SentinelOne Singularity Complete Reviews

We primarily use the solution for security. 

Cyber threats are growing. I have some other colleagues from other companies that have had some attacks. For us, SentinelOne or EDR solution was something appropriate.

It's pretty easy to implement. 

It gives you good visibility of any threats or vulnerabilities that you might have on your network. 

It's very simple to use, and user-friendly as well.

I don't know how complicated it would be, however, a patch solution should be included inside of this. If we find a vulnerability, we should also be capable of patching the PC right away.

Some reports could be better. Sometimes you need to search inside of SentinelOne to get some information. Only then could one be done. 

A daily report would be helpful.

I've been using the solution for six months. 

The software looks to be okay right now. It is very stable. I have no complaints regarding that.

It is very scalable. Most of the software that is on-demand is scalable.

We have about 350 licenses for the solution right now. If the company grows, we will increase usage. 

We use the SUP team that is provided by the provider of SentinelOne. However, I've never directly dealt with them. 

Previously we had an antivirus. That was Kaspersky. However, we didn't have an EDR solution. It can't be really compared. 

Of course, with Kaspersky, now, with what's happening in Ukraine, there has been a break in trust.

The implementation process is quite straightforward. It's not complex at all. 

The deployment process took a maximum of a month. That said, we were doing very slowly since there were some computers that we knew would not have any attacks on it. However, there were others that were using acquisition data. We needed to install it and maybe wait a week to ensure everything conformed, and after that, we patched the rest.

Maybe five or six people are maintaining. However, no one really has to worry about it full-time. Really, only one to two people would be required. 

We did a third-party integration. Another company is hosting SentinelOne. 

Since we are a French company in France, we partnered with a company called Arrange which is our vendor. We did some quotes and found they have a reasonable price for this kind of technology. SentinelOne offers one of the best software quotes and has excellent reviews and everything.

The licensing is done per device.

I'm not directly involved in the licensing process and can't speak to the exact costs. 

This is an on-demand product. We are always on the latest version. 

I'd rate the solution eight out of ten. It's a good product. We like working with it. 

We replaced McAfee's endpoint security with SentinelOne. The vendors we deal with recommended this product, and we had some issues with McAfee, so we decided to switch. It is used for detection, however, detection is very rare. 

The solution is easy to configure. How it detects threats is modern.

It's been pretty good. I have no complaints. It's been working very well.

I like the way that this product works. It doesn't rely on the data file. It checks the behavior of the process to prevent virus or phishing attempts from there.

I like the way it detects threats. It's based on the heavy behavior, not just based on the signatures, and it downloads from a central repository. 

I really like how you manage the endpoints. Their web portal is really nice. I can do everything through the web portal. I can see all the endpoints. I can upgrade them from there. And gives me a nice list of what software is installed on the endpoint as well. The solution will give me recommendations if there are any security vulnerabilities, for example, if the software is missing a patch or something like that. The deep visibility feature is great. If there's an incident, I can deep dive into the incident to see where it's coming from and how it affects the endpoints.

The interoperability with other SentinelOne solutions or third-party applications and tools has been pretty good. We haven't had major issues. 

While I'm not sure if the solution helps us with consolidation, their product does improve our overall security posture. We basically just use it as endpoint security. We're not using other products from them altogether. However, this is doing a great job of protecting us.

It has helped to reduce any of our alerts. Ever since we had this product implemented we've had fewer alerts. We had less user involvement as well. Where McAfee used to interfere with the user's daily productivity, SentinelOne does not. That's another thing I'm pretty happy about.

With this product, we can free up our staff for other projects, assignments, and tasks. It's reduced disruption for our users. Therefore, our help desk doesn't have to do as many tickets as when we were with McAfee.

Our mean time to respond to threats is definitely better. If there's anything happening, we get alerts right away via email. McAfee was not instant. We know about threats sooner and we have more time to respond to them.

Singularity helped our organization to save on costs. There's less maintenance compared to McAfee. The price is similar; there's not a big difference. However, we do save time and that translates to money. 

Our organizational risk has been reduced. It's a much better product compared with what we had. If there are any security vulnerabilities, if there's any patch needed, or if there's any known security threat that I should be aware of, I get notified fast.

The quality and maturity of the product are very good. Customers seem happy with them. I'm also happy with the product and its capabilities. 

