SentinelOne Singularity Cloud Security Reviews

We primarily use the solution to monitor for vulnerabilities on our AWS account. We use it for alerts. 

The solution is a good alerting tool. 

It is easy to use. It's console-based, which is useful.

If any action is taken, we can easily get alerts generated for us. 

The infrastructure as code scanning is very easy to use. 

We've found the solution has helped us to reduce the amount of false positives. 

It's reduced the time we need to find vulnerabilities. 

It's helped us reduce our risk posture. The mean time to detect has been reduced. Mean time to remediate has also been lowered since it's good at detecting issues. 

PingSafe has helped improve the security between cloud security, application developers, and AppSec teams. With better notifications, the teams are more aware of what's happening. 

We'd like to have better notifications. We'd like them to happen faster. It can take too much time to detect and then see the issue. 

We've been using the solution for a while. 

The stability is good. there is no lagging or crashing. 

I'm not sure how scalable the solution is. 

I've never contacted technical support. My team might have based on the generation of false positives. 

I'm also aware of AWS CloudWatch. It is not easy to use in comparison to PingSafe. 

The initial deployment is easy. There is no maintenance needed on our end. 

I'm not aware of the exact pricing. 

I'm a customer. 

I'd rate the solution 8 out of 10.

It's important to learn about the solution first. However, it is easy to use and quick to pick up.

Singularity Cloud Workload Security gave us the visibility we needed and freed up time to do other tasks. It narrows down the false positives that we got with the previous solution.

We use Singularity Cloud Workload Security to detect threats and protect our assets. We look at the threats that come in and whether they're being blocked. We use Singularity Cloud Workload Security as an anti-malware threat management product.

Our previous product took a lot of man hours to manage. Once we got Singularity Cloud Workload Security, it freed up our time to work on other tasks.

We had a couple of issues with the solution's deployment. We had to deploy the agent, and sometimes there were issues. It feels like we're battling a version of the software when we have to deploy an agent over another agent. It would be really helpful if the solution improves its agent deployment process.

I have been using Singularity Cloud Workload Security for over a year.

I haven't heard from our team about any stability issues with Singularity Cloud Workload Security. Singularity Cloud Workload Security is more stable than our previous solution.

Singularity Cloud Workload Security handles anything we throw at it. The scalability is good.

When we have an issue, an online engineer from their group helps us resolve it within an hour or two. I haven't heard anything negative about the solution's support from our team.

Positive

I was involved in the selection and the proof of concept process. I wasn't on the call for the installation, but I overheard our two engineers involved in the solution's installation. The solution's deployment was pretty quick, and they installed it in one day.

We implemented the solution with an in-house team.

Singularity Cloud Workload Security's licensing and price were cheaper than the other solutions we looked at. One product was a little bit cheaper, but its functionality and the overall product weren't as good as Singularity Cloud Workload Security. One of the vendors' prices was almost double what we would get thus far. Talking to their engineer and salesperson put our minds at ease when we got it. We knew they would be there for support, and they have been really good.

I'd ask users to take a good look at Singularity Cloud Workload Security because it brings a lot of value to the table. For its price, the solution does a good job compared to some other solutions.

Singularity Cloud Workload Security’s automated remediation works great.

The solution’s real-time detection and response capabilities work great for us. It frees up time, unlike our previous solution, where we had a lot of false positives. 

It's granular, and you can take a deeper dive into something if you need to. You can analyze and get a verdict. It's easier to narrow it down and pinpoint it with more detail.

The solution helped reduce our organization’s mean time to detect. Singularity Cloud Workload Security is quicker than our previous solution. We are a small group of just five people, and we have to do instantaneous detection to stop things from coming in quickly. We like that part a lot.

The solution helped reduce our organization’s mean time to remediate. It lets us analyze an incident, report the status quicker, and escalate it quicker than our previous solution.

Singularity Cloud Workload Security helped free up SOC staff to work on other projects. It probably freed up 10 to 15 hours a week. Before, we spent a couple of hours a day sifting through events and trying to see if they were false positives. The solution freed up a lot of time.

