We mostly use SentinelOne to protect our computers and know which users are logging in.
Network Administrator at a real estate/law firm with 501-1,000 employees
Simplicity is key, with one portal to look at, and it blocks anything bad from happening
Pros and Cons
- "The alerting features are the most valuable. We know that when something goes wrong, we get alerted instantly. That gives us a leg up. Even before the user knows what's happening, we're being alerted to step in and stop anything catastrophic from happening."
- "I would like to see a better mobile app so that I could look through my phone at the alerts and not have to go to the website. They should make it a little more mobile-accessible."
What is our primary use case?
How has it helped my organization?
SentinelOne gives the end-user and our IT staff a level of security, knowing that when they're downloading something, talking to a client, or looking at email, their computer is secure. And if, God forbid, they click on the wrong link or download the wrong item, SentinelOne will step in and block anything from happening.
The simplicity of the solution is key. There's only one portal to look at. I don't have to jump around to a couple of programs or combine multiple programs into one. It provides ease of management for me and my team.
And with Singularity, I don't have to worry as much about scanning. It has taken some of my daily activities away, such as system scans, identity scans, and making sure that everything is updated. Also, I now don't have to manually update anything on the laptops for security. The fact that SentinelOne can do that automatically has given me time back in my day.
It saves us at least a couple hours a week, and more if we need to do a full upgrade. If we're doing a full upgrade and have to update every SentinelOne client or any endpoint protection, it could take a day to touch every computer. Now, it takes five minutes to make a policy and push it. It all depends on what the day's workload is, but it definitely saves us time.
In terms of reducing alerts, that did not happen at the beginning, but now that we have it fine-tuned, I don't get as many false alerts. It has really dialed itself in to know what issues to look for. We're not getting spammed with insignificant stuff anymore. It definitely took some time to figure out the alert system and how to make the emails work for us. But now that we have it running, I know that when I get a notification that it's a real one.
And it has reduced our mean time to detect because I don't have to detect. It does it for me. And similarly, for our mean time to respond, it's definitely quicker because I get the email notification right away, and it becomes a priority in our ticketing queue from the notification. Once that comes in, someone on my team stops what they're doing and looks at the alert set. Nothing will sit on the network for long now with it scanning all the time.
It has reduced our organizational risk.
What is most valuable?
The alerting features are the most valuable. We know that when something goes wrong, we get alerted instantly. That gives us a leg up. Even before the user knows what's happening, we're being alerted to step in and stop anything catastrophic from happening.
What needs improvement?
I would like to see a better mobile app so that I could look through my phone at the alerts and not have to go to the website. They should make it a little more mobile-accessible.
Buyer's Guide
SentinelOne Singularity Complete
October 2024
Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
For how long have I used the solution?
We have been using SentinelOne Singularity for about a year and a half.
What do I think about the stability of the solution?
There have been no issues at all.
What do I think about the scalability of the solution?
Scaling is easy. It's not hard to expand it at this point.
How are customer service and support?
When I contacted their technical support, the experience was okay. They fixed the issue. It was just a matter of getting to the right person.
I would rate SentinelOne highly as a strategic security partner. For any issues we had, they have been responsive, talking to the vigilance team and high-level teams. Again, it always comes down to finding the right person. It takes time to get to the right person, but once we get there, it's fine. They are able to help with our needs.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We previously used Sophos. We switched to Singularity because it's simpler, easier to use, and rated higher.
When looking at the quality and maturity of Singularity, it's a great program. Depending on what program you are coming from, there might be a little learning curve, but once you get past that, it's easy to use, and it becomes very intuitive after some time.
How was the initial setup?
It took some time to figure out how to make the deployment work, to get it on everyone's computers, and to get the organization to fully adopt it, but it really wasn't hard in the long run now that we have it deployed.
There is no maintenance involved on our end. I can push policies during the day to upgrade the clients.
What about the implementation team?
We did it in-house. The implementation was done by me and four other guys.
We did have training, but they didn't help with the deployment. They just showed us how to use the program itself.
What's my experience with pricing, setup cost, and licensing?
The pricing is reasonable. It may be a little high, but it's on par with everything out there.
I wish the more users you have, the better the price would be.
Which other solutions did I evaluate?
We looked at CrowdStrike.
What other advice do I have?
We have SentinelOne deployed through Intune, but we use the cloud login to work on any alerts or events that pop up. When new SentinelOne updates are available, we log into the cloud portal, make a new batch, and just send out the update automatically to all 400 clients that we have. If any events or errors show up, we go through the normal process. We let the vigilance team look at them, remove the computer from the network if need be, isolate it, and do our normal due diligence on what the error or the event is telling us.
We're very happy with the SentinelOne platform, so we haven't looked at anything else recently.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Director of Global Security Operations at a manufacturing company with 501-1,000 employees
Provides different levels of visibility, improves our ability, and has competitive pricing
Pros and Cons
- "The EDR functionality of the platform is what we use the most. That was the primary reason why we got SentinelOne. That is what we use the most in terms of functionality."
