Coming October 25: PeerSpot Awards will be announced! Learn more

SentinelOne OverviewUNIXBusinessApplication

SentinelOne is #3 ranked solution in endpoint security software and EDR tools. PeerSpot users give SentinelOne an average rating of 9.0 out of 10. SentinelOne is most commonly compared to CrowdStrike Falcon: SentinelOne vs CrowdStrike Falcon. SentinelOne is popular among the large enterprise segment, accounting for 47% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 20% of all views.
SentinelOne Buyer's Guide

Download the SentinelOne Buyer's Guide including reviews and more. Updated: September 2022

What is SentinelOne?

SentinelOne is a leading comprehensive enterprise-level autonomous security solution that is very popular in today’s marketplace. SentinelOne will ensure that today’s aggressive dynamic enterprises are able to defend themselves more rapidly, at any scale, and with improved precision, by providing comprehensive, thorough security across the entire organizational threat surface.

SentinelOne makes keeping your infrastructure safe and secure easy and affordable. They offer several tiered levels of security and varied payment options. SentinelOne works well with Linux, Windows, and MacOS, and can successfully support legacy infrastructures as well as the newer popular environments, including the latest operating systems. The single pane of glass management will save time and money by reducing manpower and ensuring comprehensive security protection of all your endpoints locally and worldwide.

SentinelOne offers intensive training and support to meet every organization’s unique business needs.

SentinelOne's levels of services and support include, but are not limited to:

SentinelOne GO is a guided 90-day onboarding service to ensure successful deployment and success. It assists with the deployment planning and overview, initial user setup, and product overviews. It provides ongoing training and advisory meetings, ensuring that everything is set up correctly and that your team understands the appropriate protocols to ensure success.

SentinelOne offers multi-tiered support based on your organizational needs from small business to enterprise, using their Designed Technical Account Management (TAM). They have support for every business level: Standard, Enterprise, and Enterprise Pro. SentinelOne is always available to ensure that you and your organization work together to minimize the risk of downtime and any threat exposure.

Threat Hunting & Response Services

Support for threat hunting and response include Watch Tower, Watch Tower Pro, Vigilance Respond, and Vigilance Respond Pro. Each of these services builds on the other, progressively adding features based on your organizational needs.

Watch Tower: This is the entry-level plan and includes: Active campaign hunting and cyber crime alerts and course correction for potential threats, access to the Monthly Hunting & Intelligence Digest.

Watch Tower Pro: Includes everything in WatchTower and customized threat hunting for all current & historical threats, unlimited access to Signal Hunting Library of Pre-Built Queries, Incident-Based Triage and Hunting, continuous customer service, followup and reporting, a Security Assessment, and quarterly Cadence meetings.

Vigilance Respond: Includes all of the features of Watch Tower in addition to a security assessment and Cadence meetings, which are on-demand. Provides the features of Watch Tower Pro in addition to 24x7x365 monitoring, triage, and response.

Vigilance Respond Pro: Includes all of the features of the above options, including a security assessment and quarterly cadence meeting as well as a complete digital forensic investigation and malware analysis.

Reviews from Real Users

Jeff D. who is an Operations Manager at Proton Dealership IT, tells us that "The detection rate for Sentinel One has been excellent and we have been able to resolve many potential threats with zero client impact. The ability to deploy via our RMM allows us to quickly secure new clients and provides peace of mind."

"The most valuable feature varies from client to client but having absolute clarity of what happened and the autonomous actions of SentinelOne are what most people find the most assuring." relates Rae J., Director IR and MDR at a tech services company.

SentinelOne was previously known as Sentinel Labs.

SentinelOne Customers

Havas, Flex, Estee Lauder, McKesson, Norfolk Southern, JetBlue, Norwegian airlines, TGI Friday, AVX, Fim Bank

SentinelOne Video

Archived SentinelOne Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
IT Manager at Telecorp Inc.
Real User
Top 10
Protects our network end users from malware and eliminates ransom ware with timely alerts and automatic resolution
Pros and Cons
  • "Prevents ransomware getting through."
  • "Communication and documentation could be improved."

What is our primary use case?

My primary use case for this solution to protect my clients and sites that I support from malware and ransom ware. It is installed on the end point clients and servers as a client and then it clean and protects after a reboot. As a managed service provider we found it instrumental at preventing viruses and especially preventing ransom ware. We went from 30% ransom ware infections to zero. The software stops the infection before it executes.

How has it helped my organization?

It has saved hundreds of hours fixing destroy and encrypted computers. In the old days even if you restored the files Windows was still damaged. This stops the software from executing.

What is most valuable?

The valuable feature of this solution is the ability for it to stop a virus or ransom ware. It uses a SOC for active monitoring and AI software that watches where you go and what gets executed. If it sees danger I get alerted and the machine is frozen. If the SOC believes it to be a virus the machines network card is frozen or the machine is automatically returned to the state before the file was executed and the file is erased. If it's safe the machine is auto unfrozen. I can go in look at the logs, verify if it's a false positive and unfreeze the machine. If I believe it is a virus I can return the machine to before the file got executed. Erasing any damage. If I believe it's a false positive I can mark it benign and re execute the file. So far it's stopped four ransomware cases from getting through, so it's doing a good job.

What needs improvement?

I think communication and documentation could be improved in the solution. When you get a virus alert, there's not a lot of upfront training to let you know how to resolve a situation when it occurs. The first couple of times you're flailing a little bit until you get it sorted. I would probably also suggest that the interface could use a little bit of help. It's a little hunt and peck. 

For additional features, I'd like to see the ability to control it on a cell phone. It would be great if I could have it in the palm of my hand so that if I get a false positive, I can just look at the dashboard on my phone.

Buyer's Guide
SentinelOne
September 2022
Learn what your peers think about SentinelOne. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
635,987 professionals have used our research since 2012.

For how long have I used the solution?

I've been using this solution for seven months. 

What do I think about the stability of the solution?

The solution seems super stable, although you do get some false positives, especially when it encounters a new piece of software. But the SOC is able to quickly whitelist and adopt to the new software fairly quickly.

What do I think about the scalability of the solution?

The solution is scalable. I'm able to put it both in a script and I can see it being able to be deployed in a large environment as well as a small one. I have 285 end points and the roles are anywhere from financial traders to insurance agents. All employees have access to the solution, it's actually turned into my main route for antivirus end protection and the product doesn't require any maintenance except for when it finds a virus.

