We use it for endpoint protection. It is our antivirus and EDR solution.
We are also using it for device control, such as blocking USBs, and we also use it for network control. We are blocking port access on machines.
We use it for endpoint protection. It is our antivirus and EDR solution.
We are also using it for device control, such as blocking USBs, and we also use it for network control. We are blocking port access on machines.
Singularity Complete has saved us time. I recently did the agent upgrade. I used their upgrade policy and just specified the maintenance window and things like that. The first two times I updated the agents, I used to sit there and highlight the endpoints and run agent updates, but this time, I used auto-upgrade. With auto-upgrade, it ran between 6 PM to 8 AM, and then it ran all day on the weekend, and it was up in there. In one day, it updated 1,000 endpoints. That was pretty cool. I did not have to sit there and do the manual work. I just watched the system to make sure that the endpoints got updated. That was pretty cool. It is nice to know that I do not have to sit there, and I can just create a policy and let it go. It definitely saves time.
Singularity Complete has reduced our mean time to detect (MTTD). I get an email pretty much right off the bat. When an alert pops up, I get an email from my ticketing system, so it is pretty quick. If I am on my desk. I take care of it pretty quickly. Currently, I am the main person running this, and other people back me up when I am not around. I am hoping I can get somebody else trained on this.
Singularity Complete has helped reduce our organizational risk. It is somewhere in the middle when it comes to contributing to our security posture.
SentinelOne has been a good partner. We mostly use Mac and Windows systems, and we were able to do device control and network control out of SentinelOne rather than through MDM. We are doing it all through SentinelOne. We did not have any conflict in the apps.
In terms of interoperability, we have plugged it into our Alert Logic MDR. It flags to our MDR. For example, if a threat cannot be mitigated or it is hard to mitigate a threat, then the MDR will notify us. Some of the things related to applications could use some work, but they are in the process of fixing this. We will then be able to update and disable applications through SentinelOne.
Device control and network control are valuable.
They updated the console, and on the incidents page, we can break down the incidents and see all attack attempts. It is pretty cool and in-depth.
The application management needs improvements, but I understand that they are working on it. We talked to them a few months ago, and it is something they are trying to get up to speed and fix. This way, we will be able to disable critical apps or vulnerable apps through SentinelOne. We will be able to patch applications or disable applications through the Application Management tab.
Singularity Complete has not helped reduce alerts. In fact, it produces a lot of false positives. It does its job, but I have spent the last week fine-tuning the system and trying to suppress false positives. I am getting a hang of it.
I have been using SentinelOne Singularity Complete for about a year and a half.
Its stability is very good. Recently, one person had an issue, and I had to reinstall the agent. They had lost their Internet connectivity. We put in some strategy work, and we had to go in there and figure out which ports are open, but other than that, it has been very good.
Its scalability is pretty good.
I have interacted with their support. They are always pretty easy to get a hold of. I never have to wait. They are helpful. They have resolved any issue that I have ever brought up with them in a timely manner. I would rate them a 10 out of 10.
Positive
It is a cloud solution. I inherited it, so I was not there when they implemented it. It was implemented about six months before I got hired. It was probably deployed in late 2021, and I started in February 2022.
It requires a little bit of maintenance in terms of fine-tuning the false positives and things like that. For example, because people use Logitech devices, I had to suppress the alerts because they kept popping up because the hash was always different. I have noticed that when a new agent comes, it can be a little aggressive in the beginning. I have to fine-tune the alerts a little bit, but that is a part of the process. I update the agents twice a year. I will try to do it more because now I know how the upgrade policy works. The only thing I am not yet good at is reviewing the Mac logs. Windows logs are easy because of the years of Windows experience and the use of Windows Event Viewer. I just got to be better with the Mac logs.
In terms of cost savings, I am starting to get into the budget, but we have not got any malware or serious incidents. There are money savings when you do not have serious incidents.
We have not had any downtime. We have not had anybody's machines compromised. It has been protecting the endpoints pretty well. It has been pretty quiet. We have not had anything that we would consider a major incident, so it is doing pretty well.
