SentinelOne Singularity Complete Reviews

In general, we replaced our entire antivirus and anti-spyware with SentinelOne. We use it across all platforms, from servers to workstations, to Macs, to Windows, to Linux, Virtual Desktop Infrastructure, and embedded systems - on-premise and in the cloud. We also use their console and their threat-hunting. We needed a solution that was simple and intuitive, without having multiple agents.

We have also started evaluating their IoT, for the discovery of all IoT devices. This is 

It has improved our operational efficiencies. It saves us time because it does that first level of EDR automatically and that allows us to focus on certain things that it tells us about.

And we have better confidence because of all the threats that have been remediated. In fact, the moment we started deploying, we started picking up stuff that was in a dormant state on machines.

SentinelOne has absolutely reduced the number of threats. We get thousands of hits around the world. I'm looking in the console right now and there are 14,639 suspicious detections in the last few days. Of those, it has blocked 87. Another 30 were mitigated right away, and 24 active threats are being investigated now. Remediation of those threats could not be automated because it needs a response to do certain things right.

The strength of SentinelOne is that it has an automated, active EDR. It does that first level of what a SOC analyst would do, automatically, using artificial intelligence, so we can focus on other things. Active EDR not only notifies you, but it actually fixes that first level. That is unheard of. Very few, if any, companies do that.

The reason we went into this whole selection process and selected SentinelOne is that their strategy is "defense-in-depth." They do not only do what the traditional AV endpoint security solutions used to do, but they go further by looking at behaviors and patterns. Additionally, their big differentiators are in the dept of behavior analysis. There are other companies that claim this - albeit in a lighter flavor. 

The whole behavioral analysis helps us get to the root causes. We can understand and pictorially see the "patient zero" of any threat. It shows the first one who got whatever that threat is. When you look at their console and you see a threat, you can not only pick up the raw data to do forensics on it, but it can actually tell you a storyline: who patient zero was and how this whole threat has spread through your environment or on that machine itself; how it happened. Then, you can check on these things yourself. That's crazy good.

In addition, there is no dependency on the cloud to fully protect. Many products you see today, especially those called next-generation, depend on getting some information from the cloud. With this solution, you don't need to connect. It has the intelligence on the endpoint itself. That's useful because you're not always connected to the cloud. You could be in a lab. We've got laboratories where they aren't necessarily connected to the internet, but you want to have the latest intelligence of machine learning to see that you're doing the right thing. SentinelOne doesn't have to be connected. It's already got that behavioral stuff built-in.

They have a rollback and remediation facility as well. If you've got a virus or some malware on a machine, it's going to detect it and it can actually just clean up that part of that malware. You don't have to do anything else. And if you have ransomware, for example, it will pick it up before it causes a problem. And if it didn't, you can actually roll back and get it to the previous good version.

It integrates well with other products. We've got other cloud services that we use for security, and the intelligence is shared between SentinelOne and the CASB that we have.

And with the threat-hunting, you can validate what it's telling you: Is it a real threat or is it just something that is suspicious?

It can tell you everything that's running on an endpoint: What applications are running there and which of those applications are weak and that you have to watch out for. That's one of their free add-ons. You can do queries, you analyze, you can see who touched what and when. You can check the activities, settings, and policies.

Another advantage is that you can break up consoles. You can have them all in the cloud, or you can have some available physically. You may want to keep certain logs local and not share them because of GDPR. You can do those kinds of things. It's very adaptable and malleable.

If you have an agent on your machine, it will find out what things are neighbors to your machine. You can control machines at different levels. You can even control a device on your machine. If there is, for example, a USB device on your machine, I can control it and not let you use that USB device. I can actually get into your console and do stuff.

The other strength of SentinelOne is that you get almost all these features out-of-the-box. They add many features as a default, you don't pay extra, unlike many other companies. There are services you do pay extra for. I mentioned that SentinelOne handles that first level SOC security analyst-type work. But if you need a deeper understanding, with research, they've got a service for that and it's one that we're using. I was convinced that our current team wasn't good enough, so we had to get that service. It's actually very cost-effective, even cheaper than other ways of getting that level of understanding.

They are already reporting on application vulnerabilities in the landscape and working on providing remediation - another big win. 