How are customer service and support?

I've used technical support a few times and it's very good. They're very responsive and they alert you very quickly when there's an issue. They lean heavier on protection, which can sometimes be a problem. A lot of times, by the time I'm logged in to look at it, they've already figured out that it's a false positive and they mark it and whitelist it and put the machine back online. All that can take less than a couple of seconds.

Which solution did I use previously and why did I switch?

I've previously used several antivirus programs and then I got to the point where I wanted to use an artificial intelligence program. Originally I used CrowdStrike, which I also liked, but the main reason I switched to SentinelOne is because it's incorporated as part of my MSP solution suite.

How was the initial setup?

The initial setup is very straightforward. When you implement, it goes through and does the initial scan and it makes the configuration changes that it needs. I haven't had a problem with any deployment at all and it's a very quick process. 

What about the implementation team?

It's deployed in house

What's my experience with pricing, setup cost, and licensing?

The cost of the solution varies and depends on your relationship with the supplier. My cost is USD $6 per end point. I don't have additional costs on top of that.

Which other solutions did I evaluate?

I evaluated, Norton 360, Windows antivirus, Webroot, Crowdstrike, and ESET

What other advice do I have?

With solutions like these it's important to keep in mind that any automated system can give false positives, especially when they first encounter your software. Be patient, work with the SOC and the technical support team. If your work is implementation, then do whole sites at one time. It's best to do it in sections, let it sit for a couple of weeks and then do the rest.

I would rate this solution a ten out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
VP at a tech services company with 11-50 employees
Reseller
Top 10
Easy to set up and transparently offers effective protection
Pros and Cons
  • "The most valuable feature is that it just unintrusively works in the background to carry out the protection."
  • "Periodically we have an application that does not work correctly when SentinelOne is installed, yet performs as expected when SentinelOne is removed."

What is our primary use case?

We have SentinelOne installed on all of our workstations and servers. It is set up with the maximum protection except that Active is in Alert Mode, and everything else is blocked.

What is most valuable?

The most valuable feature is that it just unintrusively works in the background to carry out the protection. You don't have to babysit it. Instead, it will alert if it sees something, you deal with it and carry on from there.

What needs improvement?

Periodically we have an application that does not work correctly when SentinelOne is installed, yet performs as expected when SentinelOne is removed. SentinelOne gives no clue as to the problem, so to diagnose what is happening can be difficult. To make it worse, the behavior is inconsistent. Two people in the office might have the application working correctly, but a third person using the same program will have a problem.

Nothing is displayed by the agent that is running on the workstations, but it would be helpful to have a mode available where we can see feedback as to what it is doing. We wouldn't want it running all the time because there would be more overhead, but it could be helpful for debugging or diagnosing problems.

For how long have I used the solution?

I have been using SentinelOne for between six months and a year.

What do I think about the stability of the solution?

In terms of stability, it has been good so far.

What do I think about the scalability of the solution?

It appears to be scalable.

How was the initial setup?

The initial setup is very easy.

What's my experience with pricing, setup cost, and licensing?

Our licensing fees are about $5 USD per endpoint, per month.

What other advice do I have?

Overall, this is a good product and I recommend it. That said, there are always ways to make things better.

I would rate this solution a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
SentinelOne
September 2022
Learn what your peers think about SentinelOne. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
635,987 professionals have used our research since 2012.
Director - Global Information Security at a manufacturing company with 10,001+ employees
Real User
Does what a first-level SOC analyst would do, notifying us of, and remediating, issues at that level
Pros and Cons
  • "The strength of SentinelOne is that it has an automated, active EDR. It does that first level of what a SOC analyst would do, automatically, using artificial intelligence, so we can focus on other things. Active EDR not only notifies you, but it actually fixes that first level. That is unheard of. Very few, if any, companies do that."
  • "The area where it could be improved is reporting. They have some online reporting, but it would be nice to be able to pick and choose. When I'm looking at the console, I would love to be able to pull certain things into a report, the things that are specific to me."

What is our primary use case?

In general, we replaced our entire antivirus and anti-spyware with SentinelOne. We use it across all platforms, from servers to workstations, to Macs, to Windows, to Linux, Virtual Desktop Infrastructure, and embedded systems - on-premise and in the cloud. We also use their console and their threat-hunting. We needed a solution that was simple and intuitive, without having multiple agents.

We have also started evaluating their IoT, for the discovery of all IoT devices. This is 

How has it helped my organization?

It has improved our operational efficiencies. It saves us time because it does that first level of EDR automatically and that allows us to focus on certain things that it tells us about.

And we have better confidence because of all the threats that have been remediated. In fact, the moment we started deploying, we started picking up stuff that was in a dormant state on machines.

SentinelOne has absolutely reduced the number of threats. We get thousands of hits around the world. I'm looking in the console right now and there are 14,639 suspicious detections in the last few days. Of those, it has blocked 87. Another 30 were mitigated right away, and 24 active threats are being investigated now. Remediation of those threats could not be automated because it needs a response to do certain things right.

What is most valuable?

The strength of SentinelOne is that it has an automated, active EDR. It does that first level of what a SOC analyst would do, automatically, using artificial intelligence, so we can focus on other things. Active EDR not only notifies you, but it actually fixes that first level. That is unheard of. Very few, if any, companies do that.

The reason we went into this whole selection process and selected SentinelOne is that their strategy is "defense-in-depth." They do not only do what the traditional AV endpoint security solutions used to do, but they go further by looking at behaviors and patterns. Additionally, their big differentiators are in the dept of behavior analysis. There are other companies that claim this - albeit in a lighter flavor. 

The whole behavioral analysis helps us get to the root causes. We can understand and pictorially see the "patient zero" of any threat. It shows the first one who got whatever that threat is. When you look at their console and you see a threat, you can not only pick up the raw data to do forensics on it, but it can actually tell you a storyline: who patient zero was and how this whole threat has spread through your environment or on that machine itself; how it happened. Then, you can check on these things yourself. That's crazy good.

In addition, there is no dependency on the cloud to fully protect. Many products you see today, especially those called next-generation, depend on getting some information from the cloud. With this solution, you don't need to connect. It has the intelligence on the endpoint itself. That's useful because you're not always connected to the cloud. You could be in a lab. We've got laboratories where they aren't necessarily connected to the internet, but you want to have the latest intelligence of machine learning to see that you're doing the right thing. SentinelOne doesn't have to be connected. It's already got that behavioral stuff built-in.

