SentinelOne Singularity Complete Reviews

We use SentinelOne Singularity Complete to protect all of our servers and cloud workloads, whether they are on-premises or hosted in the cloud.

We were transitioning from our legacy antivirus protection system, which required a lot of overhead to maintain, ensure they were up to date, and verify their performance. It also tended to hurt system performance. We therefore sought to move to a modern EDR solution that did not rely on that type of outdated technology. We migrated to SentinelOne, which gave us better protection without the adverse consequences of legacy AV products.

SentinelOne Singularity Complete is deployed on workstations, data centers, servers in the public cloud, and all of our mobile devices, which are very numerous.

The integration between SentinelOne and IBM QRadar, our security operation center SIEM, is important and works extremely well. It means that if there are any alerts on the SentinelOne platform, they will be sent to QRadar, where a stack analyst will review them. This allows us to start working on incidents quickly, without having to have people continuously monitoring the SentinelOne console. Another benefit of the integration is that it makes it easy to deploy new or upgraded versions of the SentinelOne software to all of our endpoints and servers. We simply notify the data center run by the customer success team, and they take care of the deployment. This eliminates the need for IT overhead to keep everything up to date, which is important from a governance perspective.

The integration with other SentinelOne products and third-party tools is very good.

SentinelOne Singularity Complete's ability to ingest and correlate data from our other security solutions is good. If we look at a diagram of our security operation systems, we can see that the SIEM is at the center of everything. All other products, such as SentinelOne, Chain, patch management, and abnormal security for email, feed into the SIEM, which is where the stack measures everything. Therefore, SentinelOne does not integrate with other solutions directly, but rather through the SIEM.

In the three years since we began using SentinelOne Singularity Complete, we have not had a major security incident. We have observed malware entering browsers through websites, but SentinelOne has always dealt with it effectively. Therefore, we see the benefits of the platform in the absence of any significant events. As long as SentinelOne Singularity Complete continues to operate quietly, we are happy with its performance.

SentinelOne Singularity Complete alerts when it should, and those alerts are sent to the SIEM. I don't approach EDR or SentinelOne from the perspective of wanting to reduce alerts, because I want those alerts. I rely on peripheral systems like SentinelOne to always tell the SIEM anything it needs to know. So, I'm not approaching this from an alert minimization perspective. Instead, I approach it from this perspective: If we have a high, medium, or low alert, it's up to us to decide how we're feeding our highest rate and mediums, but we don't need to feed in the lowest alerts because we don't see the benefit of that. It's up to us to make that judgment. And obviously, our high and medium alerts will be smaller, and our lows will be higher. It's up to the customer to decide how much they want to send over to the team.

SentinelOne Singularity Complete has helped free up our staff time around one day per week.

SentinelOne Singularity Complete helps reduce our MTTD.

SentinelOne Singularity Complete has reduced our MTTR by 25 percent. It is a more reliable product, so we receive alerts and respond to them more quickly than we did with the previous product.

SentinelOne Singularity Complete has reduced our organizational risks by five percent.

The most valuable aspect of SentinelOne Singularity Complete is the protection it provides. We get endpoint protection without the IT team workloads and the negative impact on end-user rotation servers. This is because of the way SentinelOne has implemented the technology.

One of my criticisms of SentinelOne is the Ranger functionality. If Ranger were part of the core product, we would be able to identify endpoints or servers that need to be protected with our licenses. However, to get Ranger, we need to buy more licenses, which doubles our costs. I would like to have Ranger, but I challenge the way that SentinelOne licenses it. I believe that Ranger should be a core part of the product. If we run Ranger today and find that 100 devices on our network are not protected by SentinelOne, we would then need to add on those 100 licenses to cover them.

The licensing model is too complex, whether we agree with all parts of it or not. Everything is now offered as a service, so the console and the licensing model can be improved to make things easier, especially when updating new versions of the software.

I have been using SentinelOne Singularity Complete for three years. 

SentinelOne Singularity Complete is stable.

SentinelOne Singularity Complete is highly scalable.

We are happy with SentinelOne's technical support.

Neutral

We previously used a legacy solution. The migration over to SentinelOne Singularity Complete was relatively trouble-free.