In the beginning, we had some issues with their product on some of the Windows 32-bit operating systems. However, that was only on a special group of computers as we have our own special software. Other than that, for other computers and servers, we had no issue at all.

The web portal needs improvement. Sometimes when I go on their web portal and put in the username and password, and then all of a sudden, it says that the web interface has been refreshed. You have to put in the username and password again. It's very minor. Other than that, there isn't anything else I can see.

I've used the solution for proabably over a year. 

Stability-wise, it's very good. I've had no issues at all and I never get complaints from users.

Scaling should be pretty easy. You just push out the agent. That's it. There's a group policy on the web portal and there's not much to manage. 

When I ran into the Windows 32-bit issues, I contacted support. I've also contacted them here or there for a few issues. They are responsive and knowledgeable. I have no complaints. 

Positive

We used McAfee and found how it looked at threats was old school. We wanted to explore new solutions and technologies. A vendor recommended this solution and when we looked at it we found all users are pretty happy with them. 

The deployment was good. We have agents installed on all endpoints. The management portal has a nice interface. We can do everything we need to do from there, which is nice. 

I was involved in the deployment. It was pretty straightforward. You just install the agents and make sure the policy is correct based on the servers or the usage of the endpoint. We only ran into an issue around a 32-bit Windows software system, however, it wasn't anything major. I mostly handled the implementation myself. 

There isn't much maintenance needed. You just need to do version updates. 

I worked with the company that got us the license. We worked together to get the implementation done. 

The price is pretty good. It is reasonable. It's one of the reasons we went with them. Palo Alto, in comparison, was pretty expensive. The price of Cylance was reasonable and somewhere in the middle, however, SentinelOne feature-wise gave us everything we needed for a good price. 

We did look at other options. We looked at CrowdStrike, for example. We also looked at Palo Alto. They had something similar in terms of endpoint security, In the end, we chose SentinelOne. 

I'm a customer and end-user.

We do not use the Ranger functionality. I know it is available, however, it is an extra cost.

In terms of the solution's ability to be innovative, I've only used McAfee and SentinelOne. I can't really say how it compares with Cloudstrike or Proofpoint. That said, compared to McAfee, it can detect threats based on user behavior and not just definitions. It helps monitor software for potential security issues. It's really nice and works very well.

I would recommend the solution to others. 

They make a good strategic partner in terms of security. Their product is the last line of defense for security breaches, and having a good, reliable product on all endpoints is very important to our organization. 

I'd rate the solution nine out of ten overall. The ability to detect threats and the deep visibility on the endpoints is great. I like that it alerts you to patching requirements. It's great that, if a threat appears, we can drill down and see exactly what's going on.

First and foremost, we use SentinelOne Singularity Complete for endpoint detection and response in our company. We do not have any antivirus anymore. We have SentinelOne for the endpoint detection, response, and defense mechanism. This is our primary use case. 

We also have other use cases. I work predominantly in vulnerability management. I sometimes work in the SOC. For vulnerability management, we use it in a number of different ways. We sometimes use it to see which applications and versions are running on systems. We use it for an inventory of applications. We do not use it for vulnerability detection. We have another tool for that, which I believe is more dedicated to technical vulnerabilities. I know there has been some investment in this area, but at the moment, we are not using it for that. 

We also use it for running scripts and automating tasks on systems. In fact, I have been doing a lot of that recently. They have developed their automation and remote ops part, which has been fantastic for us. I have been updating a lot of applications using the scripts that I have deployed with SentinelOne. I love that part of the tool. It makes life a lot easier. 

I sometimes also use it to determine where we may not have other pieces of software on systems. For example, we use a vulnerability tool that runs on an agent. I can use SentinelOne to see whether all of the systems on which we have SentinelOne also have our vulnerability tool agent. If a system does not have it, we can deploy a script from SentinelOne to add the agent. 

We also use Ranger, so we can identify other systems on our network that do not necessarily have SentinelOne agents. That can be quite useful sometimes. Because of Ranger, we have seen a lot of systems that we did not already know about. 