They have a rollback and remediation facility as well. If you've got a virus or some malware on a machine, it's going to detect it and it can actually just clean up that part of that malware. You don't have to do anything else. And if you have ransomware, for example, it will pick it up before it causes a problem. And if it didn't, you can actually roll back and get it to the previous good version.

It integrates well with other products. We've got other cloud services that we use for security, and the intelligence is shared between SentinelOne and the CASB that we have.

And with the threat-hunting, you can validate what it's telling you: Is it a real threat or is it just something that is suspicious?

It can tell you everything that's running on an endpoint: What applications are running there and which of those applications are weak and that you have to watch out for. That's one of their free add-ons. You can do queries, you analyze, you can see who touched what and when. You can check the activities, settings, and policies.

Another advantage is that you can break up consoles. You can have them all in the cloud, or you can have some available physically. You may want to keep certain logs local and not share them because of GDPR. You can do those kinds of things. It's very adaptable and malleable.

If you have an agent on your machine, it will find out what things are neighbors to your machine. You can control machines at different levels. You can even control a device on your machine. If there is, for example, a USB device on your machine, I can control it and not let you use that USB device. I can actually get into your console and do stuff.

The other strength of SentinelOne is that you get almost all these features out-of-the-box. They add many features as a default, you don't pay extra, unlike many other companies. There are services you do pay extra for. I mentioned that SentinelOne handles that first level SOC security analyst-type work. But if you need a deeper understanding, with research, they've got a service for that and it's one that we're using. I was convinced that our current team wasn't good enough, so we had to get that service. It's actually very cost-effective, even cheaper than other ways of getting that level of understanding.

They are already reporting on application vulnerabilities in the landscape and working on providing remediation - another big win. 

Regarding the IoT feature, it's on the fence whether they're going to charge for it but that's an add-on module. However, it's not like you have to do anything to install it. You just have to click something in the solution.

What needs improvement?

The area where it could be improved is reporting. They have some online reporting, but it would be nice to be able to pick and choose. When I'm looking at the console, I would love to be able to pull certain things into a report, the things that are specific to me. They're very responsive. They regularly ask customers to provide feedback. They've been working on their reporting since the last feedback meetings. It's not only me but other customers as well who would like to see improvements in the reporting.

 File Integrity Monitoring is not a gap, but to do it you have to type several times. It's not the few-click intuitive situation.

It would be nice to have some data leakage included. Also, when it comes to data leakage, while you can get out everything that a person does on a machine, there needs to be a proper way of doing so, like other products that are just focused on data leakage.

I can't wait to see their advances in the cloud infrastructure (containers and serverless).

It would be nice (and is critical) to allow administrators to notate when they make changes to the console configurations - perhaps a tag for reporting. I might, for example, whitelist an application. If I did that today and I leave the company at some point, someone might wonder why I did this. There should be a place to easily notate everything.

For how long have I used the solution?

I started validating and testing the product back in the fall timeframe of 2017. By the time the proof of concept was done, we were signing the product by the end of 2017 or January of 2018.

What do I think about the stability of the solution?

In our company, if something happens with a solution, everybody will know, and it will be out of the environment in a jiffy.

What do I think about the scalability of the solution?

So far, the scalability is going really well. It's really lightweight. Using the console, you can break it up into regions. It's integrated with Active Directory and we have it set up as the "research lab" in Melville, New York and something else in China.

Right now, it's our product of choice for endpoint protection. I suspect our usage will grow a lot once they enable the IoT; what they call Ranger.

How are customer service and technical support?

Technical support started off mainly by email, but support is probably the single biggest improvement since we started with SentinelOne two years ago. They always had the intelligence, like any techie person, but techies are not necessarily good communicators. They always had answers, right up to the top. Their CEO is also a very technical person. But they have improved how tech support is delivered by 100-fold.

Which solution did I use previously and why did I switch?

We had McAfee, and we were using it for other things too.

I'd never heard of SentinelOne in 2017. I knew of the other big guns but I came across it just by chance by looking at studies that spoke about SentinelOne. I had their sales guys and engineers demonstrate but it didn't mean anything. I still thought it might be fluff. So we had to test it and go through that whole rigmarole.

For all intents and purposes, they delivered. You have to remember that they were fighting a battle against all the big guns in the industry, solutions that were already entrenched. When we did our test, we actually broke a couple of their competitors, not because we wanted to. We were just comparing and doing it as a proof of concept. SentinelOne kept catching everything that I thought the other guys should have caught.

Also, they were never defensive; they were straight-easy to work with. Their responsiveness was also very good. If we needed to get something — and this might be because of the size of their company — we could go right up the chain and something would happen right away. If changes were required they happened really fast.

How was the initial setup?

The initial setup was straightforward. I co-authored a book on evaluating products and one of the things that you have to take into account is ease of use and how intuitive things are. Some people may not consider that important, but I consider it important.

In general, it was easy to set up. That was one of the reasons I was pleasantly surprised.

What can make it difficult is the environment you are in. For example, we have "freeze periods" during about half the year, where we cannot make any changes. So, during retail, during Christmas, Chinese New Year, Black Friday, etc., nothing can change in the environment and we cannot deploy anything.

Other things, outside of the environment, were that there are financial/fiscal periods, every quarter, where we cannot change certain things. And we have different silos: a server group, a Windows group, a Mac group, and a Linux group that didn't want to touch anything. Everyone had some bad taste left in their mouths at some point in time, not necessarily with SentinelOne, but in general. If everything is working, why change it? So there were some political things, internally. We have about 35 different companies around the world. Each has a variation of things and there is every version of every thing out there. And some have badly written code too that shows up as malware; it manifests just like malware.

For deployment and maintenance it was me. I did almost everything. There were only one or two people. Obviously, we have to follow the sun because we're global, so at times there might have been three or four people involved, but generally it was one or two who were coordinating it. They know the product and how to deploy it and what needed to be done, but I needed those guys around the globe. They had to coordinate with each of those groups I mentioned. But we owned it and we were accountable for it. We have segregated duties. Even though I'm in security, I don't have the rights to get onto our Windows Servers and make changes. I have to ask the server guys to do something and that's why things take time. That's why you need people to coordinate it.

