We primarily use the solution at our endpoints. We use it for security.
Developer at DSY medical
Flexible, secure, and great for writing custom rules
Pros and Cons
- "We are able to write some custom rules on SentinelOne."
- "Maybe they can develop some firewall aspects for it to better protect us."
What is our primary use case?
What is most valuable?
It's catching a lot of malicious and suspicious threats. That's good for us.
We are able to write some custom rules on SentinelOne.
The setup is simple.
What needs improvement?
Right now, the solution meets our needs. We do not need anything added to it.
Maybe they can develop some firewall aspects for it to better protect us. If they did that, we can write a lot of rules for the firewall and custom rules.
For how long have I used the solution?
I've been using the solution for about two years.
Buyer's Guide
SentinelOne Singularity Complete
October 2024
Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.
What do I think about the stability of the solution?
The solution is stable and reliable. It catches a lot of malicious and suspicious threats. There are no bugs or glitches and it doesn't crash or freeze.
What do I think about the scalability of the solution?
The solution scales well and can work across platforms. We can use it with MacOS, Linux, and Windows Servers. You can use it with everything.
We have 600 people on the solution right now. It is used throughout the company.
We may increase usage in our company.
How are customer service and support?
Technical support is great. They are very responsive. For example, today, if I open a ticket, they will likely give me an answer in 24 hours.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I used FireEye and Symantec. However, SentinelOne is better than them. It's more flexible and catches more threats.
How was the initial setup?
We found the initial setup to be very simple. You just click through, and you're up and running.
I'd rate it five out of five in terms of ease of deployment.
We're deploying it every month. SentinelOne sends updates every month and we action them.
What's my experience with pricing, setup cost, and licensing?
Licensing is paid on a yearly basis. I can't speak to the exact pricing.
What other advice do I have?
I'm not sure which version number we are currently on.
If a company has a lot of people and needs to protect its many endpoints, this is a great option.
I'd rate the solution eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior IT Consultant at Jeneri IT
Does an excellent job of using AI to determine and stop an attack, and the peace of mind it gives is significant
Pros and Cons
- "It protects your machine, and it does an excellent job using AI to determine an attack and stop the attack. Its most powerful feature is prevention, and it can unwind ransomware activity as well. So, it is a really useful product in that sense."
- "One of the things they could do is extend the product range to include Android and iPhone so that you could have the app on your phone as well. There is probably something going on there with that, but that's something that they're lacking at the moment. For instance, if I was to have to recommend a client to protect their phone, I'd have to recommend Norton or something else. I don't have an answer within the SentinelOne solution."
How has it helped my organization?
It runs continuously and uses AI to look for any suspicious activity. If it does determine that there is a virus or something going on that shouldn't be happening, it not only stops the process but also completely logs the whole function. It tells you in a map version how the attack happened and how it was stopped. It is brilliant. In the past, for example, if I had the same problem in Webroot, I would've had to submit the case to Webroot for viewing so that they could, as a human, literally determine what the cause was, but by that time, it is way too late, whereas, this is the real-time protection.
What is most valuable?
It protects your machine, and it does an excellent job using AI to determine an attack and stop the attack. Its most powerful feature is prevention, and it can unwind ransomware activity as well. So, it is a really useful product in that sense.
There is the ability to SSH into a machine even if the machine has been disconnected from the network. When a real hazard happens, SentinelOne disconnects it from the internet so that no more transactions can occur, but I still have access to the machine. One of the bigger benefits is that no harm could be done because there is no communication with the internet, but I still have the ability to go in, restart a machine, do some investigations, and make some things happen.
What needs improvement?
One of the things they could do is extend the product range to include Android and iPhone so that you could have the app on your phone as well. There is probably something going on there with that, but that's something that they're lacking at the moment. For instance, if I was to have to recommend a client to protect their phone, I'd have to recommend Norton or something else. I don't have an answer within the SentinelOne solution.
For how long have I used the solution?
I have been using this solution for close to three years.
What do I think about the stability of the solution?
It is perfect. I've seen very few problems related to the app. It is not using too much of the PC's power. It does not make PCs slower. So, I find it the best of both worlds. You reduce the impact of the product on the user, but at the same time, thoroughly protect the user, no matter what he does.
What do I think about the scalability of the solution?
You can certainly have thousands of SentinelOne users. We have 250 users. In terms of our plans to increase its usage, I provide IT as a service. So, as I add clients, I always add licenses for those clients.
How are customer service and support?
Their support is very good. I would rate them a five out of five.
