SentinelOne Singularity Cloud Security Reviews

We use PingSafe to identify cloud security misconfigurations, ensuring compliance with Cloud Security Posture Management and Cloud Workload Protection Platform best practices, as well as relevant regulations in India. We also integrate PingSafe with our GitHub repositories that store our hard-coded secrets.

We renewed our contract with PingSafe for another year because it's extremely easy to use. The user-friendly UI, along with its integration with Jira and the ability to consume alerts through Slack, make it a valuable tool for our team.

Evidence-based reporting facilitates addressing complaints related to mandatory controls. PingSafe offers an option for high-alert items to be kept publicly available if we're confident we have appropriate controls implemented.

PingSafe's agentless vulnerability scanning has identified a significant number of vulnerabilities.

PingSafe's evidence-based reporting, particularly its proof of exploitability, is highly valuable. For example, their recommendations significantly reduce investigation time and allow us to easily research vulnerabilities using tags. This targeted approach helps stakeholders prioritize and address critical vulnerabilities efficiently through the dashboard.

We utilize the offensive security engine, but fortunately, it doesn't detect many vulnerabilities. It primarily identifies publicly known patch versions and the exposure of the SMTP service. On the other hand, I would rate the ASM functionality an eight out of ten.

IaC scanning has been effective in identifying code-level issues whenever infrastructure as code is scanned.

PingSafe automatically populates and maps our network, identifying any misconfigurations within the first two hours of deployment.

It has reduced false positives by around 90 percent.

Our mean time to detection has been improved, especially for critical areas. Our mean time to remediation has been improved as well.

PingSafe has improved our risk posture by providing visibility into our cloud infrastructure.

PingSafe improved the collaboration between the cloud security application developers and the app security team.

It helped our developers save time.

PingSafe offers an intuitive user interface that lets us navigate quickly and easily. Additionally, its identification feature allows us to customize rules and configurations in the cloud.

IaS scanning identifies misconfigured code within GitHub repositories. This represents a "shift left" approach to security.

Customized queries should be made easier to improve PingSafe. 

I have been using PingSafe for one and a half years.

While PingSafe is stable for around 90 percent of the time, there are occasional glitches in the UI. However, as a security tool, our primary focus is on the results it delivers, rather than the aesthetics of the dashboards themselves.

Scaling PingSafe is easy. We recently integrated with AWS and it went well.

We regularly contact the technical support team about some UI glitches. We provide them with feedback on these glitches regularly. Additionally, we would like to see some new features added to Jira when creating tickets. We've also been in touch with the technical support team about this.

The technical support team's responses are good and have been improving.

We've noticed a decline in their response times lately. This could be due to the recent acquisition of PingSafe by SentinelOne. Previously, their response times were much faster.

Positive

The initial deployment was straightforward.

Deploying PingSafe is a quick process that involves creating a dedicated service account, granting the necessary roles to the service account, and attaching the service account to PingSafe.

The total deployment time took around 15 minutes.

The implementation was completed in-house.

The features included in PingSafe justify its price point. The agent-level monitoring for Kubernetes clusters is particularly valuable and could support a modest price increase.

Our evaluation of Prisma Cloud and Trend Micro on an open-source platform for identifying misconfigurations yielded a high number of false positives, limiting its effectiveness. We chose PingSafe based on the price and the ease of use.

The setup and cleanup need to be done first to get things organized. This makes PingSafe a much easier option than the other products we evaluated, which were all very complex. So, we won't be jumping straight to CWP. Instead, we'll focus on securing our perimeter. We believe PingSafe can solve this issue, and the support we received during the proof of concept was also very positive. Considering all these factors, we decided to go with PingSafe. 

I would rate PingSafe nine out of ten.

PingSafe does not require maintenance.

It is easy to use, but it works best when you have established organizational practices in place. If you feel this is critical, don't hesitate to address it directly. Integrating PingSafe is straightforward, so there's no need to worry about that. It's a ready-made solution that can be integrated with just a click. You can then address the specific issues you find most important. Ideally, integrate all your relevant sources during onboarding, such as GitHub or any cloud accounts you use. This ensures you capture everything from the start and get the best possible results.

PingSafe offers a variety of functionalities, including cloud configuration assessment and detailed misconfiguration reports. It automates vulnerability scanning, saving us time and effort. Additionally, PingSafe allows us to filter compliance-related findings and provides consolidated reports for a comprehensive view.

Furthermore, PingSafe can conduct customized posture management research for Cloud Posture Management initiatives. This eliminates the need for complex, independent research. Finally, PingSafe helps us understand our readiness for specific security certifications.

One of the key features of PingSafe that we utilize is its cloud-based configuration. This helps with our cloud security monitoring processes. This allows for infrastructure automation and broader implementation access. To mitigate this risk, we have multiple personnel actively monitoring activity to safeguard against vulnerabilities, employing vulnerability scanning techniques.

