We use SentinelOne Singularity Complete as our antivirus and malware detection solution.
Sr. Security Engineer at a financial services firm with 501-1,000 employees
Great malware hunting, reduces our detection, and response time
Pros and Cons
- "Malware detection is valuable."
- "SentinelOne's customer service has room for improvement."
What is our primary use case?
How has it helped my organization?
Singularity Complete has helped reduce our alerts.
It gives me peace of mind knowing that it patches areas that need it and is always available to hunt for malware in our environment.
Singularity Complete has helped significantly reduce our MTTD. We are notified within the hour of an incident.
It has also helped reduce our MTTR. We are able to respond to an incident within the hour.
Singularity Complete has helped reduce our organizational risk.
What is most valuable?
Malware detection is valuable. We have had incidents where users have clicked on malicious links and we were able to patch the malware using SentinelOne Singularity Complete before it reached the SIEM. SentinelOne Singularity Complete has become one of my most trusted solutions for hunting malware in our environment.
What needs improvement?
I have been trying to synchronize SentinelOne Singularity Complete with our SIEM, but it has not been very successful.
SentinelOne's customer service has room for improvement. It is hard to reach them.
Buyer's Guide
SentinelOne Singularity Complete
October 2024
Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete for two years.
What do I think about the stability of the solution?
Singularity Complete is stable.
What do I think about the scalability of the solution?
Singularity Complete is scalable.
How are customer service and support?
The support team is hard to get a hold of.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
Based on a management decision, we switched from CrowdStrike to Singularity Complete.
How was the initial setup?
The initial deployment was complex, but SentinelOne helped with the process and two of our employees were involved.
What about the implementation team?
We used the help of SentinelOne for the implementation.
What's my experience with pricing, setup cost, and licensing?
The license is per user.
What other advice do I have?
I would rate SentinelOne Singularity Complete eight out of ten.
It is a mature and high-quality solution.
SentinelOne Singularity Complete as a tool is good but the support needs a lot of work.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Sr Network Security Engineer at a tech services company with 501-1,000 employees
Good protection and management provided by this product
Pros and Cons
- "The protection and management provided by SentinelOne is good."
- "I would like to see the reports from SentinelOne more customizable, as there are very few options."
What is our primary use case?
We use SentinelOne daily for endpoint protection and restriction on using USB devices.
What is most valuable?
The protection and management provided by SentinelOne is good.
What needs improvement?
I would like to see the reports from SentinelOne more customizable, as there are very few options.
For how long have I used the solution?
I have been using SentinelOne for four months. I work as a senior network security engineer.
What do I think about the stability of the solution?
The management of SentinelOne is easy, it does not put too much burden on the machine. We will be upgrading to Windows 11 in the upcoming months, we will be able to better comment on stability after that.
What do I think about the scalability of the solution?
Our organization has close to 3,000 machines with approximately 2,000 users. It is easy to scale.
Which solution did I use previously and why did I switch?
We were using McAfee prior to SentinelOne. McAfee has a wide range of reports and is more customizable than SentinelOne. We switched from McAfee because we were no longer satisfied with the support they provided. They were no longer providing prompt responses, tickets were taking too long to get resolved.
The other reason we switched was that McAfee was a traditional antivirus working on a definition basis. They have not moved on to the next generation of antivirus. McAfee needs to focus on the behavior of the program and machine files. If you want this, you need to choose a different McAfee product. They were not putting everything in one place, but rather offering a buffet of offerings, driving the cost up.
How was the initial setup?
The initial setup of this solution was simple. We did the setup ourselves, but did require a little help from the vendor.
I would give SentinelOne a four out of five for ease of setup.
What about the implementation team?
The deployment of SentinelOne is easy. If you calculate the installation of the product and make all the packages ready, it takes about a week. Implementation was another month to go through and replace the older systems and install the new ones.
What's my experience with pricing, setup cost, and licensing?
The pricing of SentinelOne is less than McAfee.
What other advice do I have?
I would advise anyone looking to implement SentinelOne to look before you set up. Know how many machines are working in your network and which type of communication they are doing, whether it is internal or on the internet. No matter what solution you pick if it is SentinelOne, Carbon Black, McAfee, or Symantec check the usage of your machines.
I would rate SentinelOne a nine out of ten overall.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
SentinelOne Singularity Complete
October 2024
Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
Network and Security Engineer at a energy/utilities company with 1,001-5,000 employees
Easy to manage and install; gives time back to our team
Pros and Cons
- "It is easy to manage and install. It has a very nice graphical interface that is very intuitive when end users are using it. You don't have to follow or read a book about 600 pages to have knowledge on how to use it. When SentinelOne is up and running, you can easily find your way."