- "The ease of use can be better in Deep Visibility. It is not always the easiest. If I have not been in there in the Deep Visibility module for a long time, I do not always find it that easy to use. I tend to go and have to consult the help quite often if I have not been in there a long time."
What is our primary use case?
We use it for endpoint security for all of the systems in our environment. We have servers and workstations. We have macOS and Linux operating systems, and we are using it as an EDR/endpoint protection platform.
How has it helped my organization?
There is a lot of improvement from a security maturity perspective. Even though we have a very reputable and well-known SIEM, one of our go-to applications in our environment is SentinelOne. On a daily basis, almost all my staff or my analysts use it and operate it every day. It gives us a lot of information and a lot of data about what is going on. In addition to the detections, we are able to use and leverage Binary Vault. We could also use Remote Script Orchestration, which is an add-on that we could add to the platform. It allows us other functionalities that we would not normally have with another product in the same category. It allows us to run scripts on endpoints remotely out of the SentinelOne administrative GUI, which we use for all kinds of purposes. It has improved our abilities significantly in what we can do.
We have visibility into all our systems. We have visibility into malware or any suspicious activities that are occurring. We have the ability to quarantine systems based on the risks. If there is something going on, we have the ability to do that. We can also run remote scripts on systems, and we can control certain types of devices such as USB access. We have the ability to control what people can do with USBs. That is another functionality we use.
Most traditional antivirus platforms are very basic in terms of how you add exclusions. Usually, you completely exclude an application from detection. They do not provide you with various modes or various levels of visibility into an application. SentinelOne provides different levels of visibility, so you can have a level that has some visibility and does not completely make the application invisible to SentinelOne. It is the first platform that I have ever worked on with such capability. Instead of just a binary exclusion on or exclusion off, they provide different interoperability modes. There are five interoperability modes. Some are performance-focused, and some are visibility-focused. They allow you to select the mode that will give you the best balance of visibility and performance depending on the application. It is very handy. Most endpoint security platforms, antivirus, and EDRs are binary. You apply the exclusion and have zero visibility into what that particular application is doing in your environment. With SentinelOne, you can implicitly trust, or you have the ability to say that you trust it, but you want to have an eye on it if anything ever happens. For example, your third-party software is compromised, as happened with SolarWinds, and it starts doing funny things in your environment. That is what the interoperability exclusions give you with SentinelOne. This is an excellent feature.
In terms of its ability to ingest and correlate across our security solutions, they have recently added the Singularity marketplace in XDR. Not all of them but most of them are included in the license. We do leverage it. It gives us additional context. For example, we were able to add the VirusTotal API, which adds the context of what VirusTotal has in terms of information on a particular detection or binary that is detected in SentinelOne. They are starting to build those APIs out. We are able to add more context from other third-party applications. It is excellent. It is at no cost to us. We are using quite a few of them already for other platforms that are built out of the box. We are starting to leverage any out-of-the-box APIs for the platforms that we have.
It has helped us with a little bit of consolidation. We were able to consolidate the device control. We were using another platform for that. We had another completely separate vendor for USB control, and now, we have decided to not renew that license and move all the controls through SentinelOne.
It has not helped reduce alerts. The point is not to reduce alerts. It is to increase alerts. The point of Singularity is to reduce incidents, and, we for sure, have achieved that. The point of the Singularity platform is to block things that we do not want to occur in our environment or at least have visibility to them so that we can take action. If we were to strip it out completely, the organization would be in a much worse place.
It has helped free up our staff for other projects and tasks because the incident response has diminished. I do not have my analysts responding to threats. I have them just validating when something is detected to ensure that we are okay. For sure, it has freed them up. There are about 25% of time savings.
It has reduced our mean time to respond (MTTR). Without it, we would not have very much visibility into detections. It has improved our mean time to detect by 80% to 90%. If we did not have Singularity Complete, we would have very little visibility on the endpoints at least, and that is where most of our threats are occurring.
We have a service from SentinelOne called Vigilance. This service has reduced our mean time to react or respond. This 24/7 service has improved our mean time to respond significantly because it is the SentinelOne analysts who are responding. It has improved our mean time to respond by 80% because they are performing the analysis. They are the experts, and they are looking at the detection in our console. We do not have to go out and try to perform that same level of understanding of what we have just seen. Their experts take a look at that. Instead of spending hours and hours trying to figure out what we are seeing, it is literally down to just minutes by the Vigilance team. It is a separate license that we have incorporated with our Singularity license. It is a part of their MDR solution. It is a service they offer.
It has overall reduced our organizational risk.
What is most valuable?
The EDR functionality of the platform is what we use the most. That was the primary reason why we got SentinelOne. That is what we use the most in terms of functionality.
What needs improvement?
The ease of use can be better in Deep Visibility. It is not always the easiest. If I have not been in there in the Deep Visibility module for a long time, I do not always find it that easy to use. I tend to go and have to consult the help quite often if I have not been in there a long time. I am not a primary user of the application, so I do not always find it second nature to go in there and gather information. It could be a little easier.