PingSafe simplifies managing compliance. It gives us a clear compliance report, allowing us to easily identify areas for improvement and achieve full compliance. This makes it a valuable resource.

PingSafe is easy to use. I would rate the ease of use 9 out of 10 compared to our previous tool which had good features but was not as intuitive as PingSafe and had bugs.

PingSafe's dashboard provides a single place for managing everything, including reporting and prioritization. Previously, we relied on Jira, which required submitting and closing tickets. This meant we were juggling both Jira and separate ticket management. Now, PingSafe consolidates everything into a single dashboard, allowing us to see all issue priorities and address them directly. As a result, our resolution times have significantly improved, going from 9 days down to 3.

PingSafe's proof of exploitability in evidence-based reporting is important. We can see all the evidence and assess it to see why the vulnerability has come up. We are also able to edit the policies and create custom policies.

Identifying preproduction issues in the IAC template or container configuration files is helpful. PingSafe notifies us if the public rate defined is different which should not happen. Sometimes we encounter false positives but not many.

PingSafe improved our security through the cloud configuration feature. We receive notifications if someone makes changes and our mitigation time has gone from up to 30 days down to nine.

PingSafe generates some alerts that we categorize as false positives. These can occur, for instance, when someone uses a publicly available open-source tool and PingSafe flags it. While PingSafe's detection is valid in itself, we consider it a false positive because our development doesn't rely on that particular tool.

Our recent security assessment revealed a positive change in our security posture. We've moved from a medium to a high rating, thanks in part to PingSafe.

PingSafe has reduced our mean time to detect by 40 percent.

It has reduced our mean time to remediate down to 9 days.

Using PingSafe, our cloud security, application development, and AppSec teams have achieved a high level of collaboration. All work is automatically updated within PingSafe, allowing each team to generate reports, review identified issues, and work towards resolving them.

Integrating AI with PingSafe has strengthened our security posture.

It offers three key features: vulnerability management notifications, cloud configuration assistance, and security scanning.

We can customize security policies but lack auditing capabilities. Ideally, we should be able to review logs and track user access.

I have been using PingSafe for 1.5 years.

I would rate the stability of PingSafe 10 out of 10.

I would rate the scalability of PingSafe 10 out of 10. We are using multiple clouds and have integrated them with PingSafe allowing us to easily scale.

PingSafe provides excellent technical support. In addition to monthly guidance, we also receive a comprehensive quarterly business review. We haven't needed to contact their support team outside of these scheduled interactions. We also have a customer support engineer readily available to assist us whenever we encounter any issues.

Positive

We switched to PingSafe because of the price and user-friendly functionality.

The initial deployment was easy because it was cloud-based and handled by PingSafe. The entire deployment process only took 1 day. We had a meeting beforehand, and the next day, they provided us with the steps to follow. We successfully integrated the system by following these instructions. 2 people from our organization were involved in the deployment.

PingSafe has delivered a return on investment by enabling collaborating teams to save up to 50 percent of their time.

PingSafe is fairly priced.

I would rate PingSafe 9 out of 10.

10 people in our organization use PingSafe.

I recommend PingSafe to others.

We were looking for an XDR solution that we could deploy to all of our computers since all of our users are mostly remote, and we previously had firewalls at branch locations. When workers went somewhere else, it wouldn't provide any protection. We wanted to make sure that they had protection no matter where they went. 

We were trying to cover as many security bases as possible, mostly around malware. A lot of people focus on antivirus, and most of the problems that businesses face are ransomware or malware. I wanted to make sure we had something that was competitive against that.

It's improved the organization in the sense that it's taken a lot off of our plate as far as having to track down trace vulnerabilities and remediate different threats against our end users, especially when they're in different locations all the time. The product gives us peace of mind no matter where our users are. They're always going to be protected if they have the endpoint installed on their computers.

The automation is great. Not having to focus on it is helpful. The portal itself is very easy to use. The amount of granularity that can be configured is really wonderful. There are a lot of things that it can do, however, since we're a small IT team, having it able to automate and remediate different flaws and things like that is very, very helpful.

The real-time detection and response capabilities are excellent. That's pretty much what sold us on it. We had that done in the demo, and we were shown how ransomware can be immediately stopped in real-time. That was huge.

Its automated remediation is useful for us. As a small IT team, that's something that we needed. We don't have time to be able to go in and track down and investigate every time there's a vulnerability. Being able to have it auto-remediate for us and being able to see what's going on is extremely helpful.

The historical data record provided by the product is good. We've seen a few vulnerabilities come through, and it has shown us everything we need to see. I have a somewhat limited experience with the small amount of vulnerabilities we've seen. That said, it seemed to show us everything that we needed to see. It was very good.

It has helped to reduce our organization's mean time to detect by four or five hours. It could be even more, depending on what the vulnerability is. It's at least several hours at this point. The same is true with our organization's mean time to remediate. 