Regarding the IoT feature, it's on the fence whether they're going to charge for it but that's an add-on module. However, it's not like you have to do anything to install it. You just have to click something in the solution.

The area where it could be improved is reporting. They have some online reporting, but it would be nice to be able to pick and choose. When I'm looking at the console, I would love to be able to pull certain things into a report, the things that are specific to me. They're very responsive. They regularly ask customers to provide feedback. They've been working on their reporting since the last feedback meetings. It's not only me but other customers as well who would like to see improvements in the reporting.

 File Integrity Monitoring is not a gap, but to do it you have to type several times. It's not the few-click intuitive situation.

It would be nice to have some data leakage included. Also, when it comes to data leakage, while you can get out everything that a person does on a machine, there needs to be a proper way of doing so, like other products that are just focused on data leakage.

I can't wait to see their advances in the cloud infrastructure (containers and serverless).

It would be nice (and is critical) to allow administrators to notate when they make changes to the console configurations - perhaps a tag for reporting. I might, for example, whitelist an application. If I did that today and I leave the company at some point, someone might wonder why I did this. There should be a place to easily notate everything.

I started validating and testing the product back in the fall timeframe of 2017. By the time the proof of concept was done, we were signing the product by the end of 2017 or January of 2018.

In our company, if something happens with a solution, everybody will know, and it will be out of the environment in a jiffy.

So far, the scalability is going really well. It's really lightweight. Using the console, you can break it up into regions. It's integrated with Active Directory and we have it set up as the "research lab" in Melville, New York and something else in China.

Right now, it's our product of choice for endpoint protection. I suspect our usage will grow a lot once they enable the IoT; what they call Ranger.

Technical support started off mainly by email, but support is probably the single biggest improvement since we started with SentinelOne two years ago. They always had the intelligence, like any techie person, but techies are not necessarily good communicators. They always had answers, right up to the top. Their CEO is also a very technical person. But they have improved how tech support is delivered by 100-fold.

We had McAfee, and we were using it for other things too.

I'd never heard of SentinelOne in 2017. I knew of the other big guns but I came across it just by chance by looking at studies that spoke about SentinelOne. I had their sales guys and engineers demonstrate but it didn't mean anything. I still thought it might be fluff. So we had to test it and go through that whole rigmarole.

For all intents and purposes, they delivered. You have to remember that they were fighting a battle against all the big guns in the industry, solutions that were already entrenched. When we did our test, we actually broke a couple of their competitors, not because we wanted to. We were just comparing and doing it as a proof of concept. SentinelOne kept catching everything that I thought the other guys should have caught.

Also, they were never defensive; they were straight-easy to work with. Their responsiveness was also very good. If we needed to get something — and this might be because of the size of their company — we could go right up the chain and something would happen right away. If changes were required they happened really fast.

The initial setup was straightforward. I co-authored a book on evaluating products and one of the things that you have to take into account is ease of use and how intuitive things are. Some people may not consider that important, but I consider it important.

In general, it was easy to set up. That was one of the reasons I was pleasantly surprised.

What can make it difficult is the environment you are in. For example, we have "freeze periods" during about half the year, where we cannot make any changes. So, during retail, during Christmas, Chinese New Year, Black Friday, etc., nothing can change in the environment and we cannot deploy anything.

Other things, outside of the environment, were that there are financial/fiscal periods, every quarter, where we cannot change certain things. And we have different silos: a server group, a Windows group, a Mac group, and a Linux group that didn't want to touch anything. Everyone had some bad taste left in their mouths at some point in time, not necessarily with SentinelOne, but in general. If everything is working, why change it? So there were some political things, internally. We have about 35 different companies around the world. Each has a variation of things and there is every version of every thing out there. And some have badly written code too that shows up as malware; it manifests just like malware.

For deployment and maintenance it was me. I did almost everything. There were only one or two people. Obviously, we have to follow the sun because we're global, so at times there might have been three or four people involved, but generally it was one or two who were coordinating it. They know the product and how to deploy it and what needed to be done, but I needed those guys around the globe. They had to coordinate with each of those groups I mentioned. But we owned it and we were accountable for it. We have segregated duties. Even though I'm in security, I don't have the rights to get onto our Windows Servers and make changes. I have to ask the server guys to do something and that's why things take time. That's why you need people to coordinate it.

