SentinelOne Singularity Complete offers a ransomware warranty. In the event that any customer is attacked or falls victim to ransomware, they provide compensation of approximately one million dollars. Additionally, they offer 24-hour version monitoring, which allows them to continuously monitor the customer's environment. This monitoring helps them identify the source of any issues or attacks. They conduct thorough investigations to ensure everything is checked properly. Furthermore, they provide threat analysis reports.
Sales Director at CLOUD MIND
Offers MITRE ATT&CK reports, forensic investigation, and ransomware prevention
Pros and Cons
- "The most valuable features are forensic investigation and ransomware prevention."
- "The channel policy has room for improvement."
What is our primary use case?
How has it helped my organization?
SentinelOne Singularity Complete can ingest and correlate data across security solutions. It monitors the entire environment and accesses it in case of any incidents. It performs quarantining and provides detailed information to the customer about the origin of the incident.
It helped us consolidate our security solutions.
SentinelOne Singularity Complete helps reduce false alerts by 60 percent. It has also reduced our MTTD to 60 to 90 seconds.
Our MTTR has been reduced to 40 seconds.
SentinelOne Singularity Complete has saved us costs by preventing ransom attacks that could have cost us millions of dollars in the future.
SentinelOne Singularity Complete has helped reduce our organization's risks by 90 percent.
What is most valuable?
The most valuable features are forensic investigation and ransomware prevention.
What needs improvement?
The channel policy has room for improvement.
Buyer's Guide
SentinelOne Singularity Complete
October 2024
Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete for five years.
What do I think about the stability of the solution?
It is stable.
What do I think about the scalability of the solution?
SentinelOne Singularity Complete is scalable.
How are customer service and support?
The technical support is good.
How would you rate customer service and support?
Positive
What's my experience with pricing, setup cost, and licensing?
SentinelOne Singularity Complete meets all enterprise requirements and is priced accordingly.
What other advice do I have?
I would rate SentinelOne Singularity Complete an eight out of ten. They are a market leader and have been established for a significant period. Additionally, their MITRE ATT&CK reports are quite helpful.
SentinelOne Singularity Complete agent is light and easy to deploy.
SentinelOne Singularity Complete is a mature product that has been in the market since 2011, and the company is well aware of what to do and what not to do.
SentinelOne, as a strategic security partner, is satisfactory.
I recommend SentinelOne Singularity Complete for enterprise organizations with a sufficient budget to invest in their security.
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
CISO at a computer software company with 5,001-10,000 employees
Good integration with third parties, reduces alerts and reduces mean time to respond
Pros and Cons
- "It's a plug-and-play solution that works well with other out of box integrations that we have."
- "There aren't enough reporting capabilities for decision-makers."
What is our primary use case?
We use the solution as an EDR tool. We focus specifically on Linux components and a Linux environment.
What is most valuable?
The threat detection and visibility as well as the migration of the data to our SIM instance has been useful. Doing automation workflows has been excellent.
They have fairly decent integration with third-party tools within their own stack. They have very strong integration with CrowdStrike and Microsoft Defender. They also have connections for Palo Alto Networks and all the tools that we leverage across the firm. These are API connectors, so they are plug-and-play. The login session coordination piece is also fairly robust, which is done with Splunk on the same side.
It's a plug-and-play solution that works well with other out of box integrations that we have. We can move the data from the solution into third-party tools.
It helped us to reduce our alerts. On the the Linux kernel side, we have quite a few different versions of Linux, and hence the alerts that we used to get earlier were a lot more. They are significantly less since they're now managed and controlled through the Singularity platform.
Our mean time to detect has been reduced significantly. We've saved maybe thirty minutes to an hour. Our mean time to respond is a bit better by a few minutes.
What needs improvement?
The reports for the executives who are the decision makers should be better. That would help with product renewal and adding new modules. There aren't enough reporting capabilities for decision-makers.
For how long have I used the solution?
I've used the solution for just under a year.
What do I think about the stability of the solution?
We have not noted any crashing or lagging issues.
How are customer service and support?
They offer fairly decent technical support. We've not had any major challenges with them so far. The support team has been pretty good.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We have CrowdStrike as an EDR tool for Windows, and CrowdStrike did not really support our Linux kernels. That's when I did an evaluation with different vendors, and Singularity was able to support our Linux kernels.
How was the initial setup?
