Try our new research platform with insights from 80,000+ expert users
reviewer1525839 - PeerSpot reviewer
Senior security consultant at a computer software company with 51-200 employees
MSP
Top 20
Reduces organizational risk, saves time, and is easy to deploy
Pros and Cons
  • "The anti-ransomware capability to analyze the threats and user-friendliness are the most valuable features."
  • "When comparing SentinelOne to CrowdStrike, I find that CrowdStrike has more comprehensive vulnerability assessment tools."

What is our primary use case?

We are a partner of SentinelOne and we provide demo proofs of concept to customers. Most of our customers use traditional antivirus software, which does not have the capability to perform zero-day analysis, block ransomware, or block zero-day attacks. SentinelOne, on the other hand, is an endpoint detection and response and endpoint protection platform solution, which means that it has the capability to block zero-day attacks, ransomware, and machine learning-based threats. SentinelOne Singularity Complete does not have antivirus technology, but rather it is an anti-malware solution.

Our customers switched to Singularity Complete primarily for security and ease of use. It is easy to install, troubleshoot, and upgrade. Singularity Complete is purely cloud-based for our customers.

How has it helped my organization?

Singularity Completes' interoperability is straightforward. They have easy API integrations with all major integration platforms, so it's simple. There are no complications.

SentinelOne can ingest and correlate data well. It has its own EDR and XDR technologies, so it provides threat defense, detection, and monitoring. The models work like a SIEM for endpoints, so customers can correlate logs, identify patterns, and visualize everything. It is very visible.

I deployed Ranger for one of our customers with a large infrastructure. Ranger provides clear network and asset visibility.

Singularity Complete was very helpful to our customers during the COVID-19 pandemic because many of their employees were working from home. When employees work from home, they often need to open ports from outside to active networks, which can make those networks more vulnerable to ransomware attacks. One of my customers had a traditional antivirus running, but it was unable to detect the ransomware. I deployed Singularity Complete to understand the attack pattern and block it. The customer was so happy with SentinelOne Singularity Complete that they renewed their subscription for four years in a row.

Singularity Complete increases the number of true positive alerts by detecting attacks that antivirus software misses.

Singularity Complete helps save time.

Singularity Complete has reduced the MTTD by ten percent.

Singularity Complete has reduced the MTTR. Where a traditional antivirus may take ten minutes, Singularity Complete takes two to three minutes.

Singularity Complete helps reduce organizational risk.

What is most valuable?

The anti-ransomware capability to analyze the threats and user-friendliness are the most valuable features.

What needs improvement?

When comparing SentinelOne to CrowdStrike, I find that CrowdStrike has more comprehensive vulnerability assessment tools. It offers a variety of Falcon tools, including deep inspection, while Singularity Complete does not have all of these features. It still sticks to EDR or EDP. Therefore, I need improvements to match the features that CrowdStrike offers, such as a higher level of vulnerability assessment and a better understanding of the IOCs in our system so that we can apply fixes.

SentinelOne Singularity Complete needs improvement on Linux machines. We identified a few issues with most of our Linux customers' machines. Specifically, the application is not working properly after installation.

A major area of Singularity Complete that needs improvement is the restart option. We do not need a restart after installing a CrowdStrike agent. So for organizations that are running 24/7 and can't restart their machines, we do not recommend SentinelOne Singularity Complete.

Buyer's Guide
SentinelOne Singularity Complete
March 2025
Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
848,716 professionals have used our research since 2012.

For how long have I used the solution?

I have been working with SentinelOne Singularity Complete for five years.

What do I think about the stability of the solution?

I would rate the stability of Singularity Complete nine out of ten.

What do I think about the scalability of the solution?

Singularity Complete can scale easily. 

How are customer service and support?

Overall the technical support is good but we sometimes have difficulty getting a hold of them.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We previously used CrowdStrike Falcon, but SentinelOne Singularity Complete is easier to deploy. CrowdStrike Falcon has many features and policies that need to be configured, while Singularity Complete is straightforward. It has a single policy and is very easy to deploy compared to CrowdStrike Falcon. However, CrowdStrike Falcon offers more features.

