SentinelOne Singularity Complete Reviews

We use SentinelOne Singularity Complete as an endpoint protection solution. It is our primary endpoint protection solution for our workstations and servers for protection from any kind of threats that may appear on those systems.

We have some localized virtual machines that it is running on. We do not have any cloud workloads.

SentinelOne Singularity Complete is pretty good in terms of being able to fine-tune the alerting that you get. It is better than other solutions that are super noisy to the point that it is difficult to drill down. If you get an alert of something that is actionable, it is better than getting one alert and then getting five others right behind it. This solution is pretty good at not being noisy.

Luckily, I do not spend a ton of time with SentinelOne Singularity Complete unless there is an alert or a potential breach, but that just does not happen very often. Email security is the front door of protection, and that takes the brunt of any kind of security concerns. Luckily, most things are not hitting our network right now.

SentinelOne Singularity Complete is pretty good at picking up things that are not necessarily malicious and alerting me that somebody or something is using something that needs attention. That happens instantaneously. It is pretty quick.

SentinelOne Singularity Complete is as fast as we can ask. I can see the alert and get on it. It does not take very long, so I am not sure how we can improve more when it comes to our time to respond. We are a small enterprise. It does not take us too long to respond to things.

Being able to keep track of the endpoints and the data that is available from the endpoints is valuable. We can see the patch levels, whether Windows endpoints are active or inactive, and who is the last user that was logged on. We get a lot of granular information that is valuable even when we are not talking from a security standpoint.

The agent update is not the most intuitive process, but I understand why they do it. We have a pretty vertical 64-bit environment for Windows. That is pretty much all we have, but we get alerts for things like the new Linux endpoint or things that do not apply to us. That is probably the only thing that I do not like. There may be some way to turn that off so that I do not get endpoint update alerts from platforms that are not applicable to our system, enterprise, or network.

We have had it for a couple of years now.

I have not had any issues related to downtime, uptime, or responsiveness of their infrastructure. I have not seen any reports where something was not working the way it was supposed to.

They would far outpace the scale of what we would be looking at.

I contacted their technical support at the very beginning when I was rolling things out, but it was not a major issue. It was just about me getting up to speed with how they do things. I do not have a negative impression of how that interaction went.

SentinelOne is a good partner. I had a few other technical support questions, and they answered them pretty quickly. They were pretty minor things, and they were always pretty quick to respond. 

Positive

We were using another solution previously. It was long ago. We were using Berkeley, which was bought by Alert Logic. The Berkeley product was pretty good, but when they were bought by Alert Logic, I did not like the way they did things. It was complicated. It was not intuitive. Their sales program was a little shady. We got locked into a contract that was not intentional. It was not a great experience. They have a product that is not a direct competitor to SentinelOne. We tried it, and it was super noisy for alerts. If I tried to clear all the alerts in the system, I would not have time for anything else. We were not necessarily looking for it, but because of the platform that we were on, we tried the other offerings that were included in the platform, and it just was not a good fit.

SentinelOne is a much more robust platform than Berkeley or Alert Logic in terms of endpoint protection. In terms of the ability to be innovative, SentinelOne provides tools. If we had stronger security requirements, they have other tools that we could utilize, such as Ranger. 

The portal is cloud-based, but the agents are on-prem.

I was involved in its deployment. I am a one-man IT shop. It was pretty straightforward. You get the agent that you want to install, and there is a code that you put in that locks it to your portal. It installs pretty easily.

It requires very little maintenance. Occasionally, I check to make sure that the agent version is pushed out because that is not automatic. I get to choose when the agent gets pushed out. If there is an update, I update them when I want to.

We did not need any help at all. It was just me. 

We do not put a price on security, but we have to choose between different products that are on the market. We are constantly evaluating other products every year. Endpoint protection is not something with which there is a huge opportunity cost by moving from one vendor to the next. Our security stack is not so integrated with SentinelOne. If, for some reason, they were not the best option, we could move to another option fairly easily. The fact that we are sticking with SentinelOne is a testament that it is not broken. It is still working for us. It gives us good peace of mind about the product line, where it is going, and the protection that it provides.

It is very competitive with other solutions that are on the market. At least the last time we renewed, it was very competitive.

I try to stay abreast of different platforms. I reached out to SentinelOne, and they put me in touch with a reseller, so I went out and found it. 