- "We are now using an external monitoring tool to monitor the services of SentinelOne, because apparently they don't have any solution for that. When the SentinelOne agent is down, you can go to the interface and see a mark on SentinelOne that something is not correct or the server needs to be rebooted, but you will not get an alert. You will not be warned that there is an issue with the SentinelOne agent. I have found that a little bit disturbing, because then we need to use a third-party monitoring tool to make sure that all services of SentinelOne are up and running."
What is our primary use case?
SentinelOne monitors our infrastructure 24/7.
How has it helped my organization?
We are a very small team. Recently, we had to add an extra person; we had two guys, but now there are three. We have about 2000 endpoints and servers, which is a lot if you have to do it on your own. The SOC monitoring that we now have from SentinelOne gives us more time to focus on other important stuff and go to bed without any worries, since SentinelOne is watching over us.
They also guarantee an insurance. For example, if your company has been infected by ransomware, then they provided one million dollars or something as an assurance. For us, if SentinelOne has the balls to say, "Okay, if endpoints are infected, we will give you $2,000 per endpoint that is infected." That's a way for them to convey that we can trust their company.
What is most valuable?
It is easy to manage and install. It has a very nice graphical interface that is very intuitive when end users are using it. You don't have to follow or read a book about 600 pages to have knowledge on how to use it. When SentinelOne is up and running, you can easily find your way.
They do updates all the time. It's very nice to see how they constantly evolve. New features are being added each time that I take a look at the interface, which is really nice. It's not something you have to do for yourself all the time. You just go to the interface of the management portal, and you will see each time a new feature has been deployed. For example, when we started with SentinelOne, we had some applications that needed to be whitelisted, where we had to go through a whole bunch of licensing rules provided by the distributor. Now, we have the possibility to select from a catalog which rules we want to whitelist, since we are using that application. It is such an easy step for us, which is nice. It makes our life comfortable when managing all our endpoints and very complex infrastructure.
The Behavioral AI recognizes novel and fileless attacks and responds in real-time. The nice thing about SentinelOne is that it is behavior-based, so the AI is smart enough to detect when something is moving. For example, an external person was doing some administrative tasks for us, and he used a tool that is also used by attackers. He called me, and says, "I'm blocked. I think SentinelOne is seeing my tool as a virus or malware." Then, I looked at SentinelOne, and it says this guy is using hacker tools. That is what I found very nice. SentinelOne can immediately identify the tools used by hackers. In this case, it was immediately blocked, even though it was not a malicious application, Trojan, or something like that. Because the solution knows hacker tools and behaviors, it says, "Okay, this cannot work on this environment. This will be blocked." That's something that I really like.
It is a good use as an EDR solution because it immediately reacts on stuff. It also quarantines endpoints.
What needs improvement?
We are now using an external monitoring tool to monitor the services of SentinelOne, because apparently they don't have any solution for that. When the SentinelOne agent is down, you can go to the interface and see a mark on SentinelOne that something is not correct or the server needs to be rebooted, but you will not get an alert. You will not be warned that there is an issue with the SentinelOne agent. I have found that a little bit disturbing, because then we need to use a third-party monitoring tool to make sure that all services of SentinelOne are up and running.
For how long have I used the solution?
We installed the agent a little more than a year ago.
How are customer service and technical support?
One of the nicest things about SentinelOne is their support. I never met a company which gives such fast, great support. It's extremely fast. When I create a case with some questions, they answer immediately. They provide us with information on how to do stuff, and if we have issues, then they give us an update immediately. Normally, when I open a case with other products it takes days, but with SentinelOne, I get a response in about half an hour. Most of the time, it's cleared in about two hours time.
If we have a remaining question that has nothing to do with the things that the case was created for, SentinelOne will still answer. Some companies need you to create a new case for this, but SentinelOne just says, "Okay, we will help you also with this and provide you with more info," which is magnificent.
The support is very handy because, when you have an issue, it's like working with an extra colleague. If you ask a question to recall it, SentinelOne support can solve it in about two hours, which is nice because then you can go to the next thing. You don't have to focus anymore on the problem. With other vendors, it takes some days to solve it, then it hangs.
Which solution did I use previously and why did I switch?
Our previous antivirus server was on-premise. When we did the updates, then all the clients needed to be connected to that on-premise server. However, with COVID-19 happening, we have been very happy that SentinelOne is in the cloud because even when an endpoint leaves the company, they are still protected by SentinelOne and receiving updates. SentinelOne gives more time back to a small team as well as always being accessible, even if you're not at the company.
How was the initial setup?
The initial setup was easy. We did it step-by-step, so we didn't deploy it to all our endpoints in one shot. We deployed 300 or 400 endpoints per week. This was in case there were any issues, then we could act immediately so we wouldn't have an impact on the whole business. However, we didn't experience any issues. We were up and running in about three or four days and had migrated 2000 clients to SentinelOne.