But, once it was detecting those threats, I felt that even though we had an outsourced team, they were lacking in knowledge. If I told them, "Hey, this is malware," without the right experience, they wouldn't know what the heck to do with it. That was the challenge. That's why we went with SentinelOne's managed service. They have people who can deal with it and sort out the things that are real.

The way you do it is that you don't just McAfee take off a machine and put this one in. You run them simultaneously for some time, and then take one out. I wanted to see if something would happen, or it started messing things up, or if people would start calling saying, "Hey, there's something going on in my machine."

What about the implementation team?

We didn't work with any third-party. Over the years, I've seen that a lot of these guys tend to have biases.

What was our ROI?

We have absolutely seen a return on our investment because it has created that first-level SOC. Plus, it has all these other functions. It has replaced McAfee. We don't need a file integrity monitoring product. And we can see application vulnerabilities without using another product. And they keep adding features. Once they add this IoT feature, the ROI will be much more.

Which other solutions did I evaluate?

Initially, I was just researching solutions using independent reports and industry reviews. I don't necessarily agree with everything in industry reviews, but I used them to narrow down the field and to figure out which solutions I needed to look at. I also looked into whether there were any legal issues the companies were fighting. In that first phase, I got it down to about four or five that I would take to the next level and actually touch them with live malware. The reason the other ones fell off is either they were too focused on one thing or there were some legal things. The industry is small. You hear things, not necessarily officially, but unofficially you hear things.

I looked at McAfee, CrowdStrike, Carbon Black, Palo Alto Traps, Cylance, Endgame, Tanium.

In my evaluation, back in 2017, I wanted to see the features of each and match them up with our requirements. What were our influences? What was important to us? I tried to map that into what features were available at the time, or look at whether a product could consolidate another product that we had so that we would no longer need that other product. I also looked at operational efficiencies, security efficiency, and whether it meets all our compliance goals.

Then I went to the lab where I had real malware. There was a whole method to that madness of testing. 

McAfee failed miserably, even with their later product. It would have been easier for us to stick with the incumbent, but it couldn't pick up on malware. There was something it never detected. With that type of next-generation, machine-learning algorithm, it's not so much the algorithm as it is the intelligence, the data that they collect over time.

At the time, Palo Alto Traps was not ready for prime time - immature console, limited support across all our platforms and focus on exploits.

I broke Cylance, surprisingly. I didn't expect that. I'm not even a researcher, per se. I have other jobs in our company. When I managed to break them I was looking at how they responded. I'm not expecting everyone to be perfect, but I found them very defensive. They would say, "Oh, it's only one in 100 or 200 or 300 pieces of malware". But it was the way they responded to things. It took a while for them to get back to me, and they were more concerned about whether I was doing the same thing with the others.

The other weakness of Cylance was that, for anything else, like remediation and response to something, you had to buy another piece. It wasn't part of the product, whereas, with SentinelOne, it was part of the product, without paying anything more.

Some of our folks were convinced that CrowdStrike was the way to go but our tests proved otherwise. CrowdStrike has some good features, but it requires going to the cloud. And secondly, whenever you get events, you almost have to use their service, so you're paying them to help resolve something. It gets expensive.

Separately, I did a compatibility test where I checked our environment: I deployed it in a sampling of some of our machines to see if it run without creating another mess.

When you do a thorough proof of concept, you already have all the details, so nobody's going to mess with you. I compared everything. At the end of the day, I gave my boss a report and said, "This is it. You decide."

What other advice do I have?

Have a look at it. Compare it. It's a very good product to have.

It gives you a lot more insight. It has combined many products into one agent and it's expanding. There are a lot of things it can do now on the cloud, like containers. It gives you insight into a lot of the threats with the hunting ability. I have learned from the tool to see how our environment is. I've learned about certain behaviors of our applications, just by observing what pops up.

There is a console that is in the cloud and there are agents that are all over. You put these agents on Macs or Windows or Linux, or on whatever the cloud versions are of all these virtual devices. We are spread out across the globe. We've got nearly 50,000 endpoints in different parts of the world. We generally stay as close to the latest version of the agent as possible, but we go through change-control and it is very strict. We don't just put things on endpoints. We validate and test in our environment because we have nearly every type of operating system and variations of them in our environment. Therefore, sometimes we are something like .1 or .2 of a version behind. In terms of the console, we are at the latest version.

As a company, we use all variations of clouds, from Ali Cloud, which is China to Azure; we're predominantly Azure. We have AWS and GCP. SentinelOne manages that console and we have access to it. We own that part, our console. It's on AWS, I believe.

Overall, is there room for improvement? Absolutely. There are gaps in the reporting because we need to give reports to different levels. Ideally, we want to just drag and drop things to create reports. They have very nice reports but they're canned. We want to be able to choose what goes into a report. Otherwise, it's right up there and I would give it a nine out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1261773 - PeerSpot reviewer
Engineer II, Enterprise Client Support at a media company with 10,001+ employees
Real User
Visually appealing and customizable console, as well as a powerful API
Pros and Cons
  • "We love the API. We use it to generate robust reporting, and we also developed tools to perform agent actions remotely without needing to provide all IT staff with console access."
  • "It would be nice if the console stored data daily, so that you could look at a timeline of events on a machine over a period of time, and currently this is not possible."

What is our primary use case?

We use SentinelOne to secure our entire environment, including all user endpoints and servers. We are also currently testing the Deep Visibility addon. We were using a definition-based AV prior to SentinelOne, and we were getting daily/weekly infections of a variety of malware. We are a mix of PC, Mac, and Linux. We have on-premises machines and servers, as well as cloud VMs that we were wanting to protect. We wanted to purchase a Next Generation AV client that would be algorithm-based instead of definition file-based.

How has it helped my organization?

SentinelOne has provided amazing security. We were getting new cryptolocker variant infections several times per month and the month following our SentinelOne rollout, the numbers dropped to zero. We have not had a single infection since.

The new console is not only visually appealing and simple to use, but it allows you to customize and apply labels to different areas. I don't have a good gauge on how much money SentinelOne has saved us, but we only get a handful of security alerts in our console each day. It has freed up our security staff to perform other tasks. 

What is most valuable?

We love the API. We use it to generate robust reporting, and we also developed tools to perform agent actions remotely without needing to provide all IT staff with console access. 

