably the most valuable. That is a big one. We could see everything from one view. 

The automatic detection and response is great. It takes care of a lot of alerts that it generates before they even cross our desks, which is great. 

It has advanced detection capabilities. It has the ability to go and look for known threats that are in the environment. Its ability to detect even unknown threats and any suspicious activity is great. We are very happy with it.

View full review »
MC
Director of IT at a construction company with 51-200 employees

The most valuable features include the agent installation and update processes.

View full review »
Rob Grow - PeerSpot reviewer
IT Director at a construction company with 501-1,000 employees

SentinelOne Singularity Complete is exceptionally proficient at alerting and identifying any anomalies or unusual behaviors on the machines. While we do encounter false positives, it has successfully detected several instances of malicious activities on the machines. Having the capability to gain insights across our network, observe all our machines, and have a centralized view of what's protected and where things are is incredibly advantageous.

View full review »
Ahmed Elbokhari - PeerSpot reviewer
IT Security Engineer at Woodward, Inc.

I appreciate the network control as well as the device control. These two features are truly excellent. I occasionally utilize the custom rules as well.

View full review »
Ian Sterling - PeerSpot reviewer
Analyst Information Security at a healthcare company with 5,001-10,000 employees

I am going to be a little biased because I am a Mac guy. I have been a Mac guy for twenty years, and the feature parity and the capabilities of a Macintosh agent are unparalleled in the industry. It is the first anti-malware and antivirus that does not make you feel that you bought the wrong processor. It is really good and lightweight. 

View full review »
BS
Deputy CISO at The University of Texas at El Paso

The main feature, its EDR capabilities, is the most valuable. It is great for security monitoring and blocking when needed. It offers good basic operations of an antivirus solution.

Singularity's ability to ingest and correlate across security solutions is good. It does not ingest as much as it gives out. Right now, for us, there is not any ingesting happening for it right now. We don't have that set up.

The interoperability with other solutions or other third-party applications has been pretty solid. It's pretty standalone by itself. We're exporting a little bit of data from it, however, and we haven't had any issues.

Our mean time to detect is good. I wouldn't have the numbers on that, however, it's relatively quick. From some of the stuff that we've done investigations on, it's within the minute. It responds when it sees something within minutes and runs through its normal process of blocking and then alerting us about whatever was done.

The response comes to us. That's a human response. It's just the detection and alerting system, and then the response falls on us, and that varies depending on workload.

The quality is obviously great. They are mature. They change, they adapt as any security tool would in response to the threats in the threat landscape.

View full review »
IT_Blue_Team_Person - PeerSpot reviewer
Soc Analyst at a retailer with 10,001+ employees

The most valuable aspects of SentinelOne Singularity Complete are the ease of deployment with the Sentinel Agent and the enhanced visibility with Skylight, which provides correlation of logs and all endpoint data in a centralized location.

View full review »
Aaron Shovick - PeerSpot reviewer
Cybersecurity Analyst at a manufacturing company with 1,001-5,000 employees

With Ranger, we can see the device inventory, the networks, how many workstations we have that it's scanning, how many printers, how many mobile and IoT devices, and servers.

It identifies what applications are vulnerable. If I go to the applications, such as Adobe Photoshop or Adobe Reader, I can see our current list of vulnerabilities: How many are vulnerable and how many need to be updated with patching. One of the most valuable aspects is the ease of finding specific vulnerabilities.

View full review »
DD
Information Security Engineer II at a recreational facilities/services company with 1,001-5,000 employees

The deep visibility is a valuable feature. I can use it during threats or alert signals that we get. I can also use it when we have alert signals from other security tools that we have. I can use the SentinelOne platform to dive into those, even though there's no alert from SentinelOne, and zero in with a timestamp using its deep visibility to look at an endpoint and see if there's anything going on that might be correlated to a threat.

And Singularity's interoperability with other solutions has been a major bonus. You can put exclusions in place for other security platforms. For example, if you're using Symantec, you could easily put in an exclusion for that. The way that you can put them in, with the scope and the different groups, is really great. Singularity also provides pre-baked exclusions for interoperability with other pieces of equipment. For instance, for Microsoft SQL Servers, it already has pre-baked exclusions that you can put in for interoperability. It's far beyond the other platforms that I was using before.

In terms of ingestion, it's definitely taking in a lot of information at the endpoint level. You still need a human to do some of the correlation of the activities. The SentinelOne platform is looking at the endpoint, but you still need a human on the other end to analyze what the human at the other end of the endpoint was doing. But overall the solution does pretty well at correlating activities. I have seen some serious threats come in, and it definitely detects them right away with a pretty good correlation to the threat.

View full review »
AC
IT Manager at a construction company with 51-200 employees

SentinelOne detects threats automatically and performs the remediation itself, so we don't need to constantly look at the logs. It reduces the meantime to respond because it automatically responds to the detected threats.

View full review »
MW
Sr. Security Engineer at a healthcare company with 5,001-10,000 employees

Tracking down which devices don't currently have SentinelOne on them is the most valuable feature of the product. So, we can push SentinelOne onto those devices.

View full review »
Dillon Schwebke - PeerSpot reviewer
Information Security Engineer at a university with 10,001+ employees

The deep visibility feature is valuable. It is helping enrich our IR team in their investigations. 

I love how we can use it for different use cases. We can take those deep visibility rules and make some STAR rules out of those for responsiveness. It is a great product that has been helping us with our instant response.

View full review »
Nagendra Nekkala - PeerSpot reviewer
Senior Manager ICT & Innovations at Bangalore International Airport Limited

SentinelOne Singularity Complete is easy to configure.

The protection SentinelOne Singularity Complete provides to our endpoint devices in terms of cybersecurity is valuable.

View full review »
RR
CISO at a insurance company with 10,001+ employees

I find two features particularly valuable. First, deployment is much simpler than with other solutions with similar capabilities. Second, the fidelity of the detections is excellent. We have had very few false positives or false negatives, which allows our analysts to focus on their work instead of dealing with noise.

View full review »
MM
Chief Information Officer at a tech services company with 1-10 employees

The ability to quickly and easily identify threats on our machines is valuable. The fact that it protects the environment as a whole is also valuable. They have the ability to identify network nodes, and they have Ranger as a component of the solution that allows us to see the whole picture. We can see on what we have SentinelOne and on what we do not. There is always that concern that you protect what you know, but items can be brought into the network that you are unaware of because you are not sitting at every customer location every day or every office every day, so the ability to quickly identify anything new on the network has been a huge benefit to the application. It is something that they have added over time. It has been huge for us.

View full review »
DS
Enterprise Security Architect at a recruiting/HR firm with 10,001+ employees

The most valuable feature of the solution is its ability to learn, the fact that once you tune it correctly, it knows how to capture and defeat malicious activity on the endpoints. It's not set-it-and-forget-it, but it does give me a much more comfortable feeling that my endpoints are secure and protected from malicious behavior.

SentinelOne also provides equal protection across Windows, Linux, and macOS. I have all of them and every flavor of them you could possibly imagine. They've done a great job because I still have a lot of legacy infrastructure to support. It can support legacy environments as well as newer environments, including all the latest OS's. The latest Mac OS X that's coming out is already supported and in test for our organization. The complete coverage of every OS that we have in our environment has been a huge benefit because I don't have to have different tools to support them. There are cost savings not only on licensing but because I don't have to have different people managing different consoles. For me, having single pane of glass visibility is incredibly important because we run a very lean team here. We are a skeleton crew governing all 83 countries. In doing so, it provides us the ability to do a lot more with a lot less.

I use the Deep Visibility feature every single day. It is outstanding because I just create hunting cases and then I can load them. I can figure out what queries I want to run and I can go digging. And with the queries that I have built for the MITRE ATT&CKs, it makes it very simple to identify something. And now that I have reporting set up based on those queries, I get emails every day.

Using Deep Visibility I have identified a threat and figured out information about it. I've also used Deep Visibility to be proactive versus reactive as far as my alerting goes. I know that SentinelOne will protect my endpoints, but there's also a case where there isn't specific malicious behavior but the patterns look malicious. And that's really what I'm writing these queries for in Deep Visibility.

Here's an example. You can do a lateral movement in an organization. You can RDP to one server and RDP to another server, depending on how your software defined perimeter is configured. Unless you do something malicious, SentinelOne will look at it, but it won't necessarily stop it, because there is no malicious activity. But I can write a query in Deep Visibility to show me things. Let's say somebody breached my secure remote access solution. With the Deep Visibility queries that are being run, I can see that that one machine may have RDPed to a server and RDPed to another server and been jumping around because they may have gotten compromised credentials. That can be reported on. It might not have been malicious behavior, but it's an activity that the reporting from Deep Visibility allows me to pursue and then do a deeper dive into it.

View full review »
Craig McGill. - PeerSpot reviewer
IT Security Analyst at a recreational facilities/services company with 1-10 employees

The most valuable features are threat hunting, the ability to disconnect or disable a machine's network connection in real time, and the ability to restore the connection once the issue is resolved quickly.

View full review »
Werner Lunow - PeerSpot reviewer
CISO at a financial services firm with 1,001-5,000 employees

We collect a lot of telemetry from Singularity Complete. We then use this telemetry to search for malicious processes, which we would not have been able to see before. In other words, in addition to the standard setup that we expect, we are extracting additional telemetry from Singularity Complet to identify malicious processes and other types of threats running on endpoints.

View full review »
Luigi Tiano - PeerSpot reviewer
Co-Founder & VP Sales and Marketing at Assurance IT

The most valuable aspect, in any scenario, was the rollback feature. There were instances when some workstations detected infections, and having the rollback feature proved to be incredibly valuable.

View full review »
DC
Vice President of Technology at J&N Stone

The visibility component is the most valuable feature. Having the capability to delve into the specific resources that the devices are actively using provides us with the breadth and visibility that we seek. Additionally, being able to accurately track our users' activities, such as identifying when they are downloading PDF attachments, enables us to promptly detect any potential issues.

View full review »
Sasita Lamchaona - PeerSpot reviewer
Product Consultant at M.Tech

The AI solution makes it easy for customers to detect and manage policies, as well as documents that help customers manage their platform.

View full review »
DF
Cyber Intelligence Analyst at a financial services firm with 1,001-5,000 employees

I really like deep visibility. Deep visibility is one of the coolest features of almost any tool that we use. The breadth of data that is collected there is valuable, and it gives us the ability to search back through literally tons of data going back a specific period of time. We typically go back 90 days for most things, but we could go back further.

The ability to pick it up is also valuable. It is very intuitive. It does not require a lot of training. For example, we had an intern over the summer who joined us. We were able to get him up and running in the visibility very quickly without a lot of hand-holding.

