SentinelOne Singularity Cloud Security Reviews

Working in a highly regulated space with stringent security requirements for money movement necessitates robust security measures. SentinelOne Cloud Security effectively secures our workloads, providing peace of mind and significantly reducing stress by addressing both security and regulatory needs.

The primary challenge we faced was achieving comprehensive visibility and observability across our extensive cloud environment, which comprises over 50 AWS accounts. It was difficult to determine the specific account and business entity associated with each workload. SentinelOne provided a centralized view of all workloads, enabling us to identify misconfigurations, pinpoint their location, and assess their potential impact. This clarity allowed us to prioritize responses based on the criticality of the affected account, such as production or highly regulated environments, thereby optimizing our response time.

To reduce noise and improve security monitoring, we implemented two key strategies. First, we leveraged the SentinelOne platform to identify internet-exposed assets and prioritize them for enhanced monitoring. SentinelOne's cloud-based capabilities significantly reduced false positives and helped establish a baseline for normal network activity. Second, we integrated the Infrastructure as Code module to automatically detect any deviations from the baseline or new misconfigurations. This proactive approach enabled us to efficiently address vulnerabilities and maintain a secure environment. After an initial cleanup, ongoing maintenance became much easier due to the continuous monitoring and automated alerts provided by SentinelOne and the IAC module.

Cloud security has helped reduce false positives by prioritizing vulnerabilities based on two factors: the criticality of the exposed asset and the environment it operates within. This prioritization metric helps eliminate false positives and allows teams to focus on fixing actual security issues.

Cloud security has improved incident response, primarily by enhancing observability. This allows for immediate identification of an IP address's host account and connected resources, which speeds up response time. Understanding the potential damage is also crucial, and this is achieved by knowing all resources accessible to the compromised asset. This comprehensive approach, combining identification and impact assessment, significantly strengthens security response capabilities.

SentinelOne Cloud Security reduces response times by providing context for assets, such as location, access details, and component interactions. This allows for quick identification of the responsible team and facilitates efficient damage assessment and remediation. Automated responses, like automatically fixing public S3 buckets, can be implemented, although caution is needed as some public access may be intentional.

SentinelOne Cloud Security has significantly improved team collaboration by simplifying the process of identifying the owner of a vulnerable or problematic component. Previously, this was a time-consuming task, but now the platform allows for quick identification of the responsible business entity and developer, enabling direct contact with the appropriate DevOps personnel. This streamlined process accelerates both detection and response times, ultimately enhancing overall security.

SentinelOne has released Purple AI, a tool with immense potential. It can analyze sentences and identify specific IP addresses or vulnerable machines, significantly aiding threat detection. This capability allows for rapid computation and complex query execution, delivering crucial answers in minutes and enhancing data analysis for security purposes.

Cloud Security has provided a single view to observe all workloads, prioritization for handling cloud assets, and reduced noise by distinguishing false positives effectively.

Once all components, including the cloud piece and container runtime piece, integrate further and incorporate an AI layer for better comprehension, it will greatly enhance the utility of Singularity Cloud Security.

I have been using SentinelOne's cloud piece for about three to four months.

SentinelOne has provided excellent support, enabling us to implement a robust solution customized to effectively meet our security and compliance needs.

Prior to implementing SentinelOne, we faced excessive false positives and an overwhelming number of findings, hindering prioritization. However, SentinelOne Cloud's offensive engine provides reassurance by automatically checking exposed assets for new threats, such as zero-day attacks, ensuring immediate awareness of any issues.

SentinelOne allows for customized prioritization, enabling changes based on specific accounts and the addition of further actions to misconfiguration adjustments. The graphing ability of SentinelOne CNAPP facilitates comprehensive chaining for in-depth analysis. The demos on misconfigurations and the prioritization matrix were particularly informative.

SentinelOne provided competitive pricing compared to other vendors, and we are satisfied with the deal.

When evaluating CNAPP vendors, several key considerations emerged. First, it was essential to assess the regulatory frameworks and ensure compliance. Second, the issue of false positives needed to be addressed to maintain efficiency. Finally, the prioritization capabilities, particularly the use of graphs to identify critical assets, were crucial factors in the selection process.

I would rate SentinelOne Cloud Security a nine out of ten. They are bringing all the pieces together, and once the Purple AI can interact with all the different components and correlate across them, I think that's where its real power will come from.

SentinelOne CNAPP was extremely helpful and chosen for three primary reasons: their responsive and efficient team facilitated a rapid deployment; the technology itself proved to be very robust and effective; and the platform's configurability allowed for seamless integration with our specific business needs.

For those evaluating SentinelOne CNAPP, it is advised to engage with their team for potential configuration changes. The tool offers comprehensive insights, providing productive usage from day one for penetration testers and security engineers.

Cloud Native Security is a cloud posture management solution. Initially, it focused on helping us understand and assess our compliance posture and cloud configuration for workloads, etc. 