The agent will now also report the location in AD. This allows you to create dynamic collections of machines in the cloud console based on their location in local AD. You can replicate your AD OU structure into the console and run deployments and reporting based on OU. It's a very powerful feature and something that was missing in our last product. 

What needs improvement?

The agent update schedule is a little sporadic, and the updates are frequent. You are definitely going to want to have a good management solution in place, such as SCCM, Intune, or Jamf in order to maintain the environment properly.

There is agent data, such as last known IP address, that is not stored historically. It would be nice if the console stored data daily, so that you could look at a timeline of events on a machine over a period of time, and currently this is not possible. You can see a snapshot of the data at the moment, but once it changes whatever was there previously is not stored. 

For how long have I used the solution?

I have been using SentinelOne for four years.

What do I think about the stability of the solution?

The agent is very stable, especially the later versions of the product. Agent never crashes and consumes minimal system resources. New agent versions are constantly released (which can be slightly difficult to manage if you don't have a good endpoint third party management solution like SCCM\JAMF). Release over release both stability and features have improved and been more fleshed out. 

What do I think about the scalability of the solution?

It is very scalable and easy to deploy over any of the standard management solutions.

How are customer service and technical support?

Customer service and our TAM are both very good. They are responsive and have never been unable to answer a question we asked. 

Which solution did I use previously and why did I switch?

We switched because or old solution flat out was not picking up infections. It was really almost rather useless. 

How was the initial setup?

The initial setup is straightforward. We do not have any on-premises infrastructure. Rather, we are using sentinel one in full-cloud mode. It was really just a matter of deploying the agent to the endpoints.

What about the implementation team?

Our in-house team handled the deployment.

What was our ROI?

ROI is kind of hard to quantify but we definitely do feel like we get our money worth.

What's my experience with pricing, setup cost, and licensing?

The costs are really rather minimal for what you receive with the product. No real advisement here. The larger count you have, the deeper discount you will receive in your contract.

Which other solutions did I evaluate?

We looked at Carbon Black. SentinelOne was more economical, and the feature set was comparable so we ultimately went with it.

What other advice do I have?

Be ready to dedicate a good amount of time to learn the API. To really get the most from the product you need to tap the REST API.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tony Tuite - PeerSpot reviewer
Consultant at NFC/IT
Reseller
Leaderboard
AI-powered protection, data-rollback ability, and seamless integration with SolarWinds
Pros and Cons
  • "It has the ability to rollback a ransomware infection instantly and with minimal disruption to the user & provides robust reporting."
  • "Set up is very labor-intensive."

What is our primary use case?

We are an MSP supporting various business verticals (including medical and pharmaceutical). Our core monitoring/deployment solution is SolarWinds RMM, through which we were recently introduced to SentinalOne. We use the bundled automation to install, patch, and monitor antimalware protection to endpoints. We are in the process of replacing Bitdefender with SentinalOne for several clients. 

How has it helped my organization?

Deployment is automatable through the RMM, though a little clunky to do. The provided automation was a little challenging, but once you get it configured it's quite effective. Once we got it deployed to our users, it operates seamlessly and with minimal impact on system resources. Even our clients with lower-end workstations report improved performance since switching from Bitdefender. 

After migrating, this also picked up some latent malware that was not previously detected & cleaned it immediately with almost no interaction required. I was impressed with how little this bogged down the affected system. This was in our pilot run, so I was on-site.

What is most valuable?

The fact that this runs using AI instead of heuristics provides the best protection I've seen. It has the ability to rollback a ransomware infection instantly and with minimal disruption to the user & provides robust reporting. 

I tested this by deliberately infecting an unpatched test machine with WanaCry. First of all, SentinalOne blocked the initial infection attempt. I had to put S1 into "notify only" mode on that system to actually infect the machine. Once infected, WanaCry did what it does... encrypted all the documents I had copied to the test machine and put up the background. 

We immediately got a notification on our dashboard that a system was infected. At the same time, we got a popup on the client machine notifying us of the infection, with the option to auto-repair the damage. It took less than a minute (granted, we only had about 200 MB of files on the test system) for S1 to repair the damage and put the machine back to normal with no evidence of the infection.

You also can't remove the client from the local machine without approving it within the dashboard. This is a nice feature to prevent tampering by either hapless users or even skilled threat actors. 

What needs improvement?

Set up is very labor-intensive. You have to provide multiple codes from multiple places within the S1 dashboard in order to use the provided automation, and it's different for each client (or "sites" as they call it). It very much feels like an enterprise application that has been adapted for SMBs, but not very thoroughly. It would be better if they had a "site package" similar to the one offered by SolarWinds for the RMM. You just run the package on the client machine and done. 

For how long have I used the solution?

We have been using this solution for approximately three months.

What do I think about the stability of the solution?

The stability is excellent so far. Once installed, it's "set it and forget it."

What do I think about the scalability of the solution?

Scalability is great if you're scaling up, but scaling down may prove to be challenging.

How are customer service and technical support?

Technical support is provided for us through SolarWinds, and they're very knowledgable.

Which solution did I use previously and why did I switch?

We used Bitdefender (also through SolarWinds) previously. SentinalOne was pitched by SolarWinds a few months ago as an alternative with robust ransomware protection. Being a small MSP, a single ransomware infection at a client could spell disaster for our business. We are always looking for the latest technology, but not marginal improvements. 

How was the initial setup?

The setup script provided by SolarWinds (proprietary to their RMM) was a little challenging to get going, but once it worked, it worked perfectly. Except it didn't run on Win7 systems because it uses Powershell commands from a later version than what's available on Win7.

What about the implementation team?

The vendor team provided support, but we did the deployment.

What was our ROI?

We're making about seventy-five percent over the per-seat cost, and it's easy to sell at that price point.

What's my experience with pricing, setup cost, and licensing?

The per-seat cost is low, but you have to commit to a certain number of licenses for a year.

Which other solutions did I evaluate?

We really hadn't seen EDR solutions in action before. Our decision was based primarily on the fact that it has SolarWinds integration. 

What other advice do I have?

Definitely worth the money compared to heuristic solutions, especially for clients who tend to "stretch" their hardware as long as possible. The low impact and robust reporting go a long way to make this an easy sell, and the cost is excellent for the price point. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Massimiliano De Cò - PeerSpot reviewer
Socio Fondatore e Proprietario at 2DC srl
Real User
A stable solution that offers very good information surrounding attacks and threats

What is most valuable?