How would you rate customer service and support?
Positive
How was the initial setup?
It was straightforward. It probably took me a week to get 250 machines converted.
What about the implementation team?
It can be done in-house very easily. You probably need one staff member that knows how to implement it, and after that, it pretty much runs itself. It requires very little maintenance.
What's my experience with pricing, setup cost, and licensing?
It is not sold as a consumer product. It is only sold based on the number of licenses. So, as an MSP, you're probably going to pay about three and a half dollars per license, per month to have SentinelOne.
What other advice do I have?
I would advise others to go for it. It is great. As an MSP, the peace of mind it gives me is really significant. While the cost of SentinelOne is higher than Webroot, the reality is that the peace of mind and the knowledge that you are probably not going to get a complete attack, simply because SentinelOne stepped in and stopped it, is worth every penny.
I would rate it a ten out of ten. It is absolutely fantastic.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
SentinelOne Singularity Complete
October 2024
Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.
Director of Technology and Digital Transformation at Banco Fibra
Collects logs and data and integrates well with other solutions
Pros and Cons
- "It is easy to collect and retain logs with SentinelOne."
- "The only concern we have is that there are a few features that were not readily available."
What is our primary use case?
We use SentinelOne to collect logs and data. We will connect it to other tools and places in the future.
What is most valuable?
It is easy to collect and retain logs with SentinelOne. When you need to compare information, the data is available. It also has the possibility to configure information. It integrates well with all the other solutions we use.
What needs improvement?
The only concern we have is that there are a few features that were not readily available. We use a lot of application files that didn't have a connection.
We would also like to see integration with other tools that have to collect the logs.
Although Microsoft claims the use of building artificial intelligence to correlate events, we have actually had a couple of events that should have logs but did not. The solution is not at the same level in terms of building artificial intelligence.
SentinelOne can do a better job of not only creating corrective action based on the correlation. For example, someone was trying to repeatedly change their password. What they didn't realize was that they weren't connected correctly.
For how long have I used the solution?
I have been using SentinelOne for six months.
What do I think about the stability of the solution?
SentinelOne is a stable product.
What do I think about the scalability of the solution?
Scalability is based on the measure. There is no limitation regarding scalability if you pay for the upgrades.
How are customer service and support?
Technical support is good. When you need help from Microsoft, there is a long list of resources to help understand the issues.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup is straightforward as we have contracts with Microsoft Office Supplies, commodities, defender, and Active Directory.
I would rate the ease of initial setup of SentinelOne a five out of five. It is easy.
What about the implementation team?
Our company used a third party that provided the utility.
What's my experience with pricing, setup cost, and licensing?
This solution is less expensive than its competitors. You might need to buy additional space depending on how much they are willing to provide. I would rate the pricing a five out of five.
Which other solutions did I evaluate?
We selected SentinelOne because it was less expensive than the competitors. We also saw the speed of evolution with Microsoft, so it can be involved theoretically when compared to Splunk.
We also chose SentinelOne because of the balance between features. It is stable and has enough choices. Being with Microsoft, we felt confident that the solution would evolve.
What other advice do I have?
If you are considering SentinelOne, you should consider the cost of storage. Otherwise, the product is easy to deploy. You either need to have your own security operating center or hire someone that will use Sentinel or the secondary service. For you to consume the data, you may have had an internal security center or Sentinel.
With SentinelOne you have to invest extra cost. You have to always think of how much it will cost you to delay a response by a couple of days. If the incident is going to cost two days of revenue for the organization, that is much more than the cost of the solution.
I would rate SentinelOne an eight out of ten because of the price point and the features you get.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sr. System Administrator at Danube Group
Lightweight, easy to implement, and good support
Pros and Cons
- "SentinelOne is very lightweight. It doesn’t consume much memory of endpoints. Endpoints don't hang, and machine performance doesn’t get impacted. Their technical support is also very nice."
- "It has all the features that other leading products in the market provide. They should keep enhancing it based on the challenges in the market. I am fine with its detection capability, but they can work more on deep inspection."
How has it helped my organization?
We are using it for endpoint security. It acts as an antivirus as well as is useful for endpoint detection. We are using the same product for both use cases.
What is most valuable?
SentinelOne is very lightweight. It doesn’t consume much memory of endpoints. Endpoints don't hang, and machine performance doesn’t get impacted. Their technical support is also very nice.
What needs improvement?
It has all the features that other leading products in the market provide. They should keep enhancing it based on the challenges in the market. I am fine with its detection capability, but they can work more on deep inspection.