There are three key use cases for Cloud Native Security:

1. Continuous Configuration Monitoring: This ensures 24/7 oversight of configurations and identifies any issues as they arise.
2. Asset Visibility: Gain immediate visibility of all cloud assets upon deployment and ensure they are properly tracked within the system.
3. Container Security: Assess vulnerabilities in Docker clusters and other containerized environments based on compliance requirements.

I have used Prisma Cloud extensively at several organizations. We have also used Wiz and Cloud Native Security. Cloud Native Security is particularly easy to use because it requires no configuration. All we need to do is create an API key that connects to our cloud account, and it will automatically start identifying all the workloads and accounts associated with our master account. We can see them all listed on our screen. Cloud Native Security does not require any configuration beyond selecting what we want to see on the screen. On the other hand, Prisma Cloud which I used until about a year and a half ago was superior in some ways. However, the amount of data it generated was very high, and it produced a lot of alerts and events. This required trained personnel who understood our workloads and specific cloud environments to manage it effectively. Cloud Native Security is a low-maintenance product. It is pre-configured and requires minimal manual setup, making it ideal for small to medium-sized teams that don't have dedicated resources to manage individual security products.

Like any other product, every incident has its own unique characteristics. Incidents are typically classified into categories of critical, high, medium, and low. This classification is based on the nature of the vulnerability, the ease of exploitation including whether authentication is required, and the potential impact. There are many similarities to other scoring systems when you consider the underlying factors and the overall environment. This system resonates with me because it considers multiple factors beyond just the Common Vulnerability Scoring System. For example, it takes into account features or passphrases that are displayed on the screen or found on devices, and how that data is stored.
The current system incorporates some internal analysis, but it's minimal. While the overall classification is likely appropriate, the remediation guidance could be enhanced. Ideally, for each vulnerability, there should be clear instructions on how to fix it. However, some vulnerabilities might be relevant to an organization's specific use case. For example, a public IP address being accepted by an SQL server on Azure might be flagged as a vulnerability, but it could be a legitimate configuration for an organization that has a specific database configuration requiring access from multiple locations.

Cloud Native Security operates entirely agentless. Using just the API key on the master tenant provides complete coverage, regardless of the cloud platform we're using. We avoid agent-based solutions for a simpler and more efficient approach.

While evidence of exploitability in Cloud Native Security's reporting might not be crucial, it would be beneficial. If a vulnerability is actively exploited, we need a comprehensive solution to analyze the information and enhance our monitoring. However, that's just our perspective. In terms of Cloud Native Security's scanning ability, I find it limited. It displays the essentials, and the module essentially fills the attack map. However, it doesn't explicitly consider the exploitability index. Despite this, the existing exploitability scoring seems adequate. If a vulnerability can be exploited on our network which is simply a local network with zero authentication required, the complexity is factored in, and the vulnerability is classified as high, medium, or critical.

We leverage the offensive security engine to identify potential zero-day vulnerabilities that might be relevant to our workloads. Additionally, it helps us assess exposed configurations or misconfigurations that could be exploited by these vulnerabilities. While this engine is a valuable secondary source of data for improvement, it doesn't replace the independent solution we used previously. We primarily rely on that solution for information specific to our environment.

There are two main approaches to IaC scanning. One involves internal and Docker security modules. These modules analyze internal container images to identify vulnerabilities. For additional scanning, we leverage other products. We use Tenable and integrate it with CI/CD tools. This allows us to scan code dynamically and analyze traffic on a one-time basis. Additionally, PingSage assists in gathering data for IaC scanning.

Cloud Native Security significantly reduces the number of false positives we encounter. Unlike some other tools, it generates very few alerts that are ultimately unimportant low noise. I've rarely seen false positives from Cloud Native Security. While some Cloud Native Security alerts might be legitimate concerns, we can also suppress them if they're not relevant to our standard operations. This allows us to configure our cloud environment to focus on the most critical alerts.

Cloud Native Security has had a positive impact on our risk posture. As our only CSPM solution, it helps us with asset discovery, critical asset monitoring, and configuration issue detection and remediation.

Cloud Native Security has significantly reduced our average time to detection. Detection is almost always achieved in a single instance. We've confirmed this through multiple tests. The longest detection time we've encountered is around three to four hours. This extended timeframe occurs because the scan isn't running continuously. Instead, it operates at specific intervals, periodically examining our infrastructure and performing analysis. Consequently, the detection speed depends on when the misconfiguration happened relative to the next scheduled scan.

Our remediation process is entirely internal. Servers deliver the fix based on the severity assigned by Cloud Native Security, which is directly related to the vulnerabilities found. We then use our internal analysis to consider the environmental configuration. If the vulnerability is a zero-day in the user acceptance environment, we delay remediation until a later time. However, if it's found in the production environment, we address it immediately. We also prioritize remediation based on importance, so we see alerts related to production or pre-production instances first. The remaining vulnerabilities are addressed afterward.

