We use SentinelOne Singularity Complete as our antivirus and malware detection solution.
Sr. Security Engineer at a financial services firm with 501-1,000 employees
Great malware hunting, reduces our detection, and response time
Pros and Cons
- "Malware detection is valuable."
- "SentinelOne's customer service has room for improvement."
What is our primary use case?
How has it helped my organization?
Singularity Complete has helped reduce our alerts.
It gives me peace of mind knowing that it patches areas that need it and is always available to hunt for malware in our environment.
Singularity Complete has helped significantly reduce our MTTD. We are notified within the hour of an incident.
It has also helped reduce our MTTR. We are able to respond to an incident within the hour.
Singularity Complete has helped reduce our organizational risk.
What is most valuable?
Malware detection is valuable. We have had incidents where users have clicked on malicious links and we were able to patch the malware using SentinelOne Singularity Complete before it reached the SIEM. SentinelOne Singularity Complete has become one of my most trusted solutions for hunting malware in our environment.
What needs improvement?
I have been trying to synchronize SentinelOne Singularity Complete with our SIEM, but it has not been very successful.
SentinelOne's customer service has room for improvement. It is hard to reach them.
Buyer's Guide
SentinelOne Singularity Complete
March 2025

Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete for two years.
What do I think about the stability of the solution?
Singularity Complete is stable.
What do I think about the scalability of the solution?
Singularity Complete is scalable.
How are customer service and support?
The support team is hard to get a hold of.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
Based on a management decision, we switched from CrowdStrike to Singularity Complete.
How was the initial setup?
The initial deployment was complex, but SentinelOne helped with the process and two of our employees were involved.
What about the implementation team?
We used the help of SentinelOne for the implementation.
What's my experience with pricing, setup cost, and licensing?
The license is per user.
What other advice do I have?
I would rate SentinelOne Singularity Complete eight out of ten.
It is a mature and high-quality solution.
SentinelOne Singularity Complete as a tool is good but the support needs a lot of work.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.

CISO at a computer software company with 5,001-10,000 employees
Good integration with third parties, reduces alerts and reduces mean time to respond
Pros and Cons
- "It's a plug-and-play solution that works well with other out of box integrations that we have."
- "There aren't enough reporting capabilities for decision-makers."
What is our primary use case?
We use the solution as an EDR tool. We focus specifically on Linux components and a Linux environment.
What is most valuable?
The threat detection and visibility as well as the migration of the data to our SIM instance has been useful. Doing automation workflows has been excellent.
They have fairly decent integration with third-party tools within their own stack. They have very strong integration with CrowdStrike and Microsoft Defender. They also have connections for Palo Alto Networks and all the tools that we leverage across the firm. These are API connectors, so they are plug-and-play. The login session coordination piece is also fairly robust, which is done with Splunk on the same side.
It's a plug-and-play solution that works well with other out of box integrations that we have. We can move the data from the solution into third-party tools.
It helped us to reduce our alerts. On the the Linux kernel side, we have quite a few different versions of Linux, and hence the alerts that we used to get earlier were a lot more. They are significantly less since they're now managed and controlled through the Singularity platform.
Our mean time to detect has been reduced significantly. We've saved maybe thirty minutes to an hour. Our mean time to respond is a bit better by a few minutes.
What needs improvement?
The reports for the executives who are the decision makers should be better. That would help with product renewal and adding new modules. There aren't enough reporting capabilities for decision-makers.
For how long have I used the solution?
I've used the solution for just under a year.
What do I think about the stability of the solution?
We have not noted any crashing or lagging issues.
How are customer service and support?
They offer fairly decent technical support. We've not had any major challenges with them so far. The support team has been pretty good.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We have CrowdStrike as an EDR tool for Windows, and CrowdStrike did not really support our Linux kernels. That's when I did an evaluation with different vendors, and Singularity was able to support our Linux kernels.
How was the initial setup?
I was involved in the deployment. It was a straightforward deployment. We had six people handling the deployment.
We have not had a need for maintenance just yet.
What about the implementation team?
We used our own internal IT team for the implementation.
What's my experience with pricing, setup cost, and licensing?