View full review »
David Nee; - PeerSpot reviewer
CTO at CyberTek MSSP

The overview is valuable. There are a lot of instances out there, but Singularity Complete cuts the noise down by giving us graphics and color-coding information instead of massive tech dumps. It helps us concentrate on what is actually needed versus just the noise. There is just so much noise. It brings us the information we need to look at quickly.

View full review »
ZS
Sr. IT Systems Security Admin at a consultancy with 51-200 employees

Visibility is one of the most valuable features of SentinelOne Singularity Complete. It does not directly replace a dedicated SIM solution, but it works well for our environment and gives us the visibility into our systems that we need.

I appreciate that it is easy to review incidents that have been detected by the behavioral AI or the SentinelOne Cloud. From the notification we can click into the incident to start reviewing, it is just a few clicks. I have all the data in a single pane, and I can pivot to other sources of information, such as VirusTotal, with a single click. I can also hunt for the incident on the network with a single click. This makes things much easier and saves me time from having to review logs.

View full review »
ZV
Cyber Security Analyst at a retailer with 10,001+ employees

Their basic endpoint and detection platform is pretty much their bread and butter. The features that it comes with get a lot of love. You can add custom solutions, rules, et cetera. 

The mobile device management platform is also really good.

They have a lot of integrations with a lot of common platforms that we use. We integrate them with three or four other platforms including data analysis platforms. We haven't really come across too many instances where we had to create custom APIs for them. 

Our impressions of the solution's ability to ingest correlated data across our security solutions are good. They do it really well. They tend to take a lot of the data that they ingest and do a really good job showing you exactly what you need to do or utilizing that data the better way than just receiving it and then manually parsing it. 

We can consolidate our security solutions. It's nice. We have a lot of our security solutions right in the platform itself. They don't offer everything that we need as a security team, yet they do offer a lot. We've been acquiring more of their products as the years go on.

We use the Ranger functionality. That was something we acquired a little over a year ago, and we had quite a lot of endpoints in there, and we actually reduced that number down to under 20 recently. So we're working our way through it, and it's made a lot of progress in our environment.

It provides network and asset visibility for us. Ranger scans our network. It does a really good job of identifying that. In correlation with some of our other network tools, it does a really good job of evaluating what's out there and also being able to provide a proper review and analysis of those endpoints.

We like that Ranger requires no new agents, hardware, or network changes. It's actually really nice. Every time we want to do something that involves the installation of an agent, we have to put in a change request, and we have to wait for the proper easy to improve it. The nice thing about it was we just alerted a couple of teams. We were going to do some scans, and that was it. We've never had any issues. Agentless is definitely the way we've been trying to go moving forward.

We have more insight into our environment. While it doesn't cut down on alerts, we gain more visibility.

The solution, on average, saves us a couple of days' worth of time in total.

It's helped reduce our company's mean time to detect. In correlation with the SOC, we've seen quick alert times. We get an alert almost immediately after an incident.

It also improved the mean time to respond. It does depend on the situation.

From the standpoint of having to suffer through an attack, the solution has saved money in saving us a potential loss. We're paying for the product. The savings are all hypothetical numbers, however, we are definitely saving money. It's helped us reduce organizational risk. We were in bad shape before. We're looking a lot better now. 

View full review »
MV
IT manager at a outsourcing company with 11-50 employees

The fact that SentinelOne is actively looking for threats and runs them against the hash on the Internet to determine if they are malicious or not, is what takes it to the next level compared to other antivirus products. SentinelOne is more than just an antivirus software, it provides insights into threats and shows the flow of attacks. It also allows us to set policies in the cloud so that any other system that is affected by the same bug or virus will be automatically killed, removed, and rolled back. Cloud automation is truly amazing.

View full review »
Mitchell Ayers - PeerSpot reviewer
IT Manager at a construction company with 11-50 employees

Being able to keep track of the endpoints and the data that is available from the endpoints is valuable. We can see the patch levels, whether Windows endpoints are active or inactive, and who is the last user that was logged on. We get a lot of granular information that is valuable even when we are not talking from a security standpoint.

View full review »
KT
Director of information technology at Stuart & Branigin LLP

What I like best about SentinelOne Singularity Complete is its web-based admin interface, which allows me to go into the platform, look at the entire organization, particularly all of the sentinels or endpoints, and manage everything from there. For example, if someone is infected, I can manage the whole operation and process from the admin panel.

I also find SentinelOne Singularity Complete beneficial in its interoperability with other SentinelOne solutions and third-party applications. This helps the solution stand out.

The ability of SentinelOne Singularity Complete to ingest and correlate across security solutions is also a great feature.

The solution has not reduced any of the alerts for my company, but I'm happy to see when the alerts come through on the platform. As for the mean time to detect, SentinelOne Singularity Complete helped reduce it by ninety percent.

I noticed the mean time to respond has been reasonably quicker after using SentinelOne Singularity Complete, plus the organizational risk has been reduced.

In terms of quality and maturity, SentinelOne Singularity Complete has been around for a while and is a trusted solution. I have a colleague who works for another organization that was hit with ransomware, and the consulting company working with his team recommended SentinelOne Singularity Complete as one of the changes to implement immediately so from that standpoint, I truly enjoyed hearing that knowing that my company is also a SentinelOne Singularity Complete customer.

As a strategic security partner, I found the solution great, primarily because all of its features work well.

View full review »
HH
Senior Security Analyst at a pharma/biotech company with 501-1,000 employees

The most valuable features, of course, are the protection and support for the devices. In addition to that, the ability to see the last log-on dates for time-tracking purposes has been helpful. The most useful feature of all is deep visibility. I think it was recently renamed to something else, but it is the ability to run IOC queries across all devices and gain information to look at any kind of potential events that might occur.

View full review »
SimonThornton - PeerSpot reviewer
Cyber Security Services Operations Manager at a aerospace/defense firm with 201-500 employees

The process visualization, automated response, and snapshotting are valuable. The integration and automation possibilities are also valuable.

View full review »
JD
Operations Manager at Proton Dealership IT

The detection and response feature is really good for us. 

Also, there is a feature called Applications, and it shows all the critical applications that are on devices that may need to be reviewed.

The solution’s Static AI and Behavioral AI technologies are great when it comes to protecting against file-based, fileless, and Zero-day attacks. I would rate that aspect at eight out of 10. They have been great at detection.

The solution’s 1-Click Rollback for reversing unauthorized changes is also huge for us. That is one of the top reasons we have SentinelOne in place. For example, we had a site that had downloaded malware on a share for their sales office. It was trying to move laterally throughout the network but SentinelOne detected it. We then used the 1-Click option to remove it from the 10 or so PCs it had infected. Then we blocked it based on the information SentinelOne provided to us. That way if it happened again, it would already be blocked and wouldn't be allowed to launch.

View full review »
BB
CISO at Katholische Universität Eichstätt-Ingolstadt

The platform is user-friendly, easy to administer, and aligns well with GDPR requirements, which is crucial for us. What makes SentinelOne stand out is its speed and efficiency, consuming minimal computing resources. It operates by checking data only when it's accessed, synchronizing with the process that opens the data which is well-designed and effective.

I don't actively use SentinelOne's Ranger functionality because we haven't implemented it university-wide. While we've employed it in specific cases, my experience with it is limited. However, it provides valuable insights into past events, allowing you to trace the history of a virus download or malware activity. For instance, you might discover that a virus was downloaded two weeks ago using the Safari web browser, saved to the computer, and later opened with Excel, triggering certain actions before SentinelOne intervened. The ability to roll back such ransom actions is a valuable capability provided by SentinelOne.

View full review »
Olivier Richard - PeerSpot reviewer
IT Support Director at Biotrial S.A.S.

It's pretty easy to implement. 

It gives you good visibility of any threats or vulnerabilities that you might have on your network. 

It's very simple to use, and user-friendly as well.

View full review »
BD
Agile Product Owner at Micron Technology, Inc.

For us, the dashboard is the most valuable feature. The analytics that you can pull out of the actual tool are valuable.

View full review »
DM
Information Security & Privacy Manager at a retailer with 10,001+ employees

The Deep Visibility feature is the most useful part of the EDR platform. It gives us good insights into what is actually happening on the endpoints, e.g., when we have malicious or suspicious activity. We came from a legacy type AV previously, so we didn't have that level of visibility or understanding. For simplifying threat-hunting, it is extremely useful, where traditional techniques in threat hunting are quite laborious. We can put in indicators of compromise and it will sweep the environment for them, then they would give us a breakdown of what assets have been seen and where they have been seen, which is more of a forensics overview.

From a forensics point of view, we can see exactly what is going on with the endpoint when we have threats in progress. It also gives us the ability to react in real-time, if it has not been handled by the AI. We have set the policy to protect against unknown threats, but only alert on suspicious ones. 

The Behavioral AI feature is excellent. It is one of the reasons why we selected SentinelOne. We needed a solution that was quite autonomous in its approach to dealing with threats when presented, which it has handled very well. It has allowed us to put resources into other areas, so we don't need to have someone sitting in front of a bunch of screens looking at this information.

The Behavioral AI recognizes novel and fileless attacks, responding in real-time. We have been able to detect several attacks of this nature where our previous solution was completely blind to them. This has allowed us to close gaps in other areas of our environment that we weren't previously aware had some deficiencies.

The Storyline technology is part of our response matrix, where you can see when the threat was initially detected and what processes were touched, tempered, or modified during the course of the threat. The Storyline technology's ability to auto-correlate attack events and map them to MITRE ATT&CK tactics and technique is very effective. By getting that visibility on how the attack is progressing, we can get a good idea of the objective. When we have the reference back to the framework, that is good additional threat intelligence for us.

Storyline automatically assembles a PID tree for us. It gives us a good framing of the information from a visibility standpoint, so it is not all text-based. We can get a visualization of how the threat or suspicious activity manifested itself.

The abilities of Storyline have enabled our incident response to be a lot more agile. We are able to react with a lot greater speed because we have all the information front and center.

The solution’s distributed intelligence at the endpoint is extremely effective. We have a lot of guys who are road warriors. Having that intelligence on the network to make decisions autonomously is highly valuable for us.

View full review »
Prateek Parashar. - PeerSpot reviewer
Cyber Security Administrator at a manufacturing company with 501-1,000 employees

The most valuable features are asset tracking, patching, endpoint tagging, and policy updates.