Cloud Native Security has had a positive impact on our engineering functions, such as DevOps and the cloud infrastructure network team. It fosters a collaborative environment where teams can address alerts independently. This empowers engineers to take ownership and resolve issues promptly. DevOps is our primary user group, and Cloud Native Security helps them manage infrastructure, network, and CI/CD deployments efficiently.

Collaboration helps save time, particularly in engineering tasks related to infrastructure and technical deployment, rather than in development itself.

Cloud Native Security offers attack path analysis. This feature analyzes a combination of vulnerabilities, misconfigurations, and load balancer configurations to predict potential attack scenarios. This comprehensive picture helps us make informed investment decisions and determine appropriate security controls.

We requested additional capabilities as we began deploying and scanning beyond the initial setup. Specifically, we wanted the ability to:

• Continuously monitor configurations 24/7.
• Gain immediate visibility of all assets as they are deployed and ensure they are included in the system.
• Identify underlying configuration issues.

Another valuable enhancement is compliance management for various standards like ISO, PCI, HIPAA, GDPR, etc. As organizations move to the cloud, a cloud posture management tool that offers complete cloud visibility becomes crucial for maintaining compliance.

One area for improvement could be the internal analysis process, specifically the guidance provided for remediation. While the classification system itself might be industry standard, the remediation steps could be more specific. A vulnerability might be critical according to the scoring system, but its urgency depends on the context. For instance, a critical vulnerability signed by Cloud Native Security or any other product might be less urgent if it affects a non-production development environment undergoing UAT compared to a production environment.

I have been using Cloud Native Security for almost eight years.

Cloud Native Security is a SaaS product and I've never experienced an outage. It's highly reliable and available whenever we need it. They have scheduled maintenance, but it's infrequent, typically only happening once or twice a year. Whenever there is maintenance, they provide advance notice, just like any other OEM would do.

Scaling Cloud Native Security is straightforward. Creating a dedicated API team is the primary step, and this typically takes around five to ten minutes. Within a few hours, we'll see feedback integrated into our Azure and AWS consoles, along with the configuration of new alerts. Scalability is no longer a concern because Cloud Native Security is a fully cloud-based resource. This means it's elastic, with access to a vast amount of computing power and storage on the backend.

Their technical support has become very reliable. They have grown from a small team to a large one, and initially, the founders themselves would handle deployments. Now, they have dedicated Customer Success Managers and configuration automation tools to ensure smooth deployments. Even if they don't have an immediate resolution to our problem, the team actively investigates and works on solutions.

Neutral

In the past, I've used Prisma Cloud and Wiz. While they were functional, Cloud Native Security offers several advantages. It's very cost-effective and requires minimal configuration, making it a great fit for my needs. As I move between companies, I'm always happy to recommend Cloud Native Security to new employers.

When evaluating security products, there are several key factors to consider. Return on investment, initial investment cost, and built-in functionality are all important. Cloud Native Security excels in these areas. Their licensing model is based on the number of integrated accounts, rather than complex metrics like nodes, clusters, or data volume. This simplicity makes Cloud Native Security easy to use and manage. Additionally, it offers faster performance compared to other solutions I've used.

The deployment process is quick, taking only about five minutes. We simply need to meet with Cloud Native Security for setup. They will then guide us to the main portal and create an API key for us. On our end, we'll enable the key in our administrative console, whether it's Azure or AWS. Once that's done, the initial discovery scan will take approximately 90 minutes to two hours to run. After that, we'll start to see updates appearing in the portal.

The implementation was completed in-house.

There are different pricing models for software licenses. Some models are based on the individual number of assets a user has. Others consider the number of nodes, clusters, and accounts, with different pricing for each factor. I've also seen models that use the number of deployed APIs, endpoints, agents, or users. From what I've seen, Cloud Native Security seems similar. Their pricing appears to be based simply on the number of accounts we have, which is common for cloud-based products. This simplicity makes their pricing straightforward and potentially cost-effective.

I would rate Cloud Native Security an eight out of 10.

While components like cloud configuration, central security, and management volume boast zero maintenance, we do encounter situations with Kubernetes. Occasionally, security issues or container-specific security problems might cause the cluster to disconnect. In these cases, we need to manually intervene by running a batch script to re-onboard the cluster. This is the only instance of internal maintenance required.

Before implementing Cloud Native Security, organizations should consider the specific security challenges they're facing. For organizations that are at least 80 percent cloud-based, a CSPM solution becomes essential. Even for hybrid organizations with on-premises and cloud components, cloud security offers advantages in terms of maintenance ease, reliability, and cost-effectiveness. 

Key Considerations When Choosing a Security Solution:

• Use Case: What specific security risks are you trying to mitigate?
• Objectives: What are your security goals?
• Incident Response Needs: Do you require detailed event logging and extensive incident response capabilities?

Matching Use Cases to Solutions:

• Customization: Cloud Native Security excels in customization and can be tailored to meet specific needs. It's ideal for teams lacking extensive cloud security expertise to establish and refine security policies. While some organizations, including both large and small ones, might not require this level of control, it remains a valuable use case for others.
• Targeted Security Features: Different use cases call for different security features. Container security or vulnerability management might be your primary concern. In some cases, Cloud Native Security's vulnerability management can be used as a complementary solution alongside a more comprehensive primary tool.