For our implementation strategy, we deployed one day, then another day we would watch. Then, we deployed another day and would watch the next. So, in about two weeks, we were up and running. We decided to do it that way because we have had issues with mass rollouts in the past. Now, we are very careful when rolling out stuff to the whole company. Perhaps, it might have not been a problem to roll it out in one day, but we did it very slowly to have a kind of a control outcome.
What was our ROI?
The solution gives us more time. We can divide our productivity and time to other products. We don't have to look at SentinelOne a lot.
What's my experience with pricing, setup cost, and licensing?
The pricing level for this service and application was very interesting for us. I don't know exactly what the price was, but apparently it was a big surprise that the SOC was also included in our pricing model.
The Deep Visibility feature practically double the price. Because we have a SOC, we rely on them to have insights about all the threats, so we are not monitoring our environment ourselves. It is mostly done by the SentinelOne SOC. That is the reason why we decided not to go for this feature.
Which other solutions did I evaluate?
We believe the traditional antivirus protection that is using signature-based validation is outdated. We had a look at different solutions, like CrowdStrike and SentinelOne. These solutions are more AI-based that go on behavior. When we spoke to SentinelOne, they also offered a SOC as service. This means that SentinelOne is monitoring all our endpoints with us, and we don't have to do anything, because they do all the hard work. They validate the detections. So, if SentinelOne detects something on the endpoint, the SOC of SentinelOne will validate and see if it is a false positive or true positive. In case of a true positive, it will then see if there are extra steps needed. If that is the case, then SentinelOne contacts us through email asking us to do some final steps or provide them with the info.
SentinelOne was lucky because we first looked at CrowdStrike. However, they were pushing us all the time to get the deal. My manager got furious, and said, "Okay, let's stop everything. We told you we cannot decide before the end of October. That's our company rule." The pressure was too high from CrowdStrike. Therefore, we decided to have another look at SentinelOne. The first time when we saw SentinelOne, it was never mentioned in any Magic Quadrant, so it was hard for us to have a view on what the public experience was with SentinelOne. We were a little bit scared in just believing the vendor and their marketing people that it was a great, innovative product which uses smart technology and behavioral-based analysis.
SentinelOne will not scan my hard disk. SentinelOne does not care about the hard disk. It only reacts when you execute something. So, I know when I connect my hard disk to my desktop with my tools on it, I don't have to be scared. SentinelOne will not respond, as long as I don't use the tools. A lot of other antivirus vendors, they will immediately start scanning the USB drive or external drive, and they quarantine all the tools. I don't like that. I know it seems a bit strange that it doesn't scan the USB drive. However, I don't care, as long as it protects the USB drive as soon as someone is executing or installing something. This is more convenient for me than something that scans all the time.
What other advice do I have?
We have a partially view of the Storyline technology because we don't have the full license of SentinelOne. The Storyline technology's ability to auto-correlate attack events and map them to MITRE ATT&CK tactics and techniques is very clear and nicely presented. They make it very clear on what phase it is in the attack. If it's a lateral movement, they make it very easy. I'm very happy with that.
I would rate this solution as a 10 out of 10.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Executive Director of Information Security and Compliance at a pharma/biotech company with 51-200 employees
Multi-feature, easier to use, flexible, and provides excellent technical support
Pros and Cons
- "SentinelOne Singularity Complete, together with SentinelOne Vigilance, is an EDR tool with capabilities such as these, which I found valuable: the dashboard that shows you all the information and the power to either manually or automatically quarantine issues or threats in the environment."
- "In terms of areas for improvement in SentinelOne Singularity Complete, it needs to give more straightforward directions or communication about detection or what has been detected."
What is our primary use case?
My company leverages SentinelOne Vigilance and SentinelOne Singularity Complete for managed SOC.
What is most valuable?
SentinelOne Singularity Complete, together with SentinelOne Vigilance, is an EDR tool, with capabilities such as these, which I found valuable: the dashboard that shows you all the information and the power to either manually or automatically quarantine issues or threats in the environment.
SentinelOne Vigilance is one of the feature sets of SentinelOne Singularity Complete as a whole, and my company found SentinelOne Singularity Complete a little bit easier to use and flexible; plus, it had several feature sets.
What needs improvement?
I've not been using SentinelOne Singularity Complete for a long time to have a lot of feedback on its areas for improvement, as my team is still learning the tool, but what comes to mind is the need for it to give more straightforward directions or communication about detection or what has been detected.
For how long have I used the solution?
We officially deployed SentinelOne Singularity Complete, including its feature set SentinelOne Vigilance, about three months ago.
What do I think about the stability of the solution?
SentinelOne Singularity Complete has been very stable, so it's an eight out of ten for me, stability-wise.
What do I think about the scalability of the solution?
SentinelOne Singularity Complete is a scalable solution, which is one of the reasons why my company uses it.
How are customer service and support?