View full review »
LA
Security Architect at WaveLength Ind

The most valuable feature is the ability to drill down into individual sequences of processes. This allows for building a highly detailed timeline of events, which is incredibly helpful. Additionally, the quality of the intelligence provided is excellent, making it difficult to choose between the two. The solution effectively reveals the attacker's tactics, including the mechanism or injection method used, how they exploit vulnerabilities and their use of decoys or misdirection tactics like dequay attacks. They may target one area initially, then shift focus to another, potentially planting seeds for future attacks. Overall, the timeline, intelligence, and overall capabilities of SentinelOne Singularity Complete are highly impressive.

Everything operates in real-time, allowing us to conduct in-depth analysis to uncover previously unknown threats. This capability stems from the use of dynamic libraries, which enable flexible code execution. The key concept here is the ability to pivot within an application. We can dissect and analyze this pivoting behavior, which is a rare feature among software solutions. Additionally, the system allows us to create our custom signatures. By identifying a threat and performing a global search, we can locate other instances of the same threat across our network and establish correlation points. Subsequently, we can create a signature based on a unique identifier (story ID) and integrate it into the initial login scan. This enables us to proactively detect and respond to any attacks that utilize that specific signature, making it a powerful tool for threat prevention.

View full review »
JF
Cybersecurity Service Manager at a manufacturing company with 5,001-10,000 employees

SentinelOne has three services that are very well consolidated:

  1. Technical support, through which they help you, suggest new configurations, and resolve questions. 
  2. The Vigilance Respond service, which is a 24/7 SOC that works on and manages all the alerts that are raised in SentinelOne on our devices. It’s a first layer of defense that filters a lot of the requests. Sometimes we end up escalating something because there are times when we need to understand if the alert is a false positive or not.
  3. DFIR, Digital Forensics and Incident Response. This team is in charge of doing all the forensic analysis of an incident, and we have a certain number of hours contracted with them. Their advisors' technical level is very high and enables you to create a high-quality forensic report, in case you have to escalate or report it to senior staff. The DFIR team is excellent.

Another aspect that is very good is the solution’s ingestion and correlation across security solutions. We opted for SentinelOne because it gives you visibility and control over all the devices on which you have the agent deployed. That is very valuable because, in the end, all the attacks enter only through one gateway, which is usually a user's computer. If you do not have visibility over that computer and the ability to manage it, you cannot block it, restart it, or run a full scan to see if the user has clicked on a link or if any type of malware has been downloaded. This is a layer of visibility and basic management that any company needs.

Also, there is the threat intelligence and activity correlation. They not only detect and respond to incidents but also prevent them.

View full review »
Brian Glen - PeerSpot reviewer
Incident Response Specialist at Klick Health

Device control and network control are valuable. 

They updated the console, and on the incidents page, we can break down the incidents and see all attack attempts. It is pretty cool and in-depth. 

View full review »
JD
IT Director at a wholesaler/distributor with 501-1,000 employees

In terms of service, SentinelOne has very great service. They respond immediately as soon as we open a ticket. I got attacked last year, and they were able to help me resolve my issues. So I got a fast response. Of course, we paid for it, but in terms of professionalism and support, they were extremely professional, and they have a lot of professional people working for them.

The most valuable feature is the quick response to attacks.

View full review »
GS
Head - Network & Security at a manufacturing company with 1,001-5,000 employees

The most valuable feature is the automatic remediation.

View full review »
BY
Cyber Security Engineer at a manufacturing company with 10,001+ employees

SentinelOne Singularity Complete does not consume many resources compared to the competition, like McAfee. The external drive scanning is great.

View full review »
SA
Manager of Information Security at a recreational facilities/services company with 1,001-5,000 employees

The deep visibility is really important for us. With it, we can really look deep into some of the incidents.

Singularity's interoperability with other SentinelOne is okay. It does an okay job. We can tie it into some of our other tools. 

The solution's ability to ingest and correlate across our security solutions is okay. We can tie it into messaging solutions so that we can get alerts directly rather than logging into the console. 

It reduces alerts. There are not a lot fewer false positives. I'm not sure the percentage it has reduced, however in comparison to before, it is definitely less. 

The product does save a lot of time and we are able to get to tasks and respond quicker. It's helped reduce our mean time to respond.

It's helped us save costs in some areas. It would be based on hours saved. While the solution itself is a little more expensive, operationally, it helps us reduce costs. 

View full review »
AP
Senior Analyst at a manufacturing company with 10,001+ employees

As far as EDR goes, the behavior analysis of the incidents is my big thing. 

Its non-signature-based capabilities and the heuristic analysis for dynamic threats are also valuable.

View full review »
ME
Cybersecurity Manager at a comms service provider with 10,001+ employees

The most valuable feature is the rollback functionality, which is highly impactful. We can roll back deleted or compromised files. The Ranger feature is also interesting. It enables the solution to visualize the logs and assets that are not yet covered by the platform. Ranger also enables deployments and revisions. It doesn't always work, but it's effective  90 percent of the time. 

Ranger doesn't require us to deploy an agent on our architecture or integrate anything. We activate and configure it, and everything works. You can choose to visualize assets that have no agent installed so we can get full coverage of all the assets. You can also tell it to block connections to any assets that aren't covered. 

We can identify activities and sensitive connections that we can isolate from the network. We can set all our agents to not communicate with certain IP addresses or assets without the agent. For example, we can limit IoT devices, surveillance cameras, printers, etc. This functionality is critical for covering the gaps. 

View full review »
GG
Network Administrator at a real estate/law firm with 501-1,000 employees

The alerting features are the most valuable. We know that when something goes wrong, we get alerted instantly. That gives us a leg up. Even before the user knows what's happening, we're being alerted to step in and stop anything catastrophic from happening.

View full review »
SD
Director of Global Security Operations at a manufacturing company with 501-1,000 employees

The EDR functionality of the platform is what we use the most. That was the primary reason why we got SentinelOne. That is what we use the most in terms of functionality.

View full review »
AE
Enterprise Security Director at a comms service provider with 5,001-10,000 employees

Ranger is a good feature. The XDR functionality provides the timeline of the attack. The product provides deep analytics for threat hunting. My team uses it to detect incidents and for threat hunting. I like the app inventory feature. It is very good for detecting unauthorized apps by our security policy.

View full review »
Fatima Nezhadian - PeerSpot reviewer
Security Analyst at MPAC

The hunting feature is most valuable for detecting malicious or suspicious activity.

View full review »
Aaron Riley - PeerSpot reviewer
Systems Administrator at a government with 201-500 employees

The management dashboard is the most valuable feature.

View full review »
Suresh KannanP - PeerSpot reviewer
Cloud Security Practice Head at Tech Mahindra Limited

SentinelOne gives us visibility into various high-level vulnerabilities on every gateway on the network. It helps us prevent vulnerable devices from being compromised. We primarily use Singularity for its EDR functions. We're happy with that. 

View full review »
RS
Assistant Manager at airtel

The most valuable feature is the rollback. 

Remediation is great. 

The ranger feature for work devices is most useful.

The reporting part is awesome.

It is easy to deploy the product. 

View full review »
KT
Network Support at a university with 1,001-5,000 employees

There is a feature that allows for deep visibility, which is interesting. You can actually research files. It also does threat hunting. It goes out and finds vulnerabilities before you actually have to deal with the vulnerability. But that is at an additional cost. It's something you get if you buy additional structure.

The best thing SentinelOne has done for us is that it gives us insight into the endpoints. We never had insight into lateral movement threats before. Once a threat known as Qbot gets on the network, it actually spreads throughout sub-networks quickly. SentinelOne has detected that and saved our bacon. We were able to get in there and stop the threat, lock it down, and prevent it from actually spreading through. It would have been 50 or 60 computers. It had spread through in a few minutes. We have a lot of HIPAA data and FERPA data that we need to keep protected.

In a situation where we had a Qbot that was caught by SentinelOne, it literally saved the university millions of dollars worth of privacy protection we would have to pay for. SentinelOne has made a big difference. 

We use the storyline technology's ability to auto-correlate attack events and map them to MITRE ATT&CK tactics and techniques. When we get a warning, it comes up as a very nice dashboard-type screen we can go to. It gives a lot of information on the threat right away, including going to the storyline. You can actually trace it back to the actual file. You can see where the compromise happened, the exact steps that happened, and what happened from thereon.

It's almost like a giant flow chart. It shows you where everything's going, what affected what, what was changed, what was modified, and it also gives you the opportunity at that time to actually do a rollback which allows you to roll back all of those things that were affected and changed at that particular point in time by the threat. 

The storyline automatically assembles a PID tree. I use it more for my own purposes just to see where things came from and the damage they'd done. But we don't actually make a lot of use of a lot of higher functions like that. When there's a problem, we're able to rectify the issue and get the end-user up and running again. We don't have the personnel we had before, which gives us the additional cycles to actually research a lot of these things and go through them and focus on that. We don't make a lot of use of this particular functionality.

The way SentinelOne displays the threat has been the greatest effect on our incident response. It tells you exactly what the threat is, where the threat originated, allows you to look it up quickly in places like VirusTotal and Recorded Future which are malware information sites. You can link the hash of the file directly to the sync without having to do a lot of copy and pasting. It actually knocks some time off of the research of a problem when you do that. It allows me to quickly determine whether the threat is true, or if it's a false positive. It's a pretty strict engine.

If something is relatively programmed sloppy, a lot of times it assumes that that is a threat and it will flag it as suspicious. It can be a little overzealous when it comes to that. In this industry, you'd rather have that than something being too lax. You can configure it so that even if it does see something that it doesn't like, it doesn't stop it automatically. It just alerts you. It doesn't hamper the end-user if you don't want it to do that. But it puts the onus on the administrator, in this case, me, to verify the threat and deal with the threat quickly, or mark it as a false positive. Then, when you do mark something as a false positive or as a threat, it has a backend database. 

The machine learning is very impressive. Once I actually start to configure the machine learning, my day-to-day administration of it, roughly four hours, shrinks down to three hours, then two hours and an hour and a half, because the amount of machine learning involved saves us all that time. That's been its biggest improvement for me. It allows me to be very efficient with my time. It learns our environment, actually stops threats before they get there, and ignores the false positives without having to come up and bother you every time, then ask for input for it.

SentinelOne has dramatically decreased my incident response time.

We've used the deep visibility feature a few times. We don't make a lot of use out of it. We were using the deep visibility feature to search through our entire environment. There was a particular piece of software that was being flagged as not being used in its appropriate manner. It was being used as an enterprise service and it really wasn't. We were able to use the agents on SentinelOne and use its deep visibility to find the particular program and obtain its hash from there. Then, we were able to use the SentinelOne agent to extract this particular program on there, so we were no longer operating something out of license. That's what we've used deep visibility for. 

Deep visibility is very useful. If I had to simplify it, I would say if you know the threat you're looking for, it's fantastic.