How was the initial setup?

The initial deployment is straightforward. We receive a URL extension from the company and we set the policies and install the agent.

I deploy the solution for POCs using 20 machines. We demonstrate the deployment methods, and the customer completes the rest of the process. We typically complete this task in two days. For larger organizations that have a lot of departments and branches, the deployment can take up to 15 days.

What's my experience with pricing, setup cost, and licensing?

SentinelOne Singularity Complete is cheaper than CrowdStrike but more expensive than any traditional anti-virus solution.

What other advice do I have?

I would rate SentinelOne Singularity Complete eight out of ten.

The Ranger functionality is not that important because it is optional, and most customers already have a solution for understanding their environment.

I would say that 90 percent of SentinelOne Singularity Complete is a quality product with only ten percent with room for improvement.

SentinelOne will not sell to organizations with fewer than 100 endpoints. Most of our clients are mid- to enterprise-level.

Maintenance is required, but the SentinelOne team maintains the cloud deployments, so we don't need to worry about it. The endpoint agents must be upgraded whenever an upgrade is available or when we have to fine-tune policies for customers to reduce false positives. One IT support person can handle any maintenance for the endpoints.

I suggest always doing a POC. If the customer is currently using traditional antivirus technology, they may not understand EDD, EPP, or EDR technology. Therefore, I always recommend a POC to help the customer understand these technologies. Customers should never implement an endpoint solution without a POC, because we don't know what endpoints are running on their system or how compatible the new solution will be with other endpoints. For example, if we are implementing a DLP solution, we should ask for a POC with all available agents, or we can deploy a test machine to understand the solution before implementing it in production.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
reviewer1710711 - PeerSpot reviewer
Information Architect & Security Officer at a wholesaler/distributor with 201-500 employees
Real User
Top 20
Has a user-friendly UI, saves us time, and reduces alerts
Pros and Cons
  • "The user interface, ease of maintenance, and the efficient way to identify the root cause of an incident to see all the factors that contributed to it are the most valuable features."
  • "The mobile agents need improvement, especially in their integration with the dashboard of the normal Windows Image-based agents."

What is our primary use case?

We use SentinelOne Singularity Complete as our next-generation EDR agent to block attacks in our environment.

We had some issues at one of the companies, where they were unable to block a ransomware attack. In my opinion, the EDR agent that we were using at the time was outdated and primarily relied on identifying malware by its signature or hash. This means that it could only detect known attacks. I believe that this was the main reason why the agent failed to block the ransomware attack.

How has it helped my organization?

We have integrated SentinelOne Singularity Complete with Azure AD and Fortinet, and we are aiming to integrate the system with Mimecast. The integration is seamless when we log in with enough permissions we are ready to go.

Ranger provides network and asset visibility. The installed agents can scan across networks that they are in. We can also set Ranger to require a minimum number of agents on a site before scanning begins. This prevents Ranger from scanning home networks when someone is working remotely with only one agent. In the pilot program, we set the minimum number of agents to zero, so Ranger began scanning for other endpoints on the site as soon as it was installed.

Ranger requires no new agents, hardware, or network changes. It gives us much more insight into what is actually happening on our networks, which is what we were looking for. Additionally, the way that SentinelOne allows us to isolate protected endpoints from unprotected endpoints is very nice. It is a very easy step into a network access control solution without all the overhead of doing that. It is a very basic way to get on the same level.

At this moment, we feel that we are in full control of the stages of managed endpoints. We didn't have that feeling before, but now we know that if we don't receive an alert from the system after a while, then we can be 99.9 percent sure that nothing is wrong. When we do get an alert, we need to take action. It may be a minor or major issue, but we need to do something. Regarding new installations of agents on new endpoints, we had some initial concerns that the agent would try to block applications running on those endpoints. However this issue only occurred on 8,000 endpoints, and we were able to resolve it by setting up an exclusion for the affected application. This was minor work, but it used to take a lot of time to install new agents on new endpoints with our previous solution. Now, both IT and other departments feel confident that we are in control. This is a huge difference.