I do not know much about it. From what I understand, it is pricey, but it works. It is a very good product.
I also used SentinelOne five years ago at another company, and I find it to be way better now. It is a much more refined product. It does not actively scan the system the way it used to. It has come a long way in terms of performance on the machines. It does not hinder the performance of developers' machines. I hear no complaints about SentinelOne blocking or grinding machines to a halt with scans when developers are doing builds and things like that. It has improved greatly. Five years ago, I used to hear complaints about SentinelOne slowing down the systems, but I have not heard that once here.
We tested the Ranger functionality a bit. We were demoing it. Ranger was pretty cool for the visibility of devices, but we did not find a use for it.
Overall, I would rate SentinelOne Singularity Complete a 9 out of 10.
We use SentinelOne Singularity Complete to protect our environment.
SentinelOne Singularity Complete has helped us reduce the number of alerts we receive. I was attacked three times, and each time I received an alert. There were a lot of good features in SentinelOne that we were not aware of until we contacted them after we were hacked. SentinelOne took the role of fast response protection and took action.
SentinelOne Singularity Complete has freed up our staff's time to work on other tasks and projects. I made many changes to my department this year, including migrating all of my servers from on-premises to the cloud. With Singularity Complete, I was able to protect my cloud servers immediately and shut down my on-premises. I was also able to receive notifications of changes to IP addresses and users, which are common changes that occur during a migration. Sentinel was able to alert me every time there was a change.
In terms of service, SentinelOne has very great service. They respond immediately as soon as we open a ticket. I got attacked last year, and they were able to help me resolve my issues. So I got a fast response. Of course, we paid for it, but in terms of professionalism and support, they were extremely professional, and they have a lot of professional people working for them.
The most valuable feature is the quick response to attacks.
The SentinelOne portal is not user-friendly, which is one of its drawbacks. We have to search for options to disable and enable protection. We have to go through it on our own to find the options we need to add or remove notifications. SentinelOne did not tell us about these options until we encountered problems and had to contact them. We were not well informed. When we first implemented the solution all the options were turned off and we did not know that we had to navigate through and turn on what we required.
The MTTD has room for improvement. I was attacked last year and did not receive an alert from SentinelOne Singularity Complete until 24 hours after the attack occurred.
I have been using SentinelOne Singularity Complete for two years.
SentinelOne Singularity Complete is stable and we have not encountered any issues.
I would rate SentinelOne Singularity Complete's scalability an eight out of ten.
We do not have a support package, so we pay per use, which is expensive. However, they are very professional and follow up well. They took charge immediately, found a solution immediately, and blocked the ransomware attack. They also gave us details on what to do next. Two to three days later, they called my department back and followed up with the system administrator to make sure everything was okay. Overall, I am satisfied with their service.
Positive
I previously used Microsoft Defender and Sophos. SentinelOne is a much better solution than Defender and has a quicker response time to alerts and attacks than Sophos.
The initial deployment was straightforward. Implementing SentinelOne was not complicated, and more user-friendly than the others.
The deployment was completed by myself and one admin.
SentinelOne Singularity Complete is expensive compared to Microsoft but not Sophos. However, it is worth the price for its quick response and immediate remediation options.
I would rate SentinelOne Singularity Complete nine out of ten. SentinelOne is one of the best security solutions I have worked with. I would rank it in the top three best platforms for security.
SentinelOne Singularity Complete is an aggressive and accurate security solution.
No maintenance is required except for updates that we push out to all end users.
For organizations that want an aggressive security partner, I recommend SentinelOne Singularity Complete.
Although SentinelOne Singularity Complete is expensive, I have no qualms about investing more money in the security of my department and data. I would definitely recommend SentinelOne Singularity Complete. It gives me peace of mind knowing that my data is safe.
We use SentinelOne Singularity Complete for our endpoint security.
The visibility that SentinelOne Singularity Complete provides throughout our organization is good.