Using the deep visibility, we did not find threats that were lingering on our endpoints, because the SentinelOne agent had dealt with them. We used it for a purpose that it probably was not intended for, which was actually finding specific software that was not supposed to be installed in our environment.

SentinelOne provides equal protection across Windows, Linux, and Mac OS. This particular product has worked so well that we mandated it across all workstations and all servers in our environment. It is our primary endpoint defense across all three of those operating system platforms. It has proven to be equally effective amongst all three. It did such a good job that it is our frontline.

I find their version naming conventions interesting in the fact that it's not just a number so it does help to recall some things when it comes to what version you are on. Anytime I open a support ticket, they always ask me what version of the console I'm on. I always have to look that up. I never remember that because this particular Liberty version has changed four or five times over the last month and a half.

View full review »
RS
System Engineer at Lyanthe

The most valuable feature is the information it finds and what it is doing with that information. I can check if the info it sends is true. It's very clear. 

And if you configure it in the right way, it does a lot automatically. And that's what you want. You don't have to use it every day. I only log in to the SentinelOne portal once a day, just to check if there are alarms or the like and that's it. The rest is flawless.

Now that we've been using it for six months, SentinelOne knows what we want to have, what it has to do and it works that way. So it's very simple to use and that's pretty nice for the team. 

The best part of the agent is that users can't remove or disable it, so endpoints will be safe. I can control it from the portal. I can see when it's updated and I can push updates from the portal. The greatness of SentinelOne is that our end-users don't see anything to do with the agents. Some of them don't even know it's on their laptops. And that's a good thing.

View full review »
Mohammad Ali Khan - PeerSpot reviewer
Director at Pacific Infotech UK ltd

It's artificial intelligence-based software. The best part is the fact that it doesn't necessarily rely on definitions, like other software. For example, Symantec, AVG, Avast, and Kaspersky, traditional antivirus software, rely on virus definitions. So every now and then, if there is a virus infection, they will compile a new set of virus definitions and push it to the local agent so it will know that this virus exists and that it should keep an eye out for it. 

These traditional software solutions have small levels of functionality that may help them to identify if there are any dodgy activities within the computer. They would then try to mitigate those, but only to a very limited extent. With SentinelOne, that's not the case because it basically has its own intelligence to identify any dodgy behavior within the system. As soon as SentinelOne detects anything which is not right, it will start tracing the changes being made. And because it's centrally controlled, it will give the controller team an early indication that there is something wrong and that we need to fix it. Not only that, but it will block it and keep track of it for mitigation.

We also use the solution’s ActiveEDR technology. Because it's an agent-based system, it is monitoring internally. It's not that the central system is doing it. It's keeping an eye on the functioning of the endpoint itself. If the endpoint is functioning properly, it will sit behind the scenes and not do anything at all. As soon as it sees any malicious activity within the system, that's where it's triggered. The artificial intelligence part of the agent is able to differentiate what activity can be considered malicious and what activity can be considered normal. And that's big. It's something that cannot happen without that kind of intelligence in place.

It has a one-click button that we can use to reverse all those dodgy changes made by a virus program and bring the system quickly back to what it was. That's one of the most important features.

Another valuable feature is that if a machine is infected, one that may infect other computers within the network, we have the capability of segregating that machine so that it remains connected to the internet but is cut off from the other machines in the network. That helps prevent spreading of the infection. That's a very unique feature, one I have not seen in the last 10 to 15 years from any other antivirus program. That's amazing.

We have used it on Mac and we have used it on Windows. We have seen a good level of protection, because since installing it for those of our customers who have taken it, not a single report of a breach has come out. I feel very strongly that the system is quite capable.

View full review »
TF
Director of Cybersecurity at a manufacturing company with 1,001-5,000 employees

Deep Visibility is a valuable feature. It lets us search across the environment and correlate things much more easily than we could have previously.

View full review »
Laurie Reynolds - PeerSpot reviewer
Threat and Vulnerability Manager at GBG Plc

I work in vulnerability management, and for me, at the moment, its automation is most valuable. For the SOC team, incident visibility would be most valuable, but for me, it is automation.

View full review »
Tim Hayes - PeerSpot reviewer
System Administrator at a wholesaler/distributor with 5,001-10,000 employees

You can use the solution right out of the box. It's ready to go with baseline policies and is good to use without any changes. It's only gotten better since we've added custom rules. 

It's simple to use and intuitive. It gives you good visibility and shows what is going on. 

The product works well with other SentinelOne solutions and third-party tools. It's pretty seamless. They make it pretty easy to integrate with other products and you can pull data pretty easily from the other solutions. 

The solution's ability to ingest and correlate across our security solutions is excellent. It has allowed us to blend data from another product we own. 

It's helped us consolidate our other security solutions.

The product provides network and asset visibility. The Ranger piece is probably one of the best items. We have other solutions for asset management, yet none is never 100%. With Ranger, we really get that visibility we need. Having Ranger built into one client and being easy to use has been perfect. It helps us prevent vulnerable devices from being compromised. We've discovered a few assets within our organization we were not managing fully and Ranger has helped us secure our environment just that little bit more. 

There are fewer complaints from users when scans are running. The previous solution just used up so many resources. This product runs seamlessly in the background and we know it's running since we get triggers on alerts that are legitimate catches. SentinelOne does a good job at detecting. It's reduced our alerts by 25%.

The product has helped to free up our staff for other projects and tasks. It's freed around 50% of their time. 

It's reduced our company's mean time to detect by 40% or more. It's also drastically improved the mean time to respond. We don't have to worry about false positives. We know when we get an alert that it's legitimate, and we need to act on it. That's improved by about 40% to 50%

View full review »
Salman Aziz - PeerSpot reviewer
Security Architect at a retailer with 1,001-5,000 employees

It is purely cloud-based, meaning you don't need to have something installed, such as a server on-prem. You have cloud management and can access it from anywhere, with integration with SSO, with one click. It's also very lightweight. It provides granular control as it is cloud-based, and there is no on-prem hardware or software to manage.

It protects against malware, suspicious activities, and suspicious people on the endpoint itself. The endpoint can be a user machine, a server, or an IoT device.

Another feature I like is that when there are indicators of compromise, such as hash files, IP addresses, or domain names, you can add them straight away with one click, and, boom, everyone will have them blocked right away.

The detection is very good and very fast. Once we install it, files or malicious software that are installed on the system are quarantined or deleted right away. The response is also fast.

We have many old machines with outdated software that have been compromised, with malicious software installed on them. It detects all these issues, including that the software is not updated and that they have all these malicious files. It helps us identify those endpoints. All those machines are sent to be upgraded and to have things removed or installed—whatever actions are needed. And for servers that are running software for the business and that can't be upgraded on-the-fly, isolated, or shut down right away, we create an isolated network for them and give access only to the particular users who need them.

View full review »
Greg Walia - PeerSpot reviewer
IT Manager at a healthcare company with 501-1,000 employees

Singularity's rollback feature is one of the primary reasons we bought the product. If there's an attack on the machine, the system can automatically roll back the data and the hard drive of the machine that was attacked.

The interoperability is solid. We've integrated Google Authenticator with SentinelOne for multifactor authentication, so it works well. We also use Citrix multifactor authentication. It works well with our other systems. 

View full review »
Dinesh Yadav - PeerSpot reviewer
Sales Director at CLOUD MIND

The most valuable features are forensic investigation and ransomware prevention.

View full review »
AANKITGUPTAA - PeerSpot reviewer
Consultant at Pi DATACENTERS

We like the file-less monitoring and filtering are great in the context of security.

The setup is very straightforward. 

It is stable. 

The product can scale if the licensing is correct.

View full review »
Mallappa Bagi - PeerSpot reviewer
Security Analyst at R V college of Engineering

They provide a map, a process tree, and that is pretty good for analysis.

Also, it can be integrated with third-party threat intelligence tools. From that perspective, it's good. And we can ingest SentinelOne data into Splunk and correlate and provide analysis on that.

It gets data from all the endpoints, and we'll have that in a centralized place, and we can track those cases to detect the threats. It helps protect the organization in that way.

And Ranger provides network and asset visibility. We have network-level data visibility, as well as endpoint data and application layer data. It has a good feature to collect all the domains that are initiated. That helps us see if there are any malicious connections on the machines. And it's simple because Ranger requires no new agents, hardware, or network changes.

View full review »
JL
System Administrator at a renewables & environment company with 51-200 employees

It's been pretty good. I have no complaints. It's been working very well.

I like the way that this product works. It doesn't rely on the data file. It checks the behavior of the process to prevent virus or phishing attempts from there.

I like the way it detects threats. It's based on the heavy behavior, not just based on the signatures, and it downloads from a central repository. 

I really like how you manage the endpoints. Their web portal is really nice. I can do everything through the web portal. I can see all the endpoints. I can upgrade them from there. And gives me a nice list of what software is installed on the endpoint as well. The solution will give me recommendations if there are any security vulnerabilities, for example, if the software is missing a patch or something like that. The deep visibility feature is great. If there's an incident, I can deep dive into the incident to see where it's coming from and how it affects the endpoints.

The interoperability with other SentinelOne solutions or third-party applications and tools has been pretty good. We haven't had major issues. 

While I'm not sure if the solution helps us with consolidation, their product does improve our overall security posture. We basically just use it as endpoint security. We're not using other products from them altogether. However, this is doing a great job of protecting us.

It has helped to reduce any of our alerts. Ever since we had this product implemented we've had fewer alerts. We had less user involvement as well. Where McAfee used to interfere with the user's daily productivity, SentinelOne does not. That's another thing I'm pretty happy about.

With this product, we can free up our staff for other projects, assignments, and tasks. It's reduced disruption for our users. Therefore, our help desk doesn't have to do as many tickets as when we were with McAfee.

Our mean time to respond to threats is definitely better. If there's anything happening, we get alerts right away via email. McAfee was not instant. We know about threats sooner and we have more time to respond to them.

Singularity helped our organization to save on costs. There's less maintenance compared to McAfee. The price is similar; there's not a big difference. However, we do save time and that translates to money. 

Our organizational risk has been reduced. It's a much better product compared with what we had. If there are any security vulnerabilities, if there's any patch needed, or if there's any known security threat that I should be aware of, I get notified fast.

The quality and maturity of the product are very good. Customers seem happy with them. I'm also happy with the product and its capabilities. 

View full review »
Chris East - PeerSpot reviewer
IT Manager at a tech vendor with 1,001-5,000 employees

The portal is the most valuable feature because it provides us with a single pane of glass view and is highly intuitive.

