SentinelOne Singularity Cloud Security Reviews

We use the tool for cloud security management. We check the vulnerabilities in the cloud during the configuration phase using PingSafe. We check how many cloud assets are being covered and how many issues have been identified from multiple cloud assets. We check different types of issues. We look into cloud network configuration, Offensive Security, Kubernetes security, and vulnerabilities. We also use the ThreatWatch option to check for active attacks happening worldwide. We can also check compliance, analytics, and asset inventory. We use the tool in multiple locations.

Without the product, we cannot know the configurations and the issues that are present in the cloud assets. PingSafe helps us to know such details easily. It guides us and shows the flaws or vulnerabilities present in the cloud assets. It also provides good remediation processes with screenshots. It is easy to tackle and remediate the issues present in the cloud assets.

The solution provides detailed visibility into the security state of the assets and workloads across all the platforms. The remediation process is good. It clearly provides every step required in the resolution with screenshot links. I like it very much. The product helps us identify the misconfigurations and flaws present in our organization. We meet with the concerned teams and resolve the issues. It helps us a lot by finding all the issues in the cloud assets.

We use the solution's agentless vulnerability scanning. There are different categories in the product. It is useful for us that PingSafe includes proof of exploitability in its evidence-based reporting. It is required for every company that uses clouds. PingSafe has helped reduce the number of false positives we deal with. Most of the time, we do not get false positives. It is usually below 10%.

The product has improved our risk posture by 50%. We can detect vulnerabilities faster. PingSafe has sped up the process by 80% to 90%. PingSafe provides us with the remediation process. It has reduced the mean time to remediate. Without the tool, we wouldn't know the process to remediate. We can get some things on Google, but the product provides the exact process we need to follow. The solution improves the mean time to remediate by 70%. It is a very helpful tool for remediation.

PingSafe is a collaborative tool. It is very easy to use. Anyone can easily use it. We can easily check the flaws and collaborate with other teams. PingSafe has helped us save engineering time by 50%. We use other tools for compliance. We have endpoint security solutions and antivirus products for normal assets. Similarly, we need a tool for the cloud assets. I will recommend PingSafe to everyone who uses the cloud.

Under the containers section, we have a cluster. It is a link between the organization and PingSafe. We don't get any notifications from PingSafe when the clusters are down. The PingSafe database doesn't receive any updates. It doesn't trigger any alerts. We must check things manually. It must be improved in future releases. If notifications are available, then it will be more helpful, easy, and time-saving. We can easily contact the team, check why the cluster is down, and restart things.

I have been using the solution for one and a half years.

The solution is stable. I rate the stability an eight out of ten.

We have eight users in our organization. The solution does not need any maintenance. I rate the scalability a nine out of ten.

The technical support is good. The team responds within 24 hours and resolves all the issues we raise. The team also arranges monthly meetings for updates. The support team educates us about the upcoming updates in the tool. The team helps us if an individual or a team has issues with PingSafe. The support people also help us with the remediation process if we are stuck at any stage.

Positive

The tool is deployed on the cloud. The deployment can be done in a day. One or two people from our organization and two to three people from the development team of PingSafe were involved in the deployment. The solution was easy to deploy. It was not complicated.

The product has saved us time, money, and resources. We have saved 80% of time, 20% of resources, and 80% of money.

The tool is cost-effective. It is neither cheap nor expensive.

The tool is easy to use. Compared to other products, PingSafe is the most easy to use. There are different severity categories, such as critical, high, medium, and low. We get notifications for critical things. Critical issues have the highest priority. The ability to prioritize the issues is helpful for us.

Overall, I rate the product an eight out of ten.

We use Singularity Cloud Workload Security to protect all our servers from malware, both present and future. We also use it to protect our user endpoints, such as workstations and employee laptops.

We recently switched from Windows Defender to SentinelOne endpoint protection after a few of our laptops were infected with malware. SentinelOne has been protecting our laptops, endpoints, and servers for two years now, and it has performed well in internal and external audits.

We currently have a hybrid Active Directory environment. SentinelOne itself is a SaaS-based product, so it is fully cloud-based. However, we need to install agents on all of our endpoints and cloud services.

Singularity Cloud Workload Security has real-time threat detection capabilities. We have tested it with multiple clients and ourselves, and it has detected malware every time we have been attacked. Compared to other major security vendors, Singularity Cloud Workload Security had the best detection rates for all the malware we threw at it during our proof of concept.

Automated remediation is policy-based, which makes it very useful. The SentinelOne platform gathers all information about how the threat played out and all the changes that were affected on our system. Using this information makes it very easy to remediate all the damage because we know what happened. Automated remediation is amazing and a key differentiator from other competitors.

For Linux kernels, the agent supports almost all platforms, including legacy Windows, macOS, and Linux. We have a few Linux servers, and the mitigation and all the other features work just as well as on the other operating systems.

Using the Deep Visibility Console, we can thoroughly investigate everything that was called or changed on a computer. This gives us visibility into virtually everything that happens on all of our endpoints at all times, in real-time. This has allowed us to find threats that other vendors would have missed. We can also use the Deep Visibility Console to perform threat hunting. For example, if a threat has been moving around our network, we can track it down to see exactly where it is moving to and how it is working.