We have seen an impact on our organization's productivity using Singularity Cloud Workload Security. With the freed-up time, we're able to do a lot of other work. We use other products and look at phishing emails. It frees up our time to study more than we did in the past.

I would have users look at their visibility across their environment. The solution's quick response to threats, ability to act on them, automated incident response, and forensic investigation capabilities are really good. The solution provides you with 24/7 threat monitoring detection.

We work eight hours a day when we have someone on call. It's nice to know someone else is also looking at our events. They're there to dive in with us when we need them to help increase our team. Even though they're not on our team, they're there to help us.

Overall, I rate Singularity Cloud Workload Security a nine out of ten.

Working in a highly regulated space with stringent security requirements for money movement necessitates robust security measures. SentinelOne Cloud Security effectively secures our workloads, providing peace of mind and significantly reducing stress by addressing both security and regulatory needs.

The primary challenge we faced was achieving comprehensive visibility and observability across our extensive cloud environment, which comprises over 50 AWS accounts. It was difficult to determine the specific account and business entity associated with each workload. SentinelOne provided a centralized view of all workloads, enabling us to identify misconfigurations, pinpoint their location, and assess their potential impact. This clarity allowed us to prioritize responses based on the criticality of the affected account, such as production or highly regulated environments, thereby optimizing our response time.

To reduce noise and improve security monitoring, we implemented two key strategies. First, we leveraged the SentinelOne platform to identify internet-exposed assets and prioritize them for enhanced monitoring. SentinelOne's cloud-based capabilities significantly reduced false positives and helped establish a baseline for normal network activity. Second, we integrated the Infrastructure as Code module to automatically detect any deviations from the baseline or new misconfigurations. This proactive approach enabled us to efficiently address vulnerabilities and maintain a secure environment. After an initial cleanup, ongoing maintenance became much easier due to the continuous monitoring and automated alerts provided by SentinelOne and the IAC module.

Cloud security has helped reduce false positives by prioritizing vulnerabilities based on two factors: the criticality of the exposed asset and the environment it operates within. This prioritization metric helps eliminate false positives and allows teams to focus on fixing actual security issues.

Cloud security has improved incident response, primarily by enhancing observability. This allows for immediate identification of an IP address's host account and connected resources, which speeds up response time. Understanding the potential damage is also crucial, and this is achieved by knowing all resources accessible to the compromised asset. This comprehensive approach, combining identification and impact assessment, significantly strengthens security response capabilities.

SentinelOne Cloud Security reduces response times by providing context for assets, such as location, access details, and component interactions. This allows for quick identification of the responsible team and facilitates efficient damage assessment and remediation. Automated responses, like automatically fixing public S3 buckets, can be implemented, although caution is needed as some public access may be intentional.

SentinelOne Cloud Security has significantly improved team collaboration by simplifying the process of identifying the owner of a vulnerable or problematic component. Previously, this was a time-consuming task, but now the platform allows for quick identification of the responsible business entity and developer, enabling direct contact with the appropriate DevOps personnel. This streamlined process accelerates both detection and response times, ultimately enhancing overall security.

SentinelOne has released Purple AI, a tool with immense potential. It can analyze sentences and identify specific IP addresses or vulnerable machines, significantly aiding threat detection. This capability allows for rapid computation and complex query execution, delivering crucial answers in minutes and enhancing data analysis for security purposes.

Cloud Security has provided a single view to observe all workloads, prioritization for handling cloud assets, and reduced noise by distinguishing false positives effectively.

Once all components, including the cloud piece and container runtime piece, integrate further and incorporate an AI layer for better comprehension, it will greatly enhance the utility of Singularity Cloud Security.

I have been using SentinelOne's cloud piece for about three to four months.

SentinelOne has provided excellent support, enabling us to implement a robust solution customized to effectively meet our security and compliance needs.

Positive

Prior to implementing SentinelOne, we faced excessive false positives and an overwhelming number of findings, hindering prioritization. However, SentinelOne Cloud's offensive engine provides reassurance by automatically checking exposed assets for new threats, such as zero-day attacks, ensuring immediate awareness of any issues.