Ultimately, the decision comes down to your specific needs and deployment model. Don't get caught in the trap of seeking a one-size-fits-all solution. Consider your security team's capabilities and whether Cloud Native Security can truly replace them or if it would function best as a complementary tool.

We used it for security purposes. I was working as a firewall security engineer. I used SentinelOne Singularity Cloud Security for all the firewalls on the cloud and for getting alerts. We got all the alerts on our dashboard.

Evidence-based reporting was effective for helping prioritize and solve important cloud security issues proactively. It helped with vulnerability management. The dashboard provided an overview of open security issues.

SentinelOne Singularity Cloud Security improved our security posture. It helped our business by providing efficient protection. We had more visibility than the open-source solutions. If there was any vulnerability, I got an alert. If there was anything crucial, I also got an email.

SentinelOne Singularity Cloud Security significantly improved our ability to protect workloads such as containers, serverless, and Kubernetes. We got alerted about any issues, and we just followed the documentation.

SentinelOne Singularity Cloud Security reduced our false positive rate by 10%. It improved our mean time to detect and remediate by 20%. 

The automated malware scanning for S3 buckets improved our security response time by 20% to 30%.

The GUI is one of the best features. Audit reports and documentation for alerts are also valuable.

SentinelOne Singularity Cloud Security is easy to use.

The price is on the higher side. 

The dashboard can be more detailed.

I have been using SentinelOne Singularity Cloud Security for seven to eight months.

It is stable. I would rate it a nine out of ten for stability.

It is scalable. I would rate it a nine out of ten for scalability.

They are informative and helpful, but at times, they don't have detailed knowledge.

Neutral

It's easy to implement. Its maintenance is handled by another team.

We have four to five people for deployment. We can also get help from their customer support.

We have seen about 40% ROI.

The pricing tends to be high.

SentinelOne Singularity Cloud Security is better than other vendors because we get all the cloud-related, data center-related information. We have a consolidated place for all the information.

I would recommend this solution to other users. It's effective for security, and it's scalable.

I would rate SentinelOne Singularity Cloud Security a nine out of ten.

The primary use of SentinelOne Singularity Cloud Security involves cloud security, posture management, networking, and EKS. I am trying to solve Security Posture Management with this solution.

The best features are audit and compliance monitoring, along with vulnerability assessment, security, and the UI.

I have improved my ability to protect workloads such as containers, serverless, and Kubernetes through serverless functions.

SentinelOne Singularity Cloud Security has helped protect the serverless environment more effectively. There was an incident where my developer mistakenly made my repository public, and SentinelOne Singularity Cloud Security gave me an alert within 25-30 seconds, which helped me address the issue in a minimum time period.

My mean time to detect has been reduced by 30%.

SentinelOne Singularity Cloud Security's automated malware scanning for S3 buckets has reduced my security response time by 10 to 20%.

The solution has had a positive effect on the collaboration between cloud security application developers and AppSec teams. When EKS application teams use the infrastructure, the cloud team can identify vulnerable points and collaborate through Jira, which they follow up on.

The solution saves 40% of my time.

The improvements I have seen are mainly in the dashboard and everything related to EKS. From the Kubernetes perspective, the alerts are more detailed. I would add real-time protection as a feature.

I have been using this solution for almost one year.

I would rate the stability of the solution as nine out of ten.

I would rate the scalability as nine out of ten.

I would rate the technical support as nine out of ten.

Positive

I did not use any other product before using SentinelOne Singularity Cloud Security.

The deployment process was carried out by our existing team and customer support teams, with two members from the customer support team helping us deploy the solution on the cloud.

The solution is easy to use.

The training, onboarding, and learning curve are smooth. When I joined my organization, SentinelOne Singularity Cloud Security played a very important role because there was no security-related software deployed on our infrastructures.

My environment consists of 13 people working with SentinelOne Singularity Cloud Security.

The solution requires maintenance, but it does not fall under my team's responsibilities.

I do not currently use Artificial Intelligence with SentinelOne Singularity Cloud Security.

I would recommend SentinelOne Singularity Cloud Security to other users for security and management purposes, as it would help organizations in various ways.

Overall, I would rate the solution as nine out of ten.

We use it for a couple of use cases. The biggest one we use it for is to protect our AWS environment, and it does a couple of functions for us and our whole development. It scans all the code in our GitLab or our code repository and looks for any hard-coded passwords or keys or any insecurities. It checks if we have any old deprecated components within our software and points that out.

There are a couple of gates that we can set up. When we are pushing the code out of the repos into AWS, it finds any high-severity vulnerability. This is configurable, but we have critical, high, and medium severities. If it finds any, it blocks the push and puts some notes in for the developers to go in to remediate the issue before they can push the code into AWS. Let us assume the code is good in GitLab and gets over to AWS. It then does a couple of things on the AWS side. It looks at the overall infrastructure and how things are configured. There may be things in AWS that are misconfigured or old components that were manually built or deployed without going to GitLab. It points them out.