Once all testing was complete, the deployment was straightforward. Eight part-time employees completed the deployment in three months.

The only return on investment we can point to with any EDR is that we have not been attacked.

SentinelOne Singularity Complete is reasonably priced. Compared to other products I've used in the past, such as CrowdStrike, it is significantly less expensive. I can easily find evidence of this price difference, so I believe that SentinelOne is a fairly priced product.

I would rate SentinelOne Singularity Complete eight out of ten.

SentinelOne Singularity Complete is a mature solution of the highest quality.

We have deployed SentinelOne Singularity Complete worldwide in airlines from Australia, throughout Europe, and across Africa in a complex environment.

We have 4,500 endpoints and around ten active users.

The maintenance level for SentinelOne Singularity Complete is relatively low.

SentinelOne is good as a security partner. They do exactly what we expect of them and it protects us.

I would always conduct a proof of concept for these types of products, as each environment is different. Even though SentinelOne Singularity Complete works well, a POC should always be done.

We use SentinelOne Singularity Complete as the antivirus for our computers.

We wanted a solution that could maintain the protection of our computers so we implemented SentinelOne Singularity Complete.

SentinelOne Singularity Complete is a lightweight application with a quick threat response.

Singularity Complete has helped reduce our alerts with prompt responses.

Singularity Complete has freed up several hours of our staff's time each week, allowing them to focus on other projects. They no longer need to manually monitor hundreds of computers, as they now have a single dashboard to manage them.

It has reduced our MTTD through prompt action taken against the vulnerability or threat.

It has also reduced our MTTR through quick notifications that allow us to respond within minutes.

Singularity Complete has helped us reduce our organizational risk.

The management dashboard is the most valuable feature.

The most difficult part of using Singularity Complete is logging in, as they often update the management console. I don't know if our accounts become disassociated or what the deal is, but if we don't log in within a certain amount of time, we have to go through a password reset or account reset process.

I have been using SentinelOne Singularity Complete for around five years.

SentinelOne Singularity Complete is stable with no downtime.

SentinelOne Singularity Complete is scalable.

The technical support team is prompt.

Positive

The price is fair for what we are getting.

I would rate SentinelOne Singularity Complete nine out of ten.

SentinelOne is very mature. It's a lightweight application that does not waste a lot of resources, and the quality is definitely good.

Singularity Complete is a self-sustained standalone application that updates to the cloud. Every computer checks in and updates as needed.

I manage our future application deployments and ensure that Singularity Complete is automatically pushed out and kept up to date.

SentinelOne is a good overall security partner.

It's always worth testing out different solutions and finding the one that works for each organization. But as far as SentinelOne Singularity Complete goes, it's been an easy process for our organization and I recommend it to others.

We mostly use SentinelOne to protect our computers and know which users are logging in.

SentinelOne gives the end-user and our IT staff a level of security, knowing that when they're downloading something, talking to a client, or looking at email, their computer is secure. And if, God forbid, they click on the wrong link or download the wrong item, SentinelOne will step in and block anything from happening.

The simplicity of the solution is key. There's only one portal to look at. I don't have to jump around to a couple of programs or combine multiple programs into one. It provides ease of management for me and my team.

And with Singularity, I don't have to worry as much about scanning. It has taken some of my daily activities away, such as system scans, identity scans, and making sure that everything is updated. Also, I now don't have to manually update anything on the laptops for security. The fact that SentinelOne can do that automatically has given me time back in my day.

It saves us at least a couple hours a week, and more if we need to do a full upgrade. If we're doing a full upgrade and have to update every SentinelOne client or any endpoint protection, it could take a day to touch every computer. Now, it takes five minutes to make a policy and push it. It all depends on what the day's workload is, but it definitely saves us time.

In terms of reducing alerts, that did not happen at the beginning, but now that we have it fine-tuned, I don't get as many false alerts. It has really dialed itself in to know what issues to look for. We're not getting spammed with insignificant stuff anymore. It definitely took some time to figure out the alert system and how to make the emails work for us. But now that we have it running, I know that when I get a notification that it's a real one.

And it has reduced our mean time to detect because I don't have to detect. It does it for me. And similarly, for our mean time to respond, it's definitely quicker because I get the email notification right away, and it becomes a priority in our ticketing queue from the notification. Once that comes in, someone on my team stops what they're doing and looks at the alert set. Nothing will sit on the network for long now with it scanning all the time.