SentinelOne allows for customized prioritization, enabling changes based on specific accounts and the addition of further actions to misconfiguration adjustments. The graphing ability of SentinelOne CNAP facilitates comprehensive chaining for in-depth analysis. The demos on misconfigurations and the prioritization matrix were particularly informative.

SentinelOne provided competitive pricing compared to other vendors, and we are satisfied with the deal.

When evaluating CNAP vendors, several key considerations emerged. First, it was essential to assess the regulatory frameworks and ensure compliance. Second, the issue of false positives needed to be addressed to maintain efficiency. Finally, the prioritization capabilities, particularly the use of graphs to identify critical assets, were crucial factors in the selection process.

I would rate SentinelOne Cloud Security a nine out of ten. They are bringing all the pieces together, and once the Purple AI can interact with all the different components and correlate across them, I think that's where its real power will come from.

SentinelOne CNAP was extremely helpful and chosen for three primary reasons: their responsive and efficient team facilitated a rapid deployment; the technology itself proved to be very robust and effective; and the platform's configurability allowed for seamless integration with our specific business needs.

For those evaluating SentinelOne CNAP, it is advised to engage with their team for potential configuration changes. The tool offers comprehensive insights, providing productive usage from day one for penetration testers and security engineers.

Our cloud security posture is managed with PingSafe, a tool that identifies and highlights potential security weaknesses in our systems.

It is user-friendly.

PingSafe helps reduce the number of false positives by 20 percent.

In evidence-based reporting, demonstrating that a vulnerability can be exploited is crucial. This information allows us to directly address the issue through manual remediation.

PingSafe has improved our risk posture and has reduced our mean time to detection by 50 percent.

PingSafe has reduced our mean time to remediation by 30 percent.

The user-friendly dashboard offers both convenience and security by providing quick access to solutions and keeping us informed of potential threats.

PingSafe filtering has some areas that cause problems, and to achieve single sign-on functionality, a break-glass feature, which is currently unavailable, is necessary.

I have been using PingSafe for one year.

I would rate the stability of PingSafe nine out of ten.

PingSafe is scalable.

The technical support is good.

Positive

We previously used Prisma Cloud but when we would request a feature we had to wait until the next release. That is the advantage of PingSafe.

The deployment took a few weeks to complete.

PingSafe falls somewhere in the middle price range, neither particularly cheap nor expensive.

I would rate PingSafe nine out of ten.

We have around five people working with PingSafe.

No maintenance is required for PingSafe.

We use PingSafe to improve our security posture through evidence-based alerts by detecting and mitigating vulnerabilities.

We sought a CSPM solution that could be configured to adhere to the security policies of our required integrations. PingSafe stood out as a strong candidate due to its compliance with industry standards like ISO and its ability to provide valuable security insights.

PingSafe is a SaaS solution.

PingSafe boasts a user-friendly interface that avoids information overload. The clean layout allows for easy navigation, even for new users, while still offering the ability to delve deeper into the data for a more granular view.

I would rate the evidence-based reporting of PingSafe an eight out of ten.

PingSafe's proof of exploitability is invaluable because it allows us to demonstrate the root cause of security issues to stakeholders clearly and concisely, streamlining the remediation process.

I would rate the offensive security engine's ability to assess and verify exploit paths and prioritize breach potential a nine out of ten.

The easy-to-use UI helps our security team review evidence from a single dashboard.

PingSafe has broadened our viewpoint within our environment, allowing us to see things from multiple angles. This wider perspective provides greater assurance to our team and the entire enterprise.

It has helped reduce around ten percent of the false positives.

Thanks to PingSafe, our cloud security posture has significantly improved. We've effectively mitigated critical and high vulnerabilities, achieving a strong security position from a CSPM perspective.

PingSafe has impacted collaboration between our cloud security application developers and AppSec teams. To address this, we've granted controlled access to PingSafe for all relevant teams. We've also encouraged its use by providing training on the tool itself.

PingSafe stands out for its user-friendly interface and intuitive software, making it easy to navigate and use. It excels at presenting remediation steps in a clear and actionable way. Additionally, the reporting capabilities ensure we maintain compliance. However, the most valuable feature for us is the ability to conduct authentic security testing, providing real-world insights into our vulnerabilities.