For how long have I used the solution?
I have been using this solution for around two years.
What do I think about the stability of the solution?
It is stable. I would rate it a four out of five in terms of stability.
What do I think about the scalability of the solution?
It is scalable. I would rate it a four out of five in terms of scalability. We have more than 1,200 users who are using this solution.
How are customer service and support?
Their technical support is very nice. I would rate them a five out of five.
How would you rate customer service and support?
Positive
How was the initial setup?
It is very easy to implement or install. I would rate it a five out of five in terms of the ease of setup. It does require maintenance by someone.
What's my experience with pricing, setup cost, and licensing?
Its cost is yearly. It is not much costlier than other leading products available in the market. I would rate it a four out of five in terms of pricing.
Which other solutions did I evaluate?
We were looking for an antivirus and EDR solution. We evaluated some of the products, and finally, we decided to go for SentinelOne EDR. CrowdStrike was one of the solutions we evaluated. SentinelOne was lightweight, but CrowdStrike had a more secure door.
What other advice do I have?
I would rate it a nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sr Network Security Engineer at a tech services company with 501-1,000 employees
Good protection and management provided by this product
Pros and Cons
- "The protection and management provided by SentinelOne is good."
- "I would like to see the reports from SentinelOne more customizable, as there are very few options."
What is our primary use case?
We use SentinelOne daily for endpoint protection and restriction on using USB devices.
What is most valuable?
The protection and management provided by SentinelOne is good.
What needs improvement?
I would like to see the reports from SentinelOne more customizable, as there are very few options.
For how long have I used the solution?
I have been using SentinelOne for four months. I work as a senior network security engineer.
What do I think about the stability of the solution?
The management of SentinelOne is easy, it does not put too much burden on the machine. We will be upgrading to Windows 11 in the upcoming months, we will be able to better comment on stability after that.
What do I think about the scalability of the solution?
Our organization has close to 3,000 machines with approximately 2,000 users. It is easy to scale.
Which solution did I use previously and why did I switch?
We were using McAfee prior to SentinelOne. McAfee has a wide range of reports and is more customizable than SentinelOne. We switched from McAfee because we were no longer satisfied with the support they provided. They were no longer providing prompt responses, tickets were taking too long to get resolved.
The other reason we switched was that McAfee was a traditional antivirus working on a definition basis. They have not moved on to the next generation of antivirus. McAfee needs to focus on the behavior of the program and machine files. If you want this, you need to choose a different McAfee product. They were not putting everything in one place, but rather offering a buffet of offerings, driving the cost up.
How was the initial setup?
The initial setup of this solution was simple. We did the setup ourselves, but did require a little help from the vendor.
I would give SentinelOne a four out of five for ease of setup.
What about the implementation team?
The deployment of SentinelOne is easy. If you calculate the installation of the product and make all the packages ready, it takes about a week. Implementation was another month to go through and replace the older systems and install the new ones.
What's my experience with pricing, setup cost, and licensing?
The pricing of SentinelOne is less than McAfee.
What other advice do I have?
I would advise anyone looking to implement SentinelOne to look before you set up. Know how many machines are working in your network and which type of communication they are doing, whether it is internal or on the internet. No matter what solution you pick if it is SentinelOne, Carbon Black, McAfee, or Symantec check the usage of your machines.
I would rate SentinelOne a nine out of ten overall.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network and Security Engineer at a energy/utilities company with 1,001-5,000 employees
Easy to manage and install; gives time back to our team
Pros and Cons
- "It is easy to manage and install. It has a very nice graphical interface that is very intuitive when end users are using it. You don't have to follow or read a book about 600 pages to have knowledge on how to use it. When SentinelOne is up and running, you can easily find your way."
- "We are now using an external monitoring tool to monitor the services of SentinelOne, because apparently they don't have any solution for that. When the SentinelOne agent is down, you can go to the interface and see a mark on SentinelOne that something is not correct or the server needs to be rebooted, but you will not get an alert. You will not be warned that there is an issue with the SentinelOne agent. I have found that a little bit disturbing, because then we need to use a third-party monitoring tool to make sure that all services of SentinelOne are up and running."
What is our primary use case?
SentinelOne monitors our infrastructure 24/7.
How has it helped my organization?
We are a very small team. Recently, we had to add an extra person; we had two guys, but now there are three. We have about 2000 endpoints and servers, which is a lot if you have to do it on your own. The SOC monitoring that we now have from SentinelOne gives us more time to focus on other important stuff and go to bed without any worries, since SentinelOne is watching over us.