As a part of the endpoint detection response, we ingest logs through our central SIEM. We have a hybrid Security Operations Center. The first line is done by a third party. They have access to the SIEM, and all of the SentinelOne data is ingested into that. When there is an incident or when SentinelOne detects an incident, it gets flagged to the Security Operations Center, and then we start to investigate that incident. Most of the time, if it is a SentinelOne-related incident, we will log in to SentinelOne and use it to investigate the incident. We look at the logs on the endpoint and try to establish whether it is a genuine incident or a false positive, what happened on the system, and why we are getting these alerts.

We use the Ranger functionality. It provides network and asset visibility. It is quite important for us. If we did not have another tool that is doing similar, it would have been extremely important, but we do have a vulnerability management tool that is very similar. It is quite good that it does that automatically out of the box, whereas we have to configure our vulnerability scanning solution to do something like this. The ability to have visibility of the network where we do not necessarily have SentinelOne deployed is very important.

Ranger requires no new agents, hardware, or network changes. This is important for us. It has an advantage over our vulnerability management tool because we have to deploy scanners with our vulnerability management tool, whereas we do not have to deploy anything for SentinelOne Ranger, so in that way, it is a better solution in helping us.

Ranger is very effective in helping to prevent vulnerable devices from becoming compromised. For example, we used Ranger and identified some systems in our data center that we could just log on to. It was not very difficult to get on to those devices. Therefore, it would not have been difficult for anyone else to get on those devices. We did not necessarily have the permission to do so, but we found a way to do that. We managed to get those devices secured, and therefore, increase the security of our systems. That kicked off from Ranger, and that is a good use case.

Singularity Complete has helped free up our staff for other projects and tasks. For example, with automation, I have been able to patch some of our systems, which has freed up time for our help desk team. They do not have to patch some of the systems. It has also been helpful for deploying some of our agents for our other tools. If we deploy through SentinelOne using the script, that frees up our team's time.

Singularity Complete has helped reduce our organizational risk. The previous solution we had was signature-based, so for endpoint detection, it has to know a certain kind of attack before it can detect it or even block it. Because Singularity Complete is more looking at the behavior of running processes and how these processes interact with other processes on the system, it has helped to reduce the risk. We are not relying on static detection signatures. We have got real-time detection. Singularity Complete can detect things that may be the first-ever attack in the world, and we get notified about it. It does reduce the risk.

I work in vulnerability management, and for me, at the moment, its automation is most valuable. For the SOC team, incident visibility would be most valuable, but for me, it is automation.

In automation, if we could schedule when we run the task and on which systems we want to run the task, it would improve automation.

I have been using this solution for two and a half years. I have been using it since I joined this company. 

We have not had any issues with it. It has always worked for me.

It is quite scalable. I do not see anything holding it back in that regard.

My impression of SentinelOne as a strategic security partner is very positive.

In terms of support, for a lot of support requirements, I go through the engineering team. They are very knowledgeable about Singularity Complete, but I did contact SentinelOne's support team recently in July. There was a particular vulnerability that Microsoft had already caught. Microsoft Defender had a setting that would automatically block the vulnerability. I raised the question to SentinelOne support asking whether SentinelOne has the same ability to block the vulnerability. It took me a few times to get them to understand what I was asking, and they could not confirm 100% that it was blocked. They just said that their solution does block vulnerability attempts, but they did not specifically do this particular one. Unfortunately, that interaction was not entirely positive. Overall, I would rate them a seven out of ten.

Neutral

My company had an endpoint solution previously, but I was not with this company before they had Singularity Complete. They already had Singularity Complete when I got here. It was replacing the previous endpoint solution, so I cannot say whether Singularity Complete reduced our alerts or mean time to detect than the previous solution.

I was not involved in its initial deployment. I am with the engineering team. I have deployed SentinelOne on some systems, so I know the process, but I was not involved in deploying it or rolling it out company-wide.

It is in the cloud, but we have SentinelOne agents deployed on our systems. These agents report the data back to the cloud, which gives us the ability to see all of that data.

In terms of maintenance, the team that maintains it performs agent updates. They can be pushed automatically, but our engineering team has decided to not push the updates automatically because they could potentially break something or may not be fully compatible with a current version of, for example, macOS. There is some maintenance in that regard. There is also maintenance in terms of relieving some aged SentinelOne nodes. We might remove those. I would not necessarily call it maintenance, but when we set up particular alerts, we may maintain those alerts based on our requirements at the time. It may be the vulnerability being escalated in the wild, or we might want to set up some sort of detection that can basically detect or indicate any compromise. We maintain all of those rules.