Singularity Complete has helped reduce our false positive alerts. We used to receive hundreds of false positives each day until we implemented Singularity Complete, and now the false positive count is down to five per day. We also use the MDR services of SentinelOne. They are handling that for us, and we get a good insight into what actually happened. This is a huge difference.

Singularity Complete has helped free up time for our staff to work on other projects. Compared to the time we spent with the previous solution, we are now saving about 70 percent of our staff's time.

It has reduced our MTTD. It has also helped save our organizational costs. We are paying 20 percent less than our previous solution.

What is most valuable?

The user interface, ease of maintenance, and the efficient way to identify the root cause of an incident to see all the factors that contributed to it are the most valuable features.

What needs improvement?

The mobile agents need improvement, especially in their integration with the dashboard of the normal Windows Image-based agents. The goal was to achieve full integration support, but this has not yet happened. The integration is incomplete.

For how long have I used the solution?

I have been using SentinelOne Singularity Complete for two years.

What do I think about the stability of the solution?

SentinelOne Singularity Complete is extremely stable. We have not had any downtime on the cloud.

What do I think about the scalability of the solution?

SentinelOne Singularity Complete is scalable. To scale, we simply need to install agents, and the rest is taken care of by SentinelOne.

How are customer service and support?

The technical support is quick to respond and provide answers.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We previously used Trend Micro but switched to SentinelOne Singularity Complete after a successful ransomware attack. We were already looking for a different solution because Trend Micro was time-consuming to maintain, difficult to extract information from, and generated a lot of false positives. We never felt in control of our security posture.

How was the initial setup?

The initial deployment was straightforward. We first ran SentinelOne Singularity Complete in parallel with Trend Micro. This means that the agents can run in a monitoring policy or process, which sends us information about what the agent would block if it were in blocking mode. When we are confident that it is safe to switch to a blocking policy or policies, we can do so with a single click in the dashboard, and the agent or group of agents or all agents will start blocking. This is very easy to do, and we were able to deploy the agents to all endpoints in a matter of weeks.

What's my experience with pricing, setup cost, and licensing?

SentinelOne Singularity Complete is a fair price.

What other advice do I have?

I would rate SentinelOne Singularity Complete nine out of ten.

SentinelOne Singularity Complete is not a static platform, and new features are released all the time. This adds new value to the product on a regular basis. Compared to other systems, which can be difficult to understand, Singularity Complete is seamless and easy to use. We don't need to do anything to activate new features, and we are notified by email when they are ready to use. It is then up to us to decide whether or not to use them.

SentinelOne Singularity Complete is a mature solution, and our organization is booming because of it. We're not experiencing the issues that we typically encounter with new companies or solutions.

We have 800 users and Singularity Complete is deployed across multiple countries and locations.

For maintenance, we need to ensure our agents are always up to date.

We decided to start using the mobile agents because they were part of our initial purchase. We have already taken the next step and are now looking into Ranger AD. We will be looking into this next year to increase our security level. SentinelOne Singularity Complete is a very easy-to-use product that provides a high level of security and is very usable for us. This is how most security solutions should work. I am very positive about SentinelOne Singularity Complete as our security partner.

I suggest doing a POC to see if SentinelOne Singularity Complete is the right fit.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
SentinelOne Singularity Complete
March 2025
Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
848,716 professionals have used our research since 2012.
Dinesh Yadav - PeerSpot reviewer
Sales Director at CLOUD MIND
Reseller
Top 5
Offers MITRE ATT&CK reports, forensic investigation, and ransomware prevention
Pros and Cons
  • "The most valuable features are forensic investigation and ransomware prevention."
  • "The channel policy has room for improvement."