It has reduced our organizational risk.

The alerting features are the most valuable. We know that when something goes wrong, we get alerted instantly. That gives us a leg up. Even before the user knows what's happening, we're being alerted to step in and stop anything catastrophic from happening.

I would like to see a better mobile app so that I could look through my phone at the alerts and not have to go to the website. They should make it a little more mobile-accessible.

We have been using SentinelOne Singularity for about a year and a half.

There have been no issues at all.

Scaling is easy. It's not hard to expand it at this point.

When I contacted their technical support, the experience was okay. They fixed the issue. It was just a matter of getting to the right person.

I would rate SentinelOne highly as a strategic security partner. For any issues we had, they have been responsive, talking to the vigilance team and high-level teams. Again, it always comes down to finding the right person. It takes time to get to the right person, but once we get there, it's fine. They are able to help with our needs.

Positive

We previously used Sophos. We switched to Singularity because it's simpler, easier to use, and rated higher.

When looking at the quality and maturity of Singularity, it's a great program. Depending on what program you are coming from, there might be a little learning curve, but once you get past that, it's easy to use, and it becomes very intuitive after some time.

It took some time to figure out how to make the deployment work, to get it on everyone's computers, and to get the organization to fully adopt it, but it really wasn't hard in the long run now that we have it deployed.

There is no maintenance involved on our end. I can push policies during the day to upgrade the clients.

We did it in-house. The implementation was done by me and four other guys.

We did have training, but they didn't help with the deployment. They just showed us how to use the program itself.

The pricing is reasonable. It may be a little high, but it's on par with everything out there.

I wish the more users you have, the better the price would be.

We looked at CrowdStrike.

We have SentinelOne deployed through Intune, but we use the cloud login to work on any alerts or events that pop up. When new SentinelOne updates are available, we log into the cloud portal, make a new batch, and just send out the update automatically to all 400 clients that we have. If any events or errors show up, we go through the normal process. We let the vigilance team look at them, remove the computer from the network if need be, isolate it, and do our normal due diligence on what the error or the event is telling us.

We're very happy with the SentinelOne platform, so we haven't looked at anything else recently.

We use it at our enterprise to protect all of our endpoints. We needed an EDR tool, and this product was one of the top options that we looked at at the time.

We definitely get a lot more insights into incidents. When we get an alert, we can go a lot deeper into the information and investigate.

The deep visibility is really important for us. With it, we can really look deep into some of the incidents.

Singularity's interoperability with other SentinelOne is okay. It does an okay job. We can tie it into some of our other tools. 

The solution's ability to ingest and correlate across our security solutions is okay. We can tie it into messaging solutions so that we can get alerts directly rather than logging into the console. 

It reduces alerts. There are not a lot fewer false positives. I'm not sure the percentage it has reduced, however in comparison to before, it is definitely less. 

The product does save a lot of time and we are able to get to tasks and respond quicker. It's helped reduce our mean time to respond.

It's helped us save costs in some areas. It would be based on hours saved. While the solution itself is a little more expensive, operationally, it helps us reduce costs. 

We did use the Ranger functionality. However, there was some scanning going on and it caused a lot of noise, so we had to disable it.

The remote console is currently an add-on. Having the remote console without having to pay a huge fee would be ideal. They could reduce the cost a lot.

There was an issue a few months ago where the agent kept getting shut off, however, now there's a newer agent and that's not happening anymore. 

I've used the solution for almost two years now. 

The stability has gotten better and better over the last two years.

The solution is deployed across 2,000 machines in four properties. 

It can scale well. We keep deploying it further and it works. 

Technical support does a good job. I've never had to work with support a ton. They do a decent job. 

Positive

We had previously used a few solutions, including FireEye and Endgame. We left Endgame when they got bought out shortly after we bought them and it felt stagnant. 

The deployment was pretty straightforward. We deployed it originally in a reduced state until we had an outline for a majority of machines when we could protect the environment better. 

We had two or three staff members who handled the deployment. 

There is some maintenance required. We do have to monitor and fix agents and occasionally update the product. There are two to three people who perform occasional maintenance duties. 