For how long have I used the solution?
We have been using this solution for four years.
What do I think about the stability of the solution?
Its stability is next to nothing. It probably has an uptime of 99.99%. The only issue you would have is that the agent sometimes becomes unresponsive or corrupt, but there is not a single application in the world where you do not have some level of corruption or issues that may arise. If anything, it is much better than the others that we have.
What do I think about the scalability of the solution?
It is very scalable. We have doubled the number of licenses or agents we have had in the last three years, and we have not had any issues.
How are customer service and support?
They are excellent when it comes to interoperability and exclusions. For example, you may have somebody in your environment complaining about slowness, or you may have several situations where end-users may report that a certain application has been slow on their computer. SentinelOne gives you the ability to remotely pull the logs off a computer and send the logs to tech support for them to perform an analysis. They can perform their analysis from the logs and come back to you and say, "From what we are seeing, it looks like you have an application running application ABC that seems to require an exclusion. We recommend this interoperability type." All you have to do is say, "Oh, perfect. Thank you very much for that information. Add the exclusion." They have done all the analysis for you. You check back with your end-user to see if that has rectified the situation. In almost every circumstance that we have run into, it got rectified. I have never seen that type of analysis performed by an EDR or endpoint protection provider before. It is the first time I have seen that. This aspect of their support is excellent. However, some of the other things are not always detailed enough in terms of what we should be doing. They can be a bit vague, and if it does not help the situation, they may have to raise the issue to a different tier. So, they can be a little vague about exactly what you should do, but at least they set you on the right path. Overall, I would rate them an eight out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
It was a product by Carbon Black called Carbon Black Response and Carbon Black Defense. We switched because Carbon Black was purchased by VMware at the time, and their customer service was diminishing substantially. Some of the older products that we still had by Carbon Black were not being supported as well as they were previously. Their technology roadmap was not fantastic. We started looking at other products. We found CrowdStrike and SentinelOne to be more up-to-date and more modern EDR solutions. We saw a noticeable improvement in terms of technology and detection. At the time, SentinelOne was priding itself on the level of number of detections it could detect. A lot of that came into the reviews of the product at the time and the type of tests that it was undergoing and its performance in those tests. That was a primary reason for deciding to go with SentinelOne and going away from Carbon Black. Pricing was another excellent aspect of the platform.
How was the initial setup?
They host the platform in the cloud. It is a SaaS application for us.
Its deployment was extremely straightforward. All you have to do is deploy their agents on your computers. The agent checks in with your cloud console, and you start retrieving information immediately. Carbon Black Defense has that capability as well, but we went with SentinelOne because it did have that cloud capability. When COVID hit, and everybody left the office to go home to work, it was seamless for us. We have full visibility into every single system and asset in the organization whether they are on-premises or off-premises. They could be traveling. They could be anywhere in the world. As long as they have Internet connectivity, we have full visibility into their computers.
In terms of maintenance, the only maintenance that is required is to maintain the health of the agents. Sometimes the agents can become corrupt or stop functioning, so you have to ensure that you are checking for assets in which you run into those situations. The other thing would be the agent versions. You have to maintain agent versions as new versions of the agents come out. You can either automate it so that your agents get updated automatically on whatever schedule that you want, or you can do it manually. You can also do it through some other software deployment platform. That is the only thing you have to do maintenance on. The backend is all maintained by SentinelOne. All the updates to the console environment are taken care of by SentinelOne. Because it is a SaaS application, the only thing that the customer is responsible for is the agent deployment and upgrades.
What about the implementation team?
We worked directly with the SentinelOne team. From our side, there were two of us. From their side, there was probably just one engineer.
What was our ROI?
It has helped our organization save costs. In terms of metrics, I can only go by what other competitors were charging at the time, and we got it at a significantly better price than what some of the other competitors were charging.
The ROI is not just from the platform itself. It is also from the Vigilance service perspective that has freed up my guys to do many other things. It saves my analysts at least two to three hours per day in man-hours, so there is a huge return on investment there. For the price that the service costs, it is extremely good value.
What's my experience with pricing, setup cost, and licensing?
Their pricing was extremely competitive. That is why we stayed with them so long. We are renewing at the end of next month. We have already put in the approval. It is all set to go. We are renewing for another year or so year over year. It has been a very effective product, and it has been priced very competitively.
What other advice do I have?
To someone who is researching Singularity Complete, I would say that it is excellent in terms of quality and maturity.
I would advise performing an extensive proof of concept. If you have the ability to use a security tool validation platform to test out multiple platforms before choosing one, that would be a good idea. You should also understand various modules that are add-ons to the platform. It is extremely important.
I have used the Ranger functionality, and I am very familiar with it. It provides network and asset visibility. You can configure the agent to scan the subnet that it sits on and look for other assets that are missing the SentinelOne agent. You can create a policy saying that if a device sits on a specific subnet and has, for example, more than five systems, try to interrogate those systems to see if they are the systems that may be eligible for the SentinelOne agent but are missing one. We did not renew the license for that specific functionality of SentinelOne about a year ago. We decided to go with another vendor to give us that type of visibility.