What is our primary use case?

SentinelOne Singularity Complete offers a ransomware warranty. In the event that any customer is attacked or falls victim to ransomware, they provide compensation of approximately one million dollars. Additionally, they offer 24-hour version monitoring, which allows them to continuously monitor the customer's environment. This monitoring helps them identify the source of any issues or attacks. They conduct thorough investigations to ensure everything is checked properly. Furthermore, they provide threat analysis reports.

How has it helped my organization?

SentinelOne Singularity Complete can ingest and correlate data across security solutions. It monitors the entire environment and accesses it in case of any incidents. It performs quarantining and provides detailed information to the customer about the origin of the incident.

It helped us consolidate our security solutions.

SentinelOne Singularity Complete helps reduce false alerts by 60 percent. It has also reduced our MTTD to 60 to 90 seconds.

Our MTTR has been reduced to 40 seconds.

SentinelOne Singularity Complete has saved us costs by preventing ransom attacks that could have cost us millions of dollars in the future.

SentinelOne Singularity Complete has helped reduce our organization's risks by 90 percent.

What is most valuable?

The most valuable features are forensic investigation and ransomware prevention.

What needs improvement?

The channel policy has room for improvement.

For how long have I used the solution?

I have been using SentinelOne Singularity Complete for five years.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

SentinelOne Singularity Complete is scalable.

How are customer service and support?

The technical support is good.

How would you rate customer service and support?

Positive

What's my experience with pricing, setup cost, and licensing?

SentinelOne Singularity Complete meets all enterprise requirements and is priced accordingly.

What other advice do I have?

I would rate SentinelOne Singularity Complete an eight out of ten. They are a market leader and have been established for a significant period. Additionally, their MITRE ATT&CK reports are quite helpful.

SentinelOne Singularity Complete agent is light and easy to deploy.

SentinelOne Singularity Complete is a mature product that has been in the market since 2011, and the company is well aware of what to do and what not to do.

SentinelOne, as a strategic security partner, is satisfactory.

I recommend SentinelOne Singularity Complete for enterprise organizations with a sufficient budget to invest in their security.

Disclosure: My company has a business relationship with this vendor other than being a customer: partner
PeerSpot user
reviewer2082525 - PeerSpot reviewer
IT Manager at a construction company with 51-200 employees
Real User
Top 5
It's an innovative platform that addresses issues automatically
Pros and Cons
  • "SentinelOne has improved the overall security posture of the firm without creating a lot of hassle for our end users. Everything is a bit more secure. We think Singularity Complete has helped us reduce our organizational risks."
  • "I rate Singularity Complete a seven out of ten for affordability. It's more expensive than our previous solution, but it does its job well. At the same time, there is some room for improvement. Cheaper is always better."

What is our primary use case?

We use Singularity Complete as our EDR software. It's replacing our old antivirus solution. It covers about 80 endpoints. 

How has it helped my organization?

SentinelOne has improved the overall security posture of the firm without creating a lot of hassle for our end-users. Everything is a bit more secure. We think Singularity Complete has helped us reduce our organizational risks. 

What is most valuable?

SentinelOne detects threats automatically and performs the remediation itself, so we don't need to constantly look at the logs. It reduces the meantime to respond because it automatically responds to the detected threats.

For how long have I used the solution?

We started using SentinelOne Singularity at the start of this year, so it has been nearly seven months.

What do I think about the stability of the solution?

I have had no stability issues so far. 

What do I think about the scalability of the solution?

We only started using it at the beginning of this year, so the number of users has stayed the same. I have no experience scaling it up, but it's easy to add more devices to the platform. I don't foresee having any problems with scalability.

How are customer service and support?

We receive technical support from our partner, so I have no experience with SentinelOne support. 

Which solution did I use previously and why did I switch?

We previously used Bitdefender as our antivirus solution. We switched to SentinelOne because we wanted to improve the overall security of our endpoints. SentinelOne offers more advanced and comprehensive protection than a traditional antivirus solution.  