It's helped free up staff time so that they can work on other projects. We're a very small IT team and most of us do everything and it's helped reduce our workload. On average it has likely saved two to three hours a day.

It's also positively affected productivity. Most security solutions can sometimes hold up files from being downloaded and things like that. So far, it's been great. It's been completely transparent to our end users as far as I know. And that those things that it has remediated have been done on the back end and it alerted us admins so as to not affect end users.

The interoperability with third-party solutions has been fine so far. 

Some of the navigation and some aspects of the portal may be a little bit confusing. That could honestly be just due to the fact that we're not used to it yet. 

We just have the cloud-based version. The complete version has some extra deep-dive stuff. There are some features that we don't have or that I would like to have in there, however, we just aren't able to afford that at this point.

I've used the solution for probably two months at this point. We are fairly new to it.

The solution has been nothing but stable. 

The product is deployed across our company and we have 450 users coast to coast. Most of our remote workers are based out of Houston.

It is scalable. As soon as we need to add somebody, we just add them to NinjaOne, and then we have a script set up where it automatically deploys and adds them to whichever group we need. 

We're in a high-turnover industry. It's easy to add or remove people, especially with NinjaOne.

I have yet to use technical support. 

We didn't use an XDR solution. We used SonicWall firewalls and we had a Check Point antivirus for a short time, however, Check Point was very intrusive, and it was difficult to work with.

With this product, everything is centralized. We don't have to go to more than one place to detect or figure out what's going on.

I was involved in the deployment. It was straightforward. We actually used another platform called NinjaOne. The process was very smooth.

We beta-tested the solution with about ten to 15 of our users and made sure it wasn't going to interfere with anything before we pushed it out completely. After testing for a week we pushed it out to the rest of the company.

We had three staff members who managed the deployment. 

It does not require any maintenance. 

We did not use any third parties. We simply used NinjaOne to help with the deployment. 

We have witnessed an ROI. So far, we've saved tons of time having to remediate and detect - things of that nature.

The pricing was competitive. The price was very, very important to us, and it came down to the price when we were doing our evaluations WatchGuard and SentinelOne. They were similarly priced. SentinelOne seems like it's more mature. It was close enough to where it was worth it to go with the SentinelOne.

We also evaluated WatchGuard and a few other options. With this product and WatchGuard, there were not a lot of differences. That said, we did not use both in our production environment. This product seemed to be easier to navigate and was a little more user-friendly as far as finding remediation options, and vulnerabilities. We also had an easy experience with the licensing. WatchGuard's licensing seemed unnecessarily complicated. 

We haven't had to look into the forensic side yet. I did again see that in the demo, yet we haven't in the real world had to do that. Hopefully, we won't have to for a very long time. Therefore, I don't have much experience with that yet.

I'd ask someone who doesn't think that they need a workload protection platform if they have a continuous security monitoring solution in place if whatever they have detects and remediates in real-time. I'd be surprised if there was something else out there that can do what this solution does for cheaper. 

It supports our ability to innovate. We don't have to worry about security aspects. We really get a chance to focus on other things. That's nice for a small department like ours. 

I'd rate the solution nine out of ten. It's been a great fit for our company. There are other solutions out there. This solution, however, is hard to beat.

We are a relatively smaller organization of roughly 250 people. We utilize SentinelOne for patch management, vulnerability assessments, and remediation. So whenever one of our users has an issue on their machine, we get an immediate notification to let us know what that intrusion, infection, malware, whatever it might be, where it is, what file may have caused it, and then we can immediately take action. 

There are also default settings for ensuring the software that SentinelOne installs on all our client machines. The latest agent is up to date everywhere. They have a couple more insights, however, that's our main use case.

The big thing for us was just having optics on vulnerabilities, being able to ensure that we have a secure way to get month-over-month assessments of our security stats, and ensuring that there's something in place that can make sure that we're secure. We also wanted something that could keep up with current demands without having any sort of interference or impact on the user's end.

The biggest thing for us is the level of minimal intrusion on our user's experience. The previous EDR we were using, Sophos, was not ideal. Whenever an update came out, there would be different things that were affected. At one point, an update from Sophos had completely disabled public Wi-Fi for our users. And when dealing through their message boards, dealing with their support, they, unfortunately, did not have a resolution other than disabling security elements of their software. With SentinelOne, we have not seen a single instance of that. You can get down to the user level of tweaking different elements of their security system. You can even quickly add exclusions based on rules. Being able to tailor to our users and making sure that our users don't feel like something is running on their machine is the biggest advantage.

The remote shell and the remediation are the two that really stand out as valuable features. The remote shell function that it offers is something that I use almost daily. It allows us to quietly and discreetly sign in on a user's computer, but only as admin. It prevents any sort of security issues or security risks to a user, which would be probably our favorite. 