The historical data record provided by Singularity Cloud Workload Security after an attack is good. For data retention in terms of threats, we have a one-year retention period. This is a long time, and it is very useful for our insurance policies, as we often need to comply with them. For compliance purposes, the one-year retention period is perfect for us. For visibility logs, for example, we are ingesting some logs, and I believe the retention rate is actually fourteen days.

Singularity Cloud Workload Security has reduced our MTTD. Previously, with Defender, it would sometimes fail to detect threats. Now, we detect and remediate many more threats automatically, almost instantaneously. For example, if we download a malware file, we usually cannot even open it because Singularity Cloud Workload Security detects it automatically with a super-fast response time.

Our MTTR is automatic. As soon as a threat is detected, remediation is performed automatically, according to our policy. We can even generate a report of the remediation and all affected files. This allows us to see everything and ensures that remediation is performed quickly.

Singularity Cloud Workload Security has freed up our SOC staff's time to work on other projects. Before, we were considering hiring a 24/7 SOC team, but with SentinelOne's vigilance package, they take care of almost everything for us. We no longer need an employee to monitor logs and threats 24/7.

Since we are freeing up some time from the operations side, our IT administrators and security personnel do not have to constantly monitor the console to see what is happening. Because we trust the product to take care of malware for us, our productivity has definitely increased. We only check the logs once a week.

Singularity Cloud Workload Security works well with other vendors, so we can even have two EDR solutions if we want to. The exclusions can be done through the console, which is very easy to use. It gives us a list of all the applications that we have installed on all our systems and makes it easy to create different types of exclusions. For example, we can create exclusions for performance reasons or to suppress alerts. There are a lot of options, and they are all very easy to use.

My favorite feature is Storyline. It creates a neat graph that shows us how any threat played out, in real time. We can see all the information about what was modified or changed on our system, such as files that were modified, created, or deleted, and register keys that were created or edited. For a SOC analyst, this information is super useful. We can deep dive into all the information and see exactly what happened on each computer individually.

The second feature is actually part of the SDR platform, and it provides native integrations with other security software vendors, such as Okta or Azure AD. This allows us to ingest all of our audit logs for security events and to take action on them. For example, we can set up an automation alert so that if a threat is detected on an endpoint, we can automatically take action on our Okta or AD environment, such as locking the account that was signed in or forcing a password reset.

I know that SentinelOne is working on additional integrations for their XDR platform, and I would definitely prefer more integrations. I understand that many more integrations are coming soon but by the end of the year. I would like additional integrations. Currently, we have integrations with Azure AD, Okta, Mimecast, and Netscope. Many of our clients and we also use firewalls from Cisco, Juniper, and so on. It would be helpful to be able to retrieve audit logs or actionable items from these firewalls.

I have been using Singularity Cloud Workload Security for two years.

Singularity Cloud Workload Security is stable, and we have not experienced any downtime. 

The stability of Singularity Cloud Workload Security is similar to that of Microsoft Defender.

Singularity Cloud Workload Security is infinitely scalable, with a multi-tenancy feature that allows us to have multiple sites, such as physical sites. For example, if we have two locations, we can easily create admins who have access to only one site or to all sites. It scales really well, regardless of our environment.

The auto-scaling feature is user-friendly. As we install more endpoints, they will simply show up in the console, allowing us to create our own physical sites with their own admins and different policies.

My interaction with technical support was pleasant. They gave me a few tips on how to integrate the new system. They also sent me some documentation, which was already available to me, but they saved me the time of searching for it. They even offered to schedule a team call to discuss the integration and have a team member help us directly. The only downside is that the entire interaction was text-based, so it could be difficult to get a definitive answer to some questions.

Positive

We previously used Microsoft Defender, but some of our laptops were infected with malware anyway. Because of this, we had to redeploy all of our laptops. We therefore concluded that the solution was not working as well as it should in terms of detection and response so we switched to Singularity Cloud Workload Security.

Deployment was straightforward. The agent is simple to deploy, and we only need to deploy it to all of our endpoints. It is a simple installation that requires our site token. We can deploy it through group policies, Intune, or any mass deployment software. I completed the deployment myself.

We evaluated CrowdStrike, Carbon Black, and Bitdefender, and found that Singularity Cloud Workload Security had a much better remediation process. This is because Singularity Cloud Workload Security uses AI-powered detection and remediation, instead of relying on human analysts. This means that threats can be detected and remediated much faster than with traditional security solutions. Another factor that influenced our decision was pricing. SentinelOne is not too expensive compared to other providers, and it offers a wide range of integrations with other security products.

I would rate Singularity Cloud Workload Security nine out of ten.

Maintenance is minimal, requiring only occasional updates. When a major update is available, we receive an email notification. We then accept and deploy the update to all eligible endpoints through the console.

Singularity Cloud Workload Security is very easy to deploy and has one of the best detection rates among vendors. It has a very user-friendly UI that provides a high-level overview of current threats and system status, as well as the ability to drill down into analytics and threat indicators using the visibility console. It is so user-friendly that anyone can use it, regardless of their expertise level. However, for more experienced users, there is also the option to dig deeper into the data.

Singularity Cloud Workload Security helps us spend less time on threats and more time on our core competency, which is consulting work. This definitely improves our productivity and innovation.

I use SentinelOne Singularity Cloud Security for security purposes. It is deployed in my cloud infrastructure, providing me with a main dashboard that allows me to monitor my infrastructure. It helps identify vulnerabilities, ransomware attacks, and other threats. Essentially, I use it to enhance security.