I found the technical support for SentinelOne Singularity Complete excellent, especially in terms of communication. Support is nine out of ten for me.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We previously used Atos as our SIEM tool and wanted to replace it with a newer technology, so we're now using SentinelOne Singularity Complete.
How was the initial setup?
I'm involved in deploying SentinelOne Singularity Complete, and I found the process straightforward. My company is still going through with the deployment because of the ninety-day deployment model.
What about the implementation team?
I have people in my team assisting with SentinelOne Singularity Complete implementation.
What was our ROI?
I've seen ROI from SentinelOne Singularity Complete within a month after deploying the solution, mainly after my company started getting different alerts, which I was happy about.
What's my experience with pricing, setup cost, and licensing?
I found the pricing for SentinelOne Singularity Complete reasonable, which is one of the reasons my company went with it.
What other advice do I have?
SentinelOne Singularity Complete requires just a little bit of maintenance, as my team has to update agents and do some finetuning, but not too much.
My rating for SentinelOne Singularity Complete as a solution is eight out of ten.
My advice to people looking into using SentinelOne Singularity Complete is to ask for sample reports and processes to understand how SentinelOne would let you do it.
The company I work with is a SentinelOne customer.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Network Engineer at a financial services firm with 11-50 employees
A mature solution that has a good amount of documentation and provides comprehensive threat detection and response
Pros and Cons
- "The solution's in-place upgrades have been very helpful."
- "The ability to have more direct purchasing for smaller groups and smaller businesses would be great."
What is our primary use case?
We utilize SentinelOne Singularity Complete as our EDR. The solution has replaced our previous solutions, Trend Micro and Symantec antivirus.
How has it helped my organization?
The Symantec agent we had before would require almost a reboot every time you would make a change, an agent update, or even sometimes in definitions. None of them were as comprehensive as SentinelOne Singularity Complete regarding threat detection and response. I don't believe any of them had any of the rollback features that are available through SentinelOne.
Overall, having more coverage and confidence in our antivirus is part of our decision to choose SentinelOne Singularity Complete. The other consideration was cost. We were going to upgrade to a more comprehensive threat protection solution either way. We were also looking at CrowdStrike then, and SentinelOne beat it by pricing while offering the protection we were looking for.
What is most valuable?
The solution's in-place upgrades have been very helpful. Another valuable feature is the ability to set policy exclusions on different scope levels, such as at the site or across all sites. Having the API access and documentation for the API is very valuable. If we needed a feature that didn't already exist in the SentinelOne console, we could cook it up ourselves and have it run whenever we wanted.
What needs improvement?
I feel like SentinelOne is very locked away from being able to be sold to smaller businesses to self-manage. We did have to jump through a lot of hoops to purchase SentinelOne and have control over it because, most of the time, you're forced to go through a reseller. In our experience, the reseller also wanted to manage it for us.
Unless it's a managed detection and response, that's not adding as much value as adding access outside of our organization that we may not necessarily want. The ability to have more direct purchasing for smaller groups and smaller businesses would be great. However, I understand if that's not part of what SentinelOne wants and is not lucrative for their bottom line.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete since June 2021.
How are customer service and support?
My only issue with the solution's technical support so far is that we can only communicate via email tickets, not phone calls. However, we've still been able to resolve the majority of issues. Their response time is pretty fair. I wish there were more abilities to conduct a remote session because there are a lot of situations where I will have to get walked through some instructions.
Then I have to give feedback saying that an instruction is unavailable, or I can't do this because this device is in this situation or this mode. There may have to be three or four back-and-forth messages before we can proceed to the next step because it isn't an interactive remote session. It is just email communications with a delay every time, which adds to some frustration.
Suppose there's something that's concerning to us that we really wanted to make sure wasn't a false negative as a threat. While we were worried about it, we would just have to wait for responses and be unable to communicate with anybody.
How would you rate customer service and support?
Neutral
How was the initial setup?
SentinelOne Singularity Complete's initial setup is straightforward.
What about the implementation team?
We did not use an integrator, reseller, or consultant for the solution's deployment. I have had some experience with SentinelOne in the past. We just read through some of the documentation and asked a couple of questions. There was also some information on what other administrators have done to implement the solution.
That has worked well, and things have been pretty smooth sailing since the implementation. I've been pretty happy in that regard, and it wasn't a big pain to replace our existing antivirus solution. Two other guys were involved in the solution's deployment, but I was heading up the task.
What was our ROI?
We have not seen a return on investment with SentinelOne Singularity Complete because we have not used it. It has just added costs for us that we're not taking advantage of.
What's my experience with pricing, setup cost, and licensing?
SentinelOne Singularity Complete's pricing is not terrible. It's not enough to make us want to move away from using SentinelOne. The solution's pricing is not too bad for what it's offering, like the documentation that comes with it. I feel like it should be an optional add-on for people who may not be using things to integrate or may not want to integrate things.
What other advice do I have?