I do not know much about the pricing. What I do know is that the person who negotiates most of the pricing is quite a hard bargainer. In that regard, he often says that he managed to get a very good deal. When we first looked at replacing our old system with Singularity Complete, its price was definitely a big factor. Back then, Singularity Complete was fairly new to the marketplace. We got quite a good deal as an early adopter. They have honored that and respected that we were an early adopter, and I feel we are still getting a very good price.

It is definitely worth considering. It is definitely up there with the best of them now. A few years ago, it probably was not. It was in the early stages, but now, it gives us everything that we need today. They invest heavily in the platform. That is important as well. If you buy it today, in a year or two, you will get a lot more features for your money.

It is quite mature now. Over the two and a half years that I have been using it, there have been numerous feature enhancements. As a basic endpoint detection response, it is very mature, and it now has other features, such as the Ranger functionality and automation, on top of it. It is a very mature offering now.

When it comes to integrations, I do not know about any tools that I have used with Singularity Complete. We just bought Wiz.io for our company, and I understand that SentinelOne links to Wiz.io. I have not personally used it, but I will be using it soon. From what I understand, it is going to be quite useful because if we detect an incident or an alert on a cloud system that Wiz.io manages and has visibility of, we can then get more information about that cloud system. For example, it could say, "We detected that this vulnerability attempt has been made, or one of the exploit attempts has been made on your system." We then get all of this information from Wiz.io which says, "Actually, the system is not vulnerable to that vulnerability." At that point, we would think that we do not need to worry as much, but we are going to see the investigations. 

In terms of its ability to ingest and correlate across our security solution, we do not necessarily ingest into Singularity Complete, but we ingest Singularity Complete into our central SIEM. It is very difficult to ingest data into that SIEM.

Overall, I would rate SentinelOne Singularity Complete an eight out of ten.

We use SentinelOne Singularity Complete for EDR. It is a one-click recovery.

SentinelOne Singularity Complete stands out for its ability to collect logs from any security tool we have, bringing together all our data onto a single, unified console.

The Ranger functionality helps identify vulnerabilities in our environment.

Singularity Complete is a complete security solution that goes beyond just alerts. It provides a dashboard that displays all configured security alerts, including lateral movement, consumer attacks, and any other relevant events, on a single console for easy monitoring and response.

Singularity Complete helps free up our time and has reduced the mean time to detection.

It also helps reduce the mean time to remediation and helps cut our client's costs by 75 percent.

Singularity Complete helps reduce organizational risk and improve compliance.

The most valuable feature of SentinelOne Singularity Complete is the STAR Rules.

While our current remote access to SentinelOne Singularity Complete is achieved through publishing, having a direct GUI interface would be a significant advantage for our user and administrator team. This console access would provide a more intuitive and efficient way to manage the platform.

I have been using SentinelOne Singularity Complete for one and a half years.

I would rate the stability of SentinelOne Singularity Complete nine out of ten.

I would rate the scalability of SentinelOne Singularity Complete ten out of ten.

The technical support is excellent.

Positive

SentinelOne Singularity Complete is reasonably priced.

I would rate SentinelOne Singularity Complete ten out of ten.

SentinelOne Singularity Complete stands out in the EDR market by offering a unique million-dollar guarantee, demonstrating their confidence in the product's ability to effectively protect our systems. This financial backing signifies a strong belief in its performance, something no other EDR vendor currently offers.

SentinelOne Singularity Complete is a zero-maintenance product. It's supported by their management defense research team which is working on the console update as well as the automation of the agent-client updates.

I would recommend SentinelOne Singularity Complete.

We utilize SentinelOne Singularity Complete as our EDR. The solution has replaced our previous solutions, Trend Micro and Symantec antivirus.

The Symantec agent we had before would require almost a reboot every time you would make a change, an agent update, or even sometimes in definitions. None of them were as comprehensive as SentinelOne Singularity Complete regarding threat detection and response. I don't believe any of them had any of the rollback features that are available through SentinelOne.

