SentinelOne Singularity Cloud Security Reviews

We are using it for endpoint detection on all of our EC2 instances and hosts in the cloud. Along with it, we are also going to be using it for AV.

We do not have any EDR protection on our host. We would like to utilize it for AV to put some protection on our host. The pricing for the tool that we are using for AV has gone up, and they are not giving us a lot of things we need. Also, to use their EDR tool, we have to install a secondary agent, whereas, with SentinelOne, everything is included in the same agent.

Singularity Cloud Workload Security helps with forensics and extra protection on our host. We have not had any incidents where we had to fully use it or fully go into action with it, but we are hoping that it will provide the extra protection that we need to help resolve some blind spots that we have specifically on our hosts.

Singularity Cloud Workload Security has forensic visibility or deep visibility into the Linux kernel, but we have not used it. It is something that we will work on and use with our SOC team and the implementation team if an incident were to ever happen.

The historical data record provided by Singularity Cloud Workload Security after an attack will be useful if an incident happens. It will help us build a timeline of historical reference. It is easy to have it all in one place to build a timeline. We can see from start to finish where the incident started and where it occurred versus having to go in and do things manually by sifting through logs. The fact that SentinelOne is able to have that information or data and a single pane of glass is something that we like about the tool.

Singularity Cloud Workload Security helps to cut down the mean time to detect by having the historical reference and by being able to stop the incident with the hit of a switch. We can see from where it started, which is helpful. When you are an organization managing hundreds of accounts, it is hard to sieve through logs and get that information together, which increases our mean time to detect, whereas with SentinelOne, from the things we have seen and tested out, it seems simple and easy, and we are hoping that it will help us cut down on that time.

We are also hoping that it will reduce our mean time to remediate. We have not come across any actual incident to be able to fully know, but based on what we have seen so far in the tool, it seems it would.

Singularity Cloud Workload Security has not necessarily freed up staff to work on other projects, but it does reduce some time. It helps cut down on things. It does provide an easier capability. We have come from the old-school way of looking at logs. It seems that this tool will provide something much sleeker and easier for our SOC team to use.

Singularity Cloud Workload Security has not yet had much effect on our productivity. We have only had it for two months, but we like what we are seeing. We like implementing it. We like that it has a single agent and we can use it as AV. It seems to make things easy. It seems to be a more productive tool for us, but until we have an incident, I would not be able to say for sure. As of now, it looks like it has the capability.

Its interoperability with third-party solutions, such as Kubernetes, seems top-notch. We have integrated it with a couple of our solutions here, such as Kubernetes and containers, and we have not had any incidents or any problems to follow up or dig deep into. So far, the ability to look at our containers and to see into those clusters is something that puts Singularity above all others. With CrowdStrike or Trend Micro, we were not able to do that. We were not able to have the same visibility. SentinelOne Singularity made that easier for us.

Singularity Cloud Workload Security supports our ability to innovate from a standpoint where we know that our application teams and developers will be protected. When new applications are created, we will have some sense of security and some sense of safeguard for our teams. We did not have the visibility and the tools to protect us in the manner we would like, but with Singularity Cloud Workload Security, it looks like we can just put it on our endpoints and tell the teams to go and do as they wish because we know at least on this end, they will be protected.

From our tests and the things that we have done, we find Singularity Cloud Workload Security’s real-time threat detection and response capabilities attractive. We like the platform and its response time. We also like that its console is user-friendly as well as modern and sleek. Those are the things that are attractive to us.

We like the automated remediation feature. It is not something that we are going to use for automated remediation, but we do like the fact that it is there and can be utilized.

If I had to pick a complaint, it would be the way the hosts are listed in the tool. You have different columns separated by endpoint name, Cloud Account, and Cloud Instances ID. I wish there was something where we could change the endpoint name and not use just the IP address. We would like to have custom names or our own names for the instances. If I had a complaint, that would be it, but so far, it meets all the needs that we have.

We have been using it for two or three months. We went through a test trial, and we are finalizing the official purchase request to purchase it and start using it fully.

We have not experienced any issues so far.

We have not interacted with their support. We have only contacted our customer manager and our onboarding specialist. We have not had to submit any tickets.