The vulnerability scanner generates a high number of false positives that it flags as alerts, even though they're not actual threats. This suggests a configuration issue. We need to address this, especially since some of these flagged vulnerabilities have already been mitigated by other means.

The compliance monitoring dashboard, while helpful, doesn't integrate seamlessly with our entire system. This creates a disconnect: a high volume of alerts doesn't necessarily reflect a decline in compliance. For instance, I might have a thousand alerts on my ISO-related compliance dashboard, yet the compliance itself remains at 99.99 percent. This inconsistency makes it difficult to justify remediating every alert. In other words, I might give a clean bill of health from a compliance standpoint, yet still expect them to resolve the alert, which can be confusing. Therefore, we need to address either the way the dashboard generates alerts or the way we create them. Ideally, alerts should be directly tied to compliance standards and have a clear role in the overall compliance process. If they don't meet these criteria, perhaps they shouldn't be flagged as high or critical in severity.

Crafting customized policies can be tricky. Take creating our own, for instance. It requires a deep dive into the customization options, as the language used can be complex and demands a certain level of skill.

Since Sentinel's acquisition of PingSafe, there has been a decline in both the frequency of new releases and the quality of support. Previously, PingSafe was known for its proactive approach.

PingSafe utilizes additional modules besides CSPN. Ideally, there should be a correlation between these systems. This would ensure that the assets we review for vulnerabilities within PingSafe are consistent with those reviewed in CSPN. This consistency would simplify the process, allowing us to focus on a single review level. This level could be defined from a configuration perspective or by a compliance standard, such as the web application itself. If PingSafe migrates data, this correlation between systems would be especially beneficial to ensure continued integration with all modules.

I have been using PingSafe for six months.

The core modules of PingSafe are stable but some of their new features had bugs in them.

I would rate the stability of PingSafe seven out of ten.

I would rate the scalability of PingSafe ten out of ten.

The technical support is good.

Positive

We've added PingSafe to our existing Palo Alto Prisma Cloud environment. This will allow us to directly compare the results of the two tools.

The implementation is straightforward and takes a couple of days to complete.

We had five to ten people involved, excluding the PingSafe developers.

I would rate PingSafe eight out of ten.

We have PingSafe accessible in multiple departments with a total of 20 users.

There is no maintenance required from our end.

While PingSafe advertises itself as a Cloud-Native Application Protection Platform solution, it offers some CNAPP functionalities but doesn't provide a fully comprehensive picture of your cloud security posture. In essence, it has some CNAPP capabilities, but it's not a complete CNAPP solution yet.

We use PingSafe to identify threats and vulnerabilities in our AWS accounts and the compute resources that are hosted on those cloud accounts.

We implemented PingSafe to address network-related issues, such as communication between individual components (part-to-part or node communication). PingSafe's Graph Explorer feature also helped us understand the overall network landscape, including the attack surface. This feature allows us to discover and explore various components within our AWS environment. In essence, PingSafe helped us identify how different networks connect and how microservices within our system interact with each other.

We've implemented PingSafe across all our core companies, including acquisitions. Previously, managing separate AWS accounts for each company with dedicated DevOps and security teams was a significant challenge. PingSafe helped us consolidate these accounts into a single platform, simplifying the process. Now, we can easily track key security metrics. For instance, PingSafe provides frequent alerts for critical events such as publicly exposed instances or security groups with significant traffic changes from any source. Monitoring these elements across multiple accounts and security groups was previously difficult without a centralized platform. PingSafe has been instrumental in streamlining this process.

We recently made some changes to our information systems. PingSafe helped identify instances that were inadvertently made public. This identification is important for compliance purposes, as it allows us to track how well these public instances adhere to regulatory frameworks.

PingSafe's compliance monitoring capabilities have provided us with some benefits, particularly in understanding our overall security posture. However, it's important to note that PingSafe only monitors our cloud infrastructure. There might be internal deployments with compensating controls that address missing controls identified by PingSafe (e.g., control X is missing but mitigated by internal control Y). These internal controls wouldn't be visible to PingSafe. Therefore, while PingSafe provides a valuable starting point at the surface level, manual review is necessary to ensure complete compliance coverage.