Overall, having more coverage and confidence in our antivirus is part of our decision to choose SentinelOne Singularity Complete. The other consideration was cost. We were going to upgrade to a more comprehensive threat protection solution either way. We were also looking at CrowdStrike then, and SentinelOne beat it by pricing while offering the protection we were looking for.

The solution's in-place upgrades have been very helpful. Another valuable feature is the ability to set policy exclusions on different scope levels, such as at the site or across all sites. Having the API access and documentation for the API is very valuable. If we needed a feature that didn't already exist in the SentinelOne console, we could cook it up ourselves and have it run whenever we wanted.

I feel like SentinelOne is very locked away from being able to be sold to smaller businesses to self-manage. We did have to jump through a lot of hoops to purchase SentinelOne and have control over it because, most of the time, you're forced to go through a reseller. In our experience, the reseller also wanted to manage it for us.

Unless it's a managed detection and response, that's not adding as much value as adding access outside of our organization that we may not necessarily want. The ability to have more direct purchasing for smaller groups and smaller businesses would be great. However, I understand if that's not part of what SentinelOne wants and is not lucrative for their bottom line.

I have been using SentinelOne Singularity Complete since June 2021.

My only issue with the solution's technical support so far is that we can only communicate via email tickets, not phone calls. However, we've still been able to resolve the majority of issues. Their response time is pretty fair. I wish there were more abilities to conduct a remote session because there are a lot of situations where I will have to get walked through some instructions.

Then I have to give feedback saying that an instruction is unavailable, or I can't do this because this device is in this situation or this mode. There may have to be three or four back-and-forth messages before we can proceed to the next step because it isn't an interactive remote session. It is just email communications with a delay every time, which adds to some frustration.

Suppose there's something that's concerning to us that we really wanted to make sure wasn't a false negative as a threat. While we were worried about it, we would just have to wait for responses and be unable to communicate with anybody.

Neutral

SentinelOne Singularity Complete's initial setup is straightforward.

We did not use an integrator, reseller, or consultant for the solution's deployment. I have had some experience with SentinelOne in the past. We just read through some of the documentation and asked a couple of questions. There was also some information on what other administrators have done to implement the solution.

That has worked well, and things have been pretty smooth sailing since the implementation. I've been pretty happy in that regard, and it wasn't a big pain to replace our existing antivirus solution. Two other guys were involved in the solution's deployment, but I was heading up the task.

We have not seen a return on investment with SentinelOne Singularity Complete because we have not used it. It has just added costs for us that we're not taking advantage of.

SentinelOne Singularity Complete's pricing is not terrible. It's not enough to make us want to move away from using SentinelOne. The solution's pricing is not too bad for what it's offering, like the documentation that comes with it. I feel like it should be an optional add-on for people who may not be using things to integrate or may not want to integrate things.

We have used very little of SentinelOne Singularity Complete's interoperability with other solutions. It has looked like it has been nice because we have been scoping out the use of a managed detection and response and have SentinelOne Singularity Complete plugin with other solutions for log output. There hasn't really been anything we wanted to use that SentinelOne was incompatible with.

I believe SentinelOne Singularity Complete is very capable of ingesting and correlating across our security solutions. I don't think I've seen any solutions that would necessarily outperform it. It's done everything that we've needed it to. Again, we have not used it extensively.

SentinelOne Singularity Complete has not helped us consolidate our security solutions, but that's our choice. We like going into the console and seeing everything within there and the dashboards we already have access to.

I can't say that I think SentinelOne Singularity Complete has helped reduce alerts. We would like to use SentinelOne to correlate our alerts so we're getting alerts from multiple different areas to see what matches up there. Currently, we still have an ad hoc solution where we're looking at different sources for that information because we don't have it all trusting each other yet.

Overall, for supply chain attacks, we're hesitant to give access to other products to our SentinelOne. We just don't want to put all our eggs in one basket, but that's more of a mindset problem than a functionality problem.

SentinelOne Singularity Complete has helped free up our staff for other projects. The solution's automation functionality, notifications, alerts, additions with its API, and custom tools to do what we want have helped me not to have to go in and manually check for things. For example, SentinelOne says they do not need to do static file scans other than when you first install the agent.

Our compliance requires that we still have static agent scans on a regular basis, preferably daily. You can launch those from within the console, but it's not viable for me to log in to the console daily and initiate that. Since there's no ability to schedule that in the future, that was best done with the API script that runs automatically and can give us feedback on how it went.