We have not used any other similar solution previously.

It is a cloud deployment. I was involved in its initial setup. Its deployment was straightforward. There were a couple of questions that we had. Some of the documentation was not written in the best way. There were some hurdles when moving to the tool and understanding it, but for the most part, it was straightforward. We got all the instructions on how to deploy or install it. We were presented with a customer service rep who was an onboarding specialist. This customer service rep specialized in deployment for us, so everything was a simple setup.

We mainly did it ourselves, but we also had an integrator consultant from SentinelOne who was on the site. They answered all of our questions for anything that came up. For anything we needed, they were there to help us. We had three individuals full-time, and then we had a contractor.

In terms of maintenance, there is nothing required from the SentinelOne side. Once we onboard a lot of our hosts, we just need to organize it in a way that is easy for us, but from the SentinelOne or Singularity folks, nothing is required.

The pricing is fair. It is not inexpensive, and it is also not expensive. When managing a large organization, it is going to be costly, but it meets the business needs. In terms of what is out there on the market, it is fair and comparable to what I have seen, so I do not have any complaints about the cost.

We did evaluate other options. We tried Trend Micro Vision One. We also looked at CrowdStrike.

We went for Singularity Cloud Workload Security because it was built and made for the cloud. That was a big thing. The second big thing was that they utilize all of these different features with one agent.

The CrowdStrike solution is not built for the cloud. They have a cloud add-on, so it did not translate for us. The Trend Micro solution is somewhat built for the cloud. It is more of an on-prem tool that is moved to the cloud, but we have to utilize at least two agents to get all of the coverage, meaning AV and endpoint detection. With Singularity Cloud Workload Security, it is all covered in one agent. There is no need to put multiple agents on our host and go through that with our customers. It also allows us to place that agent using AWS Systems Manager, so the implementation in the cloud and launching of the agent is intuitive and easy. It was a no-brainer once we started looking at the tools in terms of how to implement them and what we would like in our organization. Singularity Cloud Workload Security took the top place.

It has a single agent to cover all aspects. You can save money and costs with data ingestion by using the Security DataLake from Singularity. There is also the ease of use of its console. There is also the ease of deployment by it being cloud-based. If you are looking for a tool that is perfect for cloud solutions and protects your cloud host, Singularity Cloud Workload Security would be at the top of my list.

To someone who does not think that they need a Singularity Cloud Workload Protection Platform (CWPP) because they have a continuous security monitoring (CSM) solution in place, I would recommend looking again at Singularity because there is one agent and the ease of transitioning and deploying into the cloud. Another big thing about Singularity is the holding of the data. We utilize Splunk. However, with Singularity, we do not need to ingest all the data because we can also utilize their data lake. The query or the information that we can look up at Splunk can also be looked up in Singularity, so there is no need to take all that data from Singularity and ingest it into our Splunk and increase our license. We can utilize our license and capabilities. We can just use the data lake that comes with Singularity and utilize logs in that manner. In the end, it is saving us costs when it comes to our SIEM tool ingestion, so I would recommend looking at these top aspects. It is easy in the cloud. It helps save data on your SIEM tool. It saves the ingestion costs. There is also a single agent.

I would rate Singularity Cloud Workload Security a nine out of ten.

We use SentinelOne's Singularity Cloud Security as our Cloud Security Posture Management solution, to proactively identify vulnerabilities within our cloud configurations. Security alerts generated by the platform are then forwarded to our mitigation team for prompt remediation.

The solution is easy to use.

The evidence-based reporting is helpful to our DevOps team who manually mitigate the vulnerabilities.

Singularity Cloud Security offers a flexible agentless vulnerability scanning solution that allows me to receive alerts directly to my personal email, a feature missing from AWS GuardDuty.

Evidence-based reporting that demonstrates how a vulnerability can be exploited is crucial because it allows me to prioritize alerts based on their severity level. This ensures I focus on the most critical issues first.

Singularity Cloud Security has improved our organization's security by proactively identifying vulnerabilities that could have significant detrimental effects.

It has decreased the number of false positives.

Before implementing Singularity Cloud Security our mean time to detection was three to four days.