But, once it was detecting those threats, I felt that even though we had an outsourced team, they were lacking in knowledge. If I told them, "Hey, this is malware," without the right experience, they wouldn't know what the heck to do with it. That was the challenge. That's why we went with SentinelOne's managed service. They have people who can deal with it and sort out the things that are real.

The way you do it is that you don't just McAfee take off a machine and put this one in. You run them simultaneously for some time, and then take one out. I wanted to see if something would happen, or it started messing things up, or if people would start calling saying, "Hey, there's something going on in my machine."

We didn't work with any third-party. Over the years, I've seen that a lot of these guys tend to have biases.

We have absolutely seen a return on our investment because it has created that first-level SOC. Plus, it has all these other functions. It has replaced McAfee. We don't need a file integrity monitoring product. And we can see application vulnerabilities without using another product. And they keep adding features. Once they add this IoT feature, the ROI will be much more.

Initially, I was just researching solutions using independent reports and industry reviews. I don't necessarily agree with everything in industry reviews, but I used them to narrow down the field and to figure out which solutions I needed to look at. I also looked into whether there were any legal issues the companies were fighting. In that first phase, I got it down to about four or five that I would take to the next level and actually touch them with live malware. The reason the other ones fell off is either they were too focused on one thing or there were some legal things. The industry is small. You hear things, not necessarily officially, but unofficially you hear things.

I looked at McAfee, CrowdStrike, Carbon Black, Palo Alto Traps, Cylance, Endgame, Tanium.

In my evaluation, back in 2017, I wanted to see the features of each and match them up with our requirements. What were our influences? What was important to us? I tried to map that into what features were available at the time, or look at whether a product could consolidate another product that we had so that we would no longer need that other product. I also looked at operational efficiencies, security efficiency, and whether it meets all our compliance goals.

Then I went to the lab where I had real malware. There was a whole method to that madness of testing. 

McAfee failed miserably, even with their later product. It would have been easier for us to stick with the incumbent, but it couldn't pick up on malware. There was something it never detected. With that type of next-generation, machine-learning algorithm, it's not so much the algorithm as it is the intelligence, the data that they collect over time.

At the time, Palo Alto Traps was not ready for prime time - immature console, limited support across all our platforms and focus on exploits.

I broke Cylance, surprisingly. I didn't expect that. I'm not even a researcher, per se. I have other jobs in our company. When I managed to break them I was looking at how they responded. I'm not expecting everyone to be perfect, but I found them very defensive. They would say, "Oh, it's only one in 100 or 200 or 300 pieces of malware". But it was the way they responded to things. It took a while for them to get back to me, and they were more concerned about whether I was doing the same thing with the others.

The other weakness of Cylance was that, for anything else, like remediation and response to something, you had to buy another piece. It wasn't part of the product, whereas, with SentinelOne, it was part of the product, without paying anything more.

Some of our folks were convinced that CrowdStrike was the way to go but our tests proved otherwise. CrowdStrike has some good features, but it requires going to the cloud. And secondly, whenever you get events, you almost have to use their service, so you're paying them to help resolve something. It gets expensive.

Separately, I did a compatibility test where I checked our environment: I deployed it in a sampling of some of our machines to see if it run without creating another mess.

When you do a thorough proof of concept, you already have all the details, so nobody's going to mess with you. I compared everything. At the end of the day, I gave my boss a report and said, "This is it. You decide."

Have a look at it. Compare it. It's a very good product to have.

It gives you a lot more insight. It has combined many products into one agent and it's expanding. There are a lot of things it can do now on the cloud, like containers. It gives you insight into a lot of the threats with the hunting ability. I have learned from the tool to see how our environment is. I've learned about certain behaviors of our applications, just by observing what pops up.

There is a console that is in the cloud and there are agents that are all over. You put these agents on Macs or Windows or Linux, or on whatever the cloud versions are of all these virtual devices. We are spread out across the globe. We've got nearly 50,000 endpoints in different parts of the world. We generally stay as close to the latest version of the agent as possible, but we go through change-control and it is very strict. We don't just put things on endpoints. We validate and test in our environment because we have nearly every type of operating system and variations of them in our environment. Therefore, sometimes we are something like .1 or .2 of a version behind. In terms of the console, we are at the latest version.