SentinelOne Singularity Complete's capability to intake and correlate across our security solutions is great. As long as we have configured everything correctly and are monitoring the logs to respond to potential threats, we have the assurance that the threats are being identified and thwarted. A year ago, we faced a malicious attack that was detected and halted by SentinelOne EDR, which played a pivotal role in saving me.
SentinelOne Singularity Complete has certainly helped reduce the number of alerts we were receiving. Previously, I was using McAfee, and I had numerous threats and malware present in my environment that were only detected by SentinelOne Singularity Complete. This assistance facilitated the remediation of those threats and subsequently led to a decrease in security alerts.
SentinelOne Singularity Complete has saved us time by identifying the threats in real-time saving us long investigation times.
SentinelOne Singularity Complete's MTTD is immediate.
The MTTR is good.
The most valuable feature is the automatic remediation.
The reporting dashboards require improvement. Currently, they lack customization options, preventing me from generating a summarized executive report for management.
SentinelOne's customer support is sluggish and frequently fails to deliver sufficient assistance. The quality of after-sales support is also subpar and requires enhancement. The support is not meeting the expected standards, and as a result, I am feeling dissatisfied.
I have been using SentinelOne Singularity Complete for one and a half years.
SentinelOne Singularity Complete is stable.
The customer service and support are unsatisfactory. I have been attempting to initiate the MDR services and have reached out to my account representative at SentinelOne for three months now, with no results. I am disappointed that I am unable to integrate any details into my environment, which would allow me to present information on a monthly and quarterly basis. I require this information to assess the performance with my MDR representative, but these matters are not progressing. I feel deceived.
Negative
I previously used McAfee but it was not able to detect some of the malware threats that SentinelOne Singularity Complete does.
The initial setup is straightforward as long as we are not dealing with legacy systems. In the manufacturing industry, many systems utilize older operating systems like Windows 2000, which run traditional applications that cannot be removed. Deploying on Unix is also challenging, whereas Windows Ten is straightforward.
We deploy in large manufacturing environments and there were around 80 people involved in the deployments.
The implementation was completed by the SentinelOne team.
SentinelOne Singularity Complete can be expensive for the SMB market but is suitable for enterprise-level organizations. The service provided by SentinelOne is not up to par with the cost we are paying.
I carried out a Proof of Concept with several Endpoint Detection and Response solutions, including CrowdStrike, Trend Micro, and VMware. However, none of them were able to meet my requirements in the same way that SentinelOne Singularity Complete does.
I would rate SentinelOne Singularity Complete a six out of ten.
Currently, I have not yet completed the integration with third-party tools. However, I am utilizing the Sentinel logs as inputs for my Security Operations Center services, and I am gaining comprehensive visibility from this approach.
We have the Core version for almost all our endpoints. We will be installing it completely for the US, who wants more products, and India, because we have experienced that India is more exposed to threats.
We are currently updating our agents from 4.0.5 to 4.2.
Every day, we check threats that come from outside.
The solution is powerful because we just have to update the agent by using the console, which is simple to do. I just select the endpoints and click "Update" on the console. That is it, because it is very easy to use.
Regarding threats, it is very powerful. It highlights them immediately on the console, then you can decide if it's a false positive or an actually real threat.
SentinelOne's distributed intelligence at the endpoint is very powerful and works well.
I would like to improve the reports because they are not so customizable and we would like more info from them.
I cannot download all the hosts that we have on our tenant, because there is limit of 10,000. I have asked our provider to work with SentinelOne to fix this. For example, my complaint is that if I want to download an Excel file or CSV, I have a limit of 10,000 rows. However, in our tenant environment, we can download more than 16,000 rows.
We started deploying it in 2018.
It has been a stable product.
The process is completely automatic when an endpoint connects to the console. At that point, the agent will be updated. However, when we install a new machine, we have to install it manually, even the agent.
We have never had an issue with scalability.