I have been very happy with the evidence-based reporting. It is not just theoretical. It scans the code or looks at the AWS environment and pulls back the details that tell us that this is a vulnerability. We have a good understanding of why it is a highly-rated vulnerability. It makes it much easier to prioritize and then go through and remediate the issue.

Agentless vulnerability scanning has been very good. It pulls back quite a bit of information that is actionable by our team.

Singularity Cloud Security includes proof of exploitability in its evidence-based reporting. That is critically important because especially in large environments, when you run scans or use the vulnerability scanning tool, you might be inundated with results. It takes a long time for analysts to go back through and validate whether it is a true positive or a false positive. Singularity Cloud Security can eliminate a lot of false positives or almost all of them, and we can focus on something that is a true issue, as opposed to wasting our time and resources.

The Offensive Security Engine is doing the attack path management. That is one of the most critical features to us because it tells us that we have this misconfiguration here, or we may have a secret or some vulnerability here. It tells us about the impact and how an attacker could exploit that to gain persistence in our environment and install data. We have a true impact of why this is important and why we need to fix it. With scanners like Rapid, Qualys, and others, we get the credentials and we get a scan, but then we spend an inordinate amount of time looking through reports and trying to figure out:

• Where do we spend our time?
• What do we prioritize?
• What is remediated?
• What is it that we can remediate?
• What is it that we can take action on and make an improvement in the environment?

It is very frustrating when you are spending hours only to run down something and realize it is a false positive, and there is nothing you can do to make a positive impact. Eliminating all those false positives really helps us.

We have had very good luck with the IaC. For us, it is hugely valuable because we can catch things very early in the process before they get promoted into production. In case something flips through or escapes, it still helps you to find it.

We started seeing its benefits literally the day after deployment. The only reason I say the day after is because we ended up working on it kind of late in the afternoon. We got things set up, and it took a few hours for results to start populating, but its benefits were very apparent when we started looking through the reports and dashboards.

Singularity Cloud Security significantly helped reduce the number of false positives we deal with. The biggest aspect for us is allowing the security and development teams and DevOps to be much more efficient. As opposed to spending 80 hours going through some big reports, we are able to cut that down to a fraction of the time and make a positive impact on the environment. We are not chasing a bunch of dead ends.

It has made a great impact on the risk posture. We are also able to look at the trends over time in terms of where we started and what we remediated. You can see the environment getting more secure as we keep knocking down vulnerabilities.

Our mean time to detect is much faster. It is a much lower number there. There has been a significant change in the number of vulnerabilities remediated or per hour of investment from the engineering and security teams. By implementing this tool, we are able to do a lot more with the same team size and remediate things much faster than before.

It has made it much easier for these disparate teams to have the conversation in terms of what needs to be prioritized and fixed, and then it has given a lot more information. It eliminates some of the he said, she said, or some of the frustration that can happen between different teams because one team is looking at a tool they are familiar with and the other team has a different tool. Historically, there were some disagreements in terms of what issues exist in the environment and where we should spend our time in terms of trying to make improvements and remediate.

Our favorite feature is attack path management. If you have an S3 bucket that is configured to be publicly accessible, it will look and inform you that it is publicly accessible. If someone gets in this bucket, they could ultimately traverse, get into this RDS, and do something negative or detrimental to the environment there. You not only get to know about vulnerabilities and misconfigurations but also some of the actual impacts of having these vulnerabilities. It is not just a raw data dump.

So far, it has been very easy to use. It gives very rich information or a lot of details about the findings. It has a lot of links to go back into GitLab or into AWS to validate the CDF configuration, and then it gives a lot of guidance for remediation.

Standing it up was pretty straightforward. We did get assistance from SentinelOne SE at the time of the trial to ensure that everything was configured and working correctly.

Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us.

Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.

I have been using this solution for six months.

We have not had any issues with stability. It has been solid on that front.

We are not huge, so we have not run into any sort of scalability problems at all. We are running only six or seven subscriptions in AWS. Our bill in AWS is less than 20K a month, so it is not huge.

I have talked to SentinelOne support multiple times, but not on the cloud-native security front. I cannot add anything on that side.

I have not used any other tool at this company. In the past, I have used some different tools.

It was very easy for us with one exception. We had a mono repo, and we worked it out with the SentinelOne security engineering team. We got some direction for them in terms of how to do some of the code-blocking configuration, but it was a pretty straightforward and quick setup.

It took us three weeks maybe, but it was not like we spent three weeks heavily. We did it slowly. We did most of the deployment in a couple of hours, and then we had some check-in meetings over the next few weeks to go through and just check on it, become familiarized with the system, and then ask questions. The initial deployment took less than a day and then learning, discovering, and getting familiar with it took us a few weeks.

It does not require any maintenance from our side. We may have some sort of maintenance to do. For example, we are planning to acquire assets from another institution. They are on-prem, so we will have to build up their AWS environment. Once we build out that environment, we may need to make some changes in SentinelOne so that it picks up those new environments. That is a guess. We have not done it yet.