I was involved in the deployment. It was a straightforward deployment. We had six people handling the deployment.
We have not had a need for maintenance just yet.
What about the implementation team?
We used our own internal IT team for the implementation.
What's my experience with pricing, setup cost, and licensing?
The product's pricing is at par with what you see among major competitors. It's higher than McAfee, yet cheaper than CrowdStrike.
What other advice do I have?
It allows us to be innovative. It's fairly robust and one of the main leaders in the space. It's a pretty strong offering compared to others in the market. It is a quality product.
It's important to test it first to see if the solution works well for your firm. I'd advise people to validate and test it out thoroughly. Bringing in a solution is not that difficult, however, ripping and replacing a solution is hard, so you want to avoid regretting any decisions.
The solution is a helpful strategic security partner.
I'd rate the solution an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
SentinelOne Singularity Complete
October 2024
Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.
SecOps Lead at a tech services company with 201-500 employees
Offers a centralized dashboard to respond from, saves us time, and reduces alerts
Pros and Cons
- "I like the centralized management with the web dashboard."
- "SentinelOne should include Ranger Pro out of the box with Singularity Complete."
What is our primary use case?
We use SentinelOne Singularity Complete for the EDR piece, and we have it installed everywhere.
How has it helped my organization?
Singularity Complete works well with other SentinelOne solutions. We must make sure to whitelist the right binary with other tools, and that is all.
The ability to ingest and correlate data across our security operations is good. We can send all of the events to our SIEM system, or we can use Singularity Complete's built-in SIEM functionality. I believe the retention period is 14 days by default, but we purchased the additional package that allows us to store data for longer.
Ranger is a great tool that lets us see what's on our network which is extremely important. It pings other devices on the network and tells us what kind of devices they are. We're big fans of Ranger!
Ranger does not require any new agents, hardware, or network changes. It automatically starts mapping out the network, which is great for us.
Ranger helps prevent vulnerable devices from becoming compromised by alerting us to their presence. This allows us to proactively install SentinelOne on these devices, which is a very helpful tool.
SentinelOne Singularity Complete has helped improve our organization by preventing hacks and providing us with visibility into our devices through the Deep Visibility plugin that we have enabled.
It has reduced the number of alerts we receive by 80 percent. We spent the first six months tuning the workflow of different admins and users, and after that, we only received alerts that required action.
It has helped free up our staff to work on other projects and tasks. They now only receive actionable alerts, without any false positives, which saves them a few hours per week.
Singularity Complete has reduced our MTTD by 40 percent.
Singularity Complete has helped reduce our MTTR. We are alerted right away and we can access the dashboard and respond from there quickly.
What is most valuable?
I like the centralized management with the web dashboard. It allows me to quickly view incidents and see what's happening in a well-organized way. I can also easily query different points.
What needs improvement?
SentinelOne should include Ranger Pro out of the box with Singularity Complete.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete for one and a half years.
What do I think about the stability of the solution?
We have run SentinelOne Singularity Complete on many different machines without any stability issues.
What do I think about the scalability of the solution?
SentinelOne Singularity Complete is scalable.
How are customer service and support?
We've had nothing but fantastic things to say about the support. Our technical account manager is great, and the support staff has been very helpful. We've also been onboarded with SentinelOne Singularity Complete, and everyone from the account manager all the way down to the support engineer has been excellent.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We replaced Symantec Endpoint Security Complete with SentinelOne Singularity Complete to improve our security posture because Symantec was outdated.
How was the initial setup?
The initial setup was straightforward and required six people for deployment, which took a few weeks to complete. Some teams took a little longer to figure out their deployment, but we deployed the whole system enterprise-wide within a month or two.
What other advice do I have?
I would rate SentinelOne Singularity Complete nine out of ten.
SentinelOne Singularity Complete is a mature solution.
We have deployed SentinelOne Singularity Complete across multiple locations, departments, and operating systems, including Windows, Linux, and Mac. We have around one thousand endpoints.
The only maintenance required is the package updates that are released to keep the solution up to date. The cloud version is automatically updated by SentinelOne support, which manages it. The agents themselves must be updated manually which I do by clicking on them.
I recommend completing a POC to ensure SentinelOne Singularity Complete is a good fit before moving forward.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Information Security Analyst at Point Loma Nazarene University
Helps reduce our threat detection time, response time, and improve our security
Pros and Cons
- "I find the application inventory feature to be extremely useful."