How was the initial setup?

We contracted with a partner to deploy SentinelOne, so I wasn't involved in the deployment. Our partner also handles the maintenance.

What was our ROI?

SentinelOne is more expensive than our previous tool, but we're hoping to see a return by saving money on recovering from some kind of incident.

What's my experience with pricing, setup cost, and licensing?

I rate Singularity Complete a seven out of ten for affordability. It's more expensive than our previous solution, but it does its job well. At the same time, there is some room for improvement. Cheaper is always better.

Which other solutions did I evaluate?

Though Microsoft's solution was suggested, we only seriously considered SentinelOne. That was the one that stood out during research. Also, I heard from my peers that it was the best one, so I didn't look at other options.

What other advice do I have?

I rate SentinelOne Singularity Complete a nine out of ten. I recommend it. SentinelOne works as advertised. It's an innovative solution, but it's hard for me to compare it to other products because I don't have much security expertise. It's a mature solution that has no bugs that I've experienced. I have confidence in it.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Head of Global Solutions at Arete Advisors
Reseller
The Ranger feature scans the network and provides visibility into all the unsecured assets
Pros and Cons
  • "I like Singularity's rollback features, threat-hunting, and Ranger Insights. The Ranger feature scans the network and provides visibility into all the unsecured assets."
  • "Singularity's reporting isn't that great. The dashboards could be more customizable. It could be better integrated with other tools. SIEM tools provide better feeds. Singularity is a separate product altogether. It does not give enough information to integrate with different solutions to correlate better."

What is our primary use case?

We are a service provider with a huge customer base. Singularity Complete is a tool we use to protect our clients from ransomware and other external threats. SentinelOne has been our strategic partner for a long time, and we are one of their platinum partners in Central Europe. It covers all endpoints like laptops, desktops, and servers. It's used everywhere. 

How has it helped my organization?

We manage multiple clients with Singularity Complete, and the clients are happy with the protection it offers against external threats or ransomware attacks. It's an excellent tool for detecting those and preventing much greater damage.

Once you deploy the tool and spend a few weeks fine-tuning it, Singularity helps reduce the number of alerts. It decreases your alerts by around 25 percent. Singularity frees up staff for other projects and tasks.

Singularity has reduced our mean time to detect and respond. At most, detection takes up to 30 minutes. The response time depends on your configuration. Quarantine is happening in real-time. 

What is most valuable?

I like Singularity's rollback features, threat-hunting, and Ranger Insights. The Ranger feature scans the network and provides visibility into all the unsecured assets. It doesn't require any agents or network changes. It just gives us information about the unsecured assets that aren't managed by the IT departments of any company. It detects the vulnerabilities but doesn't prevent them. 

What needs improvement?

Singularity's reporting isn't that great. The dashboards could be more customizable. It could be better integrated with other tools. SIEM tools provide better feeds. Singularity is a separate product altogether. It does not give enough information to integrate with different solutions to correlate better.

For how long have I used the solution?

I have used Singularity for three years.

What do I think about the stability of the solution?

I rate Singularity Complete eight out of 10 for stability. 

What do I think about the scalability of the solution?

I rate Singularity Complete nine out of 10. 

How are customer service and support?

I rate SentinelOne support four out of 10. Their response is usually slow, even for priority one issues. They don't get on a call and fix the issue. They keep asking questions, so it gets frustrating sometimes. 

How would you rate customer service and support?

Positive

How was the initial setup?

Deploying Singularity was straightforward. The only issue is with the interoperability with other tools running in the customer's environment. We faced some challenges, but those were the initial teething issues. The solution requires some maintenance. You need to continuously update the agents and apply patches. We need multiple people to maintain the solution because we are a service provider with a huge customer base, but if you are deploying it for one client, one engineer is enough.

What was our ROI?

If an organization does not use this tool and gets attacked by ransomware or a threat, and it will incur costs in terms of a ransom or business loss. Singularity reduces organizational risk by about 30 to 35 percent. 