They also guarantee an insurance. For example, if your company has been infected by ransomware, then they provided one million dollars or something as an assurance. For us, if SentinelOne has the balls to say, "Okay, if endpoints are infected, we will give you $2,000 per endpoint that is infected." That's a way for them to convey that we can trust their company.
What is most valuable?
It is easy to manage and install. It has a very nice graphical interface that is very intuitive when end users are using it. You don't have to follow or read a book about 600 pages to have knowledge on how to use it. When SentinelOne is up and running, you can easily find your way.
They do updates all the time. It's very nice to see how they constantly evolve. New features are being added each time that I take a look at the interface, which is really nice. It's not something you have to do for yourself all the time. You just go to the interface of the management portal, and you will see each time a new feature has been deployed. For example, when we started with SentinelOne, we had some applications that needed to be whitelisted, where we had to go through a whole bunch of licensing rules provided by the distributor. Now, we have the possibility to select from a catalog which rules we want to whitelist, since we are using that application. It is such an easy step for us, which is nice. It makes our life comfortable when managing all our endpoints and very complex infrastructure.
The Behavioral AI recognizes novel and fileless attacks and responds in real-time. The nice thing about SentinelOne is that it is behavior-based, so the AI is smart enough to detect when something is moving. For example, an external person was doing some administrative tasks for us, and he used a tool that is also used by attackers. He called me, and says, "I'm blocked. I think SentinelOne is seeing my tool as a virus or malware." Then, I looked at SentinelOne, and it says this guy is using hacker tools. That is what I found very nice. SentinelOne can immediately identify the tools used by hackers. In this case, it was immediately blocked, even though it was not a malicious application, Trojan, or something like that. Because the solution knows hacker tools and behaviors, it says, "Okay, this cannot work on this environment. This will be blocked." That's something that I really like.
It is a good use as an EDR solution because it immediately reacts on stuff. It also quarantines endpoints.
What needs improvement?
We are now using an external monitoring tool to monitor the services of SentinelOne, because apparently they don't have any solution for that. When the SentinelOne agent is down, you can go to the interface and see a mark on SentinelOne that something is not correct or the server needs to be rebooted, but you will not get an alert. You will not be warned that there is an issue with the SentinelOne agent. I have found that a little bit disturbing, because then we need to use a third-party monitoring tool to make sure that all services of SentinelOne are up and running.
For how long have I used the solution?
We installed the agent a little more than a year ago.
How are customer service and technical support?
One of the nicest things about SentinelOne is their support. I never met a company which gives such fast, great support. It's extremely fast. When I create a case with some questions, they answer immediately. They provide us with information on how to do stuff, and if we have issues, then they give us an update immediately. Normally, when I open a case with other products it takes days, but with SentinelOne, I get a response in about half an hour. Most of the time, it's cleared in about two hours time.
If we have a remaining question that has nothing to do with the things that the case was created for, SentinelOne will still answer. Some companies need you to create a new case for this, but SentinelOne just says, "Okay, we will help you also with this and provide you with more info," which is magnificent.
The support is very handy because, when you have an issue, it's like working with an extra colleague. If you ask a question to recall it, SentinelOne support can solve it in about two hours, which is nice because then you can go to the next thing. You don't have to focus anymore on the problem. With other vendors, it takes some days to solve it, then it hangs.
Which solution did I use previously and why did I switch?
Our previous antivirus server was on-premise. When we did the updates, then all the clients needed to be connected to that on-premise server. However, with COVID-19 happening, we have been very happy that SentinelOne is in the cloud because even when an endpoint leaves the company, they are still protected by SentinelOne and receiving updates. SentinelOne gives more time back to a small team as well as always being accessible, even if you're not at the company.
How was the initial setup?
The initial setup was easy. We did it step-by-step, so we didn't deploy it to all our endpoints in one shot. We deployed 300 or 400 endpoints per week. This was in case there were any issues, then we could act immediately so we wouldn't have an impact on the whole business. However, we didn't experience any issues. We were up and running in about three or four days and had migrated 2000 clients to SentinelOne.
For our implementation strategy, we deployed one day, then another day we would watch. Then, we deployed another day and would watch the next. So, in about two weeks, we were up and running. We decided to do it that way because we have had issues with mass rollouts in the past. Now, we are very careful when rolling out stuff to the whole company. Perhaps, it might have not been a problem to roll it out in one day, but we did it very slowly to have a kind of a control outcome.