- "Although the SentinelOne firewall seems to offer potential benefits, in reality, it hasn't proven to be very helpful."
What is our primary use case?
We use SentinelOne Singularity Complete to manage incidents that come in.
How has it helped my organization?
We wanted a solution that could help protect all of our endpoints. SentinelOne Singularity Complete is on all of our servers, and all of our endpoints, to protect against threats to the university.
SentinelOne Singularity Complete has aided our organization by offering a centralized platform for comprehensive visibility. It has enabled us to conveniently monitor all threats and manage our devices through the antivirus, all within a single interface.
SentinelOne Singularity Complete has certainly reduced the number of alerts over the past two years in my experience. We receive very few alerts now, which is excellent.
It has helped us free up our time to focus on other tasks. The solution is very helpful for configuring various exclusions. This ensures that the alerts we do receive, which are false positives, will not pester us in the future. This definitely provides us with more freedom and time to work on other matters.
Singularity Complete has helped reduce our MTTD and our MTTR, which is now just a few minutes after detection.
It has helped our organization save costs.
Singularity has certainly reduced the risk for our organization. With its installation across all endpoints and servers, we are confident that it will effectively protect us against malware or intrusions attempting to breach our environment.
What is most valuable?
I find the application inventory feature to be extremely useful. We utilize GreenMile for MAC management, and it's not as straightforward to locate the inventory of the applications installed on our computers. As a result, I have been using the application inventory feature more frequently to accurately identify the programs installed on each machine.
What needs improvement?
One aspect to consider is the SentinelOne network firewall they have in place. I believe they implemented it approximately a year ago. Initially, we faced challenges during the setup phase, which consumed a considerable amount of time. Although the SentinelOne firewall seems to offer potential benefits, in reality, it hasn't proven to be very helpful. While the idea behind it appears promising, I think SentinelOne should consider removing it.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete for almost two years.
What do I think about the stability of the solution?
Singularity Complete is stable and I have not seen any downtime.
What do I think about the scalability of the solution?
We don't possess as many endpoints in comparison to, I suppose, other companies and universities. However, I believe that if we were to double them today, scaling Singularity Complete would become quite effortless.
How are customer service and support?
The times I've contacted customer support, it has been really good. There was only one instance when the support was very poor. However, after my concern was escalated to a supervisor or someone on the management team, my issue was resolved. So, I believe that was the only occurrence out of numerous customer interactions.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We previously used ESET.
What other advice do I have?
I would rate SentinelOne Singularity Complete a nine out of ten.
We currently only have a couple of integrations with Singularity Complete. I believe there is potential for more integration. As of now, we have only installed two apps that integrate with Singularity Complete.
No maintenance is required from our end.
SentinelOne is excellent as a strategic security partner. There have been numerous advancements, and since I began using the platform two years ago, they have undergone substantial changes. They have introduced many new features, and I have witnessed significant company growth over the past two years.
I suggest examining the various features available in SentinelOne's complete version. We have experienced numerous advantages with it. Often, when SentinelOne introduces new features, we don't notice them until they are fully developed. It's beneficial to explore some of the new features that are in beta. This allows us to experiment with them and assess how they can enhance our environment.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Offers advantages like real-time detection
Pros and Cons
- "The XDR capability is quite good."
- "The solution should include USB blocking for specific machines."
What is our primary use case?
Our company serves as resellers and solution engineers for our enterprise customers. We deploy and support the solution in customer environments.
What is most valuable?
The XDR capability is quite good and offers advantages such as its real-time detection that is superior to CrowdStrike. I hear that face detection capabilities have also been added.
What needs improvement?
The dashboard should include troubleshooting because it can have problems.
Sometimes, the XDR does not configure its policies for data security on time.
The XDR should include ECI compliance, multiple data securities, and the load balancer for network firewalls under one umbrella. It would be beneficial to buy a salient solution that does everything.
The cloud side could be improved to include security, advanced integrations with other products, storage accounts, monitoring, and support.
The solution should include USB blocking for specific machines.
For how long have I used the solution?
I have been using the solution for one year.
What do I think about the stability of the solution?
The solution is stable with no issues.
What do I think about the scalability of the solution?
The solution is scalable.
How are customer service and support?
The technical support is half and half. They offer good support but response time is slow. Sometimes, you have to contact multiple engineers to get good information and that is a challenge.