We set up the product ourselves. 

We have witnessed an ROI, although I can't speak to the exact number or percentage. 

I don't have any visibility on the pricing. 

We did evaluate other options. We looked into CrowdStrike and SentinelOne and maybe one other option, however, it wasn't considered very long. We demoed CrowdStrike and went with SentinelOne as it was more user-friendly and had a better flow. CrowdStrike felt thrown together and was hard to navigate. 

SentinelOne's ability to be innovative is good. They've done a good job. Over the last two years, the product has continued to improve, change, and add valuable features. 

The quality of the product is good. It feels mature and is well-developed. I don't have any concerns with its technology. 

They are a good strategic security partner. They are a growing company and one of the leading EDR tools in the space. 

I'd rate the solution nine out of ten. I would recommend it to others. 

We use SentinelOne Singularity Complete to manage incidents that come in. 

We wanted a solution that could help protect all of our endpoints. SentinelOne Singularity Complete is on all of our servers, and all of our endpoints, to protect against threats to the university.

SentinelOne Singularity Complete has aided our organization by offering a centralized platform for comprehensive visibility. It has enabled us to conveniently monitor all threats and manage our devices through the antivirus, all within a single interface.

SentinelOne Singularity Complete has certainly reduced the number of alerts over the past two years in my experience. We receive very few alerts now, which is excellent.

It has helped us free up our time to focus on other tasks. The solution is very helpful for configuring various exclusions. This ensures that the alerts we do receive, which are false positives, will not pester us in the future. This definitely provides us with more freedom and time to work on other matters.

Singularity Complete has helped reduce our MTTD and our MTTR, which is now just a few minutes after detection.

It has helped our organization save costs.

Singularity has certainly reduced the risk for our organization. With its installation across all endpoints and servers, we are confident that it will effectively protect us against malware or intrusions attempting to breach our environment.

I find the application inventory feature to be extremely useful. We utilize GreenMile for MAC management, and it's not as straightforward to locate the inventory of the applications installed on our computers. As a result, I have been using the application inventory feature more frequently to accurately identify the programs installed on each machine.

One aspect to consider is the SentinelOne network firewall they have in place. I believe they implemented it approximately a year ago. Initially, we faced challenges during the setup phase, which consumed a considerable amount of time. Although the SentinelOne firewall seems to offer potential benefits, in reality, it hasn't proven to be very helpful. While the idea behind it appears promising, I think SentinelOne should consider removing it.

I have been using SentinelOne Singularity Complete for almost two years.

Singularity Complete is stable and I have not seen any downtime.

We don't possess as many endpoints in comparison to, I suppose, other companies and universities. However, I believe that if we were to double them today, scaling Singularity Complete would become quite effortless.

The times I've contacted customer support, it has been really good. There was only one instance when the support was very poor. However, after my concern was escalated to a supervisor or someone on the management team, my issue was resolved. So, I believe that was the only occurrence out of numerous customer interactions.

Positive

We previously used ESET. 

I would rate SentinelOne Singularity Complete a nine out of ten.

We currently only have a couple of integrations with Singularity Complete. I believe there is potential for more integration. As of now, we have only installed two apps that integrate with Singularity Complete.

No maintenance is required from our end.

SentinelOne is excellent as a strategic security partner. There have been numerous advancements, and since I began using the platform two years ago, they have undergone substantial changes. They have introduced many new features, and I have witnessed significant company growth over the past two years.

I suggest examining the various features available in SentinelOne's complete version. We have experienced numerous advantages with it. Often, when SentinelOne introduces new features, we don't notice them until they are fully developed. It's beneficial to explore some of the new features that are in beta. This allows us to experiment with them and assess how they can enhance our environment.

Initially, we had only detection and response on each endpoint where we installed the agent. Now, we are expanding from detection and response to action. For example, if it finds something on the endpoint, it will not only detect and report it, but it will also respond and block it or isolate the endpoint.

It's all about protecting our endpoints and devices, including servers, Windows and Mac machines, whether laptops or desktops.

As a security guy, I don't need to have a VMware or Windows expert help me deploy this environment because it's purely cloud-based.