The biggest thing was how well SentinelOne ranked versus the other platforms. There was also a cost-benefit of a solution like SentinelOne. We thought it would be effective for endpoint protection.

It certainly was a cost-effective solution as compared to some of the other endpoint protection solutions that were available at the time. I would not have gone with SentinelOne if it was not a good value.

It is a very robust platform. It is a great candidate to serve small business environments. They do not target small businesses. They do not market it to small business environments with 50 users or less, but being a little more technically-minded, I wanted something that was enterprise-ready. Even though our environment is small, it was a good fit for us.

It did not require a lot of in-place support from the integrator or the reseller, but they did provide a large amount of presale decision-making help in terms of what I was getting into and what they could provide. That was very helpful. Talking to an integrator or a reseller so that you can put a person to the discussion is helpful.

In terms of integrations, we have looked into some of the integrations, such as with Mimecast. We have had some interest in that, but we have not utilized any of those third-party integrations. We also looked at the possibility of using some things with log management and being able to have a single source of how protected we are across the enterprise, but we have not yet pulled the trigger on anything like that.

Overall, I would rate SentinelOne Singularity Complete a nine out of ten.

It's our main EDR solution on campus for our university. It's the main solution that we deployed to our host throughout the university.

I wasn't here for the initial implementation, however, it was to replace a previous product that we had, so we wanted to move to something cleaner, easier to use, and an overall better product.

Its basic use, which is just an EDR solution for actively hunting and killing threats, is good. It does what we had intended it to do, and that's what it does a great job of.

The main feature, its EDR capabilities, is the most valuable. It is great for security monitoring and blocking when needed. It offers good basic operations of an antivirus solution.

Singularity's ability to ingest and correlate across security solutions is good. It does not ingest as much as it gives out. Right now, for us, there is not any ingesting happening for it right now. We don't have that set up.

The interoperability with other solutions or other third-party applications has been pretty solid. It's pretty standalone by itself. We're exporting a little bit of data from it, however, and we haven't had any issues.

Our mean time to detect is good. I wouldn't have the numbers on that, however, it's relatively quick. From some of the stuff that we've done investigations on, it's within the minute. It responds when it sees something within minutes and runs through its normal process of blocking and then alerting us about whatever was done.

The response comes to us. That's a human response. It's just the detection and alerting system, and then the response falls on us, and that varies depending on workload.

The quality is obviously great. They are mature. They change, they adapt as any security tool would in response to the threats in the threat landscape.

Off the top of my head, I can't think of much that’s wrong with the product. It's a pretty solid tool from top to bottom. I've had some issues with the specific agents, however, we are moving off of that particular OS that we were having issues with. Other than that, it's been a pretty solid tool.

We had a problem on the Singularity side. So for that particular issue, I’m not sure why it didn’t work with the OS, a Windows Server. It was an issue with some of the clients connecting to the console. We’ve been working with them and haven't been able to find out a single cause of failure.

I've been using the solution for a year and a half. 

We haven't had any issues. There is nothing that's noticeable and it's never offline for long periods of time. 

It's pretty scalable. There are a few operating systems that we've had issues with. Other than that, everything else has been pretty scalable.

Technical support is super. They are very helpful and relatively quick to respond. Sometimes they take a little bit to respond, however, it's not super long. 

The company also has good online knowledge and it's pretty helpful. Usually, we'll access the database knowledge first and then go to support. 

Positive

We used CrowdStrike previously.

I was not involved in the initial setup. 

I'm not hands-on. I'm more on the management side. Basically, we make sure that they connect, and I'll handle the management once everything's set up. I'm handling monitoring. Deployment is handled by another team. We have maybe ten team members who manage deployments. 

The maintenance is minimal. It's pretty self-sufficient. We just do normal reviews. 

From my point of view, the deployment is straightforward. 

We use internal teams to handle deployment. 

I'm not sure of the pricing. That's above me. I'm a technical person. It's not my arena.

They also have this feature called Ranger. That one we don't have implemented. That's an extra fee, so we don't have it.

Overall, I'd rate the solution ten out of ten. It's been a pretty solid tool. 

I would probably recommend it over some of the other ones that I've seen only based on the ease of use. It does what it's supposed to do. It's been relatively fast and is also pretty complete from what we've seen. The product is not very difficult to learn.