How would you rate customer service and support?
Neutral
What about the implementation team?
We deploy the solution for customers.
Which other solutions did I evaluate?
The solution's XDR is superior to CrowdStrike.
What other advice do I have?
I am satisfied with the solution and rate it an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Information Security Engineer at Cybervergent
Protects endpoints, reasonably priced, and provides network and asset visibility
Pros and Cons
- "The Ranger feature is valuable."
- "The product must provide the ability to update applications from the SentinelOne Management Console."
What is our primary use case?
We use the solution for endpoint protection. Our clients are fintech companies, banks, and other organizations. The tool helps to pick up malicious files in the endpoint and protects the endpoint.
What is most valuable?
The Ranger feature is valuable. It helps us manage variable assets in our environment. The endpoints and nodes have SentinelOne engines on them.
What needs improvement?
The product must provide the ability to update applications from the SentinelOne Management Console. Using SentinelOne Management Console to patch applications will be quite useful.
For how long have I used the solution?
I have been using the solution for 3 years.
What do I think about the stability of the solution?
I rate the solution's stability 7 out of 10. I've only had issues with the agents once. I reported it through the management console.
What do I think about the scalability of the solution?
We use the solution in endpoints in different departments across the organization. The tool does not require maintenance. We can auto-update it from SentinelOne Management Console. We can push the auto-update agent from the console. I rate the solution's scalability 9 out of 10.
How are customer service and support?
The support personnel always want to share links instead of joining sessions. Getting them on sessions that would probably help resolve the situation is quite hard. They don't always want to do it. That's the only issue I have with them. When we raise a support case, they get back to us and point us to a link to a community guide or solution. They don't respond quickly if the problem requires us to join a virtual session.
How would you rate customer service and support?
Neutral
How was the initial setup?
The initial setup is not complex. The deployment takes about 30 minutes. It is quite fast.
What was our ROI?
Our customers have seen an ROI on the product. It takes them 4 months to see ROI.
What's my experience with pricing, setup cost, and licensing?
The tool's price is reasonable.
What other advice do I have?
We are partners and resellers. Singularity Complete’s interoperability with other SentinelOne solutions is fine. I've been able to push logs into our SIEM solution. We used our API. It was quite easy to do. The API token expires, so we have to regenerate and integrate it.
The solution’s ability to ingest and correlate across security solutions is quite fast. I don't have any issues with it. The Ranger functionality provides network and asset visibility. It's quite important. We can identify when endpoints that are not permitted or allowed on the network are active. It helps us isolate or deploy an agent on the endpoints. It's quite useful.
Ranger requires no new agents, hardware, or network changes. It is used for existing agents or endpoints. We can also identify neighboring endpoints that do not have agents. It's easy because we do not have to do any additional configurations. It leverages the current agents that we have deployed across endpoints. It's a good feature. We need not deploy another agent to work for Ranger.
A computer that doesn't have an agent is vulnerable to exploits. When Ranger helps to find the computer and network, it helps to prevent vulnerable devices from becoming compromised. We can identify and isolate the computer and deploy the agent on it. Singularity Complete does not reduce alerts.
The solution saves deployment time. We can push agents from the management console to the endpoint. It will save us time from physically going to the endpoint and installing the agent ourselves. The product reduces MTTD by 20%. The product reduces MTTR by 20%.
If an endpoint gets compromised, we will have to spend money. The tool generally helps us stay safe and protects computers. Thus, the solution reduces costs in the long run. Unprotected endpoints are risky endpoints. Singularity Complete has helped reduce our organizational risk.
Singularity Complete is quite a good tool. I'm quite confident in its ability to detect threats. It is good to have SentinelOne as a strategic security partner. People planning to use the tool must go for it. It's a good solution. It does what it claims.
Overall, I rate the product 8 out of 10.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller/Partner
Last updated: Apr 16, 2024
Flag as inappropriateIT Solutions Specialist at a non-tech company with 11-50 employees
Great real-time alerts, deep visibility, and threat-hunting modules
Pros and Cons
- "I am particularly interested in the new app vulnerability module that is included with the Singularity Complete edition."
- "I would appreciate it if they would consider providing a comprehensive vulnerability assessment report that goes beyond just application vulnerabilities."
What is our primary use case?
We deploy SentinelOne Singularity Complete as an EDR on our customers' endpoints for real-time monitoring and incident response.
How has it helped my organization?