I believe SentinelOne Singularity Complete has helped reduce our organization's mean time to detect. We get some good context within there of what the threat was. Most of the time, it has pretty good notes regarding what it got flagged for if it's behavior-based, but some static file threats don't show the indicators.

We do not know what to do with some threats or understand what it is. We've been told we would need to get the SentinelOne vigilance or managed detection and response to fill that gap. We have been looking at managed detection and response but haven't put it in place yet.

SentinelOne Singularity Complete has helped reduce our organization's mean time to respond from our previous antivirus solutions. The solution gave us some more context than we had and also the ability to isolate each endpoint. If an endpoint looks scary and we don't know what it's doing exactly, we can cut off all of its internet access except SentinelOne until we feel it's a clean endpoint. SentinelOne Singularity Complete has helped reduce our mean time to respond by 20 minutes.

Singularity Complete has helped reduce our organizational risk. There have been multiple things that could have potentially been an incident, and they were stopped in their tracks by the solution. For that, we've been able to demonstrate the solution's value to our leadership in terms of keeping it.

SentinelOne Singularity Complete has not helped our organization save on its costs. SentinelOne Singularity Complete isn't optional and was forced onto us from the licensing. We didn't really get a choice on whether we wanted those extra features, but we had to pay for the SentinelOne Singularity Complete add-on, which is just a blanket cost.

If it was up to us, we might not have chosen it, but it was not. We don't use many of the features, and many of the things we like are within the basic SentinelOne license.

We earlier used SentinelOne Complete, and then we used SentinelOne Complete with Singularity. There hasn't been a great improvement since we've done that. We haven't used many of its features or had any guidance on recommendations that would be helpful to put into place without having to buy anything else.

Most of the time, if we wanted to use anything in the marketplace, we would have to start paying for something we don't already have or integrate with something we aren't using.

I would say SentinelOne Singularity Complete is pretty mature, and there's a good amount of documentation of details. I would say it's much more mature right now than a year and a half ago when it was introduced. I looked into it then and said there's nothing that looks useful to us here.

Now, there are actually many more applications and things to integrate with it that we didn't have access to before. We're still not using a lot of it. As far as recommending it to somebody else or another company, I am confident that it will plug into all the major utilities and tools you may want.

SentinelOne Singularity Complete requires maintenance, but it's not bad. We need to go into the console and initiate updates for select devices when there are updates available. We need to ensure that we stay within supported and not end-of-life releases of SentinelOne. After those select devices have been tested out and we know there are not many issues with them, I will go ahead and release those to all the other devices we manage in the rolling phases.

That's not too much work. I would not classify it as maintenance, but when detection comes up while using the platform, that works well when we need to check that out. We haven't necessarily caught something that needed to be caught.

I am impressed with what they're doing both for detections for our endpoints and also for the security world at large. A while back, they headed up some of the investigations and publications about the supply chain attack for 3CX software, which was something that we had used and were impacted by. However, thanks to SentinelOne, we did not have any fallout from that attack.

Overall, I rate SentinelOne Singularity Complete an eight out of ten.

We use SentinelOne Singularity Complete as our antivirus and malware detection solution.

Singularity Complete has helped reduce our alerts.

It gives me peace of mind knowing that it patches areas that need it and is always available to hunt for malware in our environment.

Singularity Complete has helped significantly reduce our MTTD. We are notified within the hour of an incident.

It has also helped reduce our MTTR. We are able to respond to an incident within the hour.

Singularity Complete has helped reduce our organizational risk.

Malware detection is valuable. We have had incidents where users have clicked on malicious links and we were able to patch the malware using SentinelOne Singularity Complete before it reached the SIEM. SentinelOne Singularity Complete has become one of my most trusted solutions for hunting malware in our environment.

I have been trying to synchronize SentinelOne Singularity Complete with our SIEM, but it has not been very successful.

SentinelOne's customer service has room for improvement. It is hard to reach them.

I have been using SentinelOne Singularity Complete for two years.

Singularity Complete is stable.

Singularity Complete is scalable.

The support team is hard to get a hold of.

Neutral

Based on a management decision, we switched from CrowdStrike to Singularity Complete.