The remediation is really nice as it gives a very clear understanding of where a file came from. For example, in our use of it, there are a couple of files that we had that we didn't even know that we had. There was software that no one was aware was installed on these machines more than three years ago; we actually learned about that software once SentinelOne was installed. The level of optics it gives you is just incredible.

With that software, as soon as we installed SentinelOne, there were a couple of different applications and software that were immediately flagged as tracking user information and things like that. We found out that there was actually some sort of remote surveillance software that the past iteration of the IT team had installed and tested that just never got removed. We ended up tracking down the vendor for that and getting their assurance that that was no longer being used.

The real-time detection and response capabilities overall are great. I've never used anything that was as fast as this. The software that we used to use, Sophos, was comparable, however, it had a noticeable impact on the user. The bigger thing for me is that there isn't an impact on my end users. When we are actually running a scan, let's say, if we find that there's an impact, it's very quick. We've tested it by throwing malicious software onto our test machines just to see how quickly SentinelOne actually picks it up. And it's literally within seconds. When you actually do a scan, you can scan your higher fleet, and it's done relatively quickly as long as those machines are powered on. And it will act the second that those machines power on and connect to the Internet again to get that signal.  I've never used anything as quick, personally. 

The forensic visibility into the Linux terminal is not something we use as we actually don't use any Linux machines ourselves, so I couldn't speak to that. As far as visibility goes, we're primarily a Mac organization, and we have ten percent of our users on PC. As far as Mac goes, the visibility is fantastic. Same with the PC side of things. 

The historical data record, from what they had shown us in the demo, looks pretty incredible. We thankfully have not suffered an attack that required historical data. 

In terms of our mean time to detect, I don't think we ever had it. Since we're a small organization, we haven't had any real issues with genuine malware attacks. I can't speak to a scenario where while we were on Sophos, we experienced one. When we've had security audits that have tried to pen test for us, we have not had any issues with SentinelOne whatsoever. Every time that we've attempted to see how accurate and how quickly it can detect an infection or intrusion, it's being caught immediately.

The same is true for mean time to remediate. Any remediation that we do, for example, as soon as we block off a file, the automatic remediations are nice. In the event that we want to have something behave differently on another machine, we can quickly change that once we see it in any incident log. Setting those permanent rules is very helpful since, if you know something's malicious, chances are you don't want it showing up anywhere else.

The product has helped free up your SOC staff to work on other projects or tasks. The work that we used to have to do with our previous provider in going through our vulnerability assessments on a monthly basis and in trying to track down the install path of different applications was a headache and a half. With SentinelOne, the application management, and vulnerability assessments, are easy. You can see directly to the file path. It cuts a significant enough time out of our day.

It's had a positive impact on our overall productivity. Being able to dig through and find applications faster has drastically cut down our vulnerability position. When we first started using Singularity, we were somewhere in the thousands. Within the first month of having used it for our vulnerability assessments, we were down to just 1600, and now we're sitting well under the 500 mark when it comes to critical vulnerabilities. It's been very drastic and exponential at that. Now, any time a vulnerability does pop up, it's very quick and easy for us to track down where it is and take immediate action.

The interoperability with third-party solutions is fine. We don't currently use Kubernetes in our organization, however, we do utilize a VPN and it has no issues with adapting to that VPN. We also utilize different storage, including cloud storage accounts. There are no issues there either.

They've been fantastic at supporting innovation. We've had their support; they're always very responsive and very quick to give us the right advice on how we can execute what we're looking to do. Making sure that you have access to the necessary system without interrupting your user and without your user feeling at risk of their privacy being invaded is huge.

Currently, we would have to export our vulnerability report to an .xlsx file, and review it in an Excel spreadsheet, and then we sort of compile a list from there. It would be cool if there was a way to actually toggle multiple applications for review and then see those file paths on multiple users rather than only one user at a time or only one application at a time.

I've been using the solution for nine to ten months. 

I've had no stability issues at all. We have not experienced any performance decreases.

As far as deploying to more devices, there's not a problem with scaling at all. We've automated in our MDM so any device that we start in our MDM automatically installs SentinelOne, and those devices immediately show up. If we spin up a new device on Mac OS, it shows within the set the SentinelOne console within seconds.

Their support has been fantastic. They are quick to respond. 

I've never had an issue with their support. What little time I did have one scenario where it was not something that they could help with, they'd been able to provide us with all the articles and information necessary to act on it on our own, which is really all you can ask for.

Positive

We were previously using Sophos. The biggest issue that we had with them was the fact that we were a fully remote company, so a lot of our users would be traveling for client meetings or even traveling abroad for client meetings. Reliance on a secure public WiFi solution is a very big deal for us. When it comes to users on a VPN, Sophos with MacOS's more recent updates would completely cut off Wi-Fi - which was very difficult for us to work around as a remote company. Thankfully, with multiple different tests in multiple different scenarios, we've never had that issue with SentinelOne. 