SentinelOne Singularity Complete has reduced our alerts by up to 15 percent.
SentinelOne Singularity Complete has enabled our staff to redirect their time toward other projects and responsibilities. We do not have a dedicated SOC team, but we utilize SentinelOne to manage security incidents. The incident volume is manageable for our team to handle, and we do not require full-time staff solely dedicated to security tasks. Instead, we rotate incident management and response responsibilities among our team members.
SentinelOne Singularity Complete has reduced our MTTD and MTTR. The initial and immediate response required to collect foreign evidence or logs is handled by SentinelOne. This provides us with the locations or parts where the infection spread and where the incident originated, which helps us in troubleshooting or at least getting a vague idea of where to start. We can then dive into the threat setting to see what kind of information we can gather from the logs. So, I would say that SentinelOne has assisted us in this way. Additionally, we have Proofpoint in our environment because we use it as a backup defense.
What is most valuable?
The real-time alerts, deep visibility, and threat-hunting modules are the most valuable features.
I am particularly interested in the new app vulnerability module that is included with the Singularity Complete edition. We are currently evaluating its capabilities to determine its suitability for our needs.
What needs improvement?
Given that SentinelOne is primarily a host-based intrusion prevention system, I would appreciate it if they would consider providing a comprehensive vulnerability assessment report that goes beyond just application vulnerabilities. Currently, the scope of the vulnerability assessment seems limited, and I don't believe it adequately covers the full spectrum of vulnerabilities that may exist on endpoints. This is a capability that I feel SentinelOne is still lacking, and it's the reason why users still need to rely on other tools for certain isolated cases. If SentinelOne could provide this functionality, it would eliminate the need to look beyond their solution for vulnerability assessment. Apart from the vApp component of Singularity Complete, I believe SentinelOne is already excelling in other areas. However, this is one area where I believe they could introduce additional features to make SentinelOne a truly comprehensive security solution.
I would like to generate a vulnerability assessment report that leverages the national vulnerability database or, if possible, calculates the CDSS score by conducting an endpoint assessment using the SentinelOne agent that is already deployed and resides on endpoints 24/7. I prefer not to deploy additional applications solely for information gathering, as the SentinelOne agent provides ample data for this purpose.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete for three years.
What do I think about the stability of the solution?
I would rate the stability of SentinelOne Singularity Complete nine out of ten.
What do I think about the scalability of the solution?
I would rate the scalability of SentinelOne Singularity Complete nine out of ten. I have not encountered any issues when deploying for our clients.
How are customer service and support?
The technical support is generally good, but there are instances when they need to consult with the development team before providing a resolution, which is understandable. However, there have been occasional issues with the IVR system not functioning properly.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have experience using Cisco Nexus and the Nmap Scripting Engine to identify vulnerabilities and strengthen security postures. I have also used Wazuh, primarily for its comprehensive PCIBSS SOC and GDPR compliance reports, which provide detailed vulnerability listings and mitigation strategies. I believe this focus on compliance is crucial as cybersecurity standards become increasingly mandatory for businesses.
We discontinued using Wazuh because we were unwilling to pay $25,000 annually for a product that provided only CIS benchmark support, a basic vulnerability report, and essentially replicated capabilities we already possessed. I believe a Nexus subscription would be a more cost-effective alternative, costing only a quarter of Wazuh's price while still fulfilling our vApp exercise logging requirements. I am capable of conducting vulnerability assessments, applying patches, re-scanning for vulnerabilities, and proceeding to penetration testing. Our primary goal is to provide vApp capabilities to our clients, and that is where we are seeking a solution. If SentinelOne offered this functionality, we would not need to explore alternative options. However, since SentinelOne lacks this crucial capability, we must seek solutions elsewhere.
How was the initial setup?
The deployment is straightforward. We have scripts to do the automatic installation while onboarding. The deployment takes no more than ten minutes.
What other advice do I have?
I would rate SentinelOne Singularity Complete eight out of ten. I've been using the solution for three years now. It's been generally reliable, but certain capabilities are needed in today's environment that are lacking.
Our clients primarily utilize Office365, we also assess Microsoft Defender for 365 to ascertain if it might be a more viable option, especially if clients intend to enroll with Intune and MDM. This option would be more cost-effective as it is already included within their existing licenses.