PingSafe is easy to navigate. Its menus are straightforward and intuitive, making the overall user experience smooth.

One of the key benefits of PingSafe's evidence-based reporting is its proof of exploitability. This feature allows us to prioritize vulnerabilities that have been demonstrably compromised and take immediate action to mitigate the risks.

The offensive security engine feature constantly scans and lets us know if any vulnerabilities in our environment can be exploited. While the offensive security engine for verifying exploit paths and prioritizing breach control is valuable, it lacks context awareness. For instance, it might flag something we intentionally made public, like a new website for an upcoming event. In those cases, we can safely ignore the alert. Overall, the engine is a useful tool. We extract the information it provides and prioritize it. A dedicated team reviews the alerts and, if necessary, escalates them to our DevOps team for further action.

By centralizing cloud infrastructure monitoring with PingSafe, our security team's productivity, and MTTR have been significantly improved.

Over time PingSafe has reduced the number of false positives by 40 percent.

PingSafe has significantly improved our organization's risk posture. Since implementing it, we've been able to assess the risk associated with recently discovered CVEs much faster than before. This efficiency is due to PingSafe's proactive identification and scanning capabilities. Now, we start each day with a clear summary of potential risks, allowing us to prioritize effectively.

PingSafe has reduced our mean time to detection by 90 percent. This is because it scans every day and sends us real-time email alerts, allowing us to take immediate action.

PingSafe has reduced our mean time to remediation by 40 percent.

We have a dedicated channel where we collaborate with PingSafe and our internal teams.

The collaboration helped save our engineering time by 60 percent.

PingSafe's user interface and ease of use have had a positive impact on our security operations. For example, we recently needed a list of assets deployed in a specific GN in a cloud account for a particular incident. We went straight to PingSafe and were able to quickly obtain the assets along with a map of the security groups linked to them. The UI's simplicity helped us save significant time by eliminating the need to search for information manually.

Notifications about the latest vulnerabilities are a valuable feature. PingSafe automatically updates itself with the newest threats and scans our infrastructure across all integrated data accounts for them. This is helpful because it's difficult to keep up with the volume of CVEs, especially the critical ones.

The UI is responsive and user-friendly.

There's room for improvement in the graphic explorer. We'd like something that helps us visualize traffic between different ports and containers. Currently, we can see host networking, like communication between instances or perhaps within Kubernetes. However, we're looking for a tool that can also visualize port-to-port communication and display it as a graph. This would give us a clearer picture of our network traffic and help strengthen our network security.

The dashboard currently displays CVEs, but it would be beneficial to receive proactive email notifications in addition to this.

I would also like to have runtime security in PingSafe.

I have been using PingSafe for 7 months.

I would rate the stability of PingSafe 9 out of 10.

I would rate the scalability of PingSafe 8 out of 10. We can easily add new cloud accounts.

The technical support response time is good. For feature requests, they can be a little slow.

Positive

The time invested in security operations for threat detection and monitoring has yielded a return on investment of 70 percent. We've also seen a financial benefit by avoiding the need for additional staff to monitor and correlate all database accounts individually by 40 percent. PingSafe automates these tasks efficiently.

PingSafe is less expensive than other options.

I would rate PingSafe 8 out of 10.

We're planning to integrate PingSafe with our CI/CD pipeline and Slack. Currently, our only integration is with an email system, which means we receive alerts and notifications via email. We're evaluating the effectiveness of this approach. Integrating with tools like Jira or Slack could help manage the issue of false positives and notification overload, which currently requires the manual closing of alerts. We're still assessing the best course of action, but integration with Jira is a strong possibility.

Around 15 people from our security and DevOps teams use PingSafe. PingSafe is a SaaS that is integrated with our main company and all our acquisitions.

PingSafe does not require maintenance from our end.

I recommend PingSafe to others for its cloud security capabilities. I particularly appreciate its offensive security approach. Coming from an offensive security background, I find PingSafe excels at identifying real threats that we can address immediately. This proactive approach is a major advantage of PingSafe. While the defensive side might involve some assumptions and possibilities, I believe the offensive capabilities are the key reason we use PingSafe.