Overall, I would rate SentinelOne Singularity Complete a nine out of ten.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
SentinelOne Singularity Complete
October 2024
Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
Co-Founder at First Defense WLL
Very unique integrations that share data with security vendors via the API
Pros and Cons
- "The solution offers excellent detection and integration capabilities."
- "DLP support would be a good addition."
What is our primary use case?
Our company is a platinum partner and uses the solution to provide endpoint protection for customers.
A few new customers require the on-premises solution but others use the cloud technology.
What is most valuable?
The solution offers excellent detection and integration capabilities.
Integrations talk to other security vendors and share data with the help of the API. No other product offers this functionality.
What needs improvement?
The solution is a bit costly for some customers.
DLP support would be a good addition. Currently, there are multiple vendors and agents on endpoints. The solution looks at data from a specific documentation view so it would be beneficial to use that same documentation to look at DLP.
For how long have I used the solution?
I have been using the solution for six years.
What do I think about the stability of the solution?
The solution is stable so I rate it a nine out of ten.
What do I think about the scalability of the solution?
The solution is very easy to scale. Scalability is the best and the GUI itself is very fast with no issues. A customer with 10,000 clients still gets fast responses.
How are customer service and support?
Technical support is very good and helpful in getting results.
The turnaround time for solving bugs or finding workarounds for customers is quick.
How was the initial setup?
The setup is simple and the solution can be deployed using any tool. Vendors can also remotely deploy the solution.
If the solution is set up properly with the right policies and processes in place, then it won't require too many maintenance resources. Customers can also utilize the solution's NDR service instead of staffing that position. One technician can easily handle ongoing maintenance.
What about the implementation team?
We implement the solution for customers.
What's my experience with pricing, setup cost, and licensing?
The pricing is comparable with other vendors but some customers find it a bit costly. There is a bit of pricing flexibility with the solution, but initial quotes can surprise customers.
I rate pricing a six out of ten.
Which other solutions did I evaluate?
The solution stands out because has excellent detection and integration capabilities. In my opinion, the solution is better than Microsoft, CrowdStrike, and Palo Alto.
What other advice do I have?
Customers are very happy with deployments and stick with the solution year after year.
I rate the solution a nine out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Cloud Security | DevSecOps at Shahid
Interoperable with the ability to ingest and correlate across security solutions
Pros and Cons
- "Our impressions of the solution's ability to ingest and correlate across our security solutions is perfect."
- "I'd like to see us be able to take action on one platform for items such as security variation, security orchestration, automation, and response (SOAR)."
What is our primary use case?
It's good for log management and security and is integrated with other solutions. It offers automatic response and remediation.
How has it helped my organization?
It's helped us filter for security issues. This product can organize and visualize incidents for us. It's helped a lot with remediation and mitigation.
What is most valuable?
The XDR is very useful. The agent that collects data from servers is pretty effective.
The interoperability with other SentinelOne solutions or third-party solutions is quite helpful.
Our impressions of the solution's ability to ingest and correlate across our security solutions is perfect. We're satisfied with its capabilities in this regard.
It's helped us consolidate our security solutions a bit.
The Ranger functionality helps provide visibility. We're provided with security mapping for applications and can see end-to-end traffic. We also don't need to add agents or hardware or make network changes. It's easy to use. The Ranger functionality 10% helps prevent vulnerable devices from becoming compromised.
It's reduced our alerts by about 80%.
We have been able to free up staff time as it's not that time-consuming.
It's helped us reduce our mean time to detect as we can now see issues in real time. It's also helped with our mean time to respond.
We've been able to reduce organizational risk by 70% using this solution.
What needs improvement?
I'd like to see us be able to take action on one platform for items such as security variation, security orchestration, automation, and response (SOAR).
For how long have I used the solution?
I've been using the solution for 3 years.
What do I think about the stability of the solution?
The stability of the solution has been good.
What do I think about the scalability of the solution?
The solution is scalable.
How are customer service and support?
I've never escalated questions to technical support in the past.
Which solution did I use previously and why did I switch?
I have used Splunk as well. SentinelOne is easier to use and integrate.
How was the initial setup?
The initial setup was easy for this solution.
What was our ROI?
While I cannot quantify it or share any data, we have seen an ROI from using this solution.
What's my experience with pricing, setup cost, and licensing?
I don't have any visibility on pricing or licensing.
What other advice do I have?
The solution's ability to innovate is very good. It's quite mature.
I'd recommend the solution to others.
I would rate the solution 8 out of 10.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: May 12, 2024
Flag as inappropriateSenior Security Consultant at First Technology
High-quality, cost-effective, and stable
Pros and Cons
- "The most valuable feature of Singularity Complete is the Ranger function."
- "Improvements for SentinelOne's Singularity Complete could include adjusting pricing for specific markets, ensuring affordability, and better alignment with customer expectations in those regions."
What is our primary use case?
