When discussing features in SentinelOne Singularity MDR, I find integration with third-party solutions and APIs very valuable because it eases management and response processes. With a robust library, it is easier to manage integrations with other technologies, such as the Check Point sandboxes, which we have found very useful. In terms of minimizing false positives and delivering accurate detections, I have observed that the false positive rate in SentinelOne Singularity MDR is considerably lower compared to other solutions we have evaluated, thanks to the exceptions or policy changes that allow modifications to baseline policies hardcoded within the solution. Regarding threat hunting capabilities, I assess that the threat hunting capability in SentinelOne Singularity MDR is quite good because their EDR collects extensive telemetry data, and the backend search engine processes this data quickly. This speed is crucial for our large-level customers who have around 50,000 inputs and multiple gigabytes of data daily. Therefore, threat hunting becomes easier due to the significant amount of telemetry data gathered and the fast processing time when firing queries. The main benefits that clients receive from SentinelOne Singularity MDR, from an operational perspective, include ease of deployment, where the installation process across various operating systems and different hardware configurations goes smoothly with minimal impact on end users. It is important that end users have a smooth experience during deployment. Besides the navigation issue I mentioned, policy configurations and other processes are straightforward, similar to a plug-and-play setup that is easy to manage. Furthermore, the detection rate is very good compared to other solutions, and as previously mentioned, the false positive rate is low, making the workload for the SOC team much easier after implementing SentinelOne Singularity MDR at our customers.