By implementing this solution, we wanted to prevent ransomware and DDoS attacks and have 24/7 threat monitoring of our infrastructure.

SentinelOne Singularity Cloud Security has helped us implement effective security measures to reduce risk. It has also had an impact on key performance indicators, security metrics, the false positive rate, the mean time to detect, and the mean time to respond.

Before SentinelOne Singularity Cloud Security, we had to use AWS services like GuardDuty and CloudTrail, or WAF in AWS. We had a console, but there was no alerting system. SentinelOne Singularity Cloud Security collects all the information from GuardDuty, CloudTrail, WAF, and other AWS services and organizes security insights into a single, comprehensive dashboard. It also provides us with the best practices and documentation to resolve issues.

We were able to realize its benefits immediately. It has reduced false positives by 30% to 40%.

SentinelOne Singularity Cloud Security is a trustworthy product. Since its implementation, I have confidence in the security of our infrastructure. It detects everything. I have a good overview of our infrastructure.

SentinelOne Singularity Cloud Security has reduced our mean time to detect by 40% to 50%. It has reduced our mean time to remediate by 60%.

The most valuable feature of SentinelOne Singularity Cloud Security is its advanced AI and machine learning capabilities, which allow it to identify and respond to threats in real time. 

Furthermore, the user interface is intuitive, making it easy to understand even for those unfamiliar with cloud technology. This ease of use extends across the dashboard and overall user experience.

For SentinelOne, improvements could be made in managing Internet dependency as cloud-based operations can pose challenges in environments with limited connectivity. 

Additionally, integration with certain third-party tools or legacy systems might require extra effort. 

Its features may be overwhelming for smaller organizations with less complex security needs.

I have been using SentinelOne Singularity Cloud Security for two years.

I would rate the stability an eight out of ten. Sometimes, I feel the dashboard is a bit laggy.

It is scalable, and I would rate it a nine out of ten for scalability.

We have multiple locations and departments. In my team, there are about 22 users working with this solution from different locations.

The technical support is highly knowledgeable and reliable in security matters. I would rate their support a nine out of ten.

Positive

Before using SentinelOne, I used AWS-managed security tools like WAF and GuardDuty. I find SentinelOne superior due to its real-time detection and mean time to remediate threats.

Its deployment was easy. We had the SentinelOne team on the call, making the process smooth and easy. It took us about three days.

I do not have to do any maintenance. The maintenance is taken care of by SentinelOne. When there are any maintenance activities, they send us an email about the time. They usually have maintenance activities on a quarterly basis.

SentinelOne's team assisted us during the deployment. We had seven people involved.

Using SentinelOne has saved me both time and money. Before its deployment, it took one to two hours to detect or resolve issues, whereas now, it only takes ten to twenty minutes.

SentinelOne is relatively cheap. If ten is the most expensive, I would rate it a seven.

I would definitely recommend SentinelOne Singularity Cloud Security for infrastructure security. I would rate the solution a ten out of ten.

My company is trying to get an ISO certification by the second quarter of 2024, so we have been resolving certain security issues for the past year.

I use the solution in my company, where we have alerts coming from PingSafe, especially if any security threats are there. Our company's primary concern in using the tool is to get the ISO certification. My company wants to get our infrastructure to meet ISO standards so that there won't be any issues while getting ISO certification.

With the product in my organization, I feel that we are more secure now, and our services have become better. My company gets to know if we are doing something right or wrong based on the scans that PingSafe deploys. My company doesn't have to care much about security because PingSafe takes care of it for us. My company also knows what all the best practices are there for each resource, which gives us a boundary of what we can do.

Most of the time, I have looked at the tool's dashboard to keep an eye on how much of my company is compliant regarding certain areas since we are eyeing ISO 22000 and ISO 22001. I just love the tool's dashboard, though I have not used it in depth. I like the dashboard mainly, and I know that all sections of ISO certification have been completed. I have not used the tool that much, but under that dashboard itself if I just click on the certification part, which states that 93 percent has been completed, it will show me the subcategories of what all things are still pending or how much percentage of it is still pending, and how many areas are yet to be resolved in relation to some of the resources. The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best features.

When I joined my organization, I saw that PingSafe was already implemented. I started to use the tool's alerting features and dashboard functionalities. Considering how much I used the product, I don't see any areas in it where improvements are required since everything seems fine.

Sometimes, there are alerts that don't have proper messaging attached. The tool can improve the alerting notifications. In PingSafe, the alerts also show the affected resource that has a particular issue, but sometimes, the account shows as not applicable, and it isn't very helpful since you need to know the account the tool aims to point out.

The alerting system of the product is an area that I look at and sometimes get confused about. I feel the alerting feature needs improvement.

I have been using PingSafe for more than a year. My company is a customer of the solution.

My company has not experienced bugs, downtime, or any other issues in the product.

Stability-wise, I rate the solution an 8 out of 10.

It is a scalable solution. Scalability-wise, I rate the solution a 7 out of 10.

My company's tech team consists of twelve people and around ten to twelve people use the product.

I rate the technical support an 8-9 out of 10.

Positive

The solution is deployed using the cloud services offered by AWS.

PingSafe regularly sends us messages on Slack for cloud security monitoring if it finds a certain security threat. If the area revolving around the security threat is something my company wants to look into, we just quickly check the product to see if there is a quick fix, and if there are no solutions, then we find a way to deal with it. A person from our company's team regularly tries to fix all the issues raised by PingSafe so that it is ISO compatible, and right now, my company is close to achieving it.