We literally did it with SentinelOne SE. They provided all the setup work for us. We did not pull in a third party.

We found it to be fine for us. Its price was competitive. It was something we were happy with. We are not a Fortune 500 company, so I do not know how pricing scales at the top end, but for our cloud environment, it works very well.

We did look at Wiz, Orca Security, and Palo Alto's Prisma. We also looked at Lacework and ultimately settled on SentinelOne for a couple of reasons.

We did like the functionality provided by Palo Alto, but the way their licensing worked was frustrating, to say the least, and the cost was fairly high. We found it unaffordable. 

Lacework was still at an early stage. We did not feel that they provided all the functionality we needed, so we did not feel the confidence there. 

Wiz is a dominant player in the market. I have a lot of respect for them, but it did not provide all the reporting and data we needed. Especially for the price point, it was affordable for us. 

In the case of Orca Security, in the previous organization, we saw some pretty glaring false positives, which turned us off on that platform.

To new users, I would say that like any tool, you need to sit down and learn what the tool can do. Understand your objectives and then work through to make sure the tool meets your needs. It is straightforward and easy to use.

I would rate Singularity Cloud Security a ten out of ten at this point.

In our organization, we use SentinelOne Singularity Cloud Security for infrastructure security purposes. It secures our infrastructure, data, and everything. That's the primary use case for this.

It is very useful and easy to use for beginners as well as pros. From a beginner's perspective, its dashboard is very convenient, and the UI/UX is very easy to understand.

Regarding proof of exploitability in SentinelOne Singularity Cloud Security, when a developer makes a repository public, it identifies issues in minutes. If the repository has some hardcoded secrets, they would cause problems for us because anybody on the internet could access it. Those keys could allow the exploitation of the systems. SentinelOne Singularity Cloud Security catches the issues quickly. The same applies to a public bucket. One of our DevOps engineers made it public which had many files in it. SentinelOne Singularity Cloud Security was on top of it. The solution has an automated workflow that blocks such misconfigurations.

We primarily use infrastructure as code scanning for cloud security posture management, but the solution also provides capabilities for identifying hardcoded secrets in the source code. It covers Kubernetes security with around 20 to 35 members from security and DevOps being users of this solution.

It has reduced our mean time to detect by 30% to 40%. Our mean time to remediate is also reduced by 20% to 30%.

The compliance monitoring feature of SentinelOne Singularity Cloud Security gives us a report with a compliance score to ensure we meet certain regulatory standards. We can show our compliance as a percentage, and we do this to demonstrate that we are serious about security and for audit purposes. That is the best feature I appreciate.

SentinelOne Singularity Cloud Security is an excellent CSPM tool, but its CWPP features need improvement, and there is scope for more application security posture management features. There aren't many ASPM solutions on the market, and the existing ones are costly. I would like to see SentinelOne Singularity Cloud Security develop into a single pane of glass for ASPM and CSPM, and the feature I'd like to see is runtime protection.

I have been using it for around two years.

We have experienced some dashboard lagging issues.

I contacted their technical support when we faced an issue on the dashboard. Sometimes it gets laggy, and we conversed with the customer support team. They informed us it was some network issue and guided us very informatively and usefully. I would rate the support a nine out of ten.

Positive

I personally did not use any alternative to SentinelOne Singularity Cloud Security.

The initial installation is easy. It takes around two to three days to fully deploy it.

We had seven to eight people.

It requires maintenance after deployment, but that is not handled by me. There is a separate team, the InfoSec team, which manages the maintenance.

I would rate SentinelOne Singularity Cloud Security a nine out of ten.

My company does utility energy disaggregation. We use SentinelOne Singularity Cloud Security for vulnerability management and to limit our exposure to attacks. SentinelOne Singularity Cloud Security scans our AWS cloud environment and provides detailed analysis. It can identify enabled ports or anything that isn't completely integrated with our security. SentinelOne Singularity Cloud Security gives us the details, and we only need to follow their instructions to ensure the vulnerabilities are fixed.

My company handles a lot of customer data for US and European clients. GDPR and SOC 2 standards require that we are almost completely free of vulnerabilities. We also have a SentinelOne Singularity Cloud Security safety score and report that we can provide to our customers. SentinelOne Singularity Cloud Security is integrated with our AWS environment, and it monitors a few customer-critical applications. Two people at my company use SentinelOne Singularity Cloud Security. I am on the IT security side, and another person from the platform security side uses it. 

Since implementing SentinelOne Singularity Cloud Security, we've discovered many vulnerabilities and security issues in our environment. We've fixed those so our data will not be leaked or otherwise compromised. Our priority is protecting customer data, and if we have any issues with the data, it won't be good for business.

SentinelOne Singularity Cloud Security has reduced the false positive rate by around 40 or 50 percent. It has improved our risk posture. We're more secure now. The solution has reduced our mean detection time by about 70 to 80 percent. It does a lot of the work for us. The mean time to remediate has nearly been cut in half. 