Singularity Cloud Security has significantly improved our mean time to remediation from one hour to just 15 minutes.

SentinelOne stands out with its responsiveness to feature requests for Singularity Cloud Security. This means they can adapt the product to our specific needs, whereas Prisma Cloud forces us to wait for their pre-determined release schedule.

SentinelOne currently lacks a break glass account feature, which is critical for implementing Single Sign-On. SentinelOne should prioritize the development of a break glass account feature.

We've encountered some filtering difficulties, resulting in a few areas of the interface needing improvement.

I have been using Singularity Cloud Security by SentinelOne for one year.

Singularity Cloud Security by SentinelOne is stable.

I would rate the scalability of Singularity Cloud Security nine out of ten.

The technical support is good. They've assisted us on multiple occasions with implementing new policies and creating custom plug-ins to meet our specific needs.

Positive

I successfully deployed the solution in collaboration with a cloud-native administrator. The deployment process went smoothly and we encountered no complications.

I would rate Singularity Cloud Security by SentinelOne eight out of ten.

We have over 400 users in our organization.

We have one client, and we need a portal to manage security. We use Singularity to provide security information and identify vulnerabilities or malicious scripts that need to be fixed. It also provides recommendations about each of the vulnerabilities that are helpful.

We provide cloud services on our site using AWS. Singularity detects flaws that we must close for security reasons. We use Singularity to observe those findings and fix things based on the customer's requirements. Previously, we used to segregate issues and look after them. Singularity helped us secure our infrastructure. We've significantly reduced our potential security breaches to a minimum. 

It has improved how we operate on a larger scale. We set up the platform, onboarded the info, and then gradually moved further. Over time, it helped us slowly resolve those issues. We were using the cloud platforms' native security tools, but those were unhelpful. Now, we rely on this more than those services. 

Singularity reduced our false positive rate by about 60 percent. We've had even better results in terms of our risk posture. We can rely on this tool to improve our security conditions on a broader scale. If I gave our security posture a percent rating, I would give it 89 percent.

The solution saves time by giving us everything in one place. You don't need to manually check every account. It tells us a lot. Singularity reduces our detection time by about 60 percent. 

Singularity has improved collaboration among cloud security, application developers, and AppSec teams. Previously, it would take around a week for engineers to address issues. Now that we use this tool, we resolve issues in one or two days.

We're monitoring several cloud accounts with Singularity. It is convenient to identify issues or security failures in any account. It's nice to have all the details we need to solve these issues. Singularity is easy and convenient to use. It is extremely easy for a novice to understand what the dashboard is trying to say and the terminology's meanings.

Evidence-based reporting is excellent for auditing. It shows all the findings and severity: low, high, medium, or critical. We solve the low-level and medium issues. Next, we resolve high-level and critical problems. It's easy to fix the security breaches.

We repeatedly get alerts on the tool dashboard that we've already solved on our end, but they still appear. That is somewhat irritating. 

We have used Singularity Cloud Security for about six months.

I rate Singularity nine out of 10 for stability. 

I rate Singularity eight out of 10 for scalability. 

I rate SentinelOne support nine out of 10. 

Positive

Singularity took about a week to deploy. A team of 40 to 50 people was involved. 

I rate SentinelOne Singularity Cloud Security nine out of 10. I would recommend the tool to others. It's a convenient and cost-effective tool for identifying security breaches. You get everything in one place, saving you time and costs.

We use the solution for monitoring the security of our infrastructure. It helps us identify all the vulnerabilities.

We had code and infrastructure, and we just weren't sure of all the vulnerabilities within them. This knowledge has helped protect us from security loopholes. 

It's integrated with all of our cloud services on our accounts. It automatically fetches all the resources, scans through the code, and reports back on our vulnerabilities. It helps with all of our overall security standards as per the industry, and it can give us a rating. If I go to the compliance section, it gives me an idea of how I'm performing with respect to compliance metrics.

There's real-time threat detection. It can show threats and find issues based on their severity and helps us with real-time monitoring.

It's fairly easy to use. I'd rate the ease of use 7 out of 10. There is a learning curve around the initial issues. However, we can look at issue descriptions and what to do. It gives us a lot of details about an issue, so that helps. 