Most of our clients are small to medium-sized businesses. This is why the logs and the number of endpoints are not very high. So, unless we specifically require the use of Ranger, we don't need it. However, cybersecurity compliance standards are becoming increasingly stringent. As a result, we are looking into obtaining a solution that can help us perform at least the vulnerability assessment and patching tasks, along with complaint handling.
SentinelOne is an innovative cybersecurity solution. In terms of reputation, SentinelOne excels, particularly in passing third-party and independent audits. Having SentinelOne in our environment gives us the confidence to say that our EDR capabilities are well-managed. So, in that regard, SentinelOne is outstanding. Feature-wise, while SentinelOne's patch and new feature releases aren't always perfect, I would rate them an eight out of ten.
SentinelOne is a well-established product in the market. The addition of new features and modules to the existing platform is a significant step forward. The positive reviews of the product further reinforce its value.
The maintenance revolves around moving to the next stable version. Our standard practice is to always test the version before rolling it out. Therefore, internally, we generally update all the endpoints as soon as we have identified the next stable version. This is the only maintenance that is required, as we are using the cloud version.
SentinelOne is a reliable tool that we rely on. However, when it comes to strategic solutions, we need a tool that can provide us with the capabilities to have a broader discussion with the company's management. I'm not sure if SentinelOne can export reports that could be presented to upper management. If we are seeking management approval for a security budget, we can't simply base our conversation on an EDR solution. We need to address a wider range of security concerns as well. Another drawback of SentinelOne is its lack of support for SysLog from network devices. This is a limitation that often leads people to consider integrating SentinelOne with other solutions, such as a SIEM. My feedback is that if I have to deploy SentinelOne and pay $70,000, I would expect it to provide comprehensive capabilities so that I don't need to look for additional solutions. Otherwise, it becomes tough for technicians and the company as a whole to manage multiple solutions for different security modules.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Chief Innovation Officer
Integrates well, reduces organizational risk, and saves our staff time
Pros and Cons
- "The most valuable aspect of SentinelOne Singularity Complete is the protection it provides."
- "Everything is now offered as a service, so the console and the licensing model can be improved to make things easier, especially when updating new versions of the software."
What is our primary use case?
We use SentinelOne Singularity Complete to protect all of our servers and cloud workloads, whether they are on-premises or hosted in the cloud.
We were transitioning from our legacy antivirus protection system, which required a lot of overhead to maintain, ensure they were up to date, and verify their performance. It also tended to hurt system performance. We therefore sought to move to a modern EDR solution that did not rely on that type of outdated technology. We migrated to SentinelOne, which gave us better protection without the adverse consequences of legacy AV products.
SentinelOne Singularity Complete is deployed on workstations, data centers, servers in the public cloud, and all of our mobile devices, which are very numerous.
How has it helped my organization?
The integration between SentinelOne and IBM QRadar, our security operation center SIEM, is important and works extremely well. It means that if there are any alerts on the SentinelOne platform, they will be sent to QRadar, where a stack analyst will review them. This allows us to start working on incidents quickly, without having to have people continuously monitoring the SentinelOne console. Another benefit of the integration is that it makes it easy to deploy new or upgraded versions of the SentinelOne software to all of our endpoints and servers. We simply notify the data center run by the customer success team, and they take care of the deployment. This eliminates the need for IT overhead to keep everything up to date, which is important from a governance perspective.
The integration with other SentinelOne products and third-party tools is very good.
SentinelOne Singularity Complete's ability to ingest and correlate data from our other security solutions is good. If we look at a diagram of our security operation systems, we can see that the SIEM is at the center of everything. All other products, such as SentinelOne, Chain, patch management, and abnormal security for email, feed into the SIEM, which is where the stack measures everything. Therefore, SentinelOne does not integrate with other solutions directly, but rather through the SIEM.
In the three years since we began using SentinelOne Singularity Complete, we have not had a major security incident. We have observed malware entering browsers through websites, but SentinelOne has always dealt with it effectively. Therefore, we see the benefits of the platform in the absence of any significant events. As long as SentinelOne Singularity Complete continues to operate quietly, we are happy with its performance.