I use the solution for endpoint protection, including features like EDR, antivirus, and advanced threat prevention.
How has it helped my organization?
Singularity Complete has significantly reduced response time for our clients. With its multifunctional capabilities, it streamlines processes, allowing quicker and more efficient responses to various issues.
What is most valuable?
The most valuable feature of Singularity Complete is the Ranger function.
What needs improvement?
Improvements for SentinelOne's Singularity Complete could include adjusting pricing for specific markets, ensuring affordability, and better alignment with customer expectations in those regions.
For how long have I used the solution?
I have been working with SentinelOne Singularity Complete for a year.
What do I think about the stability of the solution?
I would rate the stability of the solution as a nine out of ten.
How are customer service and support?
I would rate the technical support of SentinelOne as an eight out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial deployment of the solution was straightforward. SentinelOne is typically used across multiple locations and departments for our clients. Fortunately, it demands very little continuous maintenance.
What's my experience with pricing, setup cost, and licensing?
The solution is reasonably priced.
Which other solutions did I evaluate?
Before choosing SentinelOne, we evaluated other solutions, including SmartOps. SentinelOne stood out with its advanced AI engine, especially evident in recent micro-attack evaluations.
What other advice do I have?
Singularity Complete offers strong integration capabilities with over 100 APIs and excellent integration with other SentinelOne solutions.
Asset visibility with Singularity Complete is crucial for my clients as it enables a clear understanding of their network and assets. It is important because without knowing what is in their environment, it is challenging to secure it effectively.
It is crucial for me that Ranger requires no new hardware or network changes. This is very important as it simplifies deployments and enhances scalability for us.
Ranger assists in preventing vulnerable devices from being compromised. It can isolate devices on the network in response to a threat, automatically detecting and responding to issues such as a virus, ensuring swift action and containment.
Singularity has successfully reduced alerts by 80%, significantly improving the efficiency of the alert management process.
Singularity has freed up people's time, reducing their workload by approximately 45%, and enabling them to focus on other projects and tasks more efficiently.
Singularity has proven to be cost-effective for our clients, with an estimated cost reduction of around 30%.
SentinelOne Singularity Complete is high quality and built for enterprise-level security.
I'm very pleased with SentinelOne as a strategic security partner. Overall, I would rate SentinelOne Singularity Complete as a nine out of ten.
My advice to new users is to adopt SentinelOne's Singularity Complete platform, and if feasible, opt for the visual response option for enhanced security measures.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer:
Executive Director of Information Security and Compliance at a pharma/biotech company with 51-200 employees
Multi-feature, easier to use, flexible, and provides excellent technical support
Pros and Cons
- "SentinelOne Singularity Complete, together with SentinelOne Vigilance, is an EDR tool with capabilities such as these, which I found valuable: the dashboard that shows you all the information and the power to either manually or automatically quarantine issues or threats in the environment."
- "In terms of areas for improvement in SentinelOne Singularity Complete, it needs to give more straightforward directions or communication about detection or what has been detected."
What is our primary use case?
My company leverages SentinelOne Vigilance and SentinelOne Singularity Complete for managed SOC.
What is most valuable?
SentinelOne Singularity Complete, together with SentinelOne Vigilance, is an EDR tool, with capabilities such as these, which I found valuable: the dashboard that shows you all the information and the power to either manually or automatically quarantine issues or threats in the environment.
SentinelOne Vigilance is one of the feature sets of SentinelOne Singularity Complete as a whole, and my company found SentinelOne Singularity Complete a little bit easier to use and flexible; plus, it had several feature sets.
What needs improvement?
I've not been using SentinelOne Singularity Complete for a long time to have a lot of feedback on its areas for improvement, as my team is still learning the tool, but what comes to mind is the need for it to give more straightforward directions or communication about detection or what has been detected.
For how long have I used the solution?
We officially deployed SentinelOne Singularity Complete, including its feature set SentinelOne Vigilance, about three months ago.
What do I think about the stability of the solution?
SentinelOne Singularity Complete has been very stable, so it's an eight out of ten for me, stability-wise.
What do I think about the scalability of the solution?
SentinelOne Singularity Complete is a scalable solution, which is one of the reasons why my company uses it.
How are customer service and support?
I found the technical support for SentinelOne Singularity Complete excellent, especially in terms of communication. Support is nine out of ten for me.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We previously used Atos as our SIEM tool and wanted to replace it with a newer technology, so we're now using SentinelOne Singularity Complete.
How was the initial setup?
I'm involved in deploying SentinelOne Singularity Complete, and I found the process straightforward. My company is still going through with the deployment because of the ninety-day deployment model.
What about the implementation team?
I have people in my team assisting with SentinelOne Singularity Complete implementation.
What was our ROI?
I've seen ROI from SentinelOne Singularity Complete within a month after deploying the solution, mainly after my company started getting different alerts, which I was happy about.
What's my experience with pricing, setup cost, and licensing?
I found the pricing for SentinelOne Singularity Complete reasonable, which is one of the reasons my company went with it.