As a financial institution, we rely on PingSafe as our single source of truth for both CSVM and CWPP data. PingSafe provides us with essential security benchmarks, including those for Kubernetes deployments and CSVMs. It also allows us to monitor our overall cloud security posture and identify vulnerabilities for remediation. PingSafe serves as a centralized platform for all our cloud security metrics.

We rely on PingSafe for all our reporting needs. It serves as a comprehensive tool for vulnerability management, ISC management, and reporting on hard-coded secrets. Additionally, it functions as a source for vulnerability identification.

The security engine provides a large vulnerability database. While it's not exhaustive, it's a valuable resource due to its significant size and well-organized data. This database allows for effective security management and vulnerability identification.

I would rate PingSafe's meant time to remediation abilities a 10 out of 10.

PingSafe helps the collaboration between our cloud security app developers and AppSec team.

The user interface is well-designed and easy to navigate. Our security team relies on it for several tasks. They can use it to retrieve Jira tickets and assign them to the appropriate teams for resolution. This functionality helps them identify and address vulnerabilities efficiently.

I'm not convinced that PingSafe's features offer significant value for our SecOps team. While it might be useful for stakeholders and management to have a tool that aligns with business goals and provides insights, we could potentially achieve this with open-source CSPM tools. In its current state, I don't see PingSafe directly addressing our specific needs.

While agentless vulnerability scanning is a positive feature, PingSafe lacks the ability to effectively group and customize the provided metrics. This creates a significant limitation, as we cannot easily create the specific metrics that are most useful for our needs. For example, if we want to group a specific set of metrics by a particular label or namespace, there is no straightforward way to do so within PingSafe. The UI offers visualizations for the provided metrics, but it lacks the functionality to segregate and customize them. This inability to create user-defined metrics is a major drawback of PingSafe.

PingSafe helped reduce the number of false positives in the previous version of PingSafe 1.0. Users reported a high volume of false positives with the newer version, and it wasn't clear how PingSafe 2.0 would address this issue. Additionally, users have to manually mute many false positives in PingSafe 2.0, which is a significant drawback.

I would rate PingSafe's mean time to detect ability a 6 out of 10.

While Cloud Security Posture Management tools offer valuable functionality, selling a product solely based on open-source CSPM solutions can be challenging. To differentiate themselves, PingSafe should focus on two key areas: security and workload protection within the CI/CD pipeline. Firstly, PingSafe needs to provide robust security features beyond basic CSPM capabilities. This could involve advanced threat detection and mitigation functionalities. Secondly, workload protection within the CI/CD pipeline is crucial. Here, PingSafe should offer insightful metrics that are well-organized and allow for user customization. This means providing granular control over metric segmentation. Users should be able to define their own metrics and choose how they want them aggregated. Ideally, PingSafe should allow users to import custom metrics and create custom segregations based on their specific needs, such as namespaces or custom levels. For example, if PingSafe gathers metrics from Kubernetes clusters, users should be able to define their own metrics alongside the pre-defined ones and organize them into relevant categories. This level of customization allows stakeholders to focus on the metrics that matter most to them, potentially reducing the overwhelming volume of data from thousands of records to a more manageable set of hundreds. In conclusion, PingSafe should prioritize UI improvements and offer advanced data segregation capabilities to truly stand out in the marketplace. This will empower users to tailor their security posture management experience to their specific needs.

PingSafe's current documentation could be improved to better assist customers during the cluster onboarding process. Providing comprehensive documentation with clear and abundant examples would greatly enhance the user experience for new customers. This would empower them to set up their clusters efficiently and effectively.  

I have been using PingSafe for 1.5 years.

PingSafe seems to be stable, with no reported crashes. However, there's also not a lot of traffic going through the service. It's unclear exactly what PingSafe does internally.

There aren't many users who actively add technical details to run PingSafe's tools. Additionally, it seems we don't actively incorporate new features. Ideally, clients should share proper answer keys so we can identify if their app crashes.

If we could onboard more users, we could potentially gain access to more resources. However, a recurring issue is missing data. Clients sometimes provide extensions, but clicking on them reveals no information. This lack of data is a significant drawback, even though the system itself seems stable.