I use SentinelOne Singularity Complete as our next-generation antivirus on our endpoint. I review detected malware and verify whether it is legitimate or a false positive. Additionally, we can control endpoints, such as correlating them or blocking specific activities on any endpoint. We also have visibility into what is happening, including what is installed, being installed, or uninstalled on endpoints.

SentinelOne Singularity Complete can help reduce alerts, but we must first add exclusions based on our existing features to keep the false positive rate low.

SentinelOne has helped our staff save time investigating and handling incidents.

It has helped reduce our MTTD and our MTTR.

The hunting feature is most valuable for detecting malicious or suspicious activity.

The way Singularity Complete handles blocking external mass storage is annoying because it is so difficult to unblock single endpoints. We can only add a general rule to block everything, and we cannot add any exceptions. Additionally, Singularity Complete uses different names for endpoints other than the actual actions that will happen or be taken, such as quarantining a device. This is also confusing, as the wording used by Singularity Complete is slightly different from other endpoint security solutions and can be difficult at the start.

I have been using SentinelOne Singularity Complete for almost three months.

Singularity Complete is stable.

Singularity Complete is extremely scalable.

Technical support is super helpful. 

Positive

The price of Singularity Complete compared to some of its competitors is competitive.

I would rate SentinelOne Singularity Complete eight out of ten.

SentinelOne Singularity Complete has room to grow, but it is overall very good. It is a mature software product with an awesome UI. There are many options and actions available. 

No maintenance is required from our end.

SentinelOne Singularity Complete is a straightforward, stable solution that is easy to learn.

First and foremost, we use SentinelOne Singularity Complete for endpoint detection and response in our company. We do not have any antivirus anymore. We have SentinelOne for the endpoint detection, response, and defense mechanism. This is our primary use case. 

We also have other use cases. I work predominantly in vulnerability management. I sometimes work in the SOC. For vulnerability management, we use it in a number of different ways. We sometimes use it to see which applications and versions are running on systems. We use it for an inventory of applications. We do not use it for vulnerability detection. We have another tool for that, which I believe is more dedicated to technical vulnerabilities. I know there has been some investment in this area, but at the moment, we are not using it for that. 

We also use it for running scripts and automating tasks on systems. In fact, I have been doing a lot of that recently. They have developed their automation and remote ops part, which has been fantastic for us. I have been updating a lot of applications using the scripts that I have deployed with SentinelOne. I love that part of the tool. It makes life a lot easier. 

I sometimes also use it to determine where we may not have other pieces of software on systems. For example, we use a vulnerability tool that runs on an agent. I can use SentinelOne to see whether all of the systems on which we have SentinelOne also have our vulnerability tool agent. If a system does not have it, we can deploy a script from SentinelOne to add the agent. 

We also use Ranger, so we can identify other systems on our network that do not necessarily have SentinelOne agents. That can be quite useful sometimes. Because of Ranger, we have seen a lot of systems that we did not already know about. 

As a part of the endpoint detection response, we ingest logs through our central SIEM. We have a hybrid Security Operations Center. The first line is done by a third party. They have access to the SIEM, and all of the SentinelOne data is ingested into that. When there is an incident or when SentinelOne detects an incident, it gets flagged to the Security Operations Center, and then we start to investigate that incident. Most of the time, if it is a SentinelOne-related incident, we will log in to SentinelOne and use it to investigate the incident. We look at the logs on the endpoint and try to establish whether it is a genuine incident or a false positive, what happened on the system, and why we are getting these alerts.

We use the Ranger functionality. It provides network and asset visibility. It is quite important for us. If we did not have another tool that is doing similar, it would have been extremely important, but we do have a vulnerability management tool that is very similar. It is quite good that it does that automatically out of the box, whereas we have to configure our vulnerability scanning solution to do something like this. The ability to have visibility of the network where we do not necessarily have SentinelOne deployed is very important.

Ranger requires no new agents, hardware, or network changes. This is important for us. It has an advantage over our vulnerability management tool because we have to deploy scanners with our vulnerability management tool, whereas we do not have to deploy anything for SentinelOne Ranger, so in that way, it is a better solution in helping us.

Ranger is very effective in helping to prevent vulnerable devices from becoming compromised. For example, we used Ranger and identified some systems in our data center that we could just log on to. It was not very difficult to get on to those devices. Therefore, it would not have been difficult for anyone else to get on those devices. We did not necessarily have the permission to do so, but we found a way to do that. We managed to get those devices secured, and therefore, increase the security of our systems. That kicked off from Ranger, and that is a good use case.