What other advice do I have?
SentinelOne Singularity Complete requires just a little bit of maintenance, as my team has to update agents and do some finetuning, but not too much.
My rating for SentinelOne Singularity Complete as a solution is eight out of ten.
My advice to people looking into using SentinelOne Singularity Complete is to ask for sample reports and processes to understand how SentinelOne would let you do it.
The company I work with is a SentinelOne customer.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Cloud Security Practice Head at Tech Mahindra Limited
It's a complete solution that detects threats in near real time, but it produces many false positives
Pros and Cons
- "SentinelOne gives us visibility into various high-level vulnerabilities on every gateway on the network. It helps us prevent vulnerable devices from being compromised. We primarily use Singularity for its EDR functions. We're happy with that."
- "Managing the alerts is a challenge. Singularity generates a lot of alerts and false positives."
What is our primary use case?
SentinelOne Singularity is our endpoint protection solution. It protects our endpoints against malware. It's integrated with our centralized log management solutions.
How has it helped my organization?
SentinelOne is helpful from an endpoint security perspective because it's a consolidated solution. We don't need any other product. SentinelOne has reduced our detection time significantly.
We can detect suspicious behavior in near real-time. It isn't 100 percent, but I would say 99 percent of the time, it detects threats almost instantly and notifies us. The solution has reduced our risks from an endpoint perspective by about 20 percent.
What is most valuable?
SentinelOne gives us visibility into various high-level vulnerabilities on every gateway on the network. It helps us prevent vulnerable devices from being compromised. We primarily use Singularity for its EDR functions. We're happy with that.
What needs improvement?
Managing the alerts is a challenge. Singularity generates a lot of alerts and false positives. While it speeds up our detection time, it takes us longer to respond because we have to do a follow-up analysis to weed out the false positives. A lot of time goes into determining whether it's a genuine threat.
For how long have I used the solution?
I have used SentinelOne Singularity for a year or so.
What do I think about the stability of the solution?
SentinelOne Singularity is a stable product.
What do I think about the scalability of the solution?
Singularity is scalable. We haven't had any issues so far. We have no plans to increase usage right now. If the number of users increases, we'll look at it.
How are customer service and support?
I rate SentinelOne support seven out of 10. The response isn't fast enough.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We previously used Symantec antivirus but switched to SentinelOne for its EDR features.
How was the initial setup?
Deploying SentinelOne is straightforward. Rolling out agents across the endpoints takes time, but that's because of our company's internal procedures. We can start using it once the agents are deployed across all the systems. It took around three months or so.
What was our ROI?
We see a return in the form of increased endpoint security, but we aren't seeing cost savings or reducing the number of personnel. In fact, we need to increase resources on the SOC side because they are handling so many alerts. However, we get better visibility from the console compared to a traditional antivirus solution.
What's my experience with pricing, setup cost, and licensing?
I rate Singularity Complete four out of 10 for affordability. SentinelOne costs more than traditional antivirus solutions, but we get more out of it. It hasn't saved us any money, but it's an EDR solution, so we get a lot of value from it.
Which other solutions did I evaluate?
We also looked at CrowdStrike. The decision ultimately came down to cost. SentinelOne was the cheaper option.
What other advice do I have?
I rate SentinelOne Singularity Complete seven out of 10. It's a comprehensive, innovative solution that covers many of the network features and core antivirus functionality. It's a solid solution from a coverage perspective. The only thing that needs improvement is the false positive rate. If SentinelOne can address that, it would be excellent. My advice to new users is to have a team of people trained to use and manage the solution.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Deputy Chief Information Officer at a computer retailer with 201-500 employees
Provides deep visibility, helpful and intuitive interface, effectively prevents ransomware attacks
Pros and Cons
- "The most valuable feature varies from client to client but having absolute clarity of what happened and the autonomous actions of SentinelOne are what most people find the most assuring."
- "As a cloud-based product, there is a minimum number of licenses that need to be purchased, which is unfortunate."
What is our primary use case?
We are a solution provider and this is one of the products that we implement for our clients.
Sentinel One is being deployed as a replacement for any antivirus solution. In our case, we use it to primarily prevent ransomware and other malware from entering networks or computers, as they're deployed across the entire world now, in this new post-COVID environment.
We no longer have the luxury of the corporate firewall protecting everyone equally. This means that having SentinelOne on each box is providing a solution where we stop the badness before it can spread.
This is a cloud-based platform that we use in every capacity you can imagine. We use it on cloud components in both Azure and Amazon.
How has it helped my organization?
We have tested SentinelOne's static AI and behavioral AI technologies and it performs well. We actually put a laboratory together and we tested SentinelOne against CrowdStrike, Cylance, and Carbon Black side by side. We found that the only product that stopped every instance of ransomware we placed into the computers in the test lab, was SentinelOne. As part of the testing, we used a variety of actual ransomware applications that were occurring, live on people's systems at the time.