The other big thing is the capability to remove a device from the network. In the event that a significant intrusion or malware, malware, ransomware, whatever it might be, is detected the ability to just isolate that one user from internet access is huge. You would hope that that's how an EDR would behave instead of completely removing all internet no matter what.

The initial setup was pretty straightforward. Our organization uses Kagi MDM. And in using that MDM solution, it was very easy for us to just quickly put together an automated installer and deploy it. 

We have multiple different groups of users, including PC and Mac. With the smaller percentage of PC users, we were able to just change the group ID in the installer, and that ensured that they were placed into the proper place for their groups. Being able to tweak and ensure that from the back end within the SentinelOne console, we could ensure that everything is set up the way we want it to be once that user gets that package installed, makes life a lot easier. You don't need to worry about signing on with a user and changing any of those settings. The installer package that they get is going to be everything that they need. Once that installs, that's it. It was very seamless. If anything, removing Sophos was the hardest part of the installation process.

We were able to deploy using a team of three people. Hypothetically, one person could do it alone as long as they are well versed in MDM.

As far as the application itself is concerned, there was no need for maintenance. You can control everything from the console. When there is a new agent to install you receive a notification when you log in to the management console. You can control when that update gets deployed to your organization. You can break it up into different groups within your organization. For ourselves, we always test on a smaller number of users. And then once we see stability, we deploy to the rest. That's what little maintenance is involved. It's a drastic improvement versus other solutions that I've used.

We were able to do the initial setup completely in-house. We were able to do that on our own. We were able to very, very quickly deploy SentinelOne to pretty much our entire fleet.

Our ability to get in and review our vulnerability stance, whether daily, monthly, weekly, or whatever it might be, has drastically improved over our prior provider. Our users have less of a performance drain when attempting to use it. That's always huge when it comes to EDR. It pretty much checks every single box for us. It's the one software in our stack that we are happiest with.

For us, the pricing is very fair. They were willing to meet our price point. With very little negotiation involved, we just let them know what we could pay and they were willing to meet us at slightly above what we paid with Sophos, which was still very fair for what we were looking at. 

We reviewed quite a few solutions. The big selling point for this product was that they were willing to work with us on a price point as a smaller organization. That was a huge reason for us actually going with them. The fact that they were willing to work with us as far as the pricing goes was the main reason that we ended up going with them. It was nice to see that they work with the little teams.

We're a customer and end-user.

We thought something as good as SentinelOne would be out of the question for an organization of our size. We assumed it would be something that's suited to larger organizations - money, obviously, being the main concern. However, the fact that they were willing to work with us changed that. Seeing that they're willing to work with smaller organizations is cool. I like that they actually give back to the tech sector that way.

I'd rate the stability ten out of ten.

I'd advise new users that they're going to need to invest a little bit of time upfront in order to make sure that their organization is set up for proper deployment. We probably spent about a week or two configuring everything and getting it to work the way we wanted. However, after that initial investment of time, the maintenance that you have to do is pretty minimal.

Our infrastructure utilizes a combination of cloud solutions and Kubernetes for container orchestration. To ensure the security of these environments, we leverage PingSafe. This platform proactively identifies and remediates vulnerabilities within our cloud deployments.

We use PingSafe, which is integrated with our cloud environment. This allows us to receive notifications from PingSafe directly in our Slack channels, according to the notification settings we have configured. We prioritize these alerts and take appropriate actions based on their urgency.

To improve our cloud security posture and achieve best practices, we implemented PingSafe. This security tool helps us identify and address vulnerabilities within our cloud environment.

PingSafe is easy to use.

PingSafe's evidence-based reporting helps prioritize and solve the most important cloud security issue.

PingSafe's proof of exploitability is valuable because it goes beyond simply identifying vulnerabilities. It assesses how severe these vulnerabilities are by determining if they can be actively exploited by attackers. This information allows us to prioritize our actions and focus on fixing the most critical risks first.

PingSafe's compliance monitoring capabilities helped us achieve certifications like PCI and DSS.

PingSafe's UI is easy to use even for beginners.

PingSafe improved our security posture, made us more compliant, and improved our confidence when we spoke to our clients.

Before implementing PingSafe, we lacked any detection capabilities. Consequently, our mean time to detection saw a significant improvement of up to 70 percent after PingSafe's introduction.

PingSafe improved our mean time to remediation by 50 to 70 percent.

PingSafe has significantly improved collaboration between our cloud security, application developers, and AppSec teams. This enhanced collaboration is due to the dashboard that provides a centralized view of all security-related information within PingSafe.

In the past, our infrastructure setup process involved building the infrastructure first and then implementing security best practices at the end. This new approach is different. Now, when we create new infrastructure, we integrate PingSafe right from the start. This integration allows us to receive security alerts immediately. With these real-time insights, we can proactively address any security issues or potential vulnerabilities as we build, rather than waiting until the infrastructure is complete.