Speaking about the issues my company was trying to resolve by implementing PingSafe in our environment, I would say that whatever issues the tool has raised till now are related to certain policies that we might not have implemented in our IAM. There should only be certain roles that can access certain resources. The aforementioned area consists of the types of issues my company is currently trying to resolve so that we stay up to the mark. In my company, we don't have any regular threats that come up, but they are mainly used in regard to policies.

Considering how much I have used it to date, I can say that it is an easy-to-use product. However, I have not used the product in-depth, so I can't comment much about it.

If I assess the evidence-based reporting for helping prioritize and solve important cloud security issues, I would say that the concerns raised by the product are valid ones, and it is important to deal with them. Though I am not sure what the question entails, I feel that the issues raised by the product are proper, and they should be resolved before actually implementing its features.

I think it is very important for the solution to include proof of exploitability in evidence-based reporting. You have to know what things might go wrong if an issue is not resolved, and it makes it easier for us to assess key issues and to decide which areas should be taken into priority, considering what potential issues might crop up in the long run or short term. In general, PingSafe is a quite helpful tool.

The most valuable feature of the tool in terms of real-time threat detection stems from the alerts my company receives via Slack. I think the alert feature is something I have majorly looked into, but I haven't explored many of PingSafe's features.

Whether the compliance monitoring capabilities of the tool have benefited our organization or not is something that we will get to know soon via its results in the next two or three months. My company is very close to getting ISO certification with PingSafe's help. I think if it gave our company a demo compliance feature, it could be helpful.

The product's UI is good if I speak about the impact of its ease of use on security operations. The UI is very easy to navigate. Basically, I was able to navigate through the tool's dashboard. Overall, the tool's UI structure looks good.

My company has rarely had to deal with an incident involving a false positive with PingSafe in place, and I believe that it happened at the end of the previous year. After that, my company didn't need to deal with any false positives. With PingSafe, the chances of seeing a false positive are rare.

In terms of risk posture, after going through the recommendations provided by PingSafe during the implementation phase, I feel that my solution has helped my company get better and more secure because now we are less vulnerable to attacks. Overall, I think that the product is good for improving an organization's risk posture. In my company, we don't have any doubts about using the product since everything feels right with it.

The tool has reduced the mean time to detect risks since, with the use of the tool, it has become faster as it is now done automatically. In my company, I operate in a very small team where we don't have a specific person or department giving us insights about a particular tool. The tool has reduced the mean time to detect risks by more than 50 percent. My company never scanned our own infrastructure until PingSafe did. Until my company had it in mind that we wanted to get an ISO certification, we never scanned our infrastructure.

The mean time required to remediate is an area that has improved a lot. My company has never tried to resolve any issues since we have never detected any problems. The mean time to remediate has improved by more than 50 percent.

The product can make the collaboration between cloud security application developers and AppSec teams better. In my company, we only have one team, and we don't have a few departments.

The product has helped my company save a lot of engineering time because we don't have to put up physical resources to do many things, as they are managed automatically. In my company, we just have to employ one engineer to resolve everything. My company doesn't actually have to spend time detecting issues and then solving them as the tool solves them for us.

I have not integrated the tool with the existing solutions in my company's infrastructure or workflows. I use it as a standalone product in my company.

The product is used in just one location.

I don't think that the product requires any maintenance. I don't think that my company does any maintenance for PingSafe.

I recommend the product to those who plan to use it. I think the tool has a very good alerting system. The tool also gives a proper description of resources and alerts. I think that the tool is very good for meeting the certification compliance requirements.

I rate the overall tool a 9 out of 10.

We are a security-based company. We use PingSafe to put our data planes on it. We have a cloud setup, and we have integrated PingSafe into our environment. It checks for any audit or security-related issues.

By implementing PingSafe, we wanted a centralized solution. We have many AWS accounts to manage, so we wanted a single dashboard with analytics. We wanted to be able to view and monitor everything at once. We also wanted to customize the rules on which we wanted the alerts to be set up. PingSafe was a better option for our use case.

We have multiple rules set up on PingSafe for things that we want to monitor. We have set up something for restricted access for SSH, and then we have access to the EC2 instances. If any of the rules are broken or if there is a bad actor, we get notified quickly. It also helps with the audit and keeping the infrastructure clean.

PingSafe includes proof of exploitability in its evidence-based reporting. This is quite important for us because we are a security-based company. We want to tag each and every alert correctly. We also need to provide RCA to the customers. PingSafe forms a very good basic layer for things that are happening in the infrastructure. The reports that it gives are also nice. It gives us information about the impact and other things. It helps us.

Its setup is good. It also depends on how finely you want to set it up. It depends on the rules you set, the thresholds you set, and how quickly you act on things. We did not want PingSafe to act on things, so we went for a basic setup without any auto-remediation. We act on the issues. It provides us with a basic layer of security.

Previously, we used to find issues from the AWS console and the AWS logs, but because we had multiple AWS accounts, finding out the issues was a bit of a pain point for us. We had to go inside 30 to 40 AWS accounts to find out the capabilities. We had to write our own automation scripts to find the full logs. We wanted a solution that gave us a centralized place to put all the issues that we were facing based on security concerns. With PingSafe, we found a centralized solution. It was easy for us to get the data of 30 to 40 clusters in a single dashboard. It was pretty nice to have that. The UI seems a bit confusing initially, but once you start using it, it becomes more intuitive.