The product's pricing is at par with what you see among major competitors. It's higher than McAfee, yet cheaper than CrowdStrike.
What other advice do I have?
It allows us to be innovative. It's fairly robust and one of the main leaders in the space. It's a pretty strong offering compared to others in the market. It is a quality product.
It's important to test it first to see if the solution works well for your firm. I'd advise people to validate and test it out thoroughly. Bringing in a solution is not that difficult, however, ripping and replacing a solution is hard, so you want to avoid regretting any decisions.
The solution is a helpful strategic security partner.
I'd rate the solution an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
SentinelOne Singularity Complete
March 2025

Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
Sr Network Security Engineer at a tech services company with 501-1,000 employees
Good protection and management provided by this product
Pros and Cons
- "The protection and management provided by SentinelOne is good."
- "I would like to see the reports from SentinelOne more customizable, as there are very few options."
What is our primary use case?
We use SentinelOne daily for endpoint protection and restriction on using USB devices.
What is most valuable?
The protection and management provided by SentinelOne is good.
What needs improvement?
I would like to see the reports from SentinelOne more customizable, as there are very few options.
For how long have I used the solution?
I have been using SentinelOne for four months. I work as a senior network security engineer.
What do I think about the stability of the solution?
The management of SentinelOne is easy, it does not put too much burden on the machine. We will be upgrading to Windows 11 in the upcoming months, we will be able to better comment on stability after that.
What do I think about the scalability of the solution?
Our organization has close to 3,000 machines with approximately 2,000 users. It is easy to scale.
Which solution did I use previously and why did I switch?
We were using McAfee prior to SentinelOne. McAfee has a wide range of reports and is more customizable than SentinelOne. We switched from McAfee because we were no longer satisfied with the support they provided. They were no longer providing prompt responses, tickets were taking too long to get resolved.
The other reason we switched was that McAfee was a traditional antivirus working on a definition basis. They have not moved on to the next generation of antivirus. McAfee needs to focus on the behavior of the program and machine files. If you want this, you need to choose a different McAfee product. They were not putting everything in one place, but rather offering a buffet of offerings, driving the cost up.
How was the initial setup?
The initial setup of this solution was simple. We did the setup ourselves, but did require a little help from the vendor.
I would give SentinelOne a four out of five for ease of setup.
What about the implementation team?
The deployment of SentinelOne is easy. If you calculate the installation of the product and make all the packages ready, it takes about a week. Implementation was another month to go through and replace the older systems and install the new ones.
What's my experience with pricing, setup cost, and licensing?
The pricing of SentinelOne is less than McAfee.
What other advice do I have?
I would advise anyone looking to implement SentinelOne to look before you set up. Know how many machines are working in your network and which type of communication they are doing, whether it is internal or on the internet. No matter what solution you pick if it is SentinelOne, Carbon Black, McAfee, or Symantec check the usage of your machines.
I would rate SentinelOne a nine out of ten overall.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Software Engineer at a healthcare company with 51-200 employees
Lets us centrally manage our active endpoints
Pros and Cons
- "It delivers the type of security which we were hoping for, since we have a lot of different endpoint users utilizing different types of software. We have people who only use Office software, like email, Word, and PDFs. Then, we have people who use some applications that other people wrote. We also write applications in-house using people who develop software. Therefore, we have some machines using very high-end developer software for mechanical development, electronic development, and software development. Those users are used to managing their PC on their own. The centralize platform allows us to differentiate between those three groups of people. We have overall control and can oversee the security levels at all the endpoints. They have not yet been blocked in any way when performing the functions"
- "We have had one or two occasions when we had to roll back off our Windows machine. Then, we had an issue with SentinelOne where we couldn't let the client make contact with the cloud service anymore. Therefore, the integration with the Windows Service Recovery could be improved in the future."
What is our primary use case?
We are a company with several types of PC users. Our office ranges from marketing to sales, and we also have people who are remote on laptops all over the world, as well as an R&D department. Those people use PCs in different ways.
We wanted a platform that has ways of dealing with various kinds of users, but we also wanted a central management so we could overview the state of all our endpoints with one view.