The solution offers very rich details surrounding threats or attacks.

What needs improvement?

The price is a bit high. They should make their pricing model more affordable.

The solution needs better reporting on new threats and malware. The reporting is present, but I can't find the information easily.

For how long have I used the solution?

We are in the process of testing the solution. We've been using it for three months.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

It's hard to give an impression on the stability at this time. We haven't used it on a large scale yet. We're still testing.

How are customer service and technical support?

We haven't needed to contact technical support yet.

Which solution did I use previously and why did I switch?

We are currently using Webhook as we test this new solution.

What other advice do I have?

We are using the public cloud deployment model.

I would rate the solution nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
IT Manager at apex
Real User
Receptor is good at finding many EFC files
Pros and Cons
  • "We have a preference for their receptor. It's good at finding many EFC files. EFC files could have a virus."
  • "It's fine. It's correcting all the EFC files with a virus. All the achievements, maximum EFC files. Many EFC files will be flagged as a virus. Some virus databases need to be updated. The model is good at finding many EFC files. The trouble is it needs to be updated."

What is our primary use case?

We use the public cloud version.

What is most valuable?

We have a preference for their receptor. It's good at finding many EFC files. Normally, EFC files could have a virus, but we need to exclude some of them.

What needs improvement?

It corrects all of the EFC files with a virus. All the achievements, maximum EFC files. Many EFC files will be flagged as a virus. Some virus databases need to be updated. The model is good at finding many EFC files. The trouble is it needs to be updated. 

From the client-side, some scanning and other features can be enabled for scanning viruses better. If they want to scan for an individual reason other than viruses, such as scanning for legal files, they haven't been able to gather that from the client-side.

Some features could be more user-friendly. For instance, setting restrictions in the explorer for what level one must be to use it is not user-friendly. It is difficult to find what we're searching for.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

Out of ten, I would give this solution 8.5 for scalability.

How are customer service and technical support?

When we need partners, they support us well. There have been no issues with that.

What other advice do I have?

It's okay. It's a better solution than other competitors.

I would rate this solution as nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Managing Partner at a tech services company with 11-50 employees
Real User
Protects endpoints against malware and other threats
Pros and Cons
  • "The most valuable feature of this solution is the user-friendly interface."
  • "This solution would be more attractive to customers if the price were lower."

What is our primary use case?

We are an IT company that sells solutions, and this is one of the products that we provide to our customers. We work on certain opportunities that require the capabilities of SentinelOne, but we do not use it for our own purposes.

This solution is used to protect endpoints against malware and other threats.

A lot of the deployments are hybrid. In Lebanon, the cloud is not used to a large extent. Most of the customers use on-premises solutions.

What is most valuable?

The most valuable feature of this solution is the user-friendly interface. Our customers ask for something that is easy to use, easy to manipulate and doesn't require too much intervention. This is where SentinelOne scored big against CrowdStrike and Carbon Black.

This solution is easy to install.

What needs improvement?

This solution would be more attractive to customers if the price were lower.

For how long have I used the solution?

We have been working with this solution for about one year.

What do I think about the stability of the solution?

The stability seems ok at this point because there is no negative feedback from the customers.

What do I think about the scalability of the solution?

This solution is scalable and expandable with no issues.

How are customer service and technical support?

We have support from both vendor and distributor, and up to now, it has been satisfactory. The response has been very good, which is something the customers really appreciate and is always considered a plus.

How was the initial setup?

The initial setup of this solution is straightforward. The deployment is very easy and very fast, taking perhaps two or three hours, depending on the size of the project.

It is a centralized deployment.

A maximum of two people are required for the setup and maintenance.

What about the implementation team?

The implementation of this project is a joint effort between our team and the vendor's technical team.

What other advice do I have?

I have done POCs with this solution for two customers and there has been no negative feedback.

My advice for anybody considering this product is to do a POC and check to ensure it fits their environment. In some areas, this may be the best product to use, but in another environment, another product or another solution would be a better fit. It's always a matter of doing the POC and trying to get the most out of the product, depending on the environment.

I would rate this solution an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
it_user1124088 - PeerSpot reviewer
IT Operations Manager at a retailer with 1,001-5,000 employees
Real User
Offers better protection for corporate environments particularly with a lot of cloud integration and platforms like Office 365
Pros and Cons
  • "All of the features are valuable. The way that it integrates into management with fault correction capabilities over is especially valuable. Any of the full gamut of the features that it provides are useful to us."
  • "In terms of improvement, I would like to see better alerting to let us know if there is anything wrong with SentinelOne working on the endpoint of the computer."

What is our primary use case?

Our primary use case of this solution is to have as a next-generation security product for our endpoint devices. 

What is most valuable?

All of the features are valuable. The way that it integrates into management with fault correction capabilities over is especially valuable. Any of the full gamut of the features that it provides are useful to us.

What needs improvement?

In terms of improvement, I would like to see better alerting to let us know if there is anything wrong with SentinelOne working on the endpoint of the computer.

For how long have I used the solution?

I have been using SentinelOne for six months.

What do I think about the stability of the solution?

It's very stable. 

What do I think about the scalability of the solution?

It's scalable. We don't have any plans to increase usage. 

How are customer service and technical support?

We haven't had to engage with their technical support. 

Which solution did I use previously and why did I switch?

We were previously using another solution and it was a corporate decision to switch to this solution. 

How was the initial setup?

The initial setup was straightforward. The deployment took around two weeks. 

What about the implementation team?

We did the integration in-house. 

Which other solutions did I evaluate?

We didn't evaluate other options before choosing this solution. 

What other advice do I have?

I strongly recommend this solution. I would recommend that you get onto a next-generation endpoint security device like this one. It's much better protection for corporate environments particularly with a lot of cloud integration and platforms like Office 365. If you're going to start using those sort of services, then you really need a next-generation endpoint protection device like SentinelOne.

I would rate it an eight out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Field Technician at Sonrise Technology Solutions
Reseller
The threat timeline feature gives a breakdown of the files and network connections
Pros and Cons
  • "I have found the activity timeline and threat analysis to be particularly useful."
  • "I would like to see something a little more sophisticated than simply being able to mark a false positive as safe or there's usually just one or two options in certain areas and they're a little rudimentary at this stage."

What is our primary use case?

We're a managed service provider, so it's MSP for our clients.