Singularity Complete has helped free up our staff for other projects and tasks. For example, with automation, I have been able to patch some of our systems, which has freed up time for our help desk team. They do not have to patch some of the systems. It has also been helpful for deploying some of our agents for our other tools. If we deploy through SentinelOne using the script, that frees up our team's time.

Singularity Complete has helped reduce our organizational risk. The previous solution we had was signature-based, so for endpoint detection, it has to know a certain kind of attack before it can detect it or even block it. Because Singularity Complete is more looking at the behavior of running processes and how these processes interact with other processes on the system, it has helped to reduce the risk. We are not relying on static detection signatures. We have got real-time detection. Singularity Complete can detect things that may be the first-ever attack in the world, and we get notified about it. It does reduce the risk.

I work in vulnerability management, and for me, at the moment, its automation is most valuable. For the SOC team, incident visibility would be most valuable, but for me, it is automation.

In automation, if we could schedule when we run the task and on which systems we want to run the task, it would improve automation.

I have been using this solution for two and a half years. I have been using it since I joined this company. 

We have not had any issues with it. It has always worked for me.

It is quite scalable. I do not see anything holding it back in that regard.

My impression of SentinelOne as a strategic security partner is very positive.

In terms of support, for a lot of support requirements, I go through the engineering team. They are very knowledgeable about Singularity Complete, but I did contact SentinelOne's support team recently in July. There was a particular vulnerability that Microsoft had already caught. Microsoft Defender had a setting that would automatically block the vulnerability. I raised the question to SentinelOne support asking whether SentinelOne has the same ability to block the vulnerability. It took me a few times to get them to understand what I was asking, and they could not confirm 100% that it was blocked. They just said that their solution does block vulnerability attempts, but they did not specifically do this particular one. Unfortunately, that interaction was not entirely positive. Overall, I would rate them a seven out of ten.

Neutral

My company had an endpoint solution previously, but I was not with this company before they had Singularity Complete. They already had Singularity Complete when I got here. It was replacing the previous endpoint solution, so I cannot say whether Singularity Complete reduced our alerts or mean time to detect than the previous solution.

I was not involved in its initial deployment. I am with the engineering team. I have deployed SentinelOne on some systems, so I know the process, but I was not involved in deploying it or rolling it out company-wide.

It is in the cloud, but we have SentinelOne agents deployed on our systems. These agents report the data back to the cloud, which gives us the ability to see all of that data.

In terms of maintenance, the team that maintains it performs agent updates. They can be pushed automatically, but our engineering team has decided to not push the updates automatically because they could potentially break something or may not be fully compatible with a current version of, for example, macOS. There is some maintenance in that regard. There is also maintenance in terms of relieving some aged SentinelOne nodes. We might remove those. I would not necessarily call it maintenance, but when we set up particular alerts, we may maintain those alerts based on our requirements at the time. It may be the vulnerability being escalated in the wild, or we might want to set up some sort of detection that can basically detect or indicate any compromise. We maintain all of those rules.

I do not know much about the pricing. What I do know is that the person who negotiates most of the pricing is quite a hard bargainer. In that regard, he often says that he managed to get a very good deal. When we first looked at replacing our old system with Singularity Complete, its price was definitely a big factor. Back then, Singularity Complete was fairly new to the marketplace. We got quite a good deal as an early adopter. They have honored that and respected that we were an early adopter, and I feel we are still getting a very good price.

It is definitely worth considering. It is definitely up there with the best of them now. A few years ago, it probably was not. It was in the early stages, but now, it gives us everything that we need today. They invest heavily in the platform. That is important as well. If you buy it today, in a year or two, you will get a lot more features for your money.

It is quite mature now. Over the two and a half years that I have been using it, there have been numerous feature enhancements. As a basic endpoint detection response, it is very mature, and it now has other features, such as the Ranger functionality and automation, on top of it. It is a very mature offering now.

When it comes to integrations, I do not know about any tools that I have used with Singularity Complete. We just bought Wiz.io for our company, and I understand that SentinelOne links to Wiz.io. I have not personally used it, but I will be using it soon. From what I understand, it is going to be quite useful because if we detect an incident or an alert on a cloud system that Wiz.io manages and has visibility of, we can then get more information about that cloud system. For example, it could say, "We detected that this vulnerability attempt has been made, or one of the exploit attempts has been made on your system." We then get all of this information from Wiz.io which says, "Actually, the system is not vulnerable to that vulnerability." At that point, we would think that we do not need to worry as much, but we are going to see the investigations. 