PingSafe is scalable and supports multiple tenancies with no drawbacks.

As a mature organization, we expect a higher level of service from our technical support providers. Unfortunately, we've found that the responses from PingSafe's technical support team have been repetitive and not particularly helpful, especially considering the cost of their services. 

Neutral

The initial deployment is straightforward.

It doesn't take more than 30 minutes to deploy PingSafe into an organization using any cloud platform.

One person can complete the deployment. 

PingSafe's primary advantage is its ability to consolidate multiple tools into a single user interface, but, beyond this convenience, it may not offer significant additional benefits to justify its price.

I would rate PingSafe 5 out of 10.

Our organization primarily relies on our internal scanning tool for IaC security. While many industry tools utilize open-source IaC scanning solutions under the hood, we haven't found significant value in adopting PingSafe's specific IaC offering. This solution might be more beneficial for organizations lacking dedicated SecOps teams, but its additional cost is a factor to consider.

It should transition from an agent-based system to an agentless one. This is crucial because many industry tools are moving in this direction, and PingSafe should follow suit. They should also introduce more features, improve security compliance, and place greater focus on Kubernetes, RBAC systems, and visualization. If they do choose to maintain an agent-based system, they should significantly improve their metric collection capabilities. This would be beneficial because currently, customer response times seem to be slow. By addressing these requirements, PingSafe can ensure continued growth.

We use Singularity Cloud Workload Security to protect all our servers from malware, both present and future. We also use it to protect our user endpoints, such as workstations and employee laptops.

We recently switched from Windows Defender to SentinelOne endpoint protection after a few of our laptops were infected with malware. SentinelOne has been protecting our laptops, endpoints, and servers for two years now, and it has performed well in internal and external audits.

We currently have a hybrid Active Directory environment. SentinelOne itself is a SaaS-based product, so it is fully cloud-based. However, we need to install agents on all of our endpoints and cloud services.

Singularity Cloud Workload Security has real-time threat detection capabilities. We have tested it with multiple clients and ourselves, and it has detected malware every time we have been attacked. Compared to other major security vendors, Singularity Cloud Workload Security had the best detection rates for all the malware we threw at it during our proof of concept.

Automated remediation is policy-based, which makes it very useful. The SentinelOne platform gathers all information about how the threat played out and all the changes that were affected on our system. Using this information makes it very easy to remediate all the damage because we know what happened. Automated remediation is amazing and a key differentiator from other competitors.

For Linux kernels, the agent supports almost all platforms, including legacy Windows, macOS, and Linux. We have a few Linux servers, and the mitigation and all the other features work just as well as on the other operating systems.

Using the Deep Visibility Console, we can thoroughly investigate everything that was called or changed on a computer. This gives us visibility into virtually everything that happens on all of our endpoints at all times, in real-time. This has allowed us to find threats that other vendors would have missed. We can also use the Deep Visibility Console to perform threat hunting. For example, if a threat has been moving around our network, we can track it down to see exactly where it is moving to and how it is working.

The historical data record provided by Singularity Cloud Workload Security after an attack is good. For data retention in terms of threats, we have a one-year retention period. This is a long time, and it is very useful for our insurance policies, as we often need to comply with them. For compliance purposes, the one-year retention period is perfect for us. For visibility logs, for example, we are ingesting some logs, and I believe the retention rate is actually fourteen days.

Singularity Cloud Workload Security has reduced our MTTD. Previously, with Defender, it would sometimes fail to detect threats. Now, we detect and remediate many more threats automatically, almost instantaneously. For example, if we download a malware file, we usually cannot even open it because Singularity Cloud Workload Security detects it automatically with a super-fast response time.

Our MTTR is automatic. As soon as a threat is detected, remediation is performed automatically, according to our policy. We can even generate a report of the remediation and all affected files. This allows us to see everything and ensures that remediation is performed quickly.

Singularity Cloud Workload Security has freed up our SOC staff's time to work on other projects. Before, we were considering hiring a 24/7 SOC team, but with SentinelOne's vigilance package, they take care of almost everything for us. We no longer need an employee to monitor logs and threats 24/7.