There is a team that is working on setting it up on ISE. So far, with just a vanilla setup, it is doing its job, and we are happy with it.

There are a few false positives, but we want them to be there. We do not want to miss out on something. We want everything to be monitored. It does not matter to us if it is a false positive. At the end of the day, the cost that we would pay by ignoring a true positive thinking it is a false positive would be much higher than going through false positives and marking them as false positives.

For every module and everything that we do on our AWS clusters, we evaluate the risk individually, and then PingSafe forms an extra layer of security on top of the personal checks that we do. It is like a shield for us. It helps us a lot.

PingSafe has reduced the mean time to detect issues by a lot. Earlier, it was a very manual process to detect errors. There was not a single place where we could look into all the alerts. They were all scattered. PingSafe unified that. With PingSafe, once the alert is detected, we can just look into it directly. We can go into a specific cluster, resolve the issues, and mark it as resolved. There is a 45% to 50% reduction in the mean time to detect.

Our mean time to remediate remains the same because we have manual remediation. There is no change in that. The main issue for us was to be able to detect issues, and PingSafe solved that for us, but because remediation is taken care of by us manually, the mean time to remediate remains the same.

PingSafe is continuously monitored by the customer success engineering team and the security team. These people contact the infrastructure team. The application team is not involved because we mostly monitor the infrastructure side. That is the AWS side. It helps us with better collaboration. When the time zones change, we do not have to give a lot of context or change information across different time zones to different people. They can go into the console, see the issue, and continue to work on it.

Earlier, if there was a security issue, it had to be handed over to people in different time zones. Because we are a global company, we have on-calls and other things. Earlier, it used to be a big process. We had to write down the whole documentation of what happened, where we were seeing the issue, and whether it was resolved or not. We had to provide the complete information on that single issue. Things are simpler now because people can just log into it and see what is in the pending state and which security vulnerabilities we are still facing. A person in a different time zone can just log into the PingSafe console and start remediating the issue.

The multi-cloud support is valuable. They are expanding to different clouds. It is not restricted to only AWS. It allows us to have different clouds on one platform. The integration is quite easy. It took around 15 minutes for the whole stack to set up. It was very easy to set up. That was one of the best things.

The custom rules are also valuable. We can set up our own thresholds on the rules. We can have a granular setup for the rules. We can also scan for specific ports and specific AWS modules. The granularity of rules is good. 

In terms of ease of use, initially, it is a bit confusing to navigate around, but once you get used to it, it becomes easier. Initially, I had problems finding a few things and creating the policies. It was a bit difficult for me, but after going through the documentation, it got easier.

I was checking the IaC checks that they have, and they can add something for auto-remediating IaC. They can integrate something that will help auto-remediate on IaC and make needed changes to the code. They can also integrate something like CoPilot.

Other than that, I do not have any input. They have covered quite a bit. They are doing a good job. The features are good for what we are using it for right now.

I have been using PingSafe for 3 to 4 months.

Its stability is good. We do not have a high volume. It is doing well for the scale that we have. I would rate it a 9 out of 10 for stability.

Its scalability is good. I would rate it an 8 out of 10 for scalability. It meets our requirements. PingSafe does the very basic job of collecting the CloudWatch logs, keeping them in a centralized place, and looking for errors. We have scaled it across all of our AWS accounts, and it is doing well. I do not see any issues coming in the future as well.

PingSafe is being used by our infrastructure team. There are 15 to 20 people who keep a check.

Their support was good. I would rate them an 8 out of 10.

Positive

We did not have anything like PingSafe before.

The initial setup was straightforward. It only took about 15 minutes.

We initially had issues handling the setup. We were doing it slightly wrong. We ran it multiple times which messed up the setup. We got PingSafe folks on the call. PingSafe people assisted us with it, and it was very quick once they were on the call.

We are on the cloud. We have different AWS clusters, and we have onboarded AWS clusters to it. There is a single dashboard for us. We have not integrated it with anything else. PingSafe is a separate system running, and we have not integrated it with anything. Being a security company, we are directly adding third-party solutions to our stack. 

PingSafe does not require any maintenance from our side. It was a one-time installation, and since then, we have not had any issues with it.

Based on the things that we have tested, it does a pretty good job of alerting and reporting. If you have a highly scaled environment with 50 to 60 AWS clusters and you are looking for a tool that simplifies getting security logs, PingSafe is the perfect solution. It does the job. I would recommend PingSafe to others.

PingSafe has an auto-remediation feature, but we are not using that because we have to give a lot of access to PingSafe for that. We are not willing to do so. That is why we do not use the auto-remediation offered by PingSafe. We just get the alerts, and then we act on them. We also do not use agentless vulnerability scanning, IaC scanning, and PingSafe's Offensive Security Engine.

Overall, I would rate PingSafe an 8 out of 10.

As a senior IT security director, I oversee the governance and guidance of security deployments, including the development and implementation of use cases. My primary guiding principle, which is shared by my team, is to prioritize visibility. This translates into our use of SentinelOne Singularity Cloud Security to gain comprehensive visibility across our hybrid infrastructure including cloud, on-premises, and end-user workstations. Ultimately, visibility is the main driver of our security strategy.