As a company, we use all variations of clouds, from Ali Cloud, which is China to Azure; we're predominantly Azure. We have AWS and GCP. SentinelOne manages that console and we have access to it. We own that part, our console. It's on AWS, I believe.

Overall, is there room for improvement? Absolutely. There are gaps in the reporting because we need to give reports to different levels. Ideally, we want to just drag and drop things to create reports. They have very nice reports but they're canned. We want to be able to choose what goes into a report. Otherwise, it's right up there and I would give it a nine out of 10.

We are a service provider with a huge customer base. Singularity Complete is a tool we use to protect our clients from ransomware and other external threats. SentinelOne has been our strategic partner for a long time, and we are one of their platinum partners in Central Europe. It covers all endpoints like laptops, desktops, and servers. It's used everywhere. 

We manage multiple clients with Singularity Complete, and the clients are happy with the protection it offers against external threats or ransomware attacks. It's an excellent tool for detecting those and preventing much greater damage.

Once you deploy the tool and spend a few weeks fine-tuning it, Singularity helps reduce the number of alerts. It decreases your alerts by around 25 percent. Singularity frees up staff for other projects and tasks.

Singularity has reduced our mean time to detect and respond. At most, detection takes up to 30 minutes. The response time depends on your configuration. Quarantine is happening in real-time. 

I like Singularity's rollback features, threat-hunting, and Ranger Insights. The Ranger feature scans the network and provides visibility into all the unsecured assets. It doesn't require any agents or network changes. It just gives us information about the unsecured assets that aren't managed by the IT departments of any company. It detects the vulnerabilities but doesn't prevent them. 

Singularity's reporting isn't that great. The dashboards could be more customizable. It could be better integrated with other tools. SIEM tools provide better feeds. Singularity is a separate product altogether. It does not give enough information to integrate with different solutions to correlate better.

I have used Singularity for three years.

I rate Singularity Complete eight out of 10 for stability. 

I rate Singularity Complete nine out of 10. 

I rate SentinelOne support four out of 10. Their response is usually slow, even for priority one issues. They don't get on a call and fix the issue. They keep asking questions, so it gets frustrating sometimes. 

Positive

Deploying Singularity was straightforward. The only issue is with the interoperability with other tools running in the customer's environment. We faced some challenges, but those were the initial teething issues. The solution requires some maintenance. You need to continuously update the agents and apply patches. We need multiple people to maintain the solution because we are a service provider with a huge customer base, but if you are deploying it for one client, one engineer is enough.

If an organization does not use this tool and gets attacked by ransomware or a threat, and it will incur costs in terms of a ransom or business loss. Singularity reduces organizational risk by about 30 to 35 percent. 

Singularity is reasonable, but a few clients say it's expensive because they're comparing it with traditional antivirus. The pricing could be much cheaper for the Asia-Pacific region because it's a price-sensitive market.

I rate SentinelOne Singularity Complete eight out of 10. Singularity Complete is a high-quality tool. The detections are good. We don't see many false positives. It's a good tool. It's still maturing but good. 

We used SentinelOne because we needed a tool that would add extra visibility into the environment. We also wanted something that was easier to use than our existing product so we switched to SentinelOne.

Deep Visibility is a valuable feature. It lets us search across the environment and correlate things much more easily than we could have previously.

The learning curve was a little steep. The solution gives training we can go through, but we have to pay for that. We ended up paying for it so we could get everybody ramped up. The product must enable easier onboarding for less familiar or less formally trained people. It would've helped us adopt it quickly.

I have been using the solution for three months.

We had no stability issues.

The product is on a cloud-hosted instance. It can be integrated into everything that we use. It seems highly scalable.

Support is good. The support team is quick to respond and quick to resolve. We can't ask for anything more.

Positive

The product is cloud-based. The initial deployment was straightforward. We were able to rip and replace and do it all faster than our onboarding team had expected. It was done within a month.

We had the standard onboarding services, but we did all the lifting ourselves. It required four people from our side. Apart from agent upgrades, the tool doesn't need any major maintenance.

We currently see returns in getting our technicians' and engineers' time back.