We have used very little of SentinelOne Singularity Complete's interoperability with other solutions. It has looked like it has been nice because we have been scoping out the use of a managed detection and response and have SentinelOne Singularity Complete plugin with other solutions for log output. There hasn't really been anything we wanted to use that SentinelOne was incompatible with.
I believe SentinelOne Singularity Complete is very capable of ingesting and correlating across our security solutions. I don't think I've seen any solutions that would necessarily outperform it. It's done everything that we've needed it to. Again, we have not used it extensively.
SentinelOne Singularity Complete has not helped us consolidate our security solutions, but that's our choice. We like going into the console and seeing everything within there and the dashboards we already have access to.
I can't say that I think SentinelOne Singularity Complete has helped reduce alerts. We would like to use SentinelOne to correlate our alerts so we're getting alerts from multiple different areas to see what matches up there. Currently, we still have an ad hoc solution where we're looking at different sources for that information because we don't have it all trusting each other yet.
Overall, for supply chain attacks, we're hesitant to give access to other products to our SentinelOne. We just don't want to put all our eggs in one basket, but that's more of a mindset problem than a functionality problem.
SentinelOne Singularity Complete has helped free up our staff for other projects. The solution's automation functionality, notifications, alerts, additions with its API, and custom tools to do what we want have helped me not to have to go in and manually check for things. For example, SentinelOne says they do not need to do static file scans other than when you first install the agent.
Our compliance requires that we still have static agent scans on a regular basis, preferably daily. You can launch those from within the console, but it's not viable for me to log in to the console daily and initiate that. Since there's no ability to schedule that in the future, that was best done with the API script that runs automatically and can give us feedback on how it went.
I believe SentinelOne Singularity Complete has helped reduce our organization's mean time to detect. We get some good context within there of what the threat was. Most of the time, it has pretty good notes regarding what it got flagged for if it's behavior-based, but some static file threats don't show the indicators.
We do not know what to do with some threats or understand what it is. We've been told we would need to get the SentinelOne vigilance or managed detection and response to fill that gap. We have been looking at managed detection and response but haven't put it in place yet.
SentinelOne Singularity Complete has helped reduce our organization's mean time to respond from our previous antivirus solutions. The solution gave us some more context than we had and also the ability to isolate each endpoint. If an endpoint looks scary and we don't know what it's doing exactly, we can cut off all of its internet access except SentinelOne until we feel it's a clean endpoint. SentinelOne Singularity Complete has helped reduce our mean time to respond by 20 minutes.
Singularity Complete has helped reduce our organizational risk. There have been multiple things that could have potentially been an incident, and they were stopped in their tracks by the solution. For that, we've been able to demonstrate the solution's value to our leadership in terms of keeping it.
SentinelOne Singularity Complete has not helped our organization save on its costs. SentinelOne Singularity Complete isn't optional and was forced onto us from the licensing. We didn't really get a choice on whether we wanted those extra features, but we had to pay for the SentinelOne Singularity Complete add-on, which is just a blanket cost.
If it was up to us, we might not have chosen it, but it was not. We don't use many of the features, and many of the things we like are within the basic SentinelOne license.
We earlier used SentinelOne Complete, and then we used SentinelOne Complete with Singularity. There hasn't been a great improvement since we've done that. We haven't used many of its features or had any guidance on recommendations that would be helpful to put into place without having to buy anything else.
Most of the time, if we wanted to use anything in the marketplace, we would have to start paying for something we don't already have or integrate with something we aren't using.
I would say SentinelOne Singularity Complete is pretty mature, and there's a good amount of documentation of details. I would say it's much more mature right now than a year and a half ago when it was introduced. I looked into it then and said there's nothing that looks useful to us here.
Now, there are actually many more applications and things to integrate with it that we didn't have access to before. We're still not using a lot of it. As far as recommending it to somebody else or another company, I am confident that it will plug into all the major utilities and tools you may want.
SentinelOne Singularity Complete requires maintenance, but it's not bad. We need to go into the console and initiate updates for select devices when there are updates available. We need to ensure that we stay within supported and not end-of-life releases of SentinelOne. After those select devices have been tested out and we know there are not many issues with them, I will go ahead and release those to all the other devices we manage in the rolling phases.
That's not too much work. I would not classify it as maintenance, but when detection comes up while using the platform, that works well when we need to check that out. We haven't necessarily caught something that needed to be caught.
I am impressed with what they're doing both for detections for our endpoints and also for the security world at large. A while back, they headed up some of the investigations and publications about the supply chain attack for 3CX software, which was something that we had used and were impacted by. However, thanks to SentinelOne, we did not have any fallout from that attack.
Overall, I rate SentinelOne Singularity Complete an eight out of ten.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Head of IT at a transportation company with 501-1,000 employees
Straightforward to install, quick and detailed technical support, and application inventory is helpful
Pros and Cons
- "In terms of the engines that SentinelOne uses, it has stopped various scripts from running and it's highlighted lateral movement that we weren't expecting."