What was our ROI?
The solution gives us more time. We can divide our productivity and time to other products. We don't have to look at SentinelOne a lot.
What's my experience with pricing, setup cost, and licensing?
The pricing level for this service and application was very interesting for us. I don't know exactly what the price was, but apparently it was a big surprise that the SOC was also included in our pricing model.
The Deep Visibility feature practically double the price. Because we have a SOC, we rely on them to have insights about all the threats, so we are not monitoring our environment ourselves. It is mostly done by the SentinelOne SOC. That is the reason why we decided not to go for this feature.
Which other solutions did I evaluate?
We believe the traditional antivirus protection that is using signature-based validation is outdated. We had a look at different solutions, like CrowdStrike and SentinelOne. These solutions are more AI-based that go on behavior. When we spoke to SentinelOne, they also offered a SOC as service. This means that SentinelOne is monitoring all our endpoints with us, and we don't have to do anything, because they do all the hard work. They validate the detections. So, if SentinelOne detects something on the endpoint, the SOC of SentinelOne will validate and see if it is a false positive or true positive. In case of a true positive, it will then see if there are extra steps needed. If that is the case, then SentinelOne contacts us through email asking us to do some final steps or provide them with the info.
SentinelOne was lucky because we first looked at CrowdStrike. However, they were pushing us all the time to get the deal. My manager got furious, and said, "Okay, let's stop everything. We told you we cannot decide before the end of October. That's our company rule." The pressure was too high from CrowdStrike. Therefore, we decided to have another look at SentinelOne. The first time when we saw SentinelOne, it was never mentioned in any Magic Quadrant, so it was hard for us to have a view on what the public experience was with SentinelOne. We were a little bit scared in just believing the vendor and their marketing people that it was a great, innovative product which uses smart technology and behavioral-based analysis.
SentinelOne will not scan my hard disk. SentinelOne does not care about the hard disk. It only reacts when you execute something. So, I know when I connect my hard disk to my desktop with my tools on it, I don't have to be scared. SentinelOne will not respond, as long as I don't use the tools. A lot of other antivirus vendors, they will immediately start scanning the USB drive or external drive, and they quarantine all the tools. I don't like that. I know it seems a bit strange that it doesn't scan the USB drive. However, I don't care, as long as it protects the USB drive as soon as someone is executing or installing something. This is more convenient for me than something that scans all the time.
What other advice do I have?
We have a partially view of the Storyline technology because we don't have the full license of SentinelOne. The Storyline technology's ability to auto-correlate attack events and map them to MITRE ATT&CK tactics and techniques is very clear and nicely presented. They make it very clear on what phase it is in the attack. If it's a lateral movement, they make it very easy. I'm very happy with that.
I would rate this solution as a 10 out of 10.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Thank you, Stephen, for the thoughtful and thorough review. We are always glad to hear how customers are using SentinelOne.
Network Engineer at a financial services firm with 11-50 employees
A mature solution that has a good amount of documentation and provides comprehensive threat detection and response
Pros and Cons
- "The solution's in-place upgrades have been very helpful."
- "The ability to have more direct purchasing for smaller groups and smaller businesses would be great."
What is our primary use case?
We utilize SentinelOne Singularity Complete as our EDR. The solution has replaced our previous solutions, Trend Micro and Symantec antivirus.
How has it helped my organization?
The Symantec agent we had before would require almost a reboot every time you would make a change, an agent update, or even sometimes in definitions. None of them were as comprehensive as SentinelOne Singularity Complete regarding threat detection and response. I don't believe any of them had any of the rollback features that are available through SentinelOne.
Overall, having more coverage and confidence in our antivirus is part of our decision to choose SentinelOne Singularity Complete. The other consideration was cost. We were going to upgrade to a more comprehensive threat protection solution either way. We were also looking at CrowdStrike then, and SentinelOne beat it by pricing while offering the protection we were looking for.
What is most valuable?
The solution's in-place upgrades have been very helpful. Another valuable feature is the ability to set policy exclusions on different scope levels, such as at the site or across all sites. Having the API access and documentation for the API is very valuable. If we needed a feature that didn't already exist in the SentinelOne console, we could cook it up ourselves and have it run whenever we wanted.
What needs improvement?
I feel like SentinelOne is very locked away from being able to be sold to smaller businesses to self-manage. We did have to jump through a lot of hoops to purchase SentinelOne and have control over it because, most of the time, you're forced to go through a reseller. In our experience, the reseller also wanted to manage it for us.