SentinelOne Singularity Complete alerts when it should, and those alerts are sent to the SIEM. I don't approach EDR or SentinelOne from the perspective of wanting to reduce alerts, because I want those alerts. I rely on peripheral systems like SentinelOne to always tell the SIEM anything it needs to know. So, I'm not approaching this from an alert minimization perspective. Instead, I approach it from this perspective: If we have a high, medium, or low alert, it's up to us to decide how we're feeding our highest rate and mediums, but we don't need to feed in the lowest alerts because we don't see the benefit of that. It's up to us to make that judgment. And obviously, our high and medium alerts will be smaller, and our lows will be higher. It's up to the customer to decide how much they want to send over to the team.
SentinelOne Singularity Complete has helped free up our staff time around one day per week.
SentinelOne Singularity Complete helps reduce our MTTD.
SentinelOne Singularity Complete has reduced our MTTR by 25 percent. It is a more reliable product, so we receive alerts and respond to them more quickly than we did with the previous product.
SentinelOne Singularity Complete has reduced our organizational risks by five percent.
What is most valuable?
The most valuable aspect of SentinelOne Singularity Complete is the protection it provides. We get endpoint protection without the IT team workloads and the negative impact on end-user rotation servers. This is because of the way SentinelOne has implemented the technology.
What needs improvement?
One of my criticisms of SentinelOne is the Ranger functionality. If Ranger were part of the core product, we would be able to identify endpoints or servers that need to be protected with our licenses. However, to get Ranger, we need to buy more licenses, which doubles our costs. I would like to have Ranger, but I challenge the way that SentinelOne licenses it. I believe that Ranger should be a core part of the product. If we run Ranger today and find that 100 devices on our network are not protected by SentinelOne, we would then need to add on those 100 licenses to cover them.
The licensing model is too complex, whether we agree with all parts of it or not. Everything is now offered as a service, so the console and the licensing model can be improved to make things easier, especially when updating new versions of the software.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete for three years.
What do I think about the stability of the solution?
SentinelOne Singularity Complete is stable.
What do I think about the scalability of the solution?
SentinelOne Singularity Complete is highly scalable.
How are customer service and support?
We are happy with SentinelOne's technical support.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We previously used a legacy solution. The migration over to SentinelOne Singularity Complete was relatively trouble-free.
How was the initial setup?
Once all testing was complete, the deployment was straightforward. Eight part-time employees completed the deployment in three months.
What was our ROI?
The only return on investment we can point to with any EDR is that we have not been attacked.
What's my experience with pricing, setup cost, and licensing?
SentinelOne Singularity Complete is reasonably priced. Compared to other products I've used in the past, such as CrowdStrike, it is significantly less expensive. I can easily find evidence of this price difference, so I believe that SentinelOne is a fairly priced product.
What other advice do I have?
I would rate SentinelOne Singularity Complete eight out of ten.
SentinelOne Singularity Complete is a mature solution of the highest quality.
We have deployed SentinelOne Singularity Complete worldwide in airlines from Australia, throughout Europe, and across Africa in a complex environment.
We have 4,500 endpoints and around ten active users.
The maintenance level for SentinelOne Singularity Complete is relatively low.
SentinelOne is good as a security partner. They do exactly what we expect of them and it protects us.
I would always conduct a proof of concept for these types of products, as each environment is different. Even though SentinelOne Singularity Complete works well, a POC should always be done.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Endpoint Detection and Response (EDR) Endpoint Protection Platform (EPP) Anti-Malware Tools Extended Detection and Response (XDR)Popular Comparisons
CrowdStrike Falcon
Microsoft Defender for Endpoint
Fortinet FortiEDR
Cisco Secure Endpoint
Splunk Enterprise Security
Microsoft Defender for Cloud
Fortinet FortiClient
Cortex XDR by Palo Alto Networks
Microsoft Defender XDR
IBM Security QRadar
Elastic Security
Symantec Endpoint Security
Trend Micro Deep Security
Buyer's Guide
Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the biggest difference between Carbon Black CB Defense, CrowdStrike, and SentinelOne?
- Which is better - SentinelOne or Darktrace?
- What do you recommend to choose when replacing Symantec EDR: SentinelOne or CrowdStirke Falcon?
- Cortex XDR by Palo Alto vs. Sentinel One
- Which solution do you prefer: CrowdStrike Falcon or SentinelOne Singularity Complete?
- Does SentinelOne have a Virtual Patching functionality?
- What is the biggest difference between EPP and EDR products?
- What is the difference between EDR and traditional antivirus?
- What is your recommendation for a 5-star EDR with low resource consumption for a financial services company?
- Which is the best EDR for a logistics company with 500-1000 employees?