The initial deployment was complex, but SentinelOne helped with the process and two of our employees were involved.

We used the help of SentinelOne for the implementation.

The license is per user.

I would rate SentinelOne Singularity Complete eight out of ten.

It is a mature and high-quality solution.

SentinelOne Singularity Complete as a tool is good but the support needs a lot of work.

We use the solution as an EDR tool. We focus specifically on Linux components and a Linux environment.

The threat detection and visibility as well as the migration of the data to our SIM instance has been useful. Doing automation workflows has been excellent.

They have fairly decent integration with third-party tools within their own stack. They have very strong integration with CrowdStrike and Microsoft Defender. They also have connections for Palo Alto Networks and all the tools that we leverage across the firm. These are API connectors, so they are plug-and-play. The login session coordination piece is also fairly robust, which is done with Splunk on the same side.

It's a plug-and-play solution that works well with other out of box integrations that we have. We can move the data from the solution into third-party tools.

It helped us to reduce our alerts. On the the Linux kernel side, we have quite a few different versions of Linux, and hence the alerts that we used to get earlier were a lot more. They are significantly less since they're now managed and controlled through the Singularity platform.

Our mean time to detect has been reduced significantly. We've saved maybe thirty minutes to an hour. Our mean time to respond is a bit better by a few minutes.

The reports for the executives who are the decision makers should be better. That would help with product renewal and adding new modules. There aren't enough reporting capabilities for decision-makers. 

I've used the solution for just under a year. 

We have not noted any crashing or lagging issues. 

They offer fairly decent technical support. We've not had any major challenges with them so far. The support team has been pretty good.

Positive

We have CrowdStrike as an EDR tool for Windows, and CrowdStrike did not really support our Linux kernels. That's when I did an evaluation with different vendors, and Singularity was able to support our Linux kernels.

I was involved in the deployment. It was a straightforward deployment. We had six people handling the deployment. 

We have not had a need for maintenance just yet. 

We used our own internal IT team for the implementation. 

The product's pricing is at par with what you see among major competitors. It's higher than McAfee, yet cheaper than CrowdStrike. 

It allows us to be innovative. It's fairly robust and one of the main leaders in the space. It's a pretty strong offering compared to others in the market. It is a quality product. 

It's important to test it first to see if the solution works well for your firm. I'd advise people to validate and test it out thoroughly. Bringing in a solution is not that difficult, however, ripping and replacing a solution is hard, so you want to avoid regretting any decisions. 

The solution is a helpful strategic security partner. 

I'd rate the solution an eight out of ten. 

We use SentinelOne daily for endpoint protection and restriction on using USB devices. 

The protection and management provided by SentinelOne is good.

I would like to see the reports from SentinelOne more customizable, as there are very few options.

I have been using SentinelOne for four months. I work as a senior network security engineer.

The management of SentinelOne is easy, it does not put too much burden on the machine. We will be upgrading to Windows 11 in the upcoming months, we will be able to better comment on stability after that.

Our organization has close to 3,000 machines with approximately 2,000 users. It is easy to scale.

We were using McAfee prior to SentinelOne. McAfee has a wide range of reports and is more customizable than SentinelOne. We switched from McAfee because we were no longer satisfied with the support they provided. They were no longer providing prompt responses, tickets were taking too long to get resolved.

The other reason we switched was that McAfee was a traditional antivirus working on a definition basis. They have not moved on to the next generation of antivirus. McAfee needs to focus on the behavior of the program and machine files. If you want this, you need to choose a different McAfee product. They were not putting everything in one place, but rather offering a buffet of offerings, driving the cost up.

The initial setup of this solution was simple. We did the setup ourselves, but did require a little help from the vendor.

I would give SentinelOne a four out of five for ease of setup.

The deployment of SentinelOne is easy. If you calculate the installation of the product and make all the packages ready, it takes about a week. Implementation was another month to go through and replace the older systems and install the new ones.

The pricing of SentinelOne is less than McAfee.

I would advise anyone looking to implement SentinelOne to look before you set up. Know how many machines are working in your network and which type of communication they are doing, whether it is internal or on the internet. No matter what solution you pick if it is SentinelOne, Carbon Black, McAfee, or Symantec check the usage of your machines.

I would rate SentinelOne a nine out of ten overall.