Unless it's a managed detection and response, that's not adding as much value as adding access outside of our organization that we may not necessarily want. The ability to have more direct purchasing for smaller groups and smaller businesses would be great. However, I understand if that's not part of what SentinelOne wants and is not lucrative for their bottom line.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete since June 2021.
How are customer service and support?
My only issue with the solution's technical support so far is that we can only communicate via email tickets, not phone calls. However, we've still been able to resolve the majority of issues. Their response time is pretty fair. I wish there were more abilities to conduct a remote session because there are a lot of situations where I will have to get walked through some instructions.
Then I have to give feedback saying that an instruction is unavailable, or I can't do this because this device is in this situation or this mode. There may have to be three or four back-and-forth messages before we can proceed to the next step because it isn't an interactive remote session. It is just email communications with a delay every time, which adds to some frustration.
Suppose there's something that's concerning to us that we really wanted to make sure wasn't a false negative as a threat. While we were worried about it, we would just have to wait for responses and be unable to communicate with anybody.
How would you rate customer service and support?
Neutral
How was the initial setup?
SentinelOne Singularity Complete's initial setup is straightforward.
What about the implementation team?
We did not use an integrator, reseller, or consultant for the solution's deployment. I have had some experience with SentinelOne in the past. We just read through some of the documentation and asked a couple of questions. There was also some information on what other administrators have done to implement the solution.
That has worked well, and things have been pretty smooth sailing since the implementation. I've been pretty happy in that regard, and it wasn't a big pain to replace our existing antivirus solution. Two other guys were involved in the solution's deployment, but I was heading up the task.
What was our ROI?
We have not seen a return on investment with SentinelOne Singularity Complete because we have not used it. It has just added costs for us that we're not taking advantage of.
What's my experience with pricing, setup cost, and licensing?
SentinelOne Singularity Complete's pricing is not terrible. It's not enough to make us want to move away from using SentinelOne. The solution's pricing is not too bad for what it's offering, like the documentation that comes with it. I feel like it should be an optional add-on for people who may not be using things to integrate or may not want to integrate things.
What other advice do I have?
We have used very little of SentinelOne Singularity Complete's interoperability with other solutions. It has looked like it has been nice because we have been scoping out the use of a managed detection and response and have SentinelOne Singularity Complete plugin with other solutions for log output. There hasn't really been anything we wanted to use that SentinelOne was incompatible with.
I believe SentinelOne Singularity Complete is very capable of ingesting and correlating across our security solutions. I don't think I've seen any solutions that would necessarily outperform it. It's done everything that we've needed it to. Again, we have not used it extensively.
SentinelOne Singularity Complete has not helped us consolidate our security solutions, but that's our choice. We like going into the console and seeing everything within there and the dashboards we already have access to.
I can't say that I think SentinelOne Singularity Complete has helped reduce alerts. We would like to use SentinelOne to correlate our alerts so we're getting alerts from multiple different areas to see what matches up there. Currently, we still have an ad hoc solution where we're looking at different sources for that information because we don't have it all trusting each other yet.
Overall, for supply chain attacks, we're hesitant to give access to other products to our SentinelOne. We just don't want to put all our eggs in one basket, but that's more of a mindset problem than a functionality problem.
SentinelOne Singularity Complete has helped free up our staff for other projects. The solution's automation functionality, notifications, alerts, additions with its API, and custom tools to do what we want have helped me not to have to go in and manually check for things. For example, SentinelOne says they do not need to do static file scans other than when you first install the agent.
Our compliance requires that we still have static agent scans on a regular basis, preferably daily. You can launch those from within the console, but it's not viable for me to log in to the console daily and initiate that. Since there's no ability to schedule that in the future, that was best done with the API script that runs automatically and can give us feedback on how it went.
I believe SentinelOne Singularity Complete has helped reduce our organization's mean time to detect. We get some good context within there of what the threat was. Most of the time, it has pretty good notes regarding what it got flagged for if it's behavior-based, but some static file threats don't show the indicators.
We do not know what to do with some threats or understand what it is. We've been told we would need to get the SentinelOne vigilance or managed detection and response to fill that gap. We have been looking at managed detection and response but haven't put it in place yet.
SentinelOne Singularity Complete has helped reduce our organization's mean time to respond from our previous antivirus solutions. The solution gave us some more context than we had and also the ability to isolate each endpoint. If an endpoint looks scary and we don't know what it's doing exactly, we can cut off all of its internet access except SentinelOne until we feel it's a clean endpoint. SentinelOne Singularity Complete has helped reduce our mean time to respond by 20 minutes.