View full review »
AM
CISO at a computer software company with 5,001-10,000 employees

The threat detection and visibility as well as the migration of the data to our SIM instance has been useful. Doing automation workflows has been excellent.

They have fairly decent integration with third-party tools within their own stack. They have very strong integration with CrowdStrike and Microsoft Defender. They also have connections for Palo Alto Networks and all the tools that we leverage across the firm. These are API connectors, so they are plug-and-play. The login session coordination piece is also fairly robust, which is done with Splunk on the same side.

It's a plug-and-play solution that works well with other out of box integrations that we have. We can move the data from the solution into third-party tools.

It helped us to reduce our alerts. On the the Linux kernel side, we have quite a few different versions of Linux, and hence the alerts that we used to get earlier were a lot more. They are significantly less since they're now managed and controlled through the Singularity platform.

Our mean time to detect has been reduced significantly. We've saved maybe thirty minutes to an hour. Our mean time to respond is a bit better by a few minutes.

View full review »
AB
SecOps Lead at a tech services company with 201-500 employees

I like the centralized management with the web dashboard. It allows me to quickly view incidents and see what's happening in a well-organized way. I can also easily query different points.

View full review »
CM
Information Security Analyst at Point Loma Nazarene University

I find the application inventory feature to be extremely useful. We utilize GreenMile for MAC management, and it's not as straightforward to locate the inventory of the applications installed on our computers. As a result, I have been using the application inventory feature more frequently to accurately identify the programs installed on each machine.

View full review »
CL
Security Expert at a healthcare company with 5,001-10,000 employees

The solution is powerful because we just have to update the agent by using the console, which is simple to do. I just select the endpoints and click "Update" on the console. That is it, because it is very easy to use. 

Regarding threats, it is very powerful. It highlights them immediately on the console, then you can decide if it's a false positive or an actually real threat. 

SentinelOne's distributed intelligence at the endpoint is very powerful and works well.

View full review »
RK
Deputy Manager at JK Paper

SentinelOne Singularity Complete has a valuable feature that allows us to install the agent on every endpoint and extract all asset information for reporting purposes in our live inventory.

SentinelOne's XDR service is valuable. We use them to find the root cause of an issue.

View full review »
SS
Developer at DSY medical

It's catching a lot of malicious and suspicious threats. That's good for us. 

We are able to write some custom rules on SentinelOne.

The setup is simple. 

View full review »
Rajeev Babu - PeerSpot reviewer
Sr. System Administrator at Danube Group

SentinelOne is very lightweight. It doesn’t consume much memory of endpoints. Endpoints don't hang, and machine performance doesn’t get impacted. Their technical support is also very nice.

View full review »
KN
Senior security consultant at a computer software company with 51-200 employees

The anti-ransomware capability to analyze the threats and user-friendliness are the most valuable features.

View full review »
PC
Sr. Security Engineer at a financial services firm with 501-1,000 employees

Malware detection is valuable. We have had incidents where users have clicked on malicious links and we were able to patch the malware using SentinelOne Singularity Complete before it reached the SIEM. SentinelOne Singularity Complete has become one of my most trusted solutions for hunting malware in our environment.

View full review »
Rahul Kate - PeerSpot reviewer
Co-Founder at First Defense WLL

The solution offers excellent detection and integration capabilities. 

Integrations talk to other security vendors and share data with the help of the API. No other product offers this functionality. 

View full review »
Sheryar Saqib - PeerSpot reviewer
Sr Network Security Engineer at a tech services company with 501-1,000 employees

The protection and management provided by SentinelOne is good.

View full review »
Michael Mcdonald. - PeerSpot reviewer
Senior Security Consultant at First Technology

The most valuable feature of Singularity Complete is the Ranger function.

View full review »
AG
Executive Director of Information Security and Compliance at a pharma/biotech company with 51-200 employees

SentinelOne Singularity Complete, together with SentinelOne Vigilance, is an EDR tool, with capabilities such as these, which I found valuable: the dashboard that shows you all the information and the power to either manually or automatically quarantine issues or threats in the environment.

SentinelOne Vigilance is one of the feature sets of SentinelOne Singularity Complete as a whole, and my company found SentinelOne Singularity Complete a little bit easier to use and flexible; plus, it had several feature sets.

View full review »
GB
Network Engineer at a financial services firm with 11-50 employees

The solution's in-place upgrades have been very helpful. Another valuable feature is the ability to set policy exclusions on different scope levels, such as at the site or across all sites. Having the API access and documentation for the API is very valuable. If we needed a feature that didn't already exist in the SentinelOne console, we could cook it up ourselves and have it run whenever we wanted.

View full review »
RJ
Deputy Chief Information Officer at a computer retailer with 201-500 employees

The most valuable feature varies from client to client but having absolute clarity of what happened and the autonomous actions of SentinelOne are what most people find the most assuring. The fact that it stops everything and lets you analyze it with great detail, including how it occurred, to improve your overall security infrastructure to prevent such an attack from occurring in the future, is really important to clients because it's almost like a security advisor or a security operation center in the tool itself.

When an event occurs, it gets stopped, and then they have a way to look into that data to find ways to improve the security of their network or what risk factors they need to tend to within the company through education or other means. For example, they may be constantly clicking on the wrong links or the wrong attachments in phishing emails.

Our people constantly use the Ranger functionality. The first thing we do is look for unprotected endpoints in the environment. This is critical because SentinelOne should be placed on everything in the environment for maximum protection. The second way we use it is if a printer or a camera or a thermostat is being used as a relay for an attack, through a weakness in that product, we are able to let them know exactly what product it is. The other advantage of Ranger is that it lets us put a block into the firewall of SentinelOne that's on every Windows computer, and we can stop the communications from the offending internet of things product to every system on the network with just a few clicks.

It's incredibly important to us that Ranger requires no new agents, hardware, or network changes. If you think about it, we're in the middle of an incident response every day. We have between 60 and 80 incident responses ongoing at any time, and having the ability to deploy just one agent to do everything we need to advise clients on how to improve their security and prevent a second attack, is incredibly important. It was a game-changer when Ranger came to fruition.

Various clients, depending on their business practices, are heavily in the IoT. Some are actually the creators of IoT and as they put new products on the air for testing, we're able to help protect them from external attacks.

View full review »
TT
Offensive Security Certified Professional at Schuler Group

For me, the most valuable feature is the Deep Visibility. It gives you the ability to search all actions that were taken on a specific machine, like writing register keys, executing software, opening, reading, and writing files. All that stuff is available from the SentinelOne console. I'm able to see which software is permanent on a machine, and how that happened, whether by registry keys or writing it to a special folder on the machine. That's threat-handy. Deep Visibility has found threats we did not know were lingering on endpoints, but I am not allowed to speak further about this issue.

Because we are a bigger company, we are doing a step-by-step rollout. We don't have all countries fully in production, where "fully in production" means that SentinelOne is the only antivirus product on the machine. So in some countries we just have it reporting and not quarantining. For example, in China we have SentinelOne completely up and running, and there the Behavioral AI analysis is one of the reasons the antivirus is so effective. To be honest, we have to white-list some stuff which behaves weird but is really needed and not harmful to us.

The Behavioral AI recognizes novel and fileless attacks and responds in real-time and it does so really well. That is one of the things that has really brought us forward. It completely changes how we work with our antivirus solution. The previous product just gave us the information that the software had blocked something, while in SentinelOne we really see what was going on. We see the complete path of execution for a given malware: how it got on the machine and how it got executed. And then, SentinelOne stops it. It gets executed but then gets stopped, and that's something completely different from a pattern-based antivirus.

Another great benefit comes from the fact that SentinelOne doesn't rely on pattern updates. For some machines we have at customer sites, which are not reachable by internet or VPN, we have better protection than before because you don't need to update the SentinelOne agent every day to get the actual pattern from it. The Behavioral AI gives you protection even if you don't update the client. That's a great benefit for us at customer sites.

When it comes to the Storyline feature, as a penetration tester, I'm doing threat hunting. Every time malware gets executed on a machine, it's something I have to investigate. Normally we block it very early, on our proxy servers, for example, for all our users. Seeing how the malware got executed shows me the kinds of security holes we have are on our proxy servers. That's very important for strengthening some portions of our defense in other places.

View full review »
LC
Director - Global Information Security at a manufacturing company with 10,001+ employees

The strength of SentinelOne is that it has an automated, active EDR. It does that first level of what a SOC analyst would do, automatically, using artificial intelligence, so we can focus on other things. Active EDR not only notifies you, but it actually fixes that first level. That is unheard of. Very few, if any, companies do that.

The reason we went into this whole selection process and selected SentinelOne is that their strategy is "defense-in-depth." They do not only do what the traditional AV endpoint security solutions used to do, but they go further by looking at behaviors and patterns. Additionally, their big differentiators are in the dept of behavior analysis. There are other companies that claim this - albeit in a lighter flavor. 

The whole behavioral analysis helps us get to the root causes. We can understand and pictorially see the "patient zero" of any threat. It shows the first one who got whatever that threat is. When you look at their console and you see a threat, you can not only pick up the raw data to do forensics on it, but it can actually tell you a storyline: who patient zero was and how this whole threat has spread through your environment or on that machine itself; how it happened. Then, you can check on these things yourself. That's crazy good.

In addition, there is no dependency on the cloud to fully protect. Many products you see today, especially those called next-generation, depend on getting some information from the cloud. With this solution, you don't need to connect. It has the intelligence on the endpoint itself. That's useful because you're not always connected to the cloud. You could be in a lab. We've got laboratories where they aren't necessarily connected to the internet, but you want to have the latest intelligence of machine learning to see that you're doing the right thing. SentinelOne doesn't have to be connected. It's already got that behavioral stuff built-in.

They have a rollback and remediation facility as well. If you've got a virus or some malware on a machine, it's going to detect it and it can actually just clean up that part of that malware. You don't have to do anything else. And if you have ransomware, for example, it will pick it up before it causes a problem. And if it didn't, you can actually roll back and get it to the previous good version.

It integrates well with other products. We've got other cloud services that we use for security, and the intelligence is shared between SentinelOne and the CASB that we have.

And with the threat-hunting, you can validate what it's telling you: Is it a real threat or is it just something that is suspicious?

It can tell you everything that's running on an endpoint: What applications are running there and which of those applications are weak and that you have to watch out for. That's one of their free add-ons. You can do queries, you analyze, you can see who touched what and when. You can check the activities, settings, and policies.

Another advantage is that you can break up consoles. You can have them all in the cloud, or you can have some available physically. You may want to keep certain logs local and not share them because of GDPR. You can do those kinds of things. It's very adaptable and malleable.