Evidence-based reporting helps prioritize and solve our cloud security issues.

PingSafe includes proof of exploitability in evidence-based reporting. It's really important. If we did have any proof, it would be harder to pinpoint false positives. I like that it gives proof.

The code scanning is helpful. Whenever somebody commits a recent code, it helps identify that immediately and check vulnerabilities. 

It has positively affected our exposure. Before we implemented it, we were having lots of issues, and now, with PingSafe, we're up to 87% compliance with respect to all security metrics. It's been a gradual process, however, we're getting better and better. 

We've been able to reduce mean time to detect. It's gotten a bit faster. If you have a solution like this, you can take a more proactive approach. When a vulnerability happens, you can act immediately. Our mean time to detect has improved by about 80%.

It's also helped us with our mean time to remediate. It shows recommended actions and helps tell us what could possibly remediate the issue. 

The product has positively affected collaboration among our cloud security, application developers, and AppSec teams. PingSafe, however, is more centered around our infrastructure security and doesn't impact developer productivity much.

The compliance monitoring capabilities are helpful. We're a venture product, so we need to be compliant with everything. When we get a report, we can see what we need to do for compliance, and it helps us identify issues and mitigate them effectively to increase compliance. 

There is a bit of a learning curve for new users. The ease of use could be better.

We've had an issue where we muted a false positive, however, when we made some changes to a cloud configuration, it popped up again. So it hasn't really reduced false positives; you just need to manually ignore them. 

I've used the solution for one year. 

The solution has been stable throughout. 

We have three to four users that are actively using PingSafe. They are admins and engineers. 

So far, we haven't had any scalability issues. 

They have great technical support.

Positive

We didn't use a different solution previously.

The initial deployment was pretty quick. When you integrate any of your cloud service providers, it doesn't take long. We had it implemented in a few days. One of our reps can just work with the team to get it ready.

It's not integrated with any other security tools, however, it is integrated within our infrastructure. 

No maintenance is required.

I don't have any visibility on the pricing of PingSafe. 

We have not evaluated other solutions. 

I'd recommend the solution to other users. Overall, I'd rate the product 8 out of 10. 

We have multiple AWS accounts and we use it for our products and deployments, et cetera, and they are being monitored by PingSafe for best practices and good security. In the past, we've had code exposed to the internet, and PingSafe has been able to catch such instances. Basically, it is for security and monitoring purposes. 

We've been able to integrate PingSafe with out AWS and deployed their agents to Kubernetes. For production and compliance purposes, it allows us to monitor actively for issues from one place. 

The solution reduces notifications.

We mainly use it for monitoring and security guidelines only. It's been really useful for us in terms of the developer accounts. If any have been exposed, we get notified and we can take care of issues before anything happens. 

We haven't seen any server downtime. It's always been available when we've needed it. 

The UI is very nice, and feature-wise, it's very good.

It has very good documentation. 

Support has been very helpful and provides regular feedback and help whenever needed. They've been very useful. 

The solution is very easy to use. We have not had to spend much time customizing or integrating items. We were able to integrate all four AWS accounts in order to centrally monitor everything.

There is evidence-based reporting which can help prioritize and solve cloud security issues. We haven't actively used it or set it up.

We use the infrastructure as code scanning feature. It's good for identifying pre-production issues. 

About six months ago, there was a major upgrade. We can see the containers running and which vulnerabilities appear, et cetera. 

We haven't seen any increase in false positives since using the solution. 

It's helped us improve our risk posture. We're more confident now that things aren't happening and getting missed. We're on the right track to adapting proper security rules.

More than saving engineering time, this solution has helped promote confidence is the security of our cloud accounts. We're more sure of our configurations and security posture. Since we don't have a cloud expertise team that might identify issues, it has helped us gain confidence in SQL deployments. 

There should be more documentation about the product. Sometimes we have to go to customer support to get clarification.

I've been using the solution for 1.5 years. 

The solution is stable. I have not seen any downtime.

We have around 15 users leveraging PingSafe. They are mainly admins and engineers.

Technical support is very helpful. However, the documentation needs to be better.