In terms of its ability to ingest and correlate across our security solution, we do not necessarily ingest into Singularity Complete, but we ingest Singularity Complete into our central SIEM. It is very difficult to ingest data into that SIEM.

Overall, I would rate SentinelOne Singularity Complete an eight out of ten.

We use SentinelOne Singularity Complete as the antivirus for our computers.

We wanted a solution that could maintain the protection of our computers so we implemented SentinelOne Singularity Complete.

SentinelOne Singularity Complete is a lightweight application with a quick threat response.

Singularity Complete has helped reduce our alerts with prompt responses.

Singularity Complete has freed up several hours of our staff's time each week, allowing them to focus on other projects. They no longer need to manually monitor hundreds of computers, as they now have a single dashboard to manage them.

It has reduced our MTTD through prompt action taken against the vulnerability or threat.

It has also reduced our MTTR through quick notifications that allow us to respond within minutes.

Singularity Complete has helped us reduce our organizational risk.

The management dashboard is the most valuable feature.

The most difficult part of using Singularity Complete is logging in, as they often update the management console. I don't know if our accounts become disassociated or what the deal is, but if we don't log in within a certain amount of time, we have to go through a password reset or account reset process.

I have been using SentinelOne Singularity Complete for around five years.

SentinelOne Singularity Complete is stable with no downtime.

SentinelOne Singularity Complete is scalable.

The technical support team is prompt.

Positive

The price is fair for what we are getting.

I would rate SentinelOne Singularity Complete nine out of ten.

SentinelOne is very mature. It's a lightweight application that does not waste a lot of resources, and the quality is definitely good.

Singularity Complete is a self-sustained standalone application that updates to the cloud. Every computer checks in and updates as needed.

I manage our future application deployments and ensure that Singularity Complete is automatically pushed out and kept up to date.

SentinelOne is a good overall security partner.

It's always worth testing out different solutions and finding the one that works for each organization. But as far as SentinelOne Singularity Complete goes, it's been an easy process for our organization and I recommend it to others.

We mostly use SentinelOne to protect our computers and know which users are logging in.

SentinelOne gives the end-user and our IT staff a level of security, knowing that when they're downloading something, talking to a client, or looking at email, their computer is secure. And if, God forbid, they click on the wrong link or download the wrong item, SentinelOne will step in and block anything from happening.

The simplicity of the solution is key. There's only one portal to look at. I don't have to jump around to a couple of programs or combine multiple programs into one. It provides ease of management for me and my team.

And with Singularity, I don't have to worry as much about scanning. It has taken some of my daily activities away, such as system scans, identity scans, and making sure that everything is updated. Also, I now don't have to manually update anything on the laptops for security. The fact that SentinelOne can do that automatically has given me time back in my day.

It saves us at least a couple hours a week, and more if we need to do a full upgrade. If we're doing a full upgrade and have to update every SentinelOne client or any endpoint protection, it could take a day to touch every computer. Now, it takes five minutes to make a policy and push it. It all depends on what the day's workload is, but it definitely saves us time.

In terms of reducing alerts, that did not happen at the beginning, but now that we have it fine-tuned, I don't get as many false alerts. It has really dialed itself in to know what issues to look for. We're not getting spammed with insignificant stuff anymore. It definitely took some time to figure out the alert system and how to make the emails work for us. But now that we have it running, I know that when I get a notification that it's a real one.

And it has reduced our mean time to detect because I don't have to detect. It does it for me. And similarly, for our mean time to respond, it's definitely quicker because I get the email notification right away, and it becomes a priority in our ticketing queue from the notification. Once that comes in, someone on my team stops what they're doing and looks at the alert set. Nothing will sit on the network for long now with it scanning all the time.

It has reduced our organizational risk.

The alerting features are the most valuable. We know that when something goes wrong, we get alerted instantly. That gives us a leg up. Even before the user knows what's happening, we're being alerted to step in and stop anything catastrophic from happening.

I would like to see a better mobile app so that I could look through my phone at the alerts and not have to go to the website. They should make it a little more mobile-accessible.