The pricing makes sense to us. The pricing model is simple. It was easy to move forward from our previous products to the new bundle.

We've been using the tool mostly with third-party applications through Singularity Marketplace. Integrating it with our Microsoft environment has been helpful and convenient. The product is robust in ingesting and correlating across our security solutions. It is doing its job without us having to check it.

Previously, we had a few different endpoint solutions on a single asset. The product helped us rip and replace multiple solutions with one. We did a POC on Ranger but didn't go with it. The solution hasn't reduced any alerts, but it has at least given us more actionable data. We need to do tuning because we're so early in the adoption.

The tool has certainly saved the staff's time. It's able to correlate data a lot better and bring it all onto a single pane of glass, which helps save time. It's hard to quantify right now because we're so early in the adoption. We're definitely able to see more bandwidth for other projects. SentinelOne has helped reduce our mean time to detect.

We have seen the most improvements in our organization’s mean time to respond. We would have had to balance between different solutions or portals to correlate data. Now, the tool is just bringing everything into one place. Taking action within the solution has helped us respond and resolve. Our mean time to respond has been reduced by more than half.

We were using multiple products. We replaced them with SentinelOne. Getting a better solution for the same price was a no-brainer for us. Singularity Complete has helped reduce our organizational risk. The solution's quality is top-tier. The maturity was as good as our current solutions. It was easy to make the choice to move over.

SentinelOne is closely aligned with what the actual responders need to do. It seems like the vendor is building tools and solutions for people in the thick of it, which is a big reason why we went with their product. They are making tools for those who need to use them.

If someone were to evaluate or do a proof of concept, the bigger their initial POC, the better. We found some oddities after expanding the initial POC, which would have been nice to work through before the deployment. The vendors set up a capture-the-flag type of event that really helped us learn the environment, where to go for what, and how to use the tools. I highly recommend having everybody go through the capture-the-flag trial they set up.

Overall, I rate the tool a ten out of ten.

Initially, we had only detection and response on each endpoint where we installed the agent. Now, we are expanding from detection and response to action. For example, if it finds something on the endpoint, it will not only detect and report it, but it will also respond and block it or isolate the endpoint.

It's all about protecting our endpoints and devices, including servers, Windows and Mac machines, whether laptops or desktops.

As a security guy, I don't need to have a VMware or Windows expert help me deploy this environment because it's purely cloud-based.

We had Trend Micro with an on-prem server from which we were pushing updates on a daily basis. We have connectivity between our head office and regional offices, but if that connection was overutilized, those updates would not be pushed in a timely manner. Now we don't have that issue. A laptop, for example, just pulls the updates automatically, and they don't need to come through a congested connection.

Overall, it has reduced our risk by 50 to 60 percent.

It is purely cloud-based, meaning you don't need to have something installed, such as a server on-prem. You have cloud management and can access it from anywhere, with integration with SSO, with one click. It's also very lightweight. It provides granular control as it is cloud-based, and there is no on-prem hardware or software to manage.

It protects against malware, suspicious activities, and suspicious people on the endpoint itself. The endpoint can be a user machine, a server, or an IoT device.

Another feature I like is that when there are indicators of compromise, such as hash files, IP addresses, or domain names, you can add them straight away with one click, and, boom, everyone will have them blocked right away.

The detection is very good and very fast. Once we install it, files or malicious software that are installed on the system are quarantined or deleted right away. The response is also fast.

We have many old machines with outdated software that have been compromised, with malicious software installed on them. It detects all these issues, including that the software is not updated and that they have all these malicious files. It helps us identify those endpoints. All those machines are sent to be upgraded and to have things removed or installed—whatever actions are needed. And for servers that are running software for the business and that can't be upgraded on-the-fly, isolated, or shut down right away, we create an isolated network for them and give access only to the particular users who need them.

Since SentinelOne Hologram was an Attivo Networks product acquired by Microsoft, I have to install a different agent on endpoints for that product. It would be better if the same SentinelOne agent could be used for both the EDR and deception technology. I don't want to have to install an additional agent on all 5,000 of our endpoints. If the SentinelOne EDR agent could be used for both Hologram and SentinelOne, that would be ideal.

It's been a year since we started using this product. We recently extended it to XDR for instant response. We have expanded with SentinelOne EDR.