What's my experience with pricing, setup cost, and licensing?

Singularity is reasonable, but a few clients say it's expensive because they're comparing it with traditional antivirus. The pricing could be much cheaper for the Asia-Pacific region because it's a price-sensitive market.

What other advice do I have?

I rate SentinelOne Singularity Complete eight out of 10. Singularity Complete is a high-quality tool. The detections are good. We don't see many false positives. It's a good tool. It's still maturing but good. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
Deputy CISO at The University of Texas at El Paso
Real User
Top 20
Interoperable with great support and documentation
Pros and Cons
  • "It is great for security monitoring and blocking when needed."
  • "I've had some issues with the specific agents, however, we are moving off of that particular OS that we were having issues with. Other than that, it's been a pretty solid tool."

What is our primary use case?

It's our main EDR solution on campus for our university. It's the main solution that we deployed to our host throughout the university.

How has it helped my organization?

I wasn't here for the initial implementation, however, it was to replace a previous product that we had, so we wanted to move to something cleaner, easier to use, and an overall better product.

Its basic use, which is just an EDR solution for actively hunting and killing threats, is good. It does what we had intended it to do, and that's what it does a great job of.

What is most valuable?

The main feature, its EDR capabilities, is the most valuable. It is great for security monitoring and blocking when needed. It offers good basic operations of an antivirus solution.

Singularity's ability to ingest and correlate across security solutions is good. It does not ingest as much as it gives out. Right now, for us, there is not any ingesting happening for it right now. We don't have that set up.

The interoperability with other solutions or other third-party applications has been pretty solid. It's pretty standalone by itself. We're exporting a little bit of data from it, however, and we haven't had any issues.

Our mean time to detect is good. I wouldn't have the numbers on that, however, it's relatively quick. From some of the stuff that we've done investigations on, it's within the minute. It responds when it sees something within minutes and runs through its normal process of blocking and then alerting us about whatever was done.

The response comes to us. That's a human response. It's just the detection and alerting system, and then the response falls on us, and that varies depending on workload.

The quality is obviously great. They are mature. They change, they adapt as any security tool would in response to the threats in the threat landscape.

What needs improvement?

Off the top of my head, I can't think of much that’s wrong with the product. It's a pretty solid tool from top to bottom. I've had some issues with the specific agents, however, we are moving off of that particular OS that we were having issues with. Other than that, it's been a pretty solid tool.

We had a problem on the Singularity side. So for that particular issue, I’m not sure why it didn’t work with the OS, a Windows Server. It was an issue with some of the clients connecting to the console. We’ve been working with them and haven't been able to find out a single cause of failure.

For how long have I used the solution?

I've been using the solution for a year and a half. 

What do I think about the stability of the solution?

We haven't had any issues. There is nothing that's noticeable and it's never offline for long periods of time. 

What do I think about the scalability of the solution?

It's pretty scalable. There are a few operating systems that we've had issues with. Other than that, everything else has been pretty scalable.

How are customer service and support?

Technical support is super. They are very helpful and relatively quick to respond. Sometimes they take a little bit to respond, however, it's not super long. 

The company also has good online knowledge and it's pretty helpful. Usually, we'll access the database knowledge first and then go to support. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used CrowdStrike previously.

How was the initial setup?

I was not involved in the initial setup. 

I'm not hands-on. I'm more on the management side. Basically, we make sure that they connect, and I'll handle the management once everything's set up. I'm handling monitoring. Deployment is handled by another team. We have maybe ten team members who manage deployments. 

The maintenance is minimal. It's pretty self-sufficient. We just do normal reviews. 

From my point of view, the deployment is straightforward. 

What about the implementation team?

We use internal teams to handle deployment. 

What's my experience with pricing, setup cost, and licensing?

I'm not sure of the pricing. That's above me. I'm a technical person. It's not my arena.

What other advice do I have?