We have 15,447 endpoints in total with the Core version. 99.99 percent of the endpoint usage is Windows. We also use it with a few Macs and Linux. It is really powerful from this point of view.
Our SOC has logged some tickets with the technical support. They have never complained about SentinelOne's support.
Previously, we had the McAfee, which was complicated to managed.
We heard about this SentinelOne and its new antivirus, so we contacted our consultant who organized a PoC. After the PoC, we decided to migrate the solution.
I have been satisfied with the new antivirus.
For deploying, it takes a long time. Our process was first to install SentinelOne with McAfee, having two antiviruses in the same host. Then, we started to uninstall McAfee. That process took about six to nine months because we had a lot of endpoints to deploy.
The antivirus migration was normal. The only thing that was tricky was the removal of the McAfee tool because sometimes it worked incorrectly and didn't uninstall the antivirus.
The installation was done by our SOC and me. Our SOC is comprised of five to six people. The SOC personnel are the same people who currently maintain the solution.
I think the solution has reduced our incident response time and mean time to repair.
SentinelOne is easier to use than McAfee was. With the SentinelOne console, you have everything you need, like the dashboard and configuration, which makes it easier to manage than McAfee. However, I have more experience with McAfee.
We have a SOC managing our environment. They are very happy with features that SentinelOne provides.
We will be upgrading to complete version next year, including Deep Visibility. This includes 2,000 endpoints for the USA and India. However, we currently haven't enabled this feature.
We have never needed the solution’s one-click, automatic remediation and rollback for restoring an endpoint, but the feature is very powerful.
Biggest lesson learnt from using SentinelOne: Never trust anyone.
I would rate this solution as a 10 out of 10.
We use Singularity to secure our workstations and servers.
Singularity has added some features to our security setup. It adds layers of protection to our security servers and workstations. One advantage of Singularity over other traditional antivirus products I use is that it doesn't use as many resources as other products.
If you resolve them permanently, the solution can reduce the number of alerts. Some applications keep triggering alerts, and you need to remove them, or they will continue to do so. We need physical signatures to prevent them from alerting again in the future. We can reduce the alerts by about 80 to 90 percent annually. Our old antivirus wouldn't flag some applications as malicious, but SentinelOne detected them, so we removed those applications, and it reduced our alerts.
Singularity has reduced our organizational risk by about 80 to 90 percent. We were able to address those alerts and remove a lot of malicious files that our previous solution didn't recognize. We saw a significant advantage in the first year. We've experienced a massive improvement in our mean time to detect. We have a large user base, but Singularity Complete performs better than our previous solution.
Singularity has the same features as other antivirus products, but it provides an added layer of security and vulnerability protection. It's also light on resources. Singularity doesn't use a lot of CPU or memory. We can consolidate our security solutions into one centralized platform, and monitor all our workstations and servers from one place.
SentinelOne is causing a problem with the data service that causes one of our applications to crash randomly. We're still looking for a permanent fix, but we have implemented a temporary workaround that excludes that application from the scan.
I have used Singularity for 4 or 5 years.
I rate Singularity Complete 9 out of 10 for stability.
I rate Singularity Complete 9 out of 10 for scalability.
I rate SentinelOne support 9 out of 10 because they're very responsive.
Positive
I previously worked with Sophos and ESET. The primary reason we prefer SentinelOne is that it doesn't consume a lot of resources.
Deploying Singularity is straightforward, and it doesn't require you to restart the servers in the latest version.
Singularity isn't cheap, but it's worth what we pay for it.
I rate SentinelOne Singularity Complete 9 out of 10 overall. Singularity performs as well as expected, and it's less resource-intensive than other products.
We have deployed SentinelOne Singularity Complete on all of our internal employee workstations. It is our endpoint solution for extended detection and response and all of the components within that scope.
We implemented SentinelOne Singularity Complete to help us address our cybersecurity challenges, mitigate threats to our machines and organization, and protect our data.