The solution's compliance features help us remain SOC 2 compliant. Our third-party auditors ask us to provide vulnerability reports and fix all vulnerabilities we have detected. SentinelOne Singularity Cloud Security gives us all this information our SOC 2 auditors need.

I like the accuracy of SentinelOne Singularity Cloud Security's vulnerability reports and offensive security engine. If any ports are enabled that aren't secure enough, SentinelOne Singularity Cloud Security detects them and provides a report. It's easy to use, and that's one reason we have used it continuously for a long time.

The evidence-based reporting helps us prioritize cloud security issues. We divide things into critical and non-critical vulnerabilities. The critical vulnerabilities have the highest priority, and we take a little more time to fix them if they aren't critical. The proof of exploitability is crucial because our customers ask about the vulnerabilities we fixed and how we detected them. They want to know what security fixes were made. These things are in the proof of exploitability. This is also helpful for SOC 2 auditing.

We use SentinelOne Singularity Cloud Security. If SentinelOne Singularity Cloud Security integrated some of the endpoint security features of SentinelOne, it would be the perfect one-stop solution for everything. We wouldn't need to switch between the products. At my organization, I am responsible for endpoint security and vulnerability management. Integrating both functions into one application would be ideal because I could see all the alerts, heat maps, and reports in one console. 

I have used SentinelOne Singularity Cloud Security for the last two years.

SentinelOne Singularity Cloud Security is stable. 

I rate SentinelOne Singularity Cloud Security 10 out of 10 for scalability.

I rate SentinelOne Singularity Cloud Security support 10 out of 10. They're excellent. When we send an email, they respond quickly and proactively provide solutions. 

Positive

Deploying SentinelOne Singularity Cloud Security is straightforward. The SentinelOne Singularity Cloud Security team asked us to give them some details about our environment that were easy to provide, and we started from there. The deployment took a few days. It required two people from our side and two from SentinelOne Singularity Cloud Security. After deployment, SentinelOne Singularity Cloud Security doesn't need any maintenance. It's a cloud-based platform that updates automatically. 

We've seen a reduction in resources devoted to vulnerability monitoring. Before SentinelOne Singularity Cloud Security we spent a lot of time monitoring and fixing these issues. SentinelOne Singularity Cloud Security enabled us to divert more resources to the production environment. The detailed information SentinelOne Singularity Cloud Security about how to fix vulnerabilities reduces the time spent on remediation by about 70 to 80 percent. 

We use SentinelOne's endpoint protection and SentinelOne Singularity Cloud Security. If the 2 solutions are integrated into a package, the cost of SentinelOne Singularity Cloud Security should be reduced. As a standalone product, SentinelOne Singularity Cloud Security is appropriately priced according to industry standards.

I rate SentinelOne Singularity Cloud Security 9 out of 10. This is the best solution on the market. They are doing an excellent job. 

We primarily use SentinelOne Singularity Cloud Security for cloud security posture management, but the solution also provides other capabilities, like infrastructure-as-code scanning. It identifies hard-coded secrets in the source code and covers Kubernetes security. About 25 members of the security and DevOps teams use the solution. 

We have integrated all of SentinelOne Singularity Cloud Security's CWPP, CSPM, application security, and container scanning features into Jira. It's more of a vulnerability management tool for us. All the issues SentinelOne Singularity Cloud Security identifies flow into Jira, and we have several dashboards that provide an overview of open security issues.

We were using open-source tools. Collecting and collating the results from each tool into one dashboard was so difficult, and SentinelOne Singularity Cloud Security solved this problem. SentinelOne Singularity Cloud Security gives us greater insight into our cloud security posture. For example, it tells us if buckets are public or ports are open. It can also tell you if a repository is going public or if any hard-coded secrets are pushed into the source code. SentinelOne Singularity Cloud Security will notify you when permissive users are created in the GCP environment. It offers a better UI and improved visibility compared to our open-source tools. 

SentinelOne Singularity Cloud Security helped us identify when a developer made our repository public. It identified the issue in minutes. The repository had a few hard-coded secrets that would've caused problems for us because anybody on the internet could access those keys and exploit the systems. SentinelOne Singularity Cloud Security caught the issue quickly. The same goes for public buckets. One of our DevOps engineers made a bucket public, and it had a lot of files in it. SentinelOne Singularity Cloud Security was on top of it. The solution has an automated workflow that automatically blocks this kind of misconfiguration.

It has helped us reduce the number of false positives. Sometimes, you get too many false positives because the tool doesn't have enough context. For example, let's say we have a bucket that we want to be public, and CSPM tools will identify the public bucket as a vulnerability. We can make exceptions or mute the alert. SentinelOne Singularity Cloud Security provides many ways in the UI to mark false positives or mute those tickets so that I don't get them repeatedly. I can also create tags for every issue and put all of the false positives under one tag.