We had Trend Micro with an on-prem server from which we were pushing updates on a daily basis. We have connectivity between our head office and regional offices, but if that connection was overutilized, those updates would not be pushed in a timely manner. Now we don't have that issue. A laptop, for example, just pulls the updates automatically, and they don't need to come through a congested connection.

Overall, it has reduced our risk by 50 to 60 percent.

It is purely cloud-based, meaning you don't need to have something installed, such as a server on-prem. You have cloud management and can access it from anywhere, with integration with SSO, with one click. It's also very lightweight. It provides granular control as it is cloud-based, and there is no on-prem hardware or software to manage.

It protects against malware, suspicious activities, and suspicious people on the endpoint itself. The endpoint can be a user machine, a server, or an IoT device.

Another feature I like is that when there are indicators of compromise, such as hash files, IP addresses, or domain names, you can add them straight away with one click, and, boom, everyone will have them blocked right away.

The detection is very good and very fast. Once we install it, files or malicious software that are installed on the system are quarantined or deleted right away. The response is also fast.

We have many old machines with outdated software that have been compromised, with malicious software installed on them. It detects all these issues, including that the software is not updated and that they have all these malicious files. It helps us identify those endpoints. All those machines are sent to be upgraded and to have things removed or installed—whatever actions are needed. And for servers that are running software for the business and that can't be upgraded on-the-fly, isolated, or shut down right away, we create an isolated network for them and give access only to the particular users who need them.

Since SentinelOne Hologram was an Attivo Networks product acquired by Microsoft, I have to install a different agent on endpoints for that product. It would be better if the same SentinelOne agent could be used for both the EDR and deception technology. I don't want to have to install an additional agent on all 5,000 of our endpoints. If the SentinelOne EDR agent could be used for both Hologram and SentinelOne, that would be ideal.

It's been a year since we started using this product. We recently extended it to XDR for instant response. We have expanded with SentinelOne EDR.

It is very stable. So far, we haven't faced an issue.

The scalability is a nine out of 10.

The support is excellent.

As a strategic security partner they are a nine out of 10.

Positive

We tried CrowdStrike. The issue with it was that it was not compatible with older iOS and Windows OSes. We have some old servers in our data center that are now undergoing a migration process. On top of that, we have some Windows machines that are running on Windows 8, and it did not support them. We had to switch to SentinelOne since it supports those clients. CrowdStrike is also a very expensive solution.

Trend Micro is not smart; sometimes it's unable to detect malicious files.

SentinelOne is faster. It scans and detects issues and vulnerabilities on endpoints in real time. That's the main thing you look for when it comes to EDR.

The initial deployment was straightforward and simple for us. We just needed to install the agent on the end-user machines, open communication to their cloud URLs through our firewalls, and do some initial configuration on the console with help from their team.

We have a hybrid structure, not only on-prem. We have services running in the cloud as well as on-prem. We have multiple locations across regions and in different countries.

It's not difficult to maintain since it's purely on the cloud. If there are updates, they notify us. That is the maintenance activity. They update our services. Once all the environments move to the cloud, we won't need to worry about maintenance anymore. It depends on the vendor; there's nothing much to do on our end. They push any end-user updates, or they make them available to us and we push them out from the console.

It was not done in-house. We worked directly with SentinelOne support. They provided trial versions for two to three months and assigned SentinelOne engineers to help deploy it on some machines as a PoC. There were three or four people involved in total, including their engineers. After that PoC we bought the product.

We have a SOC solution as well, and we are trying to integrate playbooks. With the SIEM solution, we are able to run multiple playbooks without issues. Using our proxy gateway and detection technology, we have pretty good options to create playbooks without any hard configuration.

The quality and maturity of the solution are excellent. I would recommend SentinelOne.

SentinelOne monitors our infrastructure 24/7.

We are a very small team. Recently, we had to add an extra person; we had two guys, but now there are three. We have about 2000 endpoints and servers, which is a lot if you have to do it on your own. The SOC monitoring that we now have from SentinelOne gives us more time to focus on other important stuff and go to bed without any worries, since SentinelOne is watching over us.

They also guarantee an insurance. For example, if your company has been infected by ransomware, then they provided one million dollars or something as an assurance. For us, if SentinelOne has the balls to say, "Okay, if endpoints are infected, we will give you $2,000 per endpoint that is infected." That's a way for them to convey that we can trust their company.