SentinelOne Singularity Complete integrates well with other third-party solutions, such as Palo Alto Networks, which we use for VPNs, and Zscaler, which we use for content filtering. The fact that it is not an invasive program is great. Therefore, staying in alignment with what SentinelOne is currently doing with the platform is something I would definitely recommend. Something to avoid when choosing an endpoint protection solution is resource consumption. People develop a bad reputation for a product when they detect it impeding their workflow. So, as long as SentinelOne can avoid this, they are on the right track.
It ingests and correlates data across all of our security solutions. It is a modern solution that I am extremely satisfied with.
SentinelOne Singularity Complete has helped us consolidate our security solutions. It is an extended detection and response solution that provides us with detection and response capabilities, as well as heuristic-based protection. It is a very modern endpoint protection solution. I think it is very competitive with other software such as Trend Micro.
SentinelOne Singularity Complete is a modern endpoint protection solution that addresses the cybersecurity needs of the organization realistically and from a compliance perspective. Since I joined the team a year ago, I have seen the benefits.
SentinelOne Singularity Complete reduces the number of alerts because it is an easy-to-manage solution without thousands of data sources. When we do receive alerts, Singularity Complete provides concise and actionable information.
SentinelOne Singularity Complete is a manageable solution that scales and does not require a dedicated person to handle it.
I am satisfied with SentinelOne Singularity Completes MTTD.
SentinelOne Singularity Complete helps reduce the MTTR because it provides actionable steps when something is detected. It also helped us reduce our organizational risk. It uses modern techniques to identify threat actors and helps us maintain compliance. As a large international company involved in governance, it is important to us that Singularity Complete reduces our organizational risk.
SentinelOne Singularity Complete does not consume many resources compared to the competition, like McAfee. The external drive scanning is great.
I am not a fan of the UI and feel it has room for improvement.
Heuristic analysis can always be improved. Many companies need to work on this. So, I think the sooner SentinelOne, for example, can get ahead of the curve on that, the sooner we can count on it as a realistic enterprise solution.
I have been using SentinelOne Singularity Complete for over one year.
SentinelOne Singularity Complete is one of the most stable solutions we have in our stack.
SentinelOne Singularity Complete is scalable.
The few times I have used the technical support it has been a good experience.
Positive
I would rate SentinelOne Singularity Complete eight out of ten.
Although we can use a multifaceted approach with different products, this has both advantages and disadvantages. For example, if one product fails, the entire system does not. However, it would be an advantage if SentinelOne offered other tools, such as VPN and encryption. SentinelOne Singularity Complete is a cutting-edge, modern solution that offers a multifaceted approach to XDR. It is not outdated like many other programs. As long as SentinelOne continues to innovate and evolve in the cybersecurity landscape, it will remain a leading solution.
One of the things that really impressed me about SentinelOne Singularity Complete compared to other solutions was their commitment to taking cybersecurity practitioners seriously. This is anecdotal, as I met some of the most technical professionals working at their booth at Black Hat, while many other booths were staffed by sales representatives. As a practitioner, the fact that I can't ask many sales representatives very technical questions is not a good reflection on the company. SentinelOne was different. I was able to have very technical discussions with their staff, which shows that they take their approach very seriously.
SentinelOne Singularity Complete is at the forefront of cybersecurity protection. I consider it a great solution option, and I strongly recommend comparing it to other offerings. I believe it will stand up well against the competition.
We are a Fortune 500 company, and SentinelOne Singularity Complete is deployed on tens of thousands of endpoints.
SentinelOne Singularity Complete is a set-and-forget solution when it comes to maintenance.
I have good impressions of SentinelOne as a strategic security partner.
Organizations should research any solution before implementing it. The price of one product may make sense for some organizations but not others. Apply the same due diligence to any solution that will affect the organization's overall security posture.
We use it at our enterprise to protect all of our endpoints. We needed an EDR tool, and this product was one of the top options that we looked at at the time.
We definitely get a lot more insights into incidents. When we get an alert, we can go a lot deeper into the information and investigate.
The deep visibility is really important for us. With it, we can really look deep into some of the incidents.