We have been using SentinelOne Singularity for about a year and a half.

There have been no issues at all.

Scaling is easy. It's not hard to expand it at this point.

When I contacted their technical support, the experience was okay. They fixed the issue. It was just a matter of getting to the right person.

I would rate SentinelOne highly as a strategic security partner. For any issues we had, they have been responsive, talking to the vigilance team and high-level teams. Again, it always comes down to finding the right person. It takes time to get to the right person, but once we get there, it's fine. They are able to help with our needs.

Positive

We previously used Sophos. We switched to Singularity because it's simpler, easier to use, and rated higher.

When looking at the quality and maturity of Singularity, it's a great program. Depending on what program you are coming from, there might be a little learning curve, but once you get past that, it's easy to use, and it becomes very intuitive after some time.

It took some time to figure out how to make the deployment work, to get it on everyone's computers, and to get the organization to fully adopt it, but it really wasn't hard in the long run now that we have it deployed.

There is no maintenance involved on our end. I can push policies during the day to upgrade the clients.

We did it in-house. The implementation was done by me and four other guys.

We did have training, but they didn't help with the deployment. They just showed us how to use the program itself.

The pricing is reasonable. It may be a little high, but it's on par with everything out there.

I wish the more users you have, the better the price would be.

We looked at CrowdStrike.

We have SentinelOne deployed through Intune, but we use the cloud login to work on any alerts or events that pop up. When new SentinelOne updates are available, we log into the cloud portal, make a new batch, and just send out the update automatically to all 400 clients that we have. If any events or errors show up, we go through the normal process. We let the vigilance team look at them, remove the computer from the network if need be, isolate it, and do our normal due diligence on what the error or the event is telling us.

We're very happy with the SentinelOne platform, so we haven't looked at anything else recently.

We use it at our enterprise to protect all of our endpoints. We needed an EDR tool, and this product was one of the top options that we looked at at the time.

We definitely get a lot more insights into incidents. When we get an alert, we can go a lot deeper into the information and investigate.

The deep visibility is really important for us. With it, we can really look deep into some of the incidents.

Singularity's interoperability with other SentinelOne is okay. It does an okay job. We can tie it into some of our other tools. 

The solution's ability to ingest and correlate across our security solutions is okay. We can tie it into messaging solutions so that we can get alerts directly rather than logging into the console. 

It reduces alerts. There are not a lot fewer false positives. I'm not sure the percentage it has reduced, however in comparison to before, it is definitely less. 

The product does save a lot of time and we are able to get to tasks and respond quicker. It's helped reduce our mean time to respond.

It's helped us save costs in some areas. It would be based on hours saved. While the solution itself is a little more expensive, operationally, it helps us reduce costs. 

We did use the Ranger functionality. However, there was some scanning going on and it caused a lot of noise, so we had to disable it.

The remote console is currently an add-on. Having the remote console without having to pay a huge fee would be ideal. They could reduce the cost a lot.

There was an issue a few months ago where the agent kept getting shut off, however, now there's a newer agent and that's not happening anymore. 

I've used the solution for almost two years now. 

The stability has gotten better and better over the last two years.

The solution is deployed across 2,000 machines in four properties. 

It can scale well. We keep deploying it further and it works. 

Technical support does a good job. I've never had to work with support a ton. They do a decent job. 

Positive

We had previously used a few solutions, including FireEye and Endgame. We left Endgame when they got bought out shortly after we bought them and it felt stagnant. 

The deployment was pretty straightforward. We deployed it originally in a reduced state until we had an outline for a majority of machines when we could protect the environment better. 

We had two or three staff members who handled the deployment. 

There is some maintenance required. We do have to monitor and fix agents and occasionally update the product. There are two to three people who perform occasional maintenance duties. 

We set up the product ourselves. 

We have witnessed an ROI, although I can't speak to the exact number or percentage. 

I don't have any visibility on the pricing. 

We did evaluate other options. We looked into CrowdStrike and SentinelOne and maybe one other option, however, it wasn't considered very long. We demoed CrowdStrike and went with SentinelOne as it was more user-friendly and had a better flow. CrowdStrike felt thrown together and was hard to navigate. 

SentinelOne's ability to be innovative is good. They've done a good job. Over the last two years, the product has continued to improve, change, and add valuable features. 

The quality of the product is good. It feels mature and is well-developed. I don't have any concerns with its technology. 