It is very stable. So far, we haven't faced an issue.

The scalability is a nine out of 10.

The support is excellent.

As a strategic security partner they are a nine out of 10.

Positive

We tried CrowdStrike. The issue with it was that it was not compatible with older iOS and Windows OSes. We have some old servers in our data center that are now undergoing a migration process. On top of that, we have some Windows machines that are running on Windows 8, and it did not support them. We had to switch to SentinelOne since it supports those clients. CrowdStrike is also a very expensive solution.

Trend Micro is not smart; sometimes it's unable to detect malicious files.

SentinelOne is faster. It scans and detects issues and vulnerabilities on endpoints in real time. That's the main thing you look for when it comes to EDR.

The initial deployment was straightforward and simple for us. We just needed to install the agent on the end-user machines, open communication to their cloud URLs through our firewalls, and do some initial configuration on the console with help from their team.

We have a hybrid structure, not only on-prem. We have services running in the cloud as well as on-prem. We have multiple locations across regions and in different countries.

It's not difficult to maintain since it's purely on the cloud. If there are updates, they notify us. That is the maintenance activity. They update our services. Once all the environments move to the cloud, we won't need to worry about maintenance anymore. It depends on the vendor; there's nothing much to do on our end. They push any end-user updates, or they make them available to us and we push them out from the console.

It was not done in-house. We worked directly with SentinelOne support. They provided trial versions for two to three months and assigned SentinelOne engineers to help deploy it on some machines as a PoC. There were three or four people involved in total, including their engineers. After that PoC we bought the product.

We have a SOC solution as well, and we are trying to integrate playbooks. With the SIEM solution, we are able to run multiple playbooks without issues. Using our proxy gateway and detection technology, we have pretty good options to create playbooks without any hard configuration.

The quality and maturity of the solution are excellent. I would recommend SentinelOne.

We use Singularity to protect our staff computers, the hospital network, and virtual machine servers. Singularity helps us ensure our environment is fully protected in light of the increasing cyberattacks hospitals face.  

Singularity's Ranger feature provides deep visibility. We implemented some rules, and Ranger scans the system based on the criteria we set. Ranger's ability to scan without agents or network changes is crucial because we want to minimize the number of changes needed on end-user machines. It's an excellent tool for minimizing risk and detecting threats before they disrupt our network.

The solution has decreased the number of alerts we see. We get notifications and email alerts that some user machines are compromised. Singularity does a good job with bad files and data, allowing us to tackle those threats before they become bigger problems.

Singularity has helped free up staff time. For example, it automatically updates virus definitions so we don't need to do that work manually. Singularity pulls the latest virus definitions on its own. It actively monitors our machines without us having to do anything.

It has reduced our mean time to detect by about 70 percent. Singularity has reduced the mean time to respond by roughly 90 percent because we can choose to respond to a threat by rolling back, deleting, or quarantining it. It greatly reduces our overall risk by about 30 percent. 

Singularity's rollback feature is one of the primary reasons we bought the product. If there's an attack on the machine, the system can automatically roll back the data and the hard drive of the machine that was attacked.

The interoperability is solid. We've integrated Google Authenticator with SentinelOne for multifactor authentication, so it works well. We also use Citrix multifactor authentication. It works well with our other systems. 

The performance could be better. Singularity lags a bit, and it's a resource-hungry application, so it takes a while to load. 

I have used Singularity for about a year.

I rate SentinelOne Singularity seven out of 10 for stability. The stability and performance could be better. 

Singularity is highly scalable. We can easily cover all our machines with it. 

I rate SentinelOne's support seven out of 10. SentinelOne's customer service isn't that great. There's only so much they can do before they just tell you to look at the documentation.

Neutral

The deployment was straightforward. We worked with a trainer and implementation specialist over at Sentinel. Four people from our team and one from the vendor were involved. After installation, the primary maintenance is ensuring the agents are deployed to the end-user machines. 

Singularity is fairly priced. 

I rate SentinelOne Singularity Complete eight out of 10. It's a high-quality product compared to what else is on the market. When implementing Singularity, it helps to organize your machines into groups like laptops, servers, and desktops and then push the agent to those groups separately.