They also have this feature called Ranger. That one we don't have implemented. That's an extra fee, so we don't have it.

Overall, I'd rate the solution ten out of ten. It's been a pretty solid tool. 

I would probably recommend it over some of the other ones that I've seen only based on the ease of use. It does what it's supposed to do. It's been relatively fast and is also pretty complete from what we've seen. The product is not very difficult to learn.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Tim Hayes - PeerSpot reviewer
System Administrator at a wholesaler/distributor with 1,001-5,000 employees
Real User
Top 20
Lightweight, ready to go out of the box, and simple to use
Pros and Cons
  • "The product is a lighter client. Our previous solution ran heavy on the workstation and caused performance issues."
  • "The biggest thing for me in terms of improvements is the online console. There are frequent updates, and sometimes we'll get a little agitated getting signed in."

What is our primary use case?

We primarily use the solution as an antivirus and also as a network control with built-in policies regarding device control. 

How has it helped my organization?

The product is a lighter client. Our previous solution ran heavy on the workstations and caused performance issues. This is lightweight and doesn't take up system resources. 

What is most valuable?

You can use the solution right out of the box. It's ready to go with baseline policies and is good to use without any changes. It's only gotten better since we've added custom rules. 

It's simple to use and intuitive. It gives you good visibility and shows what is going on. 

The product works well with other SentinelOne solutions and third-party tools. It's pretty seamless. They make it pretty easy to integrate with other products and you can pull data pretty easily from the other solutions. 

The solution's ability to ingest and correlate across our security solutions is excellent. It has allowed us to blend data from another product we own. 

It's helped us consolidate our other security solutions.

The product provides network and asset visibility. The Ranger piece is probably one of the best items. We have other solutions for asset management, yet none is never 100%. With Ranger, we really get that visibility we need. Having Ranger built into one client and being easy to use has been perfect. It helps us prevent vulnerable devices from being compromised. We've discovered a few assets within our organization we were not managing fully and Ranger has helped us secure our environment just that little bit more. 

There are fewer complaints from users when scans are running. The previous solution just used up so many resources. This product runs seamlessly in the background and we know it's running since we get triggers on alerts that are legitimate catches. SentinelOne does a good job at detecting. It's reduced our alerts by 25%.

The product has helped to free up our staff for other projects and tasks. It's freed around 50% of their time. 

It's reduced our company's mean time to detect by 40% or more. It's also drastically improved the mean time to respond. We don't have to worry about false positives. We know when we get an alert that it's legitimate, and we need to act on it. That's improved by about 40% to 50%

What needs improvement?

The biggest thing for me in terms of improvements is the online console. There are frequent updates, and sometimes we'll get a little agitated getting signed in. However, on the product itself, I would not recommend any changes.

For how long have I used the solution?

I've used the solution for a little over a year.

What do I think about the stability of the solution?

The solution is very stable. Our old solution required babysitting to make sure everything was running correctly.

What do I think about the scalability of the solution?

Pretty much everybody in the company uses the solution. We have 1,300 deployed agents and ten administrators. 

The solution is absolutely scalable. 

How are customer service and support?

I have not had to use technical support.

Which solution did I use previously and why did I switch?

We previously used Sophos. The biggest reason for the switch to SentinelOne was the system resources that were used. Whenever it would kick in, I would get tickets related to machine performance. 

How was the initial setup?

The console is on the cloud, however, the devices are on-premises. The initial setup was very straightforward. Overall, it was fairly quick. We had more trouble getting the older product uninstalled than SentinelOne installed. We did the implementation slowly based on the business requirements. We deployed it over the course of a month. 

The company does a good job with training and keeping its documentation up to date.

It does not require much maintenance. Every now and then we might have one or two false positives.

What was our ROI?

We've seen a great ROI on the product. Obviously, we're still within our contract. That said, we've definitely seen a ROI. We've had a couple of incidents where something wouldn't have been detected previously.

What's my experience with pricing, setup cost, and licensing?