- "With respect to product patches, it should have the ability to patch directly from SentinelOne, rather than be presented with a list and have to do it separately."
What is our primary use case?
Our primary uses are endpoint protection and application inventory.
The management is done through the SentinelOne web interface.
We work strictly in a Windows environment, using it for both workstations and servers.
How has it helped my organization?
At the moment, using SentinelOne brings us peace of mind. It has only highlighted a few things and generally, we've been quite lucky.
In terms of the engines that SentinelOne uses, it has stopped various scripts from running and it's highlighted lateral movement that we weren't expecting. From that perspective, it's been good.
We don't have a lot of incidents but SentinelOne has reduced our response time by a couple of hours, per incident. It does a lot more than what the previous AV products did.
What is most valuable?
The most valuable features are application auditing and malware detection.
Application inventory and auditing highlight which applications are installed on the endpoints, and whether there are any known vulnerabilities. If the endpoint is not patched then it will be reported. This helps us in terms of validating our patch management methodology.
On the malware protection, it looks like it stops all malware and detects things such as suspicious activity.
The automatic monitoring of OS processes is a good thing to have. However, I'm not totally familiar with the product in-depth. It gives peace of mind in terms of our security and it doesn't seem to have any impact from an end-user perspective.
We use the threat detection feature.
The Deep Visibility feature is something that we have used once or twice. It gives us visibility of all of the activities that took place, to determine what exactly was caused. We don't use this feature very much, purely because we don't have many things to look at. We did find some things that were suspicious, and we were able to resolve them. It highlights certain things that we weren't aware of, and then we were able to go in and understand them further. At that point, we either marked an issue as a false positive, or we denied it permission to continue. In either case, SentinelOne stopped it from proceeding.
At the moment, my confidence is quite high with respect to the effectiveness of the distributed intelligence at the endpoint. I haven't had reason to determine if it's not working and at the moment, it seems to be doing what it says it does.
What needs improvement?
With respect to product patches, it should have the ability to patch directly from SentinelOne, rather than be presented with a list and have to do it separately. As it is now, it shows you what products require patching, but you need a separate application to install the patch. If you could initiate an update to the application from SentinelOne, that would be a nice feature.
For how long have I used the solution?
I have been using SentinelOne for approximately a year and a half.
What do I think about the stability of the solution?
Overall, the stability is very good. We have had one version where it had a high CPU usage, but the later versions were better.
What do I think about the scalability of the solution?
We have not run into problems with scalability. It can be very good.
There are three users in the company including the IT department, helpdesk, and operations manager. At the moment, we have implemented 100% of our endpoints. Probably, as we add endpoints over time, our usage will increase slightly.
How are customer service and technical support?
The technical support is excellent. We have only had to use them two or three times, and the response has been very fast, very detailed, and very explanatory.
Which solution did I use previously and why did I switch?
Prior to SentinelOne, we used Symantec Endpoint Protection. We switched because SentinelOne offered various features such as Deep Visibility, threat analysis, and application inventory. There were a lot of features that SentinelOne had that Symantec didn't, at the time.
How was the initial setup?
The initial setup is very straightforward. It was pretty much all done for us. Essentially, all we had to do was install the agent on each workstation that was upgraded.
It took about three weeks to deploy, covering all 212 of our endpoints.
We didn't have a specific implementation strategy. We somewhat phased it in, and all of the new devices would be installed with SentinelOne. As we go through the different workstations, we replace what is necessary and upgrade the agent. It was a case of going through our four different offices and because we're quite small, we did it one by one.
There is no maintenance required, post-deployment.
What about the implementation team?
SentinelOne support assisted us with deployment and it was done pretty much right away. They were very good.
Once the tenant was created, they gave us an overview of how to use it. The product is quite straightforward and easy to use and. There are probably elements we could go through further with SentinelOne, but I don't know if it's because I buy through a third party. Maybe, the third party is supposed to do more, but I'm not sure.
The reseller that we purchased SentinelOne from is O2 Mobile, and the experience was fine.
What was our ROI?
Although there isn't a tangible ROI, the product gives us a lot more detail and insight into the threats, which is valuable. There has been ROI, but it's more time value rather than a hard dollar value.
What's my experience with pricing, setup cost, and licensing?
The price is reasonable in terms of what the product offers. SentinelOne is more affordable than some competing products, and it's not overly expensive for what you're getting.
Which other solutions did I evaluate?
We looked at Trend Micro before choosing this product. SentinelOne looked easier to use and it was almost a complete product. We didn't go into too much depth, and I cannot compare the detection capabilities, but the cost was a factor.
What other advice do I have?
My advice for anybody who is implementing this product is to fully understand all of the elements that it provides and to be aware of all of the features. For myself, I think it's important to have a deeper and better understanding of all of the functionality that the product offers.