SentinelOne Singularity Complete offers a ransomware warranty. In the event that any customer is attacked or falls victim to ransomware, they provide compensation of approximately one million dollars. Additionally, they offer 24-hour version monitoring, which allows them to continuously monitor the customer's environment. This monitoring helps them identify the source of any issues or attacks. They conduct thorough investigations to ensure everything is checked properly. Furthermore, they provide threat analysis reports.

SentinelOne Singularity Complete can ingest and correlate data across security solutions. It monitors the entire environment and accesses it in case of any incidents. It performs quarantining and provides detailed information to the customer about the origin of the incident.

It helped us consolidate our security solutions.

SentinelOne Singularity Complete helps reduce false alerts by 60 percent. It has also reduced our MTTD to 60 to 90 seconds.

Our MTTR has been reduced to 40 seconds.

SentinelOne Singularity Complete has saved us costs by preventing ransom attacks that could have cost us millions of dollars in the future.

SentinelOne Singularity Complete has helped reduce our organization's risks by 90 percent.

The most valuable features are forensic investigation and ransomware prevention.

The channel policy has room for improvement.

I have been using SentinelOne Singularity Complete for five years.

It is stable.

SentinelOne Singularity Complete is scalable.

The technical support is good.

Positive

SentinelOne Singularity Complete meets all enterprise requirements and is priced accordingly.

I would rate SentinelOne Singularity Complete an eight out of ten. They are a market leader and have been established for a significant period. Additionally, their MITRE ATT&CK reports are quite helpful.

SentinelOne Singularity Complete agent is light and easy to deploy.

SentinelOne Singularity Complete is a mature product that has been in the market since 2011, and the company is well aware of what to do and what not to do.

SentinelOne, as a strategic security partner, is satisfactory.

I recommend SentinelOne Singularity Complete for enterprise organizations with a sufficient budget to invest in their security.

The solution is agent-based, so it's on service, and it's a cloud solution.

We are using its API capabilities for our server for protecting us from cyber security threats and attacks.

Earlier, we used some internal protections. However, we moved to HD information for the cyber security portion. It's helped us to mitigate security attacks and provide solid defense.

We like the file-less monitoring and filtering are great in the context of security.

The setup is very straightforward. 

It is stable. 

The product can scale if the licensing is correct.

SentinelOne has some inputs, some traditional NPRs, or models like IPS and IDS. We can configure individual rules for particular machines. In a sense, control is not from the console.

There should be more integration models with different security operations tools or soft tools. It could provide a single pane for integration with the firewall, or a soft solution should be there.

I'd been using the solution for eight months.

It's a stable, reliable product. there are no bugs or glitches. It doesn't crash or freeze. 

The product can scale. However, it depends on the license. 

We have 500 users on the solution right now.

Right now, we don't have plans to increase usage as we already have some buffer limit there.

While I haven't directly contacted support, I have used their documentation surrounding KPIs and have found them helpful.

Positive

Earlier, we were using Symantec and the One Protection Suite.

The solution is easy to set up. It's not an overly complex process. We had no issues at all. 

One system engineer which has some knowledge of network security can handle the implementation.

We handled the deployment in-house. 

SentinelOne has a very good XDR product, and it can also integrate with different security components. It's a single pane of glass for cyber security posture management. The ROI is good.

The licensing is handled by another team. I can't speak to the exact cost of the product.

We also looked at CrowdStrike before choosing this product.

Someone interested in the product should first do POC, and depending upon their OIS environment, they should consider this first before going for any XD solution.

I'd rate the solution eight out of ten.

We replaced McAfee's endpoint security with SentinelOne. The vendors we deal with recommended this product, and we had some issues with McAfee, so we decided to switch. It is used for detection, however, detection is very rare. 

The solution is easy to configure. How it detects threats is modern.

It's been pretty good. I have no complaints. It's been working very well.

I like the way that this product works. It doesn't rely on the data file. It checks the behavior of the process to prevent virus or phishing attempts from there.

I like the way it detects threats. It's based on the heavy behavior, not just based on the signatures, and it downloads from a central repository. 