It is easy to manage and install. It has a very nice graphical interface that is very intuitive when end users are using it. You don't have to follow or read a book about 600 pages to have knowledge on how to use it. When SentinelOne is up and running, you can easily find your way. 

They do updates all the time. It's very nice to see how they constantly evolve. New features are being added each time that I take a look at the interface, which is really nice. It's not something you have to do for yourself all the time. You just go to the interface of the management portal, and you will see each time a new feature has been deployed. For example, when we started with SentinelOne, we had some applications that needed to be whitelisted, where we had to go through a whole bunch of licensing rules provided by the distributor. Now, we have the possibility to select from a catalog which rules we want to whitelist, since we are using that application. It is such an easy step for us, which is nice. It makes our life comfortable when managing all our endpoints and very complex infrastructure.

The Behavioral AI recognizes novel and fileless attacks and responds in real-time. The nice thing about SentinelOne is that it is behavior-based, so the AI is smart enough to detect when something is moving. For example, an external person was doing some administrative tasks for us, and he used a tool that is also used by attackers. He called me, and says, "I'm blocked. I think SentinelOne is seeing my tool as a virus or malware." Then, I looked at SentinelOne, and it says this guy is using hacker tools. That is what I found very nice. SentinelOne can immediately identify the tools used by hackers. In this case, it was immediately blocked, even though it was not a malicious application, Trojan, or something like that. Because the solution knows hacker tools and behaviors, it says, "Okay, this cannot work on this environment. This will be blocked." That's something that I really like.

It is a good use as an EDR solution because it immediately reacts on stuff. It also quarantines endpoints.

We are now using an external monitoring tool to monitor the services of SentinelOne, because apparently they don't have any solution for that. When the SentinelOne agent is down, you can go to the interface and see a mark on SentinelOne that something is not correct or the server needs to be rebooted, but you will not get an alert. You will not be warned that there is an issue with the SentinelOne agent. I have found that a little bit disturbing, because then we need to use a third-party monitoring tool to make sure that all services of SentinelOne are up and running. 

We installed the agent a little more than a year ago.

One of the nicest things about SentinelOne is their support. I never met a company which gives such fast, great support. It's extremely fast. When I create a case with some questions, they answer immediately. They provide us with information on how to do stuff, and if we have issues, then they give us an update immediately. Normally, when I open a case with other products it takes days, but with SentinelOne, I get a response in about half an hour. Most of the time, it's cleared in about two hours time.

If we have a remaining question that has nothing to do with the things that the case was created for, SentinelOne will still answer. Some companies need you to create a new case for this, but SentinelOne just says, "Okay, we will help you also with this and provide you with more info," which is magnificent.

The support is very handy because, when you have an issue, it's like working with an extra colleague. If you ask a question to recall it, SentinelOne support can solve it in about two hours, which is nice because then you can go to the next thing. You don't have to focus anymore on the problem. With other vendors, it takes some days to solve it, then it hangs.

Our previous antivirus server was on-premise. When we did the updates, then all the clients needed to be connected to that on-premise server. However, with COVID-19 happening, we have been very happy that SentinelOne is in the cloud because even when an endpoint leaves the company, they are still protected by SentinelOne and receiving updates. SentinelOne gives more time back to a small team as well as always being accessible, even if you're not at the company.

The initial setup was easy. We did it step-by-step, so we didn't deploy it to all our endpoints in one shot. We deployed 300 or 400 endpoints per week. This was in case there were any issues, then we could act immediately so we wouldn't have an impact on the whole business. However, we didn't experience any issues. We were up and running in about three or four days and had migrated 2000 clients to SentinelOne.

For our implementation strategy, we deployed one day, then another day we would watch. Then, we deployed another day and would watch the next. So, in about two weeks, we were up and running. We decided to do it that way because we have had issues with mass rollouts in the past. Now, we are very careful when rolling out stuff to the whole company. Perhaps, it might have not been a problem to roll it out in one day, but we did it very slowly to have a kind of a control outcome.

The solution gives us more time. We can divide our productivity and time to other products. We don't have to look at SentinelOne a lot.