What is most valuable?

I have found the activity timeline and threat analysis to be particularly useful.

What needs improvement?

The automation of certain features could use improvement. For example, it seems common sense to me that if a threat was executed out of a task in your task scheduler that part of neutralizing the threat would be removing that task from the scheduler.

I would like to see something a little more sophisticated than simply being able to mark a false positive as safe or there's usually just one or two options in certain areas and they're a little rudimentary at this stage.

What do I think about the stability of the solution?

In terms of stability, I've seen some issues with the deployment or decommissioning not working the way it's entirely supposed to. I've seen the same thing with other managed antivirus so it's nothing I consider unusual. Occasionally I have to go and clean up an installation or an installation that didn't go off cleanly.

What do I think about the scalability of the solution?

The scale we operate at is pretty small. We've got less than 100 endpoints on this at the moment. Currently, I only have about 80 users. 

Which solution did I use previously and why did I switch?

We still use our traditional antivirus packages, Vipre and Bitdefender, depending on the customer and their use case.

How was the initial setup?

The initial setup took a little bit of orientation but nothing I would consider unusual for learning a new product like this. The deployment did not take very long at all. From the time when we were introduced, got registered for all the different related sites and services it only took a couple of weeks before we could deploy without really needing to think about it. It was pretty simple.

What other advice do I have?

I would advise someone considering this solution to make sure that you leverage the features. It's particularly very useful in sites such as the threat timeline where it gives you a breakdown of the files and network connections.

Call the SOC, the Security Operations Center, with questions. They're always proactive and very helpful but do not rely on the automation to do everything for you. I had an instance where just glancing at the activity timeline, it was very obvious to me there was something traversing the customer's network. There was an infection that was at least partially taking hold and it was worming its way through their network and I would think that the Security Operations Center should see. If they're seeing multiple infections at the same site they should have the same inference happen and call us and notify us and do something about it.  That required manual intervention and it would've been nice to get an earlier notice on it without manual review of activity by myself.

I would rate SentinelOne an eight out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
IT Security Manager at a tech company with 1,001-5,000 employees
Real User
Machine learning feature enables us to identify viruses but the reporting needs improvement
Pros and Cons
  • "In the past, we were not able to identify a few viruses, but now we are able to identify them because of the machine learning feature."
  • "The reporting needs improvement and I would like to see a more granular level of administrative privileges."

What is our primary use case?

We use it for antivirus.

How has it helped my organization?

In the past, we were not able to identify a few viruses, but now we are able to identify them because of the machine learning feature.

What is most valuable?

The machine learning module is the most valuable feature. 

What needs improvement?

The reporting needs improvement and I would like to see a more granular level of administrative privileges.

For how long have I used the solution?

One to three years.

How was the initial setup?

The initial setup was straightforward. It wasn't a long project, it took six months.

What other advice do I have?

I would rate this solution a seven out of ten. 

We don't have a plan to increase the usage, it is purely based on our business requirements.

This product is nothing but different from a traditional anti-virus. We were very apprehensive to try it. Once we tried it, it gave us a good impression.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
CISO at a religious institution with 501-1,000 employees
Real User
Top 5
The forensics analysis feature provides substantial help in determining the extent of a problem

What is our primary use case?

We use the solution for those with access to sensitive or confidential data. The cost of the solution is prohibitive for all of our users, but we do want to make sure that those with access to critical data have higher levels of protection. 

How has it helped my organization?

Users who have SentinelOne are very pleased with the solution and its protection, no complaints.

What is most valuable?

The forensics analysis feature provides substantial help in determining the extent of the problem and how it affects the machines.

What needs improvement?

The SentinelOne is one of my daily consoles and I use it regularly to identify the root cause of some infections.  However, when a file is flagged as suspicious it would be very helpful to have the system highlight precisely what event or characteristic of the file SentinelOne considers potentially dangerous.  In this way it would help focus our investigations on the specific characteristics or actions of the file.

What do I think about the stability of the solution?

We have had 100% uptime with the solution.

What do I think about the scalability of the solution?

Given the way the solution works, I see no issues at all with scalability — both in the number of users or incidents as well as the degree of sophistication of the attacks.

How are customer service and technical support?

Technical support has attended to our issues quickly and with a good sense of the need to communicate continually throughout an issue.

Which solution did I use previously and why did I switch?

Yes, we continue to use Kaspersky for our other users.

How was the initial setup?

The setup is very straightforward and simple. Our users who have the solution have spoken so highly about SentinelOne that other users who are not on the target list ask if they too can use the solution.

What about the implementation team?

Our in-house team implemented the solution, working with our local engineers in the different countries where we have offices.

What was our ROI?


What's my experience with pricing, setup cost, and licensing?

The pricing is rather elevated. However, the solution is the most transparent for the uses I have ever encountered as well as being normally very informative and accurate for our engineers.

Which other solutions did I evaluate?

We evaluated several other options, including Bromium, Carbon Black, CrowdStrike, Cylance, Forcepoint, Invincea, and some others.

What other advice do I have?

If you have the budget, this is a top-notch solution. We have used the solution for over a year now, and we plan to continue using the solution for our most critical users (those with access to sensitive or confidential data). Truly an excellent solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user580182 - PeerSpot reviewer
Security Analyst at a tech services company with 1,001-5,000 employees
Vendor
Identifies Zero-day attacks, provides good visibility, and it's straightforward to use
Pros and Cons
  • "It has good visibility features and it's straightforward."
  • "There is not much flexibility in terms of policy fine-tuning. We can turn it off or turn it on, but, there's nothing much else to do. Everything is predefined. It's good in a way, but you don't get much flexibility if you want to do something particular."

What is our primary use case?

I use it for policy fine-tuning.

How has it helped my organization?

SentinelOne uses behavioral analysis and artificial intelligence to detect unknown malware. That is what all enterprises require today. They don't want to go with some normal anti-malware tool, which has less sophisticated detection. Even if something suspicious or a Zero-day enters the environment, SentinelOne will be able to identify it.

What is most valuable?

It has good visibility features and it's straightforward. It's not so complex.

What needs improvement?

There is not much flexibility in terms of policy fine-tuning. We can turn it off or turn it on, but there's nothing much else to do. Everything is predefined. It's good in a way, but you don't get much flexibility if you want to do something particular.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

We do not have any issues with stability at the moment. Before I joined the company, I heard that there were some issues with the agent, that they were having some performance issues, a portlet application was crashing. There were minor issues which are fine now.