Singularity Cloud Security significantly reduced our organization's threat detection time by providing immediate data visibility. This allows our team to analyze telemetry in real-time, query it, and identify anomalies or potential threats using the Singularity platform. We can create rules that automatically trigger alerts based on this real-time data, enabling immediate response. This instant threat detection and response capability is a major improvement over our previous reliance on multiple tools with delayed data flows. Singularity Cloud Security eliminates those delays, saving valuable time in incident response scenarios.

MTTR and MTTD are critical metrics for incident response processes. They measure the time it takes to fully address an incident, from initial detection to complete remediation. Minimizing these times is crucial to limit damage, as attackers can quickly exploit vulnerabilities and compromise additional systems. Rapid detection and response are essential to disrupt attackers and prevent further progression within the attack chain.

Singularity Cloud helps reduce false positives by allowing engineers direct access to data. This access enables querying, validation, and the creation of correlation searches for improved data analysis. Instead of a black box approach, Singularity provides full visibility into the code and syntax used, increasing confidence in the results. Ultimately, Singularity offers greater control over correlation searches, detection rules, and response scenarios due to the enhanced engagement and control it provides.

Singularity's ability to create custom correlation searches significantly reduces noise by avoiding reliance on generic, pre-built searches that often lead to false positives in diverse organizational environments. This targeted approach results in a high positive rate and efficacy, allowing for focused detection and response. By designing and running custom searches, Singularity minimizes the need to sift through irrelevant alerts, unlike systems using default rules that inundate analysts with noise. This translates to a very low noise-to-efficacy ratio, enabling efficient and accurate incident response.

Singularity Cloud offers valuable data and capabilities extending beyond security, benefiting various business units. For example, it helped troubleshoot a newly introduced service with limited telemetry. My team created custom correlation searches to track specific event types, confirming the software's functionality. This success garnered positive feedback throughout the company, reaching even the CIO and CSR, as it enabled the business to showcase the software's effectiveness in a way that was previously impossible.

SentinelOne improves our regulatory compliance by fulfilling the endpoint detection and response requirements of various frameworks. Many federal regulations require businesses to meet specific security standards, including those related to endpoint, identity, and cloud security. SentinelOne enables us to meet these requirements and assure potential partners that we have a robust security posture. This strengthens our partnerships and streamlines procurement processes, demonstrating how SentinelOne contributes to our compliance efforts.

SentinelOne's evidence-based reporting, particularly the CNS reports, fosters trust due to the transparency of the data source and the ability to understand the underlying mechanisms. Knowing the search criteria, data types, and information gathering process, especially when customized for detection engineering, creates confidence in the product and the relationship with SentinelOne. This transparency and customization allow users to delve into the mechanics of the reporting, understand its functionality, and ultimately trust the evidence provided.

AI is a crucial consideration for security strategies. While some view AI as a potential replacement for human analysts, others see it as a powerful tool to enhance their capabilities. The latter approach emphasizes AI's ability to accelerate incident response, improve threat detection, and provide valuable insights to analysts. This perspective suggests that AI should be used to augment human expertise, enabling analysts to make faster and more informed decisions, particularly in prioritizing threats and developing a sixth sense for identifying malicious activity. By integrating AI as an enabler, organizations can empower their security teams to become more efficient and effective, ultimately strengthening their overall security posture.

Singularity Cloud's ability to create custom correlation searches and reduce noise is highly valuable. It allows us to focus on specific detections with high efficacy, avoiding the noise typical with default rules, thus enhancing our incident response efficiency. Additionally, the engineer engagement enables us to have full visibility into the code and design effective correlation searches and detection rules.

While the future roadmap presented by SentinelOne appears promising, I hope the envisioned advancements are realistically achievable and that the gap between current offerings and long-term goals is not too significant. If SentinelOne can deliver on its vision, it will be truly impressive, and we will continue to support its efforts.

I have been using SentinelOne Singularity Cloud Security for four years.

Singularity Cloud has been stable over the course of our usage.

We have not faced issues with scalability and find the solution flexible enough to accommodate our dynamic environments.

SentinelOne has consistently provided excellent support. While there were some initial challenges when we first partnered with them four years ago, these were resolved over time with continued effort and communication. As with any relationship, investment leads to strong, positive outcomes, and we have maintained a great working relationship with SentinelOne ever since.

Positive

Prior to SentinelOne, we did not use an EDR vendor. Four years ago, ransomware became increasingly prevalent, transitioning from a niche topic in IT news to a major concern covered by prominent media outlets like CNN and the Wall Street Journal. This heightened awareness led to increased pressure from company leadership, demanding strategies to mitigate the risk of ransomware attacks. Consequently, we sought an EDR solution to bolster our security posture. SentinelOne was selected over two competitors due to its superior detection capabilities, customization options, and competitive pricing, all critical factors considering our budgetary constraints. In retrospect, I believe we made the correct decision.

The initial setup was straightforward and well-supported by SentinelOne.

We implemented the solution with the help of SentinelOne's support and engineering team.

By significantly reducing incident response time and false positives, the ROI has been evident in terms of optimizing our security operations and minimizing risks.

The licensing is easy to understand and implement, with some flexibility to accommodate dynamic environments. The combination of pricing and the ability to customize detection rules was a key factor in selecting SentinelOne.

We evaluated two other competitors before choosing SentinelOne based on detection capabilities, customization opportunities, and competitive pricing.