We integrated PingSafe with a few alerting systems and our Slack channels.

PingSafe's most valuable feature is its unified console. This console brings together all of our cloud-based and non-cloud-based solutions into a single, centralized location.

I find the visualization graphs particularly helpful. They identify which objects are affected by the issue, allowing us to prioritize our efforts and focus on the areas that need the most attention.

We deployed PingSafe for AWS and Oracle Cloud but we encountered issues with Oracle Cloud. The integration with Oracle has room for improvement.

I have been using PingSafe for a year.

I would rate the stability of PingSafe 9 out of 10.

I would rate the scalability of PingSafe 8 out of 10.

The technical support is responsive and knowledgeable.

Positive

The deployment was straightforward and took half a day for AWS. Two people from our DevOps team were involved in the deployment.

PingSafe improved the security of our infrastructure and helped reduce the costs.

PingSafe is affordable.

In addition to PingSafe, we also considered Palo Alto and AccuKnox for our needs. However, the positive customer service experience we had with a PingSafe representative played a role in our final decision.

I would rate PingSafe 9 out of 10.

We have around five people in our organization who utilize PingSafe. We are all in the same location except for our consultant.

PingSafe does not require maintenance from our end.

I recommend PingSafe to others. It is compatible with most major cloud platforms. However, we did encounter some issues when using it with lesser-known cloud providers, such as Oracle.

We use PingSafe for our AWS cloud used in my project and to check the account's vulnerabilities.

PingSafe has improved our organization a lot. Before using PingSafe, we had not covered many points according to vulnerabilities. We have used the solution's dashboard, which shows the criticality of issues, and we have rectified and resolved many issues according to their severity.

PingSafe has a dashboard that can detect the criticality of a particular problem, whether it falls under critical, medium, or low vulnerability. If it is not a critical problem, we can try to solve it within 4-5 hours. If it's very critical, then we can take action immediately.

PingSafe takes 4-5 hours to detect and highlight an issue, and that time should be reduced. Sometimes, the solution shows false alerts. The comments section has also been turned off for the last 10 to 15 days. These are the two issues I'm facing right now in PingSafe.

I have been using PingSafe for the last 3 months.

PingSafe is a stable solution, and I haven’t come across any bugs or glitches.

I rate the solution an 8 out of 10 for stability.

The solution has good scalability. Around 10 users in my team use the solution.

I rate PingSafe’s scalability an 8-10 out of 10.

PingSafe's pricing is good because it provides us with a solution.

Suppose we find a volume not attached to any EC2 instance during scanning. PingSafe detects such vulnerabilities, and we try to resolve them. PingSafe is an easy-to-use solution. Everybody in my team works with PingSafe to monitor any vulnerabilities it detects.

PingSafe is a good tool for security and vulnerability detection for me and my team. The solution is easy to use, and we are very familiar with the dashboard, which shows the criticality of particular problems. It also shows the link to a particular vulnerability or problem so that we can directly go to that particular problem.

Through the solution's dashboard, we can see problems and detect vulnerabilities. Then, we assign each problem to another and try to resolve it. In the pre production environment, we used to try a blue/green deployment. If we try to get any alerts from that particular dashboard, PingSafe will detect them.

PingSafe has improved our risk posture by 50% to 60%. Earlier, we couldn't identify the things created by mistake during production. If something is created by mistake or if we are unable to detect mistakes in the production environment, PingSafe scans and alerts us of any vulnerabilities.

PingSafe takes approximately 4-5 hours to detect an issue. We conducted a test by creating one issue, which was highlighted in the PingSafe dashboard within four to five hours. The issue was still present in the PingSafe scan after we resolved it, and it was removed after four to five hours.

PingSafe has helped reduce our mean time to remediate, and we immediately take action on the issue. In my opinion, PingSafe is really collaborative, and other teams use it at the utmost level. The solution is really helpful for us regarding system security.

PingSafe has helped us save around 30% to 40% of engineering time. We just see the PingSafe dashboard for issues it has detected and try to resolve them as soon as possible. PingSafe has helped us save approximately 30% to 40% of our resources, time, and money.

PingSafe is integrated with the AWS tool our team uses to detect vulnerabilities. PingSafe is a SaaS (Software as a service) solution. We have five to six accounts on PingSafe and use them in multiple locations. The solution does not require any maintenance. I would recommend the solution to other users.

Overall, I rate PingSafe a 9 out of 10.

My company uses Cloud Native Security as our CSPM solution to discover vulnerabilities in cloud-based configurations. We take alerts from Cloud Native Security and forward them to the DevOps team to remediate them manually. 

Cloud Native Security helps reduce the number of false positives we receive. We receive notifications and alerts from various channels, such as AWS CloudTrail and Microsoft Defender. These products generate alerts based on their policies. I can feel confident that Cloud Native Security isn't giving any false positives. We get a few, but they are rare, and I can immediately alert the team to redefine their policies. 