Since we are freeing up some time from the operations side, our IT administrators and security personnel do not have to constantly monitor the console to see what is happening. Because we trust the product to take care of malware for us, our productivity has definitely increased. We only check the logs once a week.

Singularity Cloud Workload Security works well with other vendors, so we can even have two EDR solutions if we want to. The exclusions can be done through the console, which is very easy to use. It gives us a list of all the applications that we have installed on all our systems and makes it easy to create different types of exclusions. For example, we can create exclusions for performance reasons or to suppress alerts. There are a lot of options, and they are all very easy to use.

My favorite feature is Storyline. It creates a neat graph that shows us how any threat played out, in real time. We can see all the information about what was modified or changed on our system, such as files that were modified, created, or deleted, and register keys that were created or edited. For a SOC analyst, this information is super useful. We can deep dive into all the information and see exactly what happened on each computer individually.

The second feature is actually part of the SDR platform, and it provides native integrations with other security software vendors, such as Okta or Azure AD. This allows us to ingest all of our audit logs for security events and to take action on them. For example, we can set up an automation alert so that if a threat is detected on an endpoint, we can automatically take action on our Okta or AD environment, such as locking the account that was signed in or forcing a password reset.

I know that SentinelOne is working on additional integrations for their XDR platform, and I would definitely prefer more integrations. I understand that many more integrations are coming soon but by the end of the year. I would like additional integrations. Currently, we have integrations with Azure AD, Okta, Mimecast, and Netscope. Many of our clients and we also use firewalls from Cisco, Juniper, and so on. It would be helpful to be able to retrieve audit logs or actionable items from these firewalls.

I have been using Singularity Cloud Workload Security for two years.

Singularity Cloud Workload Security is stable, and we have not experienced any downtime. 

The stability of Singularity Cloud Workload Security is similar to that of Microsoft Defender.

Singularity Cloud Workload Security is infinitely scalable, with a multi-tenancy feature that allows us to have multiple sites, such as physical sites. For example, if we have two locations, we can easily create admins who have access to only one site or to all sites. It scales really well, regardless of our environment.

The auto-scaling feature is user-friendly. As we install more endpoints, they will simply show up in the console, allowing us to create our own physical sites with their own admins and different policies.

My interaction with technical support was pleasant. They gave me a few tips on how to integrate the new system. They also sent me some documentation, which was already available to me, but they saved me the time of searching for it. They even offered to schedule a team call to discuss the integration and have a team member help us directly. The only downside is that the entire interaction was text-based, so it could be difficult to get a definitive answer to some questions.

Positive

We previously used Microsoft Defender, but some of our laptops were infected with malware anyway. Because of this, we had to redeploy all of our laptops. We therefore concluded that the solution was not working as well as it should in terms of detection and response so we switched to Singularity Cloud Workload Security.

Deployment was straightforward. The agent is simple to deploy, and we only need to deploy it to all of our endpoints. It is a simple installation that requires our site token. We can deploy it through group policies, Intune, or any mass deployment software. I completed the deployment myself.

We evaluated CrowdStrike, Carbon Black, and Bitdefender, and found that Singularity Cloud Workload Security had a much better remediation process. This is because Singularity Cloud Workload Security uses AI-powered detection and remediation, instead of relying on human analysts. This means that threats can be detected and remediated much faster than with traditional security solutions. Another factor that influenced our decision was pricing. SentinelOne is not too expensive compared to other providers, and it offers a wide range of integrations with other security products.

I would rate Singularity Cloud Workload Security nine out of ten.

Maintenance is minimal, requiring only occasional updates. When a major update is available, we receive an email notification. We then accept and deploy the update to all eligible endpoints through the console.

Singularity Cloud Workload Security is very easy to deploy and has one of the best detection rates among vendors. It has a very user-friendly UI that provides a high-level overview of current threats and system status, as well as the ability to drill down into analytics and threat indicators using the visibility console. It is so user-friendly that anyone can use it, regardless of their expertise level. However, for more experienced users, there is also the option to dig deeper into the data.

Singularity Cloud Workload Security helps us spend less time on threats and more time on our core competency, which is consulting work. This definitely improves our productivity and innovation.