The pricing level for this service and application was very interesting for us. I don't know exactly what the price was, but apparently it was a big surprise that the SOC was also included in our pricing model.

The Deep Visibility feature practically double the price. Because we have a SOC, we rely on them to have insights about all the threats, so we are not monitoring our environment ourselves. It is mostly done by the SentinelOne SOC. That is the reason why we decided not to go for this feature.

We believe the traditional antivirus protection that is using signature-based validation is outdated. We had a look at different solutions, like CrowdStrike and SentinelOne. These solutions are more AI-based that go on behavior. When we spoke to SentinelOne, they also offered a SOC as service. This means that SentinelOne is monitoring all our endpoints with us, and we don't have to do anything, because they do all the hard work. They validate the detections. So, if SentinelOne detects something on the endpoint, the SOC of SentinelOne will validate and see if it is a false positive or true positive. In case of a true positive, it will then see if there are extra steps needed. If that is the case, then SentinelOne contacts us through email asking us to do some final steps or provide them with the info.

SentinelOne was lucky because we first looked at CrowdStrike. However, they were pushing us all the time to get the deal. My manager got furious, and said, "Okay, let's stop everything. We told you we cannot decide before the end of October. That's our company rule." The pressure was too high from CrowdStrike. Therefore, we decided to have another look at SentinelOne. The first time when we saw SentinelOne, it was never mentioned in any Magic Quadrant, so it was hard for us to have a view on what the public experience was with SentinelOne. We were a little bit scared in just believing the vendor and their marketing people that it was a great, innovative product which uses smart technology and behavioral-based analysis. 

SentinelOne will not scan my hard disk. SentinelOne does not care about the hard disk. It only reacts when you execute something. So, I know when I connect my hard disk to my desktop with my tools on it, I don't have to be scared. SentinelOne will not respond, as long as I don't use the tools. A lot of other antivirus vendors, they will immediately start scanning the USB drive or external drive, and they quarantine all the tools. I don't like that. I know it seems a bit strange that it doesn't scan the USB drive. However, I don't care, as long as it protects the USB drive as soon as someone is executing or installing something. This is more convenient for me than something that scans all the time.

We have a partially view of the Storyline technology because we don't have the full license of SentinelOne. The Storyline technology's ability to auto-correlate attack events and map them to MITRE ATT&CK tactics and techniques is very clear and nicely presented. They make it very clear on what phase it is in the attack. If it's a lateral movement, they make it very easy. I'm very happy with that.

I would rate this solution as a 10 out of 10.

It's for our regular laptop users, desktops, and our production servers. For the production servers we use it to make sure there is nothing coming from the outside. And for our regular users it works everywhere, so they can do everything with a laptop.

It's a cloud solution. We don't have a large business. We have a lot of services but we don't have many users. Everything is in the cloud and we have about 20 clients or 20 agents for normal users in the Netherlands and we have between 100 and 200 users in the Philippines. The rest is for server safety.

There is a lot of remote work at the moment and SentinelOne provides the safety I want. Everything goes outside now and the only control I have is Sentinel One, but it gives me enough control.

We have developers who do a lot on their laptops and sometimes they create problems. When that happens, SentinelOne is pretty fast with them. We have configured it to disconnect them from the network so we don't end up with more problems. Now, those developers know they have to contact our IT department if they want to fix it. The great thing there is that we know that when something happens on a laptop it is isolated.

We see what is mitigated and what is not. And when SentinelOne is in doubt, it asks the managers what to do with what it has found. When you have arranged that once, it will take care of it the next time. That's great.

Overall, it's effectiveness is 100 percent because we don't see many outbreaks anymore. Nobody's complaining about using their endpoints.

I've only done a rollback once and it worked flawlessly at that moment, but that was nine months or a year ago. It saved us a lot of time because the problem didn't spread over the network. It affected one machine because it was disconnected from the network. We then rolled it back and it was up and running again. If the rollback hadn't worked well, it would have meant a couple of days of additional work. If the outbreak had reached my network I would have had to clean everything. I was able to do everything from the portal. The connection with the manager was still there. We just had to click on two buttons and everything went.

Overall, it has helped to reduce our response time by about 20 percent. 

The most valuable feature is the information it finds and what it is doing with that information. I can check if the info it sends is true. It's very clear. 