If you have an agent on your machine, it will find out what things are neighbors to your machine. You can control machines at different levels. You can even control a device on your machine. If there is, for example, a USB device on your machine, I can control it and not let you use that USB device. I can actually get into your console and do stuff.

The other strength of SentinelOne is that you get almost all these features out-of-the-box. They add many features as a default, you don't pay extra, unlike many other companies. There are services you do pay extra for. I mentioned that SentinelOne handles that first level SOC security analyst-type work. But if you need a deeper understanding, with research, they've got a service for that and it's one that we're using. I was convinced that our current team wasn't good enough, so we had to get that service. It's actually very cost-effective, even cheaper than other ways of getting that level of understanding.

They are already reporting on application vulnerabilities in the landscape and working on providing remediation - another big win. 

Regarding the IoT feature, it's on the fence whether they're going to charge for it but that's an add-on module. However, it's not like you have to do anything to install it. You just have to click something in the solution.

View full review »
GM
Head of Global Solutions at Arete Advisors

I like Singularity's rollback features, threat-hunting, and Ranger Insights. The Ranger feature scans the network and provides visibility into all the unsecured assets. It doesn't require any agents or network changes. It just gives us information about the unsecured assets that aren't managed by the IT departments of any company. It detects the vulnerabilities but doesn't prevent them. 

View full review »
CB
Cyber Security Administrator at a manufacturing company with 51-200 employees

The Microsoft integrations are most valuable right now. One that I still have in the testing is putting user accounts into the high risk and letting our policies on that take place, and then have SentinelOne put it into network isolation as well until an incident is resolved.

View full review »
AZ
CyberSecurity Analyst at a printing company with 11-50 employees

I mostly use the dashboard to view infected endpoints on unresolved threats, so that I can prioritize my investigations. In incidents, SentinelOne's remediation is excellent; we can immediately see if the threat type is dynamic or static. In other words, if it has been executed. Additionally, I like the visibility that we have into machines, as we can log in and investigate them directly.

View full review »
PN
Information Architect & Security Officer at a wholesaler/distributor with 201-500 employees

The user interface, ease of maintenance, and the efficient way to identify the root cause of an incident to see all the factors that contributed to it are the most valuable features.

View full review »
KodiswaranChandran - PeerSpot reviewer
Cyber Security Analyst at Acora

Singularity's threat-hunting platform is user-friendly, and I like the built-in remote access feature. External parties can log in securely via the S1 agent. It's easy to integrate S1 logs with our SIS. That's one good thing. We don't need to use any other tools, like a SIEM. 

View full review »
JS
Cybersecurity Engineer at a energy/utilities company with 1,001-5,000 employees

The visibility and, obviously, the protection aspects are second to none when it comes to speed. Another thing we fall back on is the option to roll back an endpoint if it is infected. There is a shadow copy so that if a PC downloads malicious content, we can roll it back to the state it was in before that package was imported.

It also has a lot of flexibility with its ability to ingest things.

And the AI feature of the solution is prompt in how it learns a certain network and how it responds to certain things. If you do come across false positives, it's relatively easy to get around them.

View full review »
JL
Application Support Specialist at a non-tech company with 201-500 employees

The fact that they have a lot of search features is very helpful. We can go into their filters and we can filter out by specific computer name, for example. We can specify if we want Macs or we want Windows computers, or if we want just laptops, or desktops. There's just a lot of versatility as to how we can look up the devices and really drill down.

The interoperability with other SentinelOne solutions and other third-party tools is good. For other third-party tools, I've used other antivirus software that doesn't have this type of interface. This gives you a lot more latitude to control the computer to basically push out updates and monitor what's going on with the endpoints immediately. It really helps with everything that you need to be on top of quickly, and it really helps that we can monitor everything in real-time.

It integrates smoothly with other solutions. We were able to push out the software and the agent to all the endpoints rather easily. There were only a few stragglers who just weren't physically on and weren't getting the endpoint, however, the rollout went pretty smoothly. The few endpoints not covered were ones that weren't turned on or not in use.

My impressions of the solution's ability to ingest and correlate across our security solutions are positive. It works really well. 

We like the fact that we actually have a dedicated person at SentinelOne that we can talk with and work with.

It's helped to reduce alerts. The alerts have really gone down. We've actually had a lot of good coverage. There really haven't been that many alerts or issues. They've actually caught a lot of issues and threats before it's even been a problem. It's really helped cut down on the amount of work that we have to do on our end for troubleshooting and the prevention of viruses or phishing attempts.

This solution helped us to free up the time for other projects and tasks for your team members. We just rolled out a new software program, and it allowed us to focus on that more rather than having to deal with virus alerts that come through from our previous virus program. They've really managed it for us and really helped us find more time to work on the projects that we really need to focus on to advance our business rather than worry about threats that are coming through. It's been quite a time saver. 

It helped to reduce our organization's mean time to detect. It's got a much nicer interface to work with, and it's really helped to have them as a working partner rather than our previous vendor which was just a little harder to get a hold of and not as easy to work with.

The mean time to respond is much quicker than what we did have. 

It has helped to reduce our organizational risks. We save a lot of hours by not having to deal with all the alerts and managing them. It has saved us many hours of work and really helped us focus on what we really are there to do rather than working on the threats that come our way.

The solution does allow us to be innovative. The product has a nice interface and is quite robust in comparison. We like the options and availability and how it allowed us to manage our endpoints.

View full review »
AJITHH G - PeerSpot reviewer
Solution Engineer at AppSmart

The XDR capability is quite good and offers advantages such as its real-time detection that is superior to CrowdStrike. I hear that face detection capabilities have also been added. 

View full review »
Cem BALIK - PeerSpot reviewer
Information Technologies Manager at VAS Bilisim Teknolojileri A.S

It's an easy tool and it offers a different experience. It is a new generation product.

The initial setup was easy.

It's stable and reliable.

The product can scale as needed.

View full review »
MS
IT Solutions Specialist at a non-tech company with 11-50 employees

The real-time alerts, deep visibility, and threat-hunting modules are the most valuable features.

I am particularly interested in the new app vulnerability module that is included with the Singularity Complete edition. We are currently evaluating its capabilities to determine its suitability for our needs.

View full review »
IB
Chief Innovation Officer

The most valuable aspect of SentinelOne Singularity Complete is the protection it provides. We get endpoint protection without the IT team workloads and the negative impact on end-user rotation servers. This is because of the way SentinelOne has implemented the technology.

View full review »
it_user1011267 - PeerSpot reviewer
Senior IT Consultant at Jeneri IT

It protects your machine, and it does an excellent job using AI to determine an attack and stop the attack. Its most powerful feature is prevention, and it can unwind ransomware activity as well. So, it is a really useful product in that sense.

There is the ability to SSH into a machine even if the machine has been disconnected from the network. When a real hazard happens, SentinelOne disconnects it from the internet so that no more transactions can occur, but I still have access to the machine. One of the bigger benefits is that no harm could be done because there is no communication with the internet, but I still have the ability to go in, restart a machine, do some investigations, and make some things happen.

View full review »
Jairo Avritchir - PeerSpot reviewer
Director of Technology and Digital Transformation at Banco Fibra

It is easy to collect and retain logs with SentinelOne. When you need to compare information, the data is available. It also has the possibility to configure information. It integrates well with all the other solutions we use. 

View full review »
KM
Security Head at a financial services firm with 11-50 employees

The solution is very straightforward to set up. 

The features are great. It is excellent for detection and device blocking.

The network control has been useful, as well as the firewall control. 

The solution is both stable and scalable. 

View full review »
JM
Cloud Engineer at a comms service provider with 1,001-5,000 employees

The most valuable features of SentinelOne are the lateral movement and the use of the Active Directory.

View full review »
EG
CEO at ERG Solutions

SentinelOne is very simple to install and very simple to manage. It's very aggressive, so it does protection well, and it seems to be stopping attacks that other solutions cannot.

View full review »
SP
Network and Security Engineer at a energy/utilities company with 1,001-5,000 employees

It is easy to manage and install. It has a very nice graphical interface that is very intuitive when end users are using it. You don't have to follow or read a book about 600 pages to have knowledge on how to use it. When SentinelOne is up and running, you can easily find your way. 

They do updates all the time. It's very nice to see how they constantly evolve. New features are being added each time that I take a look at the interface, which is really nice. It's not something you have to do for yourself all the time. You just go to the interface of the management portal, and you will see each time a new feature has been deployed. For example, when we started with SentinelOne, we had some applications that needed to be whitelisted, where we had to go through a whole bunch of licensing rules provided by the distributor. Now, we have the possibility to select from a catalog which rules we want to whitelist, since we are using that application. It is such an easy step for us, which is nice. It makes our life comfortable when managing all our endpoints and very complex infrastructure.

The Behavioral AI recognizes novel and fileless attacks and responds in real-time. The nice thing about SentinelOne is that it is behavior-based, so the AI is smart enough to detect when something is moving. For example, an external person was doing some administrative tasks for us, and he used a tool that is also used by attackers. He called me, and says, "I'm blocked. I think SentinelOne is seeing my tool as a virus or malware." Then, I looked at SentinelOne, and it says this guy is using hacker tools. That is what I found very nice. SentinelOne can immediately identify the tools used by hackers. In this case, it was immediately blocked, even though it was not a malicious application, Trojan, or something like that. Because the solution knows hacker tools and behaviors, it says, "Okay, this cannot work on this environment. This will be blocked." That's something that I really like.

It is a good use as an EDR solution because it immediately reacts on stuff. It also quarantines endpoints.

View full review »
ZC
Network Engineer at a government with 11-50 employees

The product has an automated process where we find security issues. It’s a 24/7 behavior analytical tool to execute certain actions. The tool deletes the problem-causing process and prevents issues. It discovers, kills, and protects. The software is good. I don't see much of an issue with it.

View full review »
Jared Ochieng - PeerSpot reviewer
Information Technology Security Specialist at infoark

The interface is good and it is easy to use. The engine that they use to look for malware and for viruses is very good. 

View full review »
Adam Peason - PeerSpot reviewer
Chief Information Security Officer at Lone Star National Bank

It is a good endpoint solution. That's the reason we chose it. We looked at other solutions, such as CrowdStrike, and based on the cost and the services it delivers, it was the better choice.

View full review »
AG
Head of IT at a transportation company with 501-1,000 employees

The most valuable features are application auditing and malware detection.

Application inventory and auditing highlight which applications are installed on the endpoints, and whether there are any known vulnerabilities. If the endpoint is not patched then it will be reported. This helps us in terms of validating our patch management methodology.

On the malware protection, it looks like it stops all malware and detects things such as suspicious activity.