The solution is fairly priced for what you get. 

What other advice do I have?

We're a customer and end-user.

They do an excellent job at remaining innovative - including with their detection engines and everything involved in their product. They are doing an excellent job compared to everyone else.

SentinelOne has not been around for many years - yet the product is ahead of its time.

With any solution, I'd advise doing a proof of concept first. After that, I would not shy away from fully deploying this solution.

I'd rate the solution eight out of ten. The only thing that would improve the product is reducing the online console updates. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Mallappa Bagi - PeerSpot reviewer
Security Analyst at R V college of Engineering
Real User
Top 10
Helps reduce alerts because it can correlate the data
Pros and Cons
  • "They provide a map, a process tree, and that is pretty good for analysis."
  • "It would help if they could get all the relevant threat information, the related events, in one place. Currently, we need to go to a number of places and do research. If they could have it all in one place, that would help investigations."

What is our primary use case?

We use it mainly for EDR, alert handling, and development. It's a detection and response tool. It is mainly for protecting endpoints and having response capabilities. We use it as the one endpoint solution for all departments and all operating systems.

How has it helped my organization?

We get a lot of data from SentinelOne about threats, and obviously that helps protect the organization.

It helps reduce alerts because it can correlate the data. It doesn't just depend on hashes. It can see the behaviors, and that helps a lot to reduce alerts. Compared to our previous tool, it is detecting 20 to 30 percent fewer false alerts.

In addition, because it has real-time detection, it helps decrease our MTTR. Within seconds, we'll get the data. And for mean time to respond, we need to collect the data, and most of it is available. So it takes us five to 10 minutes to respond after detection.

For our organization, security is very important. If a solution is protecting us, it is like saving money. With SentinelOne's features and the fact that it is in the cloud, that makes it cheaper. As an EDR tool—the best one—it helps to reduce risk; in our organization by 30 to 40 percent.

What is most valuable?

They provide a map, a process tree, and that is pretty good for analysis.

Also, it can be integrated with third-party threat intelligence tools. From that perspective, it's good. And we can ingest SentinelOne data into Splunk and correlate and provide analysis on that.

It gets data from all the endpoints, and we'll have that in a centralized place, and we can track those cases to detect the threats. It helps protect the organization in that way.

And Ranger provides network and asset visibility. We have network-level data visibility, as well as endpoint data and application layer data. It has a good feature to collect all the domains that are initiated. That helps us see if there are any malicious connections on the machines. And it's simple because Ranger requires no new agents, hardware, or network changes.

What needs improvement?

They could add more visibility on the network side. That is currently done via a plugin.

Also, it would help if they could get all the relevant threat information, the related events, in one place. Currently, we need to go to a number of places and do research. If they could have it all in one place, that would help investigations.

For how long have I used the solution?

I have been working with SentinelOne Singularity Complete for about one and a half years.

What do I think about the stability of the solution?

It is a stable solution and it is growing.

What do I think about the scalability of the solution?

It can be extended in the cloud, so the scalability is a 9 out of ten.

How are customer service and support?

The tech support is really good. We get responses on time, as defined in the SLAs.

How would you rate customer service and support?

Positive

How was the initial setup?

The SentinelOne team helps with the implementation, and as it is a cloud SaaS application, we didn't have to do much. They have pretty well-defined documentation, and it is straightforward. And similarly, the maintenance is taken care of by the vendor.

What was our ROI?

We are seeing ROI because we are securing and protecting the company and, obviously, protecting its money as well. As an EDR, it's doing a good job of protecting the endpoints.

What's my experience with pricing, setup cost, and licensing?

It is comparatively cheap in the market and provides a good price point.

What other advice do I have?

In terms of maturity, SentinelOne is a good tool.

It can be used in any department in an environment with Windows, Linux, and Mac machines.

Use it, but start with documentation. Once you understand the basics, it is pretty straightforward.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2025
Buyer's Guide
Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros sharing their opinions.