Singularity's interoperability with other SentinelOne is okay. It does an okay job. We can tie it into some of our other tools.
The solution's ability to ingest and correlate across our security solutions is okay. We can tie it into messaging solutions so that we can get alerts directly rather than logging into the console.
It reduces alerts. There are not a lot fewer false positives. I'm not sure the percentage it has reduced, however in comparison to before, it is definitely less.
The product does save a lot of time and we are able to get to tasks and respond quicker. It's helped reduce our mean time to respond.
It's helped us save costs in some areas. It would be based on hours saved. While the solution itself is a little more expensive, operationally, it helps us reduce costs.
We did use the Ranger functionality. However, there was some scanning going on and it caused a lot of noise, so we had to disable it.
The remote console is currently an add-on. Having the remote console without having to pay a huge fee would be ideal. They could reduce the cost a lot.
There was an issue a few months ago where the agent kept getting shut off, however, now there's a newer agent and that's not happening anymore.
I've used the solution for almost two years now.
The stability has gotten better and better over the last two years.
The solution is deployed across 2,000 machines in four properties.
It can scale well. We keep deploying it further and it works.
Technical support does a good job. I've never had to work with support a ton. They do a decent job.
Positive
We had previously used a few solutions, including FireEye and Endgame. We left Endgame when they got bought out shortly after we bought them and it felt stagnant.
The deployment was pretty straightforward. We deployed it originally in a reduced state until we had an outline for a majority of machines when we could protect the environment better.
We had two or three staff members who handled the deployment.
There is some maintenance required. We do have to monitor and fix agents and occasionally update the product. There are two to three people who perform occasional maintenance duties.
We set up the product ourselves.
We have witnessed an ROI, although I can't speak to the exact number or percentage.
I don't have any visibility on the pricing.
We did evaluate other options. We looked into CrowdStrike and SentinelOne and maybe one other option, however, it wasn't considered very long. We demoed CrowdStrike and went with SentinelOne as it was more user-friendly and had a better flow. CrowdStrike felt thrown together and was hard to navigate.
SentinelOne's ability to be innovative is good. They've done a good job. Over the last two years, the product has continued to improve, change, and add valuable features.
The quality of the product is good. It feels mature and is well-developed. I don't have any concerns with its technology.
They are a good strategic security partner. They are a growing company and one of the leading EDR tools in the space.
I'd rate the solution nine out of ten. I would recommend it to others.
The most important feature is the roll-back feature because when any system is corrupted, we can easily restore it within a few seconds. Also, if an end-user is not connected to your network, they can communicate with the central manager. We can be notified of any end-user activity with a central dashboard. The solution is also a very lightweight agent model compared to other solutions like Sophos, Carbon Black and the app action from X-microsite product. SentinelOne does not use the RAM SCP installation for the agent, and the user interface is also straightforward.
The setup process could be improved, and it would be good if artificial intelligence were added as an additional feature in the next release.
We used SentinelOne at my previous company before I left eight months ago, and it was deployed on cloud base.
It is a stable solution.
It is a scalable solution, and we have about 800 users using SentinelOne. We only need one person for maintenance, and they can offer maintenance in person and remotely via email and SMS.
I rate the technical support a ten out of ten. The support is very easy if you connect with global support. A company focused on non-technical issues can't easily adopt the solution. You have a support team from the layman language.
The initial setup was a bit complex but very simple if you set up a single order.
I rate the price of SentinelOne a ten out of ten, meaning it is the best price in the market. This is because SentinelOne has a nominal cost. For example, if CrowdStrike costs $1000, SentinelOne provides the same features for about $7 to $8.
I rate this solution a ten out of ten. I have around 10 to 15 years of experience in security and have used products like Sophos, Micro and CrowdStrike. CrowdStrike and SentinelOne are the best, but SentinelOne is preferred because of its great features and nominal cost.
Thank you, Claudio, for your kind words and for trusting SentinelOne with your endpoint security.