They tend to resolve issues within an hour or so. With most issues, they are very helpful 

We have a different pipeline product working in parallel to this solution that is also helping us reduce vulnerabilities. Something else, for example, monitors compliance for us. PingSafe is more of an additional tool than our main solution. We have been using open-source tools for scanning.

The development was just one configuration, and we were able to implement PingSafe in about an hour.

The solution does not require any maintenance. 

We have noted an ROI based on the amount of confidence we've gained having visibility into our vulnerabilities. I do not have specific metrics on hand to illustrate that, however. 

The pricing is reasonable.

We're a customer and end-user. I'm a DevOps engineer.

I'd recommend the solution to others. I would rate it 10 out of 10 as it currently meets all of our requirements. I can't speak to other companies that may have different requirements. 

I use it for security purposes, and it is deployed on the cloud. It helps me look into potential threats and resolve issues.

For Singularity, the task capability is easy to use and it has a very intuitive dashboard, which streamlines the processes. It provides user-friendly privacy protection, 24/7 threat detection monitoring, and managed services for continuous monitoring and threat hunting. It also offers ransomware protection with excellent defense mechanisms, rollback features, and extended detection and response features.

The area of improvement is the cost, which is high compared to other traditional endpoint protections. Additionally, it has limited legacy system support and may not fully support older operating systems or legacy environments.

I have been using SentinelOne for one year.

I rate the stability nine out of ten, indicating strong stability with limited bugs, glitches, or downtime.

The solution is scalable, and I rate it nine out of ten.

I rate technical support eight out of ten, indicating satisfaction with the support provided.

Positive

I did not personally use any other solution before using SentinelOne, however, I have heard about multiple products compared to SentinelOne.

The initial setup was easy and completed in a couple of days, involving three people.

Three people were involved in the deployment, working together to ensure the setup was successful.

Meantime to remediation improved from seven to eight minutes to two to three minutes, reducing time and money by 40% to 45%. Overall, time to detect is now in milliseconds.

On a scale of one to ten, I would rate the pricing and setup costs an eight out of ten, indicating it leans towards the expensive side.

I recommend SentinelOne due to its high-security capabilities, which are essential to safeguard data and systems from potential threats.

I would rate the overall solution nine out of ten.

SentinelOne Singularity Cloud Security is deployed on all our servers except for user machines. When Singularity identifies a downloaded application as malicious, it triggers an alert sent to our SIEM console. We can then investigate the alert details, including associated logs, to determine if the malware is static or actively malicious. We can also investigate suspicious IP addresses or domains. Additionally, Singularity monitors process creation and can provide forensic data on security incidents, including information about backdoor connections and the applications involved, like Chrome or other browsers.

SentinelOne Singularity Cloud Security stands out for its user-friendliness compared to competitors like CrowdStrike, FireEye HX, and Microsoft Defender. Unlike these tools, which can be cumbersome for tasks like running queries or searching for logs, Singularity offers intuitive interfaces and delivers results in seconds, even for complex searches across various hash formats, like MD5, SHA256, etc., without needing conversion.

Our existing SIEM console allows us to analyze alerts triggered by the SOC team. We can investigate potential false positives or conduct tests directly within the console. Additionally, the console facilitates quick searches for IOCs to identify malicious communications. Furthermore, Singularity Cloud Security offers a central management console for automated machine reboots, containment, and even self-maintenance in response to high-severity security alerts. This eliminates the need for manual intervention.

We saw the benefits of SentinelOne Singularity Cloud Security within the first two months of transitioning from FireEye HX. Singularity was easy to manage, and we were able to identify vulnerabilities.

SentinelOne Singularity Cloud Security has helped reduce the false positives we receive by 15 percent compared to FireEye HX.

Singularity has helped reduce our mean time to detect. The automatic containment of the infected machine is done within the first ten seconds of detection.

Singularity has helped reduce our mean time to remediate. 

The user-friendliness is the most valuable feature.

SentinelOne Singularity Cloud Security offers a custom search function with a default 14-day limit. Extending this period to 30 days requires an additional license. A two-month grace period for extended searches would be a valuable improvement. Additionally, enhancements to the threat-hunting capabilities of the hunter module are recommended.

I have been using SentinelOne Singularity Cloud Security for two years.