Singularity Complete has helped reduce our organizational risk. There have been multiple things that could have potentially been an incident, and they were stopped in their tracks by the solution. For that, we've been able to demonstrate the solution's value to our leadership in terms of keeping it.
SentinelOne Singularity Complete has not helped our organization save on its costs. SentinelOne Singularity Complete isn't optional and was forced onto us from the licensing. We didn't really get a choice on whether we wanted those extra features, but we had to pay for the SentinelOne Singularity Complete add-on, which is just a blanket cost.
If it was up to us, we might not have chosen it, but it was not. We don't use many of the features, and many of the things we like are within the basic SentinelOne license.
We earlier used SentinelOne Complete, and then we used SentinelOne Complete with Singularity. There hasn't been a great improvement since we've done that. We haven't used many of its features or had any guidance on recommendations that would be helpful to put into place without having to buy anything else.
Most of the time, if we wanted to use anything in the marketplace, we would have to start paying for something we don't already have or integrate with something we aren't using.
I would say SentinelOne Singularity Complete is pretty mature, and there's a good amount of documentation of details. I would say it's much more mature right now than a year and a half ago when it was introduced. I looked into it then and said there's nothing that looks useful to us here.
Now, there are actually many more applications and things to integrate with it that we didn't have access to before. We're still not using a lot of it. As far as recommending it to somebody else or another company, I am confident that it will plug into all the major utilities and tools you may want.
SentinelOne Singularity Complete requires maintenance, but it's not bad. We need to go into the console and initiate updates for select devices when there are updates available. We need to ensure that we stay within supported and not end-of-life releases of SentinelOne. After those select devices have been tested out and we know there are not many issues with them, I will go ahead and release those to all the other devices we manage in the rolling phases.
That's not too much work. I would not classify it as maintenance, but when detection comes up while using the platform, that works well when we need to check that out. We haven't necessarily caught something that needed to be caught.
I am impressed with what they're doing both for detections for our endpoints and also for the security world at large. A while back, they headed up some of the investigations and publications about the supply chain attack for 3CX software, which was something that we had used and were impacted by. However, thanks to SentinelOne, we did not have any fallout from that attack.
Overall, I rate SentinelOne Singularity Complete an eight out of ten.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Head of IT at a transportation company with 501-1,000 employees
Straightforward to install, quick and detailed technical support, and application inventory is helpful
Pros and Cons
- "In terms of the engines that SentinelOne uses, it has stopped various scripts from running and it's highlighted lateral movement that we weren't expecting."
- "With respect to product patches, it should have the ability to patch directly from SentinelOne, rather than be presented with a list and have to do it separately."
What is our primary use case?
Our primary uses are endpoint protection and application inventory.
The management is done through the SentinelOne web interface.
We work strictly in a Windows environment, using it for both workstations and servers.
How has it helped my organization?
At the moment, using SentinelOne brings us peace of mind. It has only highlighted a few things and generally, we've been quite lucky.
In terms of the engines that SentinelOne uses, it has stopped various scripts from running and it's highlighted lateral movement that we weren't expecting. From that perspective, it's been good.
We don't have a lot of incidents but SentinelOne has reduced our response time by a couple of hours, per incident. It does a lot more than what the previous AV products did.
What is most valuable?
The most valuable features are application auditing and malware detection.
Application inventory and auditing highlight which applications are installed on the endpoints, and whether there are any known vulnerabilities. If the endpoint is not patched then it will be reported. This helps us in terms of validating our patch management methodology.
On the malware protection, it looks like it stops all malware and detects things such as suspicious activity.
The automatic monitoring of OS processes is a good thing to have. However, I'm not totally familiar with the product in-depth. It gives peace of mind in terms of our security and it doesn't seem to have any impact from an end-user perspective.
We use the threat detection feature.
The Deep Visibility feature is something that we have used once or twice. It gives us visibility of all of the activities that took place, to determine what exactly was caused. We don't use this feature very much, purely because we don't have many things to look at. We did find some things that were suspicious, and we were able to resolve them. It highlights certain things that we weren't aware of, and then we were able to go in and understand them further. At that point, we either marked an issue as a false positive, or we denied it permission to continue. In either case, SentinelOne stopped it from proceeding.
At the moment, my confidence is quite high with respect to the effectiveness of the distributed intelligence at the endpoint. I haven't had reason to determine if it's not working and at the moment, it seems to be doing what it says it does.