I really like how you manage the endpoints. Their web portal is really nice. I can do everything through the web portal. I can see all the endpoints. I can upgrade them from there. And gives me a nice list of what software is installed on the endpoint as well. The solution will give me recommendations if there are any security vulnerabilities, for example, if the software is missing a patch or something like that. The deep visibility feature is great. If there's an incident, I can deep dive into the incident to see where it's coming from and how it affects the endpoints.

The interoperability with other SentinelOne solutions or third-party applications and tools has been pretty good. We haven't had major issues. 

While I'm not sure if the solution helps us with consolidation, their product does improve our overall security posture. We basically just use it as endpoint security. We're not using other products from them altogether. However, this is doing a great job of protecting us.

It has helped to reduce any of our alerts. Ever since we had this product implemented we've had fewer alerts. We had less user involvement as well. Where McAfee used to interfere with the user's daily productivity, SentinelOne does not. That's another thing I'm pretty happy about.

With this product, we can free up our staff for other projects, assignments, and tasks. It's reduced disruption for our users. Therefore, our help desk doesn't have to do as many tickets as when we were with McAfee.

Our mean time to respond to threats is definitely better. If there's anything happening, we get alerts right away via email. McAfee was not instant. We know about threats sooner and we have more time to respond to them.

Singularity helped our organization to save on costs. There's less maintenance compared to McAfee. The price is similar; there's not a big difference. However, we do save time and that translates to money. 

Our organizational risk has been reduced. It's a much better product compared with what we had. If there are any security vulnerabilities, if there's any patch needed, or if there's any known security threat that I should be aware of, I get notified fast.

The quality and maturity of the product are very good. Customers seem happy with them. I'm also happy with the product and its capabilities. 

In the beginning, we had some issues with their product on some of the Windows 32-bit operating systems. However, that was only on a special group of computers as we have our own special software. Other than that, for other computers and servers, we had no issue at all.

The web portal needs improvement. Sometimes when I go on their web portal and put in the username and password, and then all of a sudden, it says that the web interface has been refreshed. You have to put in the username and password again. It's very minor. Other than that, there isn't anything else I can see.

I've used the solution for proabably over a year. 

Stability-wise, it's very good. I've had no issues at all and I never get complaints from users.

Scaling should be pretty easy. You just push out the agent. That's it. There's a group policy on the web portal and there's not much to manage. 

When I ran into the Windows 32-bit issues, I contacted support. I've also contacted them here or there for a few issues. They are responsive and knowledgeable. I have no complaints. 

Positive

We used McAfee and found how it looked at threats was old school. We wanted to explore new solutions and technologies. A vendor recommended this solution and when we looked at it we found all users are pretty happy with them. 

The deployment was good. We have agents installed on all endpoints. The management portal has a nice interface. We can do everything we need to do from there, which is nice. 

I was involved in the deployment. It was pretty straightforward. You just install the agents and make sure the policy is correct based on the servers or the usage of the endpoint. We only ran into an issue around a 32-bit Windows software system, however, it wasn't anything major. I mostly handled the implementation myself. 

There isn't much maintenance needed. You just need to do version updates. 

I worked with the company that got us the license. We worked together to get the implementation done. 

The price is pretty good. It is reasonable. It's one of the reasons we went with them. Palo Alto, in comparison, was pretty expensive. The price of Cylance was reasonable and somewhere in the middle, however, SentinelOne feature-wise gave us everything we needed for a good price. 

We did look at other options. We looked at CrowdStrike, for example. We also looked at Palo Alto. They had something similar in terms of endpoint security, In the end, we chose SentinelOne. 

I'm a customer and end-user.

We do not use the Ranger functionality. I know it is available, however, it is an extra cost.

In terms of the solution's ability to be innovative, I've only used McAfee and SentinelOne. I can't really say how it compares with Cloudstrike or Proofpoint. That said, compared to McAfee, it can detect threats based on user behavior and not just definitions. It helps monitor software for potential security issues. It's really nice and works very well.

I would recommend the solution to others. 

They make a good strategic partner in terms of security. Their product is the last line of defense for security breaches, and having a good, reliable product on all endpoints is very important to our organization. 

I'd rate the solution nine out of ten overall. The ability to detect threats and the deep visibility on the endpoints is great. I like that it alerts you to patching requirements. It's great that, if a threat appears, we can drill down and see exactly what's going on.