They are a good strategic security partner. They are a growing company and one of the leading EDR tools in the space. 

I'd rate the solution nine out of ten. I would recommend it to others. 

Initially, we had only detection and response on each endpoint where we installed the agent. Now, we are expanding from detection and response to action. For example, if it finds something on the endpoint, it will not only detect and report it, but it will also respond and block it or isolate the endpoint.

It's all about protecting our endpoints and devices, including servers, Windows and Mac machines, whether laptops or desktops.

As a security guy, I don't need to have a VMware or Windows expert help me deploy this environment because it's purely cloud-based.

We had Trend Micro with an on-prem server from which we were pushing updates on a daily basis. We have connectivity between our head office and regional offices, but if that connection was overutilized, those updates would not be pushed in a timely manner. Now we don't have that issue. A laptop, for example, just pulls the updates automatically, and they don't need to come through a congested connection.

Overall, it has reduced our risk by 50 to 60 percent.

It is purely cloud-based, meaning you don't need to have something installed, such as a server on-prem. You have cloud management and can access it from anywhere, with integration with SSO, with one click. It's also very lightweight. It provides granular control as it is cloud-based, and there is no on-prem hardware or software to manage.

It protects against malware, suspicious activities, and suspicious people on the endpoint itself. The endpoint can be a user machine, a server, or an IoT device.

Another feature I like is that when there are indicators of compromise, such as hash files, IP addresses, or domain names, you can add them straight away with one click, and, boom, everyone will have them blocked right away.

The detection is very good and very fast. Once we install it, files or malicious software that are installed on the system are quarantined or deleted right away. The response is also fast.

We have many old machines with outdated software that have been compromised, with malicious software installed on them. It detects all these issues, including that the software is not updated and that they have all these malicious files. It helps us identify those endpoints. All those machines are sent to be upgraded and to have things removed or installed—whatever actions are needed. And for servers that are running software for the business and that can't be upgraded on-the-fly, isolated, or shut down right away, we create an isolated network for them and give access only to the particular users who need them.

Since SentinelOne Hologram was an Attivo Networks product acquired by Microsoft, I have to install a different agent on endpoints for that product. It would be better if the same SentinelOne agent could be used for both the EDR and deception technology. I don't want to have to install an additional agent on all 5,000 of our endpoints. If the SentinelOne EDR agent could be used for both Hologram and SentinelOne, that would be ideal.

It's been a year since we started using this product. We recently extended it to XDR for instant response. We have expanded with SentinelOne EDR.

It is very stable. So far, we haven't faced an issue.

The scalability is a nine out of 10.

The support is excellent.

As a strategic security partner they are a nine out of 10.

Positive

We tried CrowdStrike. The issue with it was that it was not compatible with older iOS and Windows OSes. We have some old servers in our data center that are now undergoing a migration process. On top of that, we have some Windows machines that are running on Windows 8, and it did not support them. We had to switch to SentinelOne since it supports those clients. CrowdStrike is also a very expensive solution.

Trend Micro is not smart; sometimes it's unable to detect malicious files.

SentinelOne is faster. It scans and detects issues and vulnerabilities on endpoints in real time. That's the main thing you look for when it comes to EDR.

The initial deployment was straightforward and simple for us. We just needed to install the agent on the end-user machines, open communication to their cloud URLs through our firewalls, and do some initial configuration on the console with help from their team.

We have a hybrid structure, not only on-prem. We have services running in the cloud as well as on-prem. We have multiple locations across regions and in different countries.

It's not difficult to maintain since it's purely on the cloud. If there are updates, they notify us. That is the maintenance activity. They update our services. Once all the environments move to the cloud, we won't need to worry about maintenance anymore. It depends on the vendor; there's nothing much to do on our end. They push any end-user updates, or they make them available to us and we push them out from the console.

It was not done in-house. We worked directly with SentinelOne support. They provided trial versions for two to three months and assigned SentinelOne engineers to help deploy it on some machines as a PoC. There were three or four people involved in total, including their engineers. After that PoC we bought the product.

We have a SOC solution as well, and we are trying to integrate playbooks. With the SIEM solution, we are able to run multiple playbooks without issues. Using our proxy gateway and detection technology, we have pretty good options to create playbooks without any hard configuration.

The quality and maturity of the solution are excellent. I would recommend SentinelOne.