What needs improvement?
With respect to product patches, it should have the ability to patch directly from SentinelOne, rather than be presented with a list and have to do it separately. As it is now, it shows you what products require patching, but you need a separate application to install the patch. If you could initiate an update to the application from SentinelOne, that would be a nice feature.
For how long have I used the solution?
I have been using SentinelOne for approximately a year and a half.
What do I think about the stability of the solution?
Overall, the stability is very good. We have had one version where it had a high CPU usage, but the later versions were better.
What do I think about the scalability of the solution?
We have not run into problems with scalability. It can be very good.
There are three users in the company including the IT department, helpdesk, and operations manager. At the moment, we have implemented 100% of our endpoints. Probably, as we add endpoints over time, our usage will increase slightly.
How are customer service and technical support?
The technical support is excellent. We have only had to use them two or three times, and the response has been very fast, very detailed, and very explanatory.
Which solution did I use previously and why did I switch?
Prior to SentinelOne, we used Symantec Endpoint Protection. We switched because SentinelOne offered various features such as Deep Visibility, threat analysis, and application inventory. There were a lot of features that SentinelOne had that Symantec didn't, at the time.
How was the initial setup?
The initial setup is very straightforward. It was pretty much all done for us. Essentially, all we had to do was install the agent on each workstation that was upgraded.
It took about three weeks to deploy, covering all 212 of our endpoints.
We didn't have a specific implementation strategy. We somewhat phased it in, and all of the new devices would be installed with SentinelOne. As we go through the different workstations, we replace what is necessary and upgrade the agent. It was a case of going through our four different offices and because we're quite small, we did it one by one.
There is no maintenance required, post-deployment.
What about the implementation team?
SentinelOne support assisted us with deployment and it was done pretty much right away. They were very good.
Once the tenant was created, they gave us an overview of how to use it. The product is quite straightforward and easy to use and. There are probably elements we could go through further with SentinelOne, but I don't know if it's because I buy through a third party. Maybe, the third party is supposed to do more, but I'm not sure.
The reseller that we purchased SentinelOne from is O2 Mobile, and the experience was fine.
What was our ROI?
Although there isn't a tangible ROI, the product gives us a lot more detail and insight into the threats, which is valuable. There has been ROI, but it's more time value rather than a hard dollar value.
What's my experience with pricing, setup cost, and licensing?
The price is reasonable in terms of what the product offers. SentinelOne is more affordable than some competing products, and it's not overly expensive for what you're getting.
Which other solutions did I evaluate?
We looked at Trend Micro before choosing this product. SentinelOne looked easier to use and it was almost a complete product. We didn't go into too much depth, and I cannot compare the detection capabilities, but the cost was a factor.
What other advice do I have?
My advice for anybody who is implementing this product is to fully understand all of the elements that it provides and to be aware of all of the features. For myself, I think it's important to have a deeper and better understanding of all of the functionality that the product offers.
At the moment, we have a lot of trust in SentinelOne. If it continues to stop future threats then I will continue to rate it highly, or even perfect. At this time, I wouldn't say it's perfect because I can't say that I haven't been compromised because of it.
I would rate this solution a nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Endpoint Detection and Response (EDR) Endpoint Protection Platform (EPP) Anti-Malware Tools Extended Detection and Response (XDR)Popular Comparisons
CrowdStrike Falcon
Microsoft Defender for Endpoint
Fortinet FortiEDR
Cisco Secure Endpoint
Splunk Enterprise Security
Microsoft Defender for Cloud
Fortinet FortiClient
Cortex XDR by Palo Alto Networks
Microsoft Defender XDR
IBM Security QRadar
Elastic Security
Symantec Endpoint Security
Trend Micro Deep Security
Buyer's Guide
Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the biggest difference between Carbon Black CB Defense, CrowdStrike, and SentinelOne?
- Which is better - SentinelOne or Darktrace?
- What do you recommend to choose when replacing Symantec EDR: SentinelOne or CrowdStirke Falcon?
- Cortex XDR by Palo Alto vs. Sentinel One
- Which solution do you prefer: CrowdStrike Falcon or SentinelOne Singularity Complete?
- Does SentinelOne have a Virtual Patching functionality?
- What is the biggest difference between EPP and EDR products?
- What is the difference between EDR and traditional antivirus?
- What is your recommendation for a 5-star EDR with low resource consumption for a financial services company?
- Which is the best EDR for a logistics company with 500-1000 employees?
It does what it is meant to do - Protects the end point 100% - Never been breached.