Cloud Native Security's most valuable feature is its offensive security engine. I have worked with many CSPM solutions. What sets Cloud Native Security apart is the security engine's ability to provide evidence about the potential for vulnerabilities to be exploited or endpoints exposed with credentials.  

The evidence-based reporting is helpful. It shows us all these details that help us do more research. We are working with various stakeholders to remediate those misconfigurations immediately. No other solutions provide this feature. We can research other resources affected by the same kind of vulnerabilities or misconfigurations. We can prioritize fixing them and work on them immediately. That's beneficial to everyone on the team, and they are learning a lot with this feature from Cloud Native Security itself.

While Cloud Native Security is mostly easy to use, the interface has a few trouble areas. We have faced some challenges with filtering. The Cloud Native Security team is working on that, and they're fixing it immediately. They take feedback seriously. There is no break-glass account feature. They should implement this as soon as possible because we can't implement SSO without a break-glass feature. 

We have been using Cloud Native Security for one year.

Cloud Native Security is stable. 

I rate Cloud Native Security 9 out of 10 for scalability. There is no lag, and the application doesn't break down. 

I rate Cloud Native Security support 8 out of 10. We contacted them about adding some policies and creating plugins based on our requirements. 

Positive

We previously used Prisma Cloud. Each has its own feature set. Prisma is on a higher level, and Cloud Native Security is a startup that's building its feature set and taking feedback from all the customers. That's one advantage Cloud Native Security has. They're responsive to feature requests. If I suggest a feature for Prisma, I will need to wait until the next release on their roadmap. Cloud Native Security will add it right away.

Deploying Cloud Native Security wasn't too easy or difficult. It was manageable. I did the deployment by myself. I'm the Cloud Native Security admin for my organization responsible for onboarding all the cloud accounts for AWS, GCP, and Azure. 

We also looked at Orca Security. Like Prisma, Orca is one of the top solutions on the market. Most of the CSPM solutions have the same features. Cloud Native Security stood out for two reasons: One is the offensive security engine. That is the main thing. The second thing Cloud Native Security offers is evidence-based reporting. That helps us a lot. These two features are unique, which is why we chose Cloud Native Security. 

I rate Cloud Native Security 7 out of 10. 

When we receive a ticket about a SentinelOne detection on a specific host, we will first go to the SentinelOne console and look up the endpoint and the case. If there are any threats related to the host, we will then review the activities that have taken place within a specific time frame. We can look at the processes that have run, and how they have propagated from one process to another. We can also look at the timeline of events, from the top down, to see what happened when each process was run. This will help us to determine if any malicious activity has taken place.

We use the cloud-based management console to install SentinelOne on each employee's or host's device. SentinelOne can be installed through the cloud.

Singularity Cloud Workload Security provides us with better security detection and more visibility. It is another resource that we can use to detect vulnerabilities in our company's systems. For example, it can help us detect new file processes that we are not familiar with, which could be used by attackers to exploit our systems. Singularity Cloud Workload Security can also help us diagnose and analyze data to determine whether it is malicious or not. Singularity Cloud Workload Security is like another pair of eyes that can help us protect our systems from cyberattacks.

The real-time detection and response capabilities of Singularity Cloud Workload Security are very helpful. When we receive alerts in real-time, we can take action immediately. Within Vigilance, they look at things for us in real-time and let us know if they detect something malicious. This allows us to investigate the incident and see what is happening. If it is a zero-day attack, we can take action immediately to try to mitigate the damage. Having real-time alerts helps us take action more quickly than waiting for a few days for something to happen.

The automated remediation feature works from a database. We upload anything that we have detected before or anything that we can filter into this database. For example, we would upload the known IP addresses of analysts who do penetration testing for us within the company. If one of these IP addresses comes in and is malicious to the company, the solution will detect it. Singularity Cloud Workload Security will check the IP address and automatically classify it as benign. This saves us time because we don't have to manually review the IP address or contact our colleagues. This frees up our time so that we can focus on other things, such as investigating more malicious threats. IP addresses are just one type of data that can be filtered. File processes can also be filtered. Any type of automated filtering helps us reduce the time it takes to investigate a ticket so that we can focus on the most malicious threats.

The historical data record provided by SentinelOne after an attack is helpful in identifying what we can do to protect ourselves from future attacks. We can use this data to understand the cause of the attack and put in place preventive measures, such as educating employees about security best practices. SentinelOne allows us to access up to three or four months of historical data without a request. For data that goes back six months to one year, we need to submit a request. This data can be specific to a particular host, if necessary.

Singularity Cloud Workload Security is a great product. It is very robust and versatile. There are many things we can do with it, even things I have explored in the past two years. We can use different types of queries to narrow down our searches. It is a very powerful tool that has been very helpful to our SOC in analyzing specific incidents.