I would rate SentinelOne Singularity Cloud Security nine out of ten.

Currently, our cloud workload protection system is deployed for visibility only, without blocking capabilities or enforced policies. While we are not yet utilizing its full protection potential, this proactive approach allows our development, IT, and quality teams to gradually transition to containerized workloads over the next few years. SentinelOne's cloud workload protection tools provide the necessary functionality to secure our environment as teams adopt modern serverless methodologies. Although full implementation is an ongoing effort, having these tools in place ensures we can confidently secure our evolving infrastructure.

We've thoroughly enjoyed our four-year partnership with SentinelOne. Their account management and readily available engineering support have been exemplary, setting a high standard for customer service. While escalations can sometimes experience delays, their responsiveness has been the best we've encountered. The entire organization, from account managers and engineers to the managed detection response service, operates cohesively.

Cloud security is challenging, especially in multi-cloud environments, but as we use a single cloud provider, we leverage native security tools for detection and visibility. While we initially considered cloud-native protection unnecessary, we realized the limitations of relying solely on our provider's knowledge and visibility. Their data is inherently limited by their own experience. SentinelOne, with its global customer base across various cloud providers, offers broader threat intelligence. Learning from attacks across all cloud platforms, like Amazon, Azure, and Google, is crucial for a comprehensive security posture. By partnering with SentinelOne, we gain access to this wider threat landscape and benefit from a learned security environment.

Our organization relies on Azure services. A key advantage of SentinelOne is its ability to serve customers across various data centers, including those hosted by Azure and Amazon.

I recommend colleagues and professionals in information security give SentinelOne a try, as they will quickly see the benefits, especially if not working with modern cloud-based solutions. SentinelOne's capabilities in visibility and detection make it a valuable addition to any security strategy.

SentinelOne's openness to customer feedback is impressive. I've served on other customer advisory boards, even for competitors, but SentinelOne stands out. They actively involve customers in shaping their products, including the user interface, detection rules, and Singularity AI Cloud components. This customer-centric approach fosters a mutually beneficial relationship where customer feedback directly enhances the security solutions. I encourage all SentinelOne customers to explore opportunities like beta testing, advisory boards, or UX feedback programs. The company's success translates to improved security for organizations like mine, and the close collaboration builds a strong, valuable partnership. Seeing our feedback implemented in their products is truly remarkable.

Singularity Cloud Security helps my organization achieve its goals by providing protection and cloud security posture management for our AWS organization. It offers detailed visibility into any misconfigurations, threats, or other items that come through from the AWS services, and enables my engineers to easily find and get information on how to triage those items.

SentinelOne has enabled us to identify and address misconfigurations more efficiently by streamlining the research and remediation process.

Singularity Cloud Security has significantly improved our risk management by providing clear visualization of threats, validating their severity, and prioritizing them. This allows us to efficiently allocate resources, strengthen our security posture, and minimize risk.

Cloud security has significantly reduced irrelevant alerts by effectively analyzing potential threats and determining their validity, a capability unmatched by any other product we've used.

Singularity Cloud Security has significantly reduced false positives by filtering out thousands of alerts triggered by offensive security tests and application configuration validation, resulting in a more manageable number of alerts requiring attention.

Singularity Cloud Security has improved incident response by integrating directly with our notification and task management services. This allows us to receive immediate notifications of critical misconfigurations or vulnerabilities and automatically generate service tickets for remediation.

Singularity Cloud Security utilizes push-based notifications to instantly detect misconfigurations and provide immediate alerts through integrated services, significantly reducing the mean time to detection compared to traditional polling-based methods.

Singularity Cloud Security has reduced our mean time to respond because its direct integration with our notification services allows for immediate attention to issues.

SentinelOne has improved our organization's regulatory compliance by providing insights into misconfigurations and issues before they impact our production environment. This proactive approach ensures consistent compliance with both regulatory standards and client expectations.

Cloud Native Security's evidence-based reporting allows for issue prioritization by determining their impact, enabling efficient time allocation to resolve the most critical problems first.

Cloud Workload Security's real-time threat protection safeguards our workloads, providing visibility into anomalies and threats, and automatically remediating them at a speed unattainable through manual intervention. This automation frees my team from time-consuming investigations and remediation, allowing them to focus on other critical tasks while ensuring our services remain actively protected.

The introduction of Purple AI by SentinelOne enhances our cybersecurity strategy by empowering engineers to proactively address security issues. This distributed approach allows engineers to triage, identify, and resolve problems within their own teams, reducing reliance on the SecOps team for all security tasks. By shifting responsibility leftward to the engineers directly accountable for specific components, we foster a more efficient and responsive security posture.

Cloud Native Security's evidence-based reporting allows us to prioritize issues by understanding their impact, helping us resolve the most important problems first. AWS real-time threat protection protects our workloads and provides visibility into anomalies or threats, automatically remediating them at speeds beyond our manual capabilities.

SentinelOne Singularity Cloud Security could be improved with easier integrations to the Singularity Data Lake, particularly for various vendors. Additionally, the platform would benefit from an enhanced ability to provide a deeper, holistic view of the entire application deployment cycle, extending beyond effective run times.

I have been using SentinelOne Singularity Cloud Security for three months.

The most important aspect of the evaluation process was the support and responsiveness of the SentinelOne team, because great products alone cannot meet all needs. Ultimately, having a reliable team ready and willing to assist with any issues is essential.