The detection is almost instant. We get Slack or email notifications immediately when issues are detected, reducing our mean time to detect by more than 30 percent. Our remediation time has also improved by about 30 percent or more. We are in the fintech space, so we remedy vulnerabilities right away. The faster our detection, the faster our response. Both have significantly improved. 

SentinelOne Singularity Cloud Security facilitates collaboration between the application security, cloud, and DevOps teams. These three teams use it, and the security team manages it. When SentinelOne Singularity Cloud Security flags vulnerabilities, they are forwarded to DevOps for remediation. Previously, we needed to identify and report the issues, but there would be lapses in communication. Now it's a central dashboard. Anybody can look at the dashboard to see the open issues, what needs to be explored, and how the problems can be remediated. It's self-explanatory. Teams can understand the issues and descriptions, and they directly act on the recommendations.

As a frequently audited company, we value SentinelOne Singularity Cloud Security's compliance monitoring features. They give us a report with a compliance score for how well we meet certain regulatory standards, like HIPAA. We can show our compliance as a percentage. It's also a way to show that we are serious about security.

There is a feature that provides visibility into how an attack could happen. For example, they'll highlight the system vulnerabilities and outline how an attack could be propagated. That visualization helps me prioritize remediation. If I don't know where to start, I can check to see which ones are critical. It provides an exploitability score that enables me to prioritize the issues. 

SentinelOne Singularity Cloud Security is very easy to use, and they have a responsive support team that is available when we face any problems. We can reach out to them for tweaks, and they're always there to tell us how something works. However, most features are self-explanatory, so we don't typically need support to use the product.  

SentinelOne Singularity Cloud Security evidence-based reporting helps us prioritize and solve critical security issues. We have onboarded crucial projects into SentinelOne Singularity Cloud Security, and issues related to those projects are our top priority. The new visualization features demonstrate how an attacker can enter the system, highlighting potential pathways that can be exploited. It will outline all the steps the attacker could take. With that visibility, we can ensure the perimeter is strong, and an attacker cannot enter. It reduces the risk. SentinelOne Singularity Cloud Security helps prioritize issues based on the likelihood of exploitation. I have all the evidence of how an attacker can exploit the weaknesses in my parameter.

The proof of exploitability is helpful because we don't need to refer the issues to the security team. The DevOps guys can also use it to understand the various attack vectors and scenarios. The offensive security engine identifies any misconfigured security settings or other issues. That helps us because we are frequently audited and must report these issues to the auditors. audit heavy company. SentinelOne Singularity Cloud Security gives me these issues in advance so I can close the vulnerabilities before we are audited. It has helped us prepare. 

Infrastructure-as-code scanning is another useful feature. In pre-production, it identifies embedded secrets and misconfigurations. We can also identify issues with Kubernetes or some privileged containers. These features all help us pass the audit. Secure IAC code isn't easily exploitable by attackers. We can be more proactive about identifying and resolving vulnerabilities. 

SentinelOne Singularity Cloud Security is an excellent CSPM tool, but the CWPP features need to improve, and there is a scope for more application security posture management features. There aren't many ASPM solutions on the market, and existing ones are costly. I would like to see SentinelOne Singularity Cloud Security develop into a single pane of glass for ASPM, CSPM, and CWPP. Another feature I'd like to see is runtime protection.

We have used SentinelOne Singularity Cloud Security for more than a year.

I rate SentinelOne Singularity Cloud Security 9 out of 10 for stability. It's a highly stable product, and we haven't had any issues with reliability. 

I rate SentinelOne Singularity Cloud Security 9 out of 10 for scalability. Our company is growing, and we don't see any performance slowdown from onboarding multiple projects. There are also no changes to the functionality or visibility that it provides. We're confident that it can scale to the level that we want.

I rate SentinelOne Singularity Cloud Security support 7 out of 10. Before SentinelOne acquired SentinelOne Singularity Cloud Security, the support was excellent. I would rate it 9 out of 10. Now, I would rate it 7 because there have been some changes due to the transfer of ownership. It isn't great, but it's okay. They are reachable, but it was much easier when SentinelOne Singularity Cloud Security was an independent company. Still, we can contact them when we need some customization, and they'll help us. 

Neutral

We previously used a mixture of manual work and open-source tools. However, these open-source solutions couldn't cover CSPM and container security. 

Deploying SentinelOne Singularity Cloud Security was straightforward. I wasn't a part of it, but I know it was easy to deploy. 

The return on investment is difficult to quantify. We will be fined if we fall out of compliance, but I would only know how much that would cost us once that has happened. SentinelOne Singularity Cloud Security helps us avoid those fines by proactively mitigating vulnerabilities. 

SentinelOne Singularity Cloud Security is not very expensive compared to Prisma Cloud, but it's also not that cheap. However, because of its features, it makes sense to us as a company. It's fairly priced.

I rate SentinelOne Singularity Cloud Security 8 out of 10. I would recommend SentinelOne Singularity Cloud Security to any company looking for a cloud security solution. It's more than a CSPM. It provides visibility into application security vulnerabilities and container security.