What do I think about the scalability of the solution?

In my organization, we are planning to deploy some 30,000 agents. I would say that it's scalable. I don't see any problem with scalability.

What other advice do I have?

I just had a conversation with a colleague who has bought McAfee ePO. He was saying that he was able to do much more in that tool than in SentinelOne. For example, he mentioned that he was able to see traffic on a particular port on a particular system, using ePO. We cannot do that using SentinelOne. In this tool, everything is already in place and there's not much that we can do. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Jestoni Paglinawan - PeerSpot reviewer
System Engineer at a tech services company
Reseller
It has provided overall endpoint status visibility
Pros and Cons
  • "SentinelOne’s Rollback is its best feature."
  • "They could add “right click>scan” where most users were trained to do so in handling flash drives."

How has it helped my organization?

Before it was a challenge for us to know who had an existing endpoint issue or who had the most attacks within the corporate network. Since SentinelOne was introduced, it has provided overall endpoint status visibility for us. Giving us the ability to easily pinpoint endpoints which had the most attacks and respond at a faster rate.

What is most valuable?

SentinelOne’s Rollback is its best feature. No solution can ever provide a 100% protection, but their rollback feature closes this gap in endpoint security giving end users a ray of hope in the event of a worst case scenario endpoint breach, especially in ransomware attacks.

What needs improvement?

They need to improve their UI and the way they show that the scanning is running on the endpoint. Sometimes users wanted to see whether their AV is working via visual context.

They could add “right click>scan” where most users were trained to do so in handling flash drives.

Also, add remote code execution via the management console, application control, device control, and all other common features found on the legacy antiviruses. This would help administrators to fully shift from legacy to Next Gen EPP without sacrificing usable features.

What do I think about the stability of the solution?

There have been a few cases where the agent cannot report to the management console, thus this requires a manual restart of the agent via a command prompt.

What do I think about the scalability of the solution?

There are no problems with scalability, I could say that the product is easily scalable, since it is not limited to a physical server.

How are customer service and technical support?

The technical support is quick and very helpful. They often response within the day or by the next business day.

Which solution did I use previously and why did I switch?

As of now, SentinelOne still serves as an augmentation for our existing AV, but some of our devices are now using it as their sole endpoint protection.

How was the initial setup?

The setup is very easy and straightforward. It is just like installing an ordinary program and it automatically reports back to the management console.

What's my experience with pricing, setup cost, and licensing?

The price for it is very competitive compared to other Next Gen EPP. You can really get a great value for it when it is integrated with EDR.

Which other solutions did I evaluate?

No, since we already had experience with other products. As of today, we have tested one of its competitor using AI, but their overall protection still cannot be compared to how SentinelOne protects your endpoint. 

What other advice do I have?

They have an impressive product.

Understand how endpoint protection technologies work, since they do not rely on signature databases anymore. Also, follow deployment guidelines, such as initially deploying it in their production environment using a monitor only policy and giving the agents maturity of at least one to two weeks to allow the management console to build a solid behavior base for their environment.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user768165 - PeerSpot reviewer
Account Director
Reseller
The solution can search for hidden and dormant threats on encrypted traffic in your environment
Pros and Cons
  • "The solution can search for hidden and dormant threats on encrypted traffic in your environment."
  • "Deployment strategy for large organizations that do not use active directory (AD)."

What is most valuable?

If I am breached, they will pay the ransom on my behalf.

Cybercrime is growing in the world of technology, the defense in today’s world has no accountability. If breached, all that is said is that it is zero-day, and you still pay license fees to those vendors. The solution can search for hidden and dormant threats on encrypted traffic in your environment.

How has it helped my organization?

With automation, the time wasted on malware, like ransomware, is dealt with on a scale where everything is centralized. The IT Technician does not have to wait for a user to bring the machine to IT, as all they need is an active internet connection.

What needs improvement?

  • Deployment strategy for large organizations that do not use active directory (AD).
  • Windows updates have not been done on the client side, so minimum requirements stop the installation.

For how long have I used the solution?

One year.

What do I think about the stability of the solution?

None.

What do I think about the scalability of the solution?

None.

How are customer service and technical support?

Excellent, they have customized reports on threats in our environment that we do not have knowledge of.

Which solution did I use previously and why did I switch?

Yes, Sophos, I switched because SentinelOne does more things and guarantees against ransomware and can find hidden threats that other solution could not find.

How was the initial setup?

It is both straightforward and complex to install.

Machines on Windows 10 are easy and seamlessly installed.

Users machines that are not updated require updates to be done first before the solution can be installed.

What's my experience with pricing, setup cost, and licensing?

Spend money on the security for the endpoint. That is where the data lies and where hackers try an attack, not the network or firewalls.

Which other solutions did I evaluate?

Sophos, AVG, Avast, McAfee, Kaspersky, and ESET.

What other advice do I have?

Ask about accountability for hidden and dormant threats that could be in your network.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller and Platinum partner of the solution through Cyber Intelligent Systems.
PeerSpot user
PeerSpot user
Business Development at a tech services company
Consultant
Solution with competitive pricing which has the capacity to prevent new threats
Pros and Cons
  • "Its capacity to prevent new threats."
  • "The management console."

How has it helped my organization?

We have been protecting more than 100 companies (with no infections) since the product was installed.

What is most valuable?

  • The rollback functionality.
  • Its capacity to prevent new threats.

What needs improvement?

The management console.

For how long have I used the solution?

Nine months.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Very fast and accurate.

Which solution did I use previously and why did I switch?

Yes, Kaspersky Lab. They don't have a good next gen endpoint in order to protect against new threats.

How was the initial setup?

Very easy. You can start your deploy with a single executable file or a massive deployment (GPO, etc.) with a MSI.

What's my experience with pricing, setup cost, and licensing?

The price is competitive, if you compare it with other solutions on the market.

Which other solutions did I evaluate?

Sophos Intercept X, Cylance, Traps and a few more.

What other advice do I have?

It's very important to understand how industry-wide endpoint security solutions work to avoid possible issues.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free SentinelOne Report and get advice and tips from experienced pros sharing their opinions.
Updated: September 2022
Buyer's Guide
Download our free SentinelOne Report and get advice and tips from experienced pros sharing their opinions.