And if you configure it in the right way, it does a lot automatically. And that's what you want. You don't have to use it every day. I only log in to the SentinelOne portal once a day, just to check if there are alarms or the like and that's it. The rest is flawless.

Now that we've been using it for six months, SentinelOne knows what we want to have, what it has to do and it works that way. So it's very simple to use and that's pretty nice for the team. 

The best part of the agent is that users can't remove or disable it, so endpoints will be safe. I can control it from the portal. I can see when it's updated and I can push updates from the portal. The greatness of SentinelOne is that our end-users don't see anything to do with the agents. Some of them don't even know it's on their laptops. And that's a good thing.

It's good on Linux, and Windows is pretty good except that the Windows agents sometimes ask for a lot of resources on the endpoints. That could be in the fine-tuning of the scanning. In Mac, they are complaining about the same problems, that it's using a lot of resources, but that could also be that we have to configure what it is scanning and what it should not scan. Currently it scans everything.

I have been working in my current company since April 1, so I have been using it here for six months. But I used it in another company in Eindhoven for a couple of years. That company was also a provider of SentinelOne and that's why I know how it works and what it does.

It has great stability. We haven't experienced any downtime or any kinds of bugs. If the users use the endpoints normally, nothing happens. We have some users who think they have to bypass SentinelOne, and then we sometimes have problems with those endpoints. But that's because of user action. It has nothing to do with SentinelOne.

We started with about 50 endpoints and now we have over 300. We haven't had a problem with it.

There will be more servers to watch over so our usage will be increasing. When the business grows, our IT will grow with it, and SentinelOne has to grow along with us.

I have used their technical support and my experience with them has been very good. They are fast. They know what they're talking about. Those are two great things for support to have.

Before SentinelOne the company was using F-Secure. It started as an antivirus and then F-Secure also made a cloud-based endpoint protection solution from it, with a managed base and automation and checking for updates. It works with a database, which is not the way SentinelOne works. F-Secure is much cheaper.

They switched to SentinelOne because it is more for malware. F-Secure doesn't do anything in malware, just virus scanning.

The initial setup of SentinelOne is straightforward. It's fairly logical. Everything works in the way you think it has to work. It's pretty simple to work with. It's just a matter of installing the agent and go. It takes about two minutes. There is an agent client with token codes. You just install the token code in it and reboot your endpoint and it's working.

We have it installed on 305 endpoints. This is a work in progress. We didn't have all of those endpoints when SentinelOne came in. We've rolled out new endpoints. But, it doesn't take long for a machine to get an agent and to make a connection and to get updates. Once you are in the portal, you can update from there. And then, you only have to check if it's already there and if the agent is working.

If we push an update, within an hour everything is there. If they are all online it will go pretty fast.

It's working simply. You don't have to learn a lot to know what it does and how to work with it, and that saves time. And it gives you a solid solution for security.

You have to look at the kinds of problems you can end up with and the fact that you want security against them, and then SentinelOne is not expensive. That's the way I would sell it. 

If you avoid having one outbreak a year, just one, then SentinelOne is worth the money. When you have that one outbreak and it spreads across your complete network, it means days of work are gone. For a complete environment like ours, with 300-plus users, it would be very expensive.

I've also used Sophos with customers. If you want to have a safe environment, then you have to work with tools like SentinelOne. F-Secure and Sophos work with databases for virus knowledge and that creates a delay.

Also, SentinelOne has the rollback which works flawlessly, whereas F-Secure and Sophos don't have that.

My advice is start working with it. You're going to love it.

The biggest lesson I've learned from using SentinelOne is that security tools can be different. SentinelOne has taught me that you can do security in different ways. If it sounds expensive, I would not always say that it is expensive.

We are a very small business. We don't have somebody who specializes in security. Our IT is just three people who do everything. That makes it difficult to say we are going to focus on SentinelOne and try to use it completely. We put it into use for malware security and that's it. We only have a WatchGuard firewall on the front-end and that's it in terms of security on SentinelOne.

They are improving the management tools. They are getting better. The portal is functioning with more logic. Those are good improvements. It's user-friendly enough. People with low IT knowledge can work with it.

It's a very good program. It does what it says it does, and I'm very glad that I have it.