The automatic monitoring of OS processes is a good thing to have. However, I'm not totally familiar with the product in-depth. It gives peace of mind in terms of our security and it doesn't seem to have any impact from an end-user perspective.

We use the threat detection feature.

The Deep Visibility feature is something that we have used once or twice. It gives us visibility of all of the activities that took place, to determine what exactly was caused. We don't use this feature very much, purely because we don't have many things to look at. We did find some things that were suspicious, and we were able to resolve them. It highlights certain things that we weren't aware of, and then we were able to go in and understand them further. At that point, we either marked an issue as a false positive, or we denied it permission to continue. In either case, SentinelOne stopped it from proceeding. 

At the moment, my confidence is quite high with respect to the effectiveness of the distributed intelligence at the endpoint. I haven't had reason to determine if it's not working and at the moment, it seems to be doing what it says it does.

View full review »
EC
Principal Security Analyst at a tech services company with 1,001-5,000 employees

I really like the storyline feature. It makes it easier to tie together the processes and how they are related when investigating potential incidents. I also like the dashboard and the customization options.

View full review »
AP
Security Engineer at a financial services firm with 51-200 employees

The deep visibility and the ability to perform security investigations and assess our endpoint security posture are the most valuable features.

View full review »
BB
Chief Information Security Officer at a tech services company with 11-50 employees

The range and functionality are great.

The remote script orientation is good. 

The level of vigilance is impressive.

Its ability to interact with other third-party tools has been great for us. It can work through APIs and partners and integrate well.  

The solution's ability to ingest and correlate across other security solutions is helpful. It's been very important in terms of how we will move forward with the product. We're in the process of consolidating security solutions right now. Hopefully, it will help us reduce the use of some tool sets. It's helped us automate more and correlate better by bringing in data sets from different areas or systems so that we get a sense of threats. That's been really critical.

It provides increased visibility through Ranger. We don't need new agents or hardware. The ability to look for and find new devices that come onto the network helps us protect more efficiently.

It's been a great product in a couple of ways from my analysis of working on it. They have a great user interface, for example. It's easy to install and easy to support. It's allowing integration from all the different parts of our business and data points. Then there is the breadth of services that are tied into it. The support infrastructure overall has been great. 

Singularity can correlate with other data and it helps us put an automated lens around everything to reduce the amount of alerts we'll get.

We can scale with the solution and not have to scale more analysts. It helps us be more efficient.

It has already helped reduce the mean time to detect. The mean time to respond has been okay.

It's also helped us save costs. We're able to deploy a standardized solution that's really well-defined and offers very good training. The ability to scale has been wonderful and it's helped reduce the overall cost of the service we provide. 

Singularity helps us reduce organizational risk from a customer perspective. 

View full review »
GA
Deputy General Manager at SLT Visioncom Pvt Ltd

Nowadays, there is a lot of malware and various other malicious threats. Our system is an internal system. There might be a firewall there, however, malware can still get through an email. However, this solution is very good at detecting abnormal behavior. They act very fast and quarantine machines well. 

We find that having an endpoint protection solution allows us to adapt and react faster. 

I can put something on my pen drive and get the solution to scan it and see if there are any issues. They can identify and block without affecting any core sections. 

The solution is easy to set up.

It's stable.

View full review »
RS
Technical Team Lead at Alepo

I like that SentinelOne doesn't use a lot of system resources or make the system slow. It also performs a full scan quickly—within two hours. It has an easy-to-use end-user GUI. 

View full review »
Ashish Dubey - PeerSpot reviewer
Lead Security Analyst at SecurityHQ

The most valuable feature of SentinelOne is the good graph it provides. It has a specific page where it detects the recent attacks on other machines or the hackers, for example, group APT28 and all. It shows the active group or predators in the market, the tactics the group uses, and the recent attacks the group performed.

My company even asked a particular client to onboard devices on SentinelOne because it's easier to graph the alerts. The tool can provide you with a better graph that shows when the alert started, the process, the challenges, and the parameters of the processes.

SentinelOne also has a knowledge base embedded in it. You have to visit the page to get the details.

I also like that you can see the activities performed for the alerts received from your end. You have a bunch of people working on SentinelOne, and you don't have to worry about not knowing who received and resolved the alerts because you can get information on the activities on the tool. You can view the actions on the alerts and who has taken action. This is a valuable feature of SentinelOne that's not usually provided on the other EDRs because it's unrelated to the investigations. I can see who recently closed or resolved a particular alert on SentinelOne because the name of the person who took action will appear on the activity page.

Another feature I like a lot about SentinelOne that I can't find in other EDR solutions is the AI segregation and categorization of events. You'll be directed to the logon events category if you're looking into logon-related events. If you're looking into network-related events, you'll be directed to another category, the appropriate one. Based on your search, the SentinelOne AI will segregate the results into categories. You can click on the category and view the categories related to your events. The segregated results then make it easier to do the investigations.

View full review »
RS
Technical Team Lead at Alepo

Protection from cyber attacks is the feature we find the most valuable.

It's a stable product.

We find the solution to be scalable.

Technical support is good. 

The pricing is not too high.

It has a pretty simple user interface and is user-friendly.

View full review »
CA
Product Manager at a comms service provider with 51-200 employees

The ability to get queries by pressing the "tab" button is a plus for SentinelOne.

View full review »
SK
Head of Information Technology at a healthcare company with 201-500 employees

It is very effective so far. It has saved us from a couple of ransomware attacks already. I'm very impressed.

They support most of the operating systems that we use - not just Windows or not just prominent versions of Apple or Linux. I have various versions that support almost all the operating systems in the market.

If there is any suspicious activity, they just straight away block the computer from further infection. The moment we call the support, they investigate everything in detail. Only then will they release it - if they find it is okay. During their own verification, they’ll see how it works and will not give access to the IT admin or to me. Only they will enable it when they are sure it is safe. The responsibility is taken off of us and onto them completely.

It is all automated. If any user or any Sentinel client is having an issue, the email alert will come, and we'll have to just look at it.

It's complete and total protection.

View full review »
TT
Consultant at NFC/IT

The fact that this runs using AI instead of heuristics provides the best protection I've seen. It has the ability to rollback a ransomware infection instantly and with minimal disruption to the user & provides robust reporting. 

I tested this by deliberately infecting an unpatched test machine with WanaCry. First of all, SentinalOne blocked the initial infection attempt. I had to put S1 into "notify only" mode on that system to actually infect the machine. Once infected, WanaCry did what it does... encrypted all the documents I had copied to the test machine and put up the background. 

We immediately got a notification on our dashboard that a system was infected. At the same time, we got a popup on the client machine notifying us of the infection, with the option to auto-repair the damage. It took less than a minute (granted, we only had about 200 MB of files on the test system) for S1 to repair the damage and put the machine back to normal with no evidence of the infection.

You also can't remove the client from the local machine without approving it within the dashboard. This is a nice feature to prevent tampering by either hapless users or even skilled threat actors. 

View full review »
PS
Security Analyst at a consumer goods company with 501-1,000 employees

SentinelOne Singularity Complete's most valuable feature is reporting. People with less technical knowledge can understand the things happening. 

View full review »
EC
Principal Forensics Lead at Dotcom Security

The most valuable features are Deep Visibility, Remote Script Orchestration, and Ranger.

View full review »
QQ
Senior IT Security Analyst at a comms service provider with 501-1,000 employees

The solution is overall very good in terms of protecting endpoints and servers from malicious activities, malware, cyber attacks, viruses, worms, and so on. It offers really good security.

The initial setup is easy.

We have been happy with the stability.

It is possible to scale the product.

There is good documentation available, and support works to help users resolve issues.

View full review »
reviewer1261773 - PeerSpot reviewer
Engineer II, Enterprise Client Support at a media company with 10,001+ employees

We love the API. We use it to generate robust reporting, and we also developed tools to perform agent actions remotely without needing to provide all IT staff with console access. 

The agent will now also report the location in AD. This allows you to create dynamic collections of machines in the cloud console based on their location in local AD. You can replicate your AD OU structure into the console and run deployments and reporting based on OU. It's a very powerful feature and something that was missing in our last product. 

View full review »
Adam Harling - PeerSpot reviewer
Managing Director at NETITUDE

The most valuble feature of SentinelOne Singularity Complete is the recovery and zero-day detection.

View full review »
Olaf Suchorski - PeerSpot reviewer
Security Expert at Infinigate

The instant rollback for Windows support is a nice feature.

Certificate distribution is quite easy, for example, using BitBucket SSL Inspection in conjunction with the firewall. More and more web traffic is via HTTPS, everybody is sending encrypted data, which needs to be decrypted for security purposes, then delivered. The integration of SentinelOne and the SonicWall Capture Client makes certificate distribution easy, which is needed for a SSL security setup.  

The 365 management and analytics from the cloud is another great feature.

View full review »
AM
Network & Cyber Security Manager at a energy/utilities company with 51-200 employees

There isn't a single valuable feature, it's the whole engine and system. It's working online in  real-time and gives us alerts, on-click. We chose SentinelOne because in the millisecond that I clicked on the file, I got a block-alert.

SentinelOne's Static AI and Behavioral AI technologies are among the most effective for protecting against attacks because they analyze not only the file's surface, but the behavior of the file. When I described to my manager what I was going to buy, I described a system that analyzes file behavior. If you open a calculator, calc.exe, you know it's going to open calc.exe, and maybe open service X or Y, but it won't go to the internet, to an IP, and spread something. When you analyze the behavior or reaction of each file that works on your PC, it's something else. It's a different level of EDR.

When there is an incident, the solution's Storyline feature gives you a timeline, the whole story, what it began with, what it opened, et cetera. You have the whole picture in one minute. You don't need someone to analyze the system, to go into the logs. You get the entire picture in the dashboard. The Storyline feature has made our response time very fast because we don't need to rely on outside help. We see the whole picture in front of us, from the beginning to the end. We can see, with the click of a button, if that file ran on more computers, not only one or two, and how it spread to other computers. We can see the whole tree and we can immediately respond. We don't need to wait for analysis.

The UI is very clear. You don't need to look for something or to dig to understand where it is. It's all in front of your eyes.

View full review »
SS
Solutions Architect at a tech services company with 11-50 employees

It is a robust solution. It provides great visibility. It scans and shows the vulnerabilities in our devices.

View full review »
LH
Corporate Communications Coordinator at a tech services company with 11-50 employees

One of the most valuable features resides on the endpoint, with the rollback functionality standing out as particularly noteworthy. It seamlessly integrates with other solutions, providing a high level of compatibility and effectiveness. 

The capability to ingest and correlate data across our security solutions stands out as one of the strongest features. It excels in connecting incidents to create a coherent storyline.