The solution has decreased our mean time to detect through the automated response process and visuals that give us time to focus on other important things. It definitely gives us the actual time to look at other things instead of focusing on one ticket that may take us 30 minutes to an hour to resolve. This could definitely decrease the coverage time.

The solution has decreased our mean time to remediate. We have many detection systems in our organization, and it takes a lot of manpower to focus on all of them. Integrating SentinelOne into our organization has given us more time to focus on other things, rather than having to look at minor incidents, such as low-severity incidents. SentinelOne detects and remediates these incidents for us, so we don't have to worry about them. This has been a great help, and we no longer need to dedicate as much manpower to these incidents.

The solution helps to free up our SOC staff time to work on other projects and tasks. Thousands of false positive tickets no longer have to be looked at by our SOC team, saving them a lot of time.

The solution has helped our organization become more productive by allowing us to focus on more severe issues instead of wasting time on minor ones.

The management console is the most valuable feature. It offers a variety of options for us to view. If a threat is detected, there is a specific area where we can view the different incidents that have occurred. This is the threat that is associated with that host.

We can also have deep visibility into the activities within the host within a specific time frame. This is very useful, especially when we can view the process tree. This allows us to see how one process propagates to another process, and so on. We can then look back to the beginning of the process to see where it came from. How was it downloaded? Which URL did it come from? Was it internal or external? This information has been very helpful when we are diagnosing a specific incident.

The File Fence feature is also useful. When we view a file within Singularity Cloud Workload Security, we can put it into our sandbox to see what type of file it is and whether it is malicious or not. There is also the scan feature, which is very helpful. When we scan a host remotely, it can return to us with information about the detections that were made on that host. This can help us to identify and alert others about any potential threats.

Whenever I view the processes and the process aspect, it takes a long time to load. I think this is because the dashboard or management console is slow, especially during downtime or when updates are being applied. Even when I search for a specific query, it takes a while to load. I believe that increasing the bandwidth for query processing would help.

I have been using SentinelOne Singularity Cloud for three years.

I think the stability is decent. However, if they fixed the bandwidth issue, it would be a top contender. Sometimes, when I need to look at the process timeline, it is very difficult to load and takes a long time. We don't always have the time to wait for it to load. I think the stability is okay, but it could be improved.

We used Carbon Black. Carbon Black's stability is pretty good. Its downtime is not as high as SentinelOne's. Carbon Black is a little bit easier to use than SentinelOne. Its user interface is a little bit easier than SentinelOne's. In terms of stability, I think SentinelOne is just a little bit behind Carbon Black. Not by much, but just a little bit.

The scalability is fine.

The technical support is very responsive, and courteous, and provides great customer service. If we need something right away, they will definitely put us on the priority list. We have a special chat channel or a specific team dedicated to our company. We can also email them, and they will usually respond quickly.

Positive

I previously used Carbon Black and Tanium for a short time. When I first started at my current organization, they were using both Carbon Black and SentinelOne. However, SentinelOne provides the same level of security as Carbon Black at a lower cost, so the organization stopped using Carbon Black.

If I were to compare SentinelOne to Carbon Black, I would say that they have the same functionality, but Carbon Black has a faster response time. If SentinelOne could improve its bandwidth in this area, it would be a more competitive product.

I would rate Singularity Cloud Workload Security a seven out of ten. I noticed some lagging, especially when loading a specific storyline. I also experienced some lag when I had too many windows open.

Based on the company's size and infrastructure, SentinelOne offers different tiers of service for small, medium, and large businesses. For a really small company that doesn't generate a lot of logs, a robust system like SentinelOne may not be necessary. However, for a medium-sized company, SentinelOne can be a valuable asset. It has helped us to reduce our response time, gain more visibility into our security posture, and receive alerts if any devices are lost or stolen. SentinelOne is also more versatile than other solutions in terms of the resources it uses to detect malicious activity. I would recommend that any company considering SentinelOne do their research and talk to other users to see if it is the right fit for their needs.

Singularity Cloud Workload Security is a cloud-based solution that does not require much maintenance. The only maintenance required is to keep the filtering list up to date. This can be done with the help of the SentinelOne team.

The interoperability of the solution is fine. I don't have any issue with it.

In my line of work, we innovate by detecting and analyzing specific incidents. Singularity Cloud Workload Security definitely helps us out a lot in terms of detection, creating new queries, and creating new filters.

I suggest they research the solution and test it out. I believe SentinelOne offers a trial version, so they can try it before they buy it. See how they like it. We love it and don't think we can live without it. It gives us so much free time to focus on other things. It's like a home security system. If we miss something, they contact us. If the doors unlock, they let us know. If the battery is dying, they let us know. It has helped us out a lot. It gave us the visibility we didn't have before and continues to give us the visibility we need. I don't know what we would do without it.