At the moment, we have a lot of trust in SentinelOne. If it continues to stop future threats then I will continue to rate it highly, or even perfect. At this time, I wouldn't say it's perfect because I can't say that I haven't been compromised because of it.
I would rate this solution a nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
CyberSecurity Analyst at a printing company with 11-50 employees
Helps reduce our organization's risk and number of alerts, as well as remediate threats
Pros and Cons
- "In incidents, SentinelOne's remediation is excellent; we can immediately see if the threat type is dynamic or static."
- "Singularity Complete's process stream has room for improvement."
What is our primary use case?
We use SentinelOne Singularity Complete to protect our environment against malware, unwanted programs, and ransomware.
We implemented SentinelOne Singularity Complete for better overall visibility on our endpoints. SentinelOne Singularity Complete is excellent at remediating.
How has it helped my organization?
SentinelOne Singularity Complete is great at ingesting and correlating data across our security solutions. I have better visibility and can see how many endpoints and groups are affected and how much the problem spread in our environment. I can see the scope of the work I need to do.
I use SentinelOne Hunter for threat hunting. It can be used in two ways, SentinelOne provides a library of pre-audit queries on different vulnerabilities, topics, and groups. We can use these queries to search for specific activities in our environment. If we have our own indicators of compromise, such as those from a CISA advisory, we can use the Scraper feature to scope those IOCs to our environment and look for them.
Singularity Complete has helped reduce our alerts by 25 percent.
Singularity Complete has helped reduce our MTTD and our MTTR.
It has helped reduce our organizational risk.
What is most valuable?
I mostly use the dashboard to view infected endpoints on unresolved threats, so that I can prioritize my investigations. In incidents, SentinelOne's remediation is excellent; we can immediately see if the threat type is dynamic or static. In other words, if it has been executed. Additionally, I like the visibility that we have into machines, as we can log in and investigate them directly.
What needs improvement?
Singularity Complete's process stream has room for improvement.
I find CrowdStrike's vertical layout to be better than SentinelOne Singularity Complete's horizontal layout.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete for one year.
What do I think about the stability of the solution?
SentinelOne Singularity Complete is stable. We have only had minimal issues with the solution's performance.
What do I think about the scalability of the solution?
SentinelOne Singularity Complete is scalable. The number of agents available on our endpoints is based on our license.
What other advice do I have?
I would rate SentinelOne Singularity Complete nine out of ten.
We have one engineer who maintains SentinelOne Singularity Complete.
I recommend SentinelOne Singularity Complete based on each organization's business model and what it is protecting. Organizations should definitely consider this solution when evaluating other products. The remediation feature that SentinelOne Singularity Complete offers is superior to other EDR solutions and can help remediate a situation quickly.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Information Architect & Security Officer at a wholesaler/distributor with 201-500 employees
Has a user-friendly UI, saves us time, and reduces alerts
Pros and Cons
- "The user interface, ease of maintenance, and the efficient way to identify the root cause of an incident to see all the factors that contributed to it are the most valuable features."
- "The mobile agents need improvement, especially in their integration with the dashboard of the normal Windows Image-based agents."
What is our primary use case?
We use SentinelOne Singularity Complete as our next-generation EDR agent to block attacks in our environment.
We had some issues at one of the companies, where they were unable to block a ransomware attack. In my opinion, the EDR agent that we were using at the time was outdated and primarily relied on identifying malware by its signature or hash. This means that it could only detect known attacks. I believe that this was the main reason why the agent failed to block the ransomware attack.
How has it helped my organization?
We have integrated SentinelOne Singularity Complete with Azure AD and Fortinet, and we are aiming to integrate the system with Mimecast. The integration is seamless when we log in with enough permissions we are ready to go.
Ranger provides network and asset visibility. The installed agents can scan across networks that they are in. We can also set Ranger to require a minimum number of agents on a site before scanning begins. This prevents Ranger from scanning home networks when someone is working remotely with only one agent. In the pilot program, we set the minimum number of agents to zero, so Ranger began scanning for other endpoints on the site as soon as it was installed.
Ranger requires no new agents, hardware, or network changes. It gives us much more insight into what is actually happening on our networks, which is what we were looking for. Additionally, the way that SentinelOne allows us to isolate protected endpoints from unprotected endpoints is very nice. It is a very easy step into a network access control solution without all the overhead of doing that. It is a very basic way to get on the same level.
At this moment, we feel that we are in full control of the stages of managed endpoints. We didn't have that feeling before, but now we know that if we don't receive an alert from the system after a while, then we can be 99.9 percent sure that nothing is wrong. When we do get an alert, we need to take action. It may be a minor or major issue, but we need to do something. Regarding new installations of agents on new endpoints, we had some initial concerns that the agent would try to block applications running on those endpoints. However this issue only occurred on 8,000 endpoints, and we were able to resolve it by setting up an exclusion for the affected application. This was minor work, but it used to take a lot of time to install new agents on new endpoints with our previous solution. Now, both IT and other departments feel confident that we are in control. This is a huge difference.