Positive

We had an existing CNAP solution for about three years. While functional, it generated a lot of false positives and required extensive manual review. Additionally, it lacked useful integration with our other vendors and partners, and overall, felt somewhat outdated.

SentinelOne offers excellent pricing and licensing options. I was able to consolidate two security vendors into one by switching to SentinelOne, and I now pay less than I did for either of them.

As a cloud-native application operating exclusively within AWS, we procured SentinelOne through the AWS Marketplace. This partnership, facilitated through an EDP purchasing agreement, streamlines our procurement process, consolidates purchase records, and provides a discount on our AWS spending.

We did a proof of value with SentinelOne, reviewing and validating all the products we are currently using to determine their viability compared to our current vendors and ultimately make the decision to move forward with SentinelOne as our new product vendor.

Prior to evaluating SentinelOne as a CNAP vendor, we faced significant challenges with our existing vendors, primarily large organizations that were slow to update their products and meet our needs. However, our partnership with SentinelOne has been markedly different. Their leadership team demonstrates a strong commitment to customer success, fostering a culture of direct collaboration and continuous innovation, which aligns perfectly with our requirements for a partner.

I would rate SentinelOne Singularity Cloud Security nine out of ten.

The partnership between SentinelOne and AWS, particularly the Singularity Cloud integrations, provides streamlined access to actionable information from AWS.

I would tell anybody considering Singularity Cloud Security to absolutely proceed. SentinelOne has been phenomenal to work with, and I am looking forward to a continued partnership as they innovate and integrate AI, consistently rolling out new features.

We use PingSafe to secure our IT infrastructure and fix vulnerabilities. For example, it tells us if our resources have been inappropriately made public. We provision our infrastructure on AWS and GitHub. PingSafe finds vulnerabilities across our entire network and secrets in our GitHub repositories. It also helps us manage our cloud configurations and security groups. 

PingSafe is integrated with Metabolic, Opsgenie, and Slack for notifications. It's also integrated with our security team. They are using a script to correlate the data from SysTrack. 

When I joined the organization, we didn't have this kind of security tool in our infrastructure. PingSafe helps us secure any resources that were mistakenly made public and other vulnerabilities. Initially, we were primarily focused on projects, not on the security side, but we were dealing with some system vulnerabilities that hackers could exploit, like publicly accessible resources. The detection is highly granular. It gives you small vulnerabilities and very new types. 

The PingSafe team will help you reduce false positives quickly. When we first used PingSafe, false positives were high, so we contacted the team. They did some testing and modifications, and the problem was solved in one or two days. 

The mean detection time has drastically reduced. The detection time varies depending on what we're scanning. When we're scanning GitHub, it takes 7 to 10 minutes. On the cloud platforms, it depends on resource availability. It takes 10 minutes on the high end, but the mean is about 1 or 2. Overall, it has been reduced by about 10 percent. 

The remediation time is up to us. PingSafe just detects it, but it gives us an assessment and recommendations, making it easier to resolve. When we fix a vulnerability for a particular resource, the issue will not occur again. 

PingSafe can integrate all your cloud accounts and resources you create in the AWS account, We have set it up to scan the AWS transfer services, EC2, security groups, and GitHub. Using PingSafe's evidence-based reporting, we can rank the severity of issues as critical, high, medium, etc. Having the ability to prioritize security issues is crucial for any organization. 

One good thing about PingSafe is that it gives you a consolidated view of compliance and vulnerabilities. We can follow PingSafe's guidance and comply with those use cases. When you get an alert, they explain how to resolve those issues. 

The user interface is excellent because we see everything in a single panel and can manage all the operations from one portal. It's integrated with Slack, so we can coordinate on the open tickets. We can also mute notifications. The interface is straightforward and easy to use. Anyone can use it.

The offensive security engine is a helpful feature in cases like when a developer leaves some API element exposed, and we can view the potential exploit path. It's helpful when we are deploying any AWS account or service because all our systems depend on AWS.  When the service is initially deployed, we can see what happens and get all the details about anything that depends on it. 

When you find a vulnerability and resolve it, the same issue will not occur again. I want PingSafe to block the same vulnerability from appearing again. I want something like a playbook where the steps that we take to resolve an issue are repeated when that issue happens again. 

We have used PingSafe for more than 2 years.

I rate PingSafe 9 out of 10 for stability. We've never had any glitches. 

We've had no issues with scalability. We've onboarded about 6 or 7. There is no digital investment. You can integrate multiple accounts from various providers. 

The support team was valuable during the initial stages. PingSafe contacted us every three weeks. They checked our infrastructure and reviewed all the issues that we were incorporating into the system. They took direct responsibility for the system and could solve queries quickly.

Previously, we were using the native tools of each cloud provider. For example, we used GuardDuty on the AWS.

Deploying PingSafe is straightforward. You can onboard new AWS accounts in five to 10 minutes, and it will start scanning very quickly. They give you a script to run on AWS. You can enroll your accounts based on the template, and it starts collecting data. We onboarded six or seven accounts. It hardly took any time. It's a SaaS solution so we don't need to maintain it. We only need to do the onboarding. 

I rate PingSafe 7 out of 10. PingSafe isn't a unique solution. Other solutions have the same features, but I like PingSafe because it's simpler to use. It doesn't require any maintenance and the scalability is good. However, I think other solutions can give the same level of detail and insight.