We had an incident in which they pushed a patch without notifying us and without testing, damaging all of our security controls. 

Neutral

We previously used FireEye HX but shifted to Singularity because we saw the potential while the POC was going on. The top three endpoint security solutions are SentinelOne Singularity, Microsoft Defender, and CrowdStrike. FireEye HX is not one of them.

The initial deployment's complexity was moderate. The entire deployment took six months to complete.

The implementation was completed with the help of the vendor.

I would rate SentinelOne Singularity Cloud Security seven out of ten. The lack of a 60-day search option for the log source lowers the overall score.

The endpoint security team does the maintenance.

SentinelOne Singularity Cloud Security is a good product that is easy to use. 

We have multiple applications in our AWS cloud environment. We have a private environment, and we do not disclose it to the Internet. We have configured multiple security alerts, such as for any incoming traffic from a public IP address.

We have also set up PingSafe alerts for key rotation of security credentials for the accounts.

PingSafe helps us to reduce the security overhead. We do not have to manage every small thing manually. They are taken care of by PingSafe.

We use vulnerability scanners for our AWS servers. If there is any vulnerability, we get a report on that. We close those open security points. I do not know the exact name of the scanners, but they work great.

We rarely get false positives. We usually get real-time, accurate data. Sometimes there is a mismatch between the actual data and the data we get from PingSafe, but that is negligible. It happens once in a thousand times.

PingSafe has reduced our mean time to remediate. It has saved about 60% of our time. It has helped us with that.

It has also reduced our mean time to detect. The time savings depend on the use case. On average, it saves ten to fifteen minutes per use case.

We do not use it at a large level for Infrastructure as Code scanning, but it saves us time. We do not have to click on the features in the GUI. We have set up some scripts with the Infrastructure as Code feature. We run them to generate reports and get the required output.

The Infrastructure as Code feature has helped us. We can integrate PingSafe with our cloud tools. It helps with the development part. For example, Lambda is an AWS feature. It is a code environment. We can directly connect these two. It helps with the run time of the processes.

We mostly use alerts. That has been pretty good. If we use the alert system from Amazon, it is much costlier to us, so we use PingSafe.

PingSafe's interface is quite good. It is beginner-friendly. If someone has even a little bit of idea about cloud security, they can learn it very easily.

I do not know if it is possible, but in AWS Cloud, there are multiple features or services, and if they can collaborate with them, it would be helpful. The Infrastructure as Code service available in PingSafe and the services available in AWS cloud security can be merged so that we can get the security data directly from AWS cloud in PingSafe. This way, all the data related to security will be in one single place. Currently, we have to check a couple of things on PingSafe, and we have to validate that same data on the AWS Cloud to be sure. If they can collaborate like that, it will be great. It will be an amazing tool.

My organization has been using PingSafe for one and a half years, but I have been using it for the past three to four months for cloud security.

I have not faced any downtime. If they have any kind of maintenance, they let us know via email a week or two before. The maintenance is usually done once a quarter, and it is done out of business hours, so we do not have any concerns about that.

I would rate it a seven out of ten for scalability. If they can collaborate with AWS services as well, it can be a 10 out of 10.

I have contacted them quite a few times. They are pretty good. They are within their SLAs. I have never raised a support case with a very high severity. For the cases I raised, they have an SLA of about 24 hours, and they always meet that SLA.

I always get a perfect answer in the reply. If I have some major issue and I am unable to understand that via email, they also come on a Teams or Webex call. They provide a good service. I would rate them a nine out of ten.

Positive

It is a cloud deployment. I believe they have an on-premise option as well,  but we are not using that. We are completely on the cloud.

I was not involved in its deployment. Its deployment was done by the organization about a year and a half ago. I only manage operations, and I have been here only for about three months.

It does not require any maintenance as such. In the infrastructure code part, we update the code, but I am not sure if that comes under maintenance.

You should be a little familiar with cloud security. Otherwise, you might face a few difficulties in accessing the PingSafe console. If you are a little familiar, it will be very easy for you. A completely new user without a technical background can get a bit confused by the naming conventions in the GUI.

I would recommend PingSafe to others. Overall, I would rate PingSafe an eight out of ten.