Singularity Complete has helped reduce our false positive alerts. We used to receive hundreds of false positives each day until we implemented Singularity Complete, and now the false positive count is down to five per day. We also use the MDR services of SentinelOne. They are handling that for us, and we get a good insight into what actually happened. This is a huge difference.
Singularity Complete has helped free up time for our staff to work on other projects. Compared to the time we spent with the previous solution, we are now saving about 70 percent of our staff's time.
It has reduced our MTTD. It has also helped save our organizational costs. We are paying 20 percent less than our previous solution.
What is most valuable?
The user interface, ease of maintenance, and the efficient way to identify the root cause of an incident to see all the factors that contributed to it are the most valuable features.
What needs improvement?
The mobile agents need improvement, especially in their integration with the dashboard of the normal Windows Image-based agents. The goal was to achieve full integration support, but this has not yet happened. The integration is incomplete.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete for two years.
What do I think about the stability of the solution?
SentinelOne Singularity Complete is extremely stable. We have not had any downtime on the cloud.
What do I think about the scalability of the solution?
SentinelOne Singularity Complete is scalable. To scale, we simply need to install agents, and the rest is taken care of by SentinelOne.
How are customer service and support?
The technical support is quick to respond and provide answers.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We previously used Trend Micro but switched to SentinelOne Singularity Complete after a successful ransomware attack. We were already looking for a different solution because Trend Micro was time-consuming to maintain, difficult to extract information from, and generated a lot of false positives. We never felt in control of our security posture.
How was the initial setup?
The initial deployment was straightforward. We first ran SentinelOne Singularity Complete in parallel with Trend Micro. This means that the agents can run in a monitoring policy or process, which sends us information about what the agent would block if it were in blocking mode. When we are confident that it is safe to switch to a blocking policy or policies, we can do so with a single click in the dashboard, and the agent or group of agents or all agents will start blocking. This is very easy to do, and we were able to deploy the agents to all endpoints in a matter of weeks.
What's my experience with pricing, setup cost, and licensing?
SentinelOne Singularity Complete is a fair price.
What other advice do I have?
I would rate SentinelOne Singularity Complete nine out of ten.
SentinelOne Singularity Complete is not a static platform, and new features are released all the time. This adds new value to the product on a regular basis. Compared to other systems, which can be difficult to understand, Singularity Complete is seamless and easy to use. We don't need to do anything to activate new features, and we are notified by email when they are ready to use. It is then up to us to decide whether or not to use them.
SentinelOne Singularity Complete is a mature solution, and our organization is booming because of it. We're not experiencing the issues that we typically encounter with new companies or solutions.
We have 800 users and Singularity Complete is deployed across multiple countries and locations.
For maintenance, we need to ensure our agents are always up to date.
We decided to start using the mobile agents because they were part of our initial purchase. We have already taken the next step and are now looking into Ranger AD. We will be looking into this next year to increase our security level. SentinelOne Singularity Complete is a very easy-to-use product that provides a high level of security and is very usable for us. This is how most security solutions should work. I am very positive about SentinelOne Singularity Complete as our security partner.
I suggest doing a POC to see if SentinelOne Singularity Complete is the right fit.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Endpoint Detection and Response (EDR) Endpoint Protection Platform (EPP) Anti-Malware Tools Extended Detection and Response (XDR)Popular Comparisons
CrowdStrike Falcon
Microsoft Defender for Endpoint
Fortinet FortiEDR
Cisco Secure Endpoint
Microsoft Defender XDR
IBM Security QRadar
Elastic Security
Intercept X Endpoint
Trend Vision One Endpoint Security
Kaspersky Endpoint Security for Business
VMware Carbon Black Endpoint
Check Point Harmony Endpoint
Trend Vision One
Trellix Endpoint Security (ENS)
Buyer's Guide
Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the biggest difference between Carbon Black CB Defense, CrowdStrike, and SentinelOne?
- Which is better - SentinelOne or Darktrace?
- What do you recommend to choose when replacing Symantec EDR: SentinelOne or CrowdStirke Falcon?
- Cortex XDR by Palo Alto vs. Sentinel One
- Which solution do you prefer: CrowdStrike Falcon or SentinelOne Singularity Complete?
- Does SentinelOne have a Virtual Patching functionality?
- What is the biggest difference between EPP and EDR products?
- What is the difference between EDR and traditional antivirus?
- What is your recommendation for a 5-star EDR with low resource consumption for a financial services company?
- Which is the best EDR for a logistics company with 500-1000 employees?
Thank you, Stephen, for the thoughtful and thorough review. We are always glad to hear how customers are using SentinelOne.