My analysts use SentinelOne's storyline feature, which observes all OS processes. They're able to utilize the storyline to determine exactly how the badness got into the network and touched the computer in the first place. That allows us to suggest improvements in network security for our clients as we protect them.
The storyline feature offers an incredible improvement in terms of response time. The deep visibility that is given to us through the storyline is incredibly helpful to get to the root cause of an infection and to create immediate countermeasures, in an IT solution manner, for the client. Instead of just telling them a security problem, we are able to use that data, analyze it, and give an IT solution to the problem.
SentinelOne has improved everybody's productivity because the design of the screens is such that it takes an analyst immediately to what they need next, to make the proper decision on the next steps needed for the client.
What is most valuable?
The most valuable feature varies from client to client but having absolute clarity of what happened and the autonomous actions of SentinelOne are what most people find the most assuring. The fact that it stops everything and lets you analyze it with great detail, including how it occurred, to improve your overall security infrastructure to prevent such an attack from occurring in the future, is really important to clients because it's almost like a security advisor or a security operation center in the tool itself.
When an event occurs, it gets stopped, and then they have a way to look into that data to find ways to improve the security of their network or what risk factors they need to tend to within the company through education or other means. For example, they may be constantly clicking on the wrong links or the wrong attachments in phishing emails.
Our people constantly use the Ranger functionality. The first thing we do is look for unprotected endpoints in the environment. This is critical because SentinelOne should be placed on everything in the environment for maximum protection. The second way we use it is if a printer or a camera or a thermostat is being used as a relay for an attack, through a weakness in that product, we are able to let them know exactly what product it is. The other advantage of Ranger is that it lets us put a block into the firewall of SentinelOne that's on every Windows computer, and we can stop the communications from the offending internet of things product to every system on the network with just a few clicks.
It's incredibly important to us that Ranger requires no new agents, hardware, or network changes. If you think about it, we're in the middle of an incident response every day. We have between 60 and 80 incident responses ongoing at any time, and having the ability to deploy just one agent to do everything we need to advise clients on how to improve their security and prevent a second attack, is incredibly important. It was a game-changer when Ranger came to fruition.
Various clients, depending on their business practices, are heavily in the IoT. Some are actually the creators of IoT and as they put new products on the air for testing, we're able to help protect them from external attacks.
What needs improvement?
As a cloud-based product, there is a minimum number of licenses that need to be purchased, which is unfortunate.
For how long have I used the solution?
I have been using SentinelOne personally, on and off, for approximately three years.
What do I think about the stability of the solution?
SentinelOne is very stable and the agent rarely fails. The only time I've seen an agent fail is normally on a compromised system. The fact that it even works to protect a compromised system in the first place is amazing, but that's the only time that we actually see the failure of an agent. Specifically, it can happen when there's a compromise to the box prior to loading SentinelOne.
On a pristine new load of a workstation or server where it has no compromises and no malfeasance exists, the SentinelOne agent is incredibly stable and we rarely have any issues with the agent stopping in function. I will add that in this respect, the fact that the agent cannot be uninstalled without a specific code gives us higher stability than others because even a threat actor can't remove or disable the agent in order to conduct an attack against the network. It's a unique feature.
What do I think about the scalability of the solution?
Right now, we have 54 analysts managing approximately 300,000 endpoints at any one time, globally. We operate 24/7 using SentinelOne.
How are customer service and support?
The technical support team is probably the fastest in the industry at responding, and they do care when we have to call them or send them an email due to a new issue that we've discovered. Most of the time, the problem is the operating system that we're dealing with is not regular, but they're still very helpful to us when it comes to protecting that endpoint.
I would rate their customer server a nine out of ten. I could not give anybody a ten. They are a continuous process improvement company and I'm sure that they are constantly trying to improve every aspect of customer service. That is the attitude that I perceive from that company.
Which solution did I use previously and why did I switch?
Primarily in the last year, the number one solution clients had, in cases where we replaced it, was probably Sophos. Next, it was CrowdStrike, and then Malwarebytes. The primary reason that these solutions are being replaced is ransomware protection.
Almost every client that I get involved with has been involved in a ransomware case. They've all been successfully hacked and we can place it onto their boxes, clean them up, along with all of the other malware that everyone else missed, no matter who it was. SentinelOne cleans up those systems, brings them to a healthy state, and protects them while we are helping them get over their ransomware event. This gives them the peace of mind that another ransomware event will not occur.
Personally, of the EDR tools, I have worked with Cylance, Carbon Black, and CrowdStrike. I've also worked with legacy antivirus solutions, such as McAfee and Symantec. However, this tool outshines all of them. It has ease of use, provides valuable information, and protects against attack. The autonomous nature of SentinelOne combined with artificial intelligence gives us the protection we cannot experience with any other EDR tool today.
How was the initial setup?
The initial setup is very straightforward. SentinelOne has incredibly helpful information on their help pages. They are probably the fastest company that I know of in the entire EDR space for responding to a client's email or phone call when you need to do something new or complex.