View full review »
ShashikaKodikara - PeerSpot reviewer
Head of Cybersecurity at Technovage Solution

The autonomous platform is valuable because we can separate false positives and negatives and update the database during certain types of automation.

View full review »
Tim Bosman - PeerSpot reviewer
Chief Information Officer at Amadys

I found the detection the most valuable. 

View full review »
VK
Senior Manager INFOSEC AND Risk ASSESSMENT Engineering at Atlas Systems

SentinelOne Singularity has hundreds of features. The most valuable feature of the solution is the ease of use and threat control.

View full review »
MV
IT Manager at Telecorp Inc.

The valuable feature of this solution is the ability for it to stop a virus or ransom ware. It uses a SOC for active monitoring and AI software that watches where you go and what gets executed. If it sees danger I get alerted and the machine is frozen. If the SOC believes it to be a virus the machines network card is frozen or the machine is automatically returned to the state before the file was executed and the file is erased. If it's safe the machine is auto unfrozen. I can go in look at the logs, verify if it's a false positive and unfreeze the machine. If I believe it is a virus I can return the machine to before the file got executed. Erasing any damage. If I believe it's a false positive I can mark it benign and re execute the file. So far it's stopped four ransomware cases from getting through, so it's doing a good job.

View full review »
RB
Manager at a computer software company with 501-1,000 employees

The tool's most valuable feature is Vigilance Respond Pro monitoring. You don't have to have a dedicated SOC and worry about staffing. 

View full review »
Jeffrey Agomate - PeerSpot reviewer
Information Security Engineer at Infoprive

The AI feature is great, as are its automatic features. The solution can scan for malware easily. And then the ransomware protection is excellent.

It's pretty easy to set up.

The technical support is great.

The product can scale.

View full review »
ZB
Field Technician at Sonrise Technology Solutions

I have found the activity timeline and threat analysis to be particularly useful.

View full review »
PS
Software Engineer at a healthcare company with 51-200 employees

The main reasons that we use SentinelOne are the antivirus and Behavioral AI protections. We have this solution centrally managed to see what endpoints are active, along with the latest software protection running. It also provides us external control, so we can block machines remotely, even if they are in another country, because we have account managers all over the world. All these features together protect us against strange behavioral programs.

SentinelOne's one-click, automatic remediation and rollback for restoring an endpoint is very handy. We had some issues with programs that were unknown by SentinelOne, then marked as suspicious and quarantined, because we also develop software ourselves and have software packages that were compiled in 1995 and don't conform to the normal rules. SentinelOne always marks those packages as suspicious because they do something different than they should when you compile them with current libraries of Windows, etc. Therefore, we had some interventions of SentinelOne where you can easily whitelist them and rollback the quarantine action so people who use those old-fashioned programs could easily continue with their work. 

This was only an issue during the first month when we rolled out the software, then it starts doing scans mainly on the R&D PCs, which was our great concern. Normal office use is fairly straightforward, but when you develop software (and we also develop software to communicate with our embedded systems), then the demands are a bit different. However, until now, we have been very happy with it.

View full review »
CC
CIO at a manufacturing company with 1,001-5,000 employees
  • Easy to install and update
  • Management Console in the cloud
  • Ability to partition it in "sites" (our subsidiaries) with local site admin
  • Overall good quality protection

Also, in terms of impact on the endpoint, we carefully manage endpoints for specific purposes (such as for connection to industrial machines) to avoid the false positives that are quite typical in a behavioral engine like SentinelOne. But generally, the impact is quite low, and the Management Console and SOC support allow us to check if everything is working properly or not.

In addition, one of the features that convinced us to adopt SentinelOne was that the solution can recognize and respond to attacks with or without a network connection. That is very important.

View full review »
Tallis Newkirk - PeerSpot reviewer
CEO/Team Lead at Intech Computer Solutions

The most valuable feature is that it does what it says it will do. It fulfills its claims. It’s not really common for products to do that today.

View full review »
MS
Cybersecurity Consulting Lead at a tech services company with 51-200 employees

It's pretty good. The best thing is it has a secure shell command that you can use to get into any endpoint and do some jobs. That's a pretty cool feature. 

It's pretty much the same as similar typical solutions. It is a CrowdStrike, or SentinelOne, or Windows Defender. They do the same thing. 

The pricing is pretty good. 

View full review »
AE
Sr. Information Security Manager at a computer software company with 1,001-5,000 employees

I find all of the features to be valuable. It's a cool and very informative tool. The management console analyzes, stops, and prevents the spread of malware. You only need to work with the console. There is nothing to do on the agent side. The user does not need to be involved in this process. 

The level of information it provides is enormous. You have all you need in case something happens. If we need to have an incident response with third-party external companies, we can give them the data that they can analyze further. The information about what's happened on the computer is absolutely amazing.

It's very comprehensive. It offers a lot of data but you can see only what you need or you can go further. If you need to investigate a little further, you can do that in any process. It's a SOC-analyst style.

If you are not an analyst, you can still do a lot with it. It's very convenient. We have workers who are not in the office, who are working from home. This is a good solution for them because it's Cloud-based. I can control everything from one console and even for users who are not in the office. We work with lots of vendors and not many of them have this solution. Traditional antivirus software doesn't have these features.

In terms of its impact on the endpoint, when you have a house computer working on antivirus, it doesn't make a huge impact on the system resources and even more, it can be installed parallel to antivirus. We have had scenarios where we have traditional antivirus and SentinelOne installed in parallel. It's two antiviruses on the computer and users won't know about it. They know about it when they start to download bad stuff and the antivirus starts yelling. 

According to what I see in the console, I do think that SentinelOne covers a wide variety of operating systems. It's even more than it needs to. In the traditional way, it's like antivirus but it does even more because it's also like an EDR solution. It covers all processes, what it does, where it goes, et cetera. There's a lot of stuff under the hood. I'm surprised it doesn't use a lot of resources because I thought it would be more aggressive for CPU memory.

View full review »
it_user1124088 - PeerSpot reviewer
IT Operations Manager at a retailer with 1,001-5,000 employees

All of the features are valuable. The way that it integrates into management with fault correction capabilities over is especially valuable. Any of the full gamut of the features that it provides are useful to us.

View full review »
Just Asking - PeerSpot reviewer
Owner at FirewallHire.com

The solution works well in general.

It's a small size and offers an easy deployment. It's very quick to deploy.

The solution is stable.

It's quite scalable.

View full review »
KE
System Engineer at Dr. Marc Daenen

We chose SentinelOne because of the protection it offers against ransomware. It provides good security that gives peace of mind.

View full review »
SP
Managing Member at Pender & Associates

The most valuable feature is that it works and is reliable. 

Other solutions I have researched have all been breached, and as far as I can see, SentinelOne is the only one that has never been breached. It provides fully autonomous threat mitigation and ransomware file encryption roll back in real-time without human intervention.  

Our clients have been able to survive a ransomware attack without even knowing that they had had files encrypted and automatically rolled back - even their Point of Sale (POS) system did not miss a beat and the business continued as normal without interruption.

View full review »
CF
Managing Partner at a tech services company with 11-50 employees

The most valuable feature of this solution is the user-friendly interface. Our customers ask for something that is easy to use, easy to manipulate and doesn't require too much intervention. This is where SentinelOne scored big against CrowdStrike and Carbon Black.

This solution is easy to install.

View full review »
RR
Cybersecurity Analyst at a tech vendor with 10,001+ employees

The tool's most valuable feature is EDR. 

View full review »
Ivan Kelleher - PeerSpot reviewer
Technical Director at Etelligence

What I like about SentinelOne is that it sparks your curiosity. I also like its rollback feature.

View full review »
HP
VP at a tech services company with 11-50 employees

The most valuable feature is that it just unintrusively works in the background to carry out the protection. You don't have to babysit it. Instead, it will alert if it sees something, you deal with it and carry on from there.

View full review »
Gbemisola Osunrinde - PeerSpot reviewer
Service Assurance Executive at Infoprive

SentinelOne's auto-rollback feature is the most valuable.

View full review »
MD
Director Information Technology at a wellness & fitness company with 201-500 employees

The most valuable features of SentinelOne are the endpoint detection of threats, and it does not only rely on signatures for detection.

View full review »
LM
CISO at a religious institution with 501-1,000 employees

The forensics analysis feature provides substantial help in determining the extent of the problem and how it affects the machines.

View full review »
JP
System Engineer at a tech services company

SentinelOne’s Rollback is its best feature. No solution can ever provide a 100% protection, but their rollback feature closes this gap in endpoint security giving end users a ray of hope in the event of a worst case scenario endpoint breach, especially in ransomware attacks.

View full review »
it_user768165 - PeerSpot reviewer
Account Director

If I am breached, they will pay the ransom on my behalf.

Cybercrime is growing in the world of technology, the defense in today’s world has no accountability. If breached, all that is said is that it is zero-day, and you still pay license fees to those vendors. The solution can search for hidden and dormant threats on encrypted traffic in your environment.

View full review »
ZH
IT Manager at apex

We have a preference for their receptor. It's good at finding many EFC files. Normally, EFC files could have a virus, but we need to exclude some of them.

View full review »
Nuno-Santos - PeerSpot reviewer
SOC Operator at Quattro

SentinelOne's best features are test automation, playbooks, incident response, use-case improvement, and compliance with MITRE ATT&CK techniques.

View full review »
Shashi Vardhan Andem - PeerSpot reviewer
Senior Product Manager at a tech services company with 501-1,000 employees

I have found the most valuable feature to be the rapid threat detection. 

View full review »
HW
IT Security Manager at a tech company with 1,001-5,000 employees

The machine learning module is the most valuable feature. 

View full review »
YP
Senioor Engineer of System and Security at Connex Information Technologies

The remediation and rollback features are pretty impressive.

View full review »
RQ
Senior Account Manager - Security Specialist at a computer software company with 1,001-5,000 employees

Most of the features are valuable. As a system integrator, agent deployment is valuable. It also fits the requirements of most of the clients.

View full review »
SF
Président at a tech vendor with 11-50 employees

The most valuable feature of SentinelOne is the EDR functionality. We are protected against threats, such as ransomware.

View full review »
it_user559848 - PeerSpot reviewer
Business Development at a tech services company
  • The rollback functionality.
  • Its capacity to prevent new threats.
View full review »
MD
Socio Fondatore e Proprietario at 2DC srl

The solution offers very rich details surrounding threats or attacks.

View full review »
it_user580182 - PeerSpot reviewer
Security Analyst at a tech services company with 1,001-5,000 employees

It has good visibility features and it's straightforward. It's not so complex.

View full review »
Buyer's Guide
SentinelOne Singularity Complete
March 2024
Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.