We have covered everything from Citrix networks to more complicated systems that work by utilizing the Amazon and Azure cloud to spin up additional resources and spin down resources. We were able to protect every one of those assets with it. The agent is easy to load and configure and the library allows us to quickly pivot on a new client and get their exclusions in fast enough to not impede business as we're protecting them.
What was our ROI?
When we were at a point of 50 clients, which is an average of 10,000 endpoints, we needed four analysts using Cylance. When we switched to SentinelOne for that same protection, the 50 clients could be covered by two analysts. We dropped our need for analysts in half.
The average cost of a security incident involving ransomware is a minimum of $50,000 USD, and this is something that SentinelOne can prevent.
The product has a rollback feature, where you can take a machine that's been attacked and partially damaged, and you can roll it back to a previously healthy state. That saves endless hours of system administrators' time rebuilding systems. That alone can reduce the cost of an incident from $50,000 down to $20,000. There is a cost because you still have to determine exposure and other factors with an incident response to determine if the threat actor has taken any data, things like that, but on the damage to the equipment, with the rollback feature and the restoration features built in the SentinelOne, and the fact that it stops everything but the most sinister lateral movements today, just means that an incident never has to occur.
This means that there is a great return on investment for a lot of companies. Another important thing to mention is that they don't lose people. Approximately 60% of businesses that are hit with a ransom attack go out of business within six months. If SentinelOne is preventing those incidents from occurring, that return on investment is worth almost the value of the entire company in some cases.
It is difficult to put an exact number on something like that, but the lack of pain and suffering of the employees of the company, because they didn't have to go through an incident response, and the lack of expense for the company to hire lawyers and professional companies to come in and help them during an incident, as well as their increased insurance costs of having an incident is also another factor.
Overall, it's difficult to judge but it's a true factor in the return on investment of owning SentinelOne and utilizing it to protect your environment.
What's my experience with pricing, setup cost, and licensing?
The pricing is very reasonable. Unfortunately, because it's a cloud-based product, it has a minimum count for licensing, but other than that, I've found their pricing to be incredibly reasonable and competitive with tools that are very similar.
Considering the invaluable nature of SentinelOne's autonomous behavior, I don't believe anyone else can measure up to that. That makes it an incredible bargain when compared to the cost of an incident for any company.
Which other solutions did I evaluate?
There are organizations such as MITRE and ESET Labs that have been doing testing that is similar to what we did three years ago. We just look at those results for the same truth that we discovered in the beginning, and the product continues to improve its performance.
What other advice do I have?
I have been a proponent of SentinelOne for many years. When I learn about somebody who has been hacked and wants to have protection against problems such as ransomware occurring, this is the one solution that I recommend.
The SentinelOne team is open to suggestions. They listen to the analysts and managers that are using their product and they innovate constantly. The improvements to the SentinelOne agent have enhanced its ability to catch everything and anything that comes in, including the detection of lateral movement attacks, which are the worst-case scenario.
When an unprotected agent penetrates the firewall and attacks a network, that unprotected asset has no protection on it so that the hacker can do whatever they want from that box with no impedance. But, the detection of it attacking from a lateral basis has been improved immensely over the last three years.
The improvement in the exclusions library has been phenomenal to help us get the new systems on the air with the new software. It allows the end-user to almost seamlessly get SentinelOne loaded and operational without impacting their business, which is incredibly helpful.
SentinelOne is working on something right now in the Ranger space that is going to allow us to remotely load endpoints that need the SentinelOne protection through the Ranger portion of the application. This is going to significantly improve the security of all of our clients, whether they be in long-term care or short-term incident response, it will help us protect them better. It's a significant improvement to our ability to protect the client.
Of all the products on the market today, I can say that they are the ones that I trust the absolute most to protect my clients.
I would rate this solution a ten out of ten.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Endpoint Detection and Response (EDR) Endpoint Protection Platform (EPP) Anti-Malware Tools Extended Detection and Response (XDR)Popular Comparisons
CrowdStrike Falcon
Microsoft Defender for Endpoint
Fortinet FortiEDR
Cisco Secure Endpoint
Splunk Enterprise Security
Microsoft Defender for Cloud
Fortinet FortiClient
Cortex XDR by Palo Alto Networks
Microsoft Defender XDR
IBM Security QRadar
Elastic Security
Symantec Endpoint Security
Trend Micro Deep Security
Buyer's Guide
Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the biggest difference between Carbon Black CB Defense, CrowdStrike, and SentinelOne?
- Which is better - SentinelOne or Darktrace?
- What do you recommend to choose when replacing Symantec EDR: SentinelOne or CrowdStirke Falcon?
- Cortex XDR by Palo Alto vs. Sentinel One
- Which solution do you prefer: CrowdStrike Falcon or SentinelOne Singularity Complete?
- Does SentinelOne have a Virtual Patching functionality?
- What is the biggest difference between EPP and EDR products?
- What is the difference between EDR and traditional antivirus?
- What is your recommendation for a 5-star EDR with low resource consumption for a financial services company?
- Which is the best EDR for a logistics company with 500-1000 employees?