We use the central cloud interface to manage all our endpoints.
We only use it on Windows machines.
How has it helped my organization?
It delivers the type of security which we were hoping for, since we have a lot of different endpoint users utilizing different types of software. We have people who only use Office software, like email, Word, and PDFs. Then, we have people who use some applications that other people wrote. We also write applications in-house using people who develop software. Therefore, we have some machines using very high-end developer software for mechanical development, electronic development, and software development. Those users are used to managing their PC on their own. The centralize platform allows us to differentiate between those three groups of people. We have overall control and can oversee the security levels at all the endpoints. They have not yet been blocked in any way when performing the functions.
I have one instance where we had a trigger of an attack. Luckily, it appeared to be in an unregistered program created a lot of threats by renaming files. This was something that the employer developed by his own. This was an unknown program that generated a lot of threats to very quickly rename a thousand files. However, it was not an actual attack, but the behavior of that program was such that the AI protection of SentinelOne kicked in and alarmed us of a possible attack. One of our employees created a program just for his benefit. It had exactly the same behavior as a ransomware attack would have had, then it kicked in. This is why I'm confident that SentinelOne will also detect real ransomware actions. That is the only one instance where I encountered the Behavior AI software kicking in.
We haven't had any real attacks over the last year. We did have some intrusions mainly from suspicious files that people were getting via their browser and some attachments that I tried to open with double extensions. Luckily, in the last year, we haven't had any actual attacks.
The effectiveness of the solution’s distributed intelligence at the endpoint is 100 percent. We haven't had any incidents break through. We only see a very small reduction in PC performance.
What is most valuable?
The main reasons that we use SentinelOne are the antivirus and Behavioral AI protections. We have this solution centrally managed to see what endpoints are active, along with the latest software protection running. It also provides us external control, so we can block machines remotely, even if they are in another country, because we have account managers all over the world. All these features together protect us against strange behavioral programs.
SentinelOne's one-click, automatic remediation and rollback for restoring an endpoint is very handy. We had some issues with programs that were unknown by SentinelOne, then marked as suspicious and quarantined, because we also develop software ourselves and have software packages that were compiled in 1995 and don't conform to the normal rules. SentinelOne always marks those packages as suspicious because they do something different than they should when you compile them with current libraries of Windows, etc. Therefore, we had some interventions of SentinelOne where you can easily whitelist them and rollback the quarantine action so people who use those old-fashioned programs could easily continue with their work.
This was only an issue during the first month when we rolled out the software, then it starts doing scans mainly on the R&D PCs, which was our great concern. Normal office use is fairly straightforward, but when you develop software (and we also develop software to communicate with our embedded systems), then the demands are a bit different. However, until now, we have been very happy with it.
What needs improvement?
We have had one or two occasions when we had to roll back off our Windows machine. Then, we had an issue with SentinelOne where we couldn't let the client make contact with the cloud service anymore. Therefore, the integration with the Windows Service Recovery could be improved in the future.
For how long have I used the solution?
We have been using it for about a year now. We rolled it out in December 2019.
What do I think about the stability of the solution?
All the endpoints are running without problems. It is very stable. We have deployed several versions of agents. I haven't encountered any issues, apart from when that rollback occurred, and the SentinelOne agents were locked out of the cloud platform, and the only way to retrieve that was by installing it again by hand.
Up until now, SentinelOne's effectiveness has been 100 percent.
What do I think about the scalability of the solution?
We are a relatively small company with about 80 employees. Most things are offsite. We do not use automated things very much.
There are four users from the admin side.
Together with another colleague, we chose SentinelOne, then tested and deployed it. A few other colleagues have monitoring views in SentinelOne, e.g., if a site has to be whitelisted.
How are customer service and technical support?
I had one issue that I brought up with customer support. They delivered a solution in about two hours. It was related to the issue with the agent. I just issued an email, and in about an hour, the problem was solved. I was delivered a good solution: an uninstalling procedure and how to go about it. That's the only thing that we needed it, and the only time we needed the technical support.
Which solution did I use previously and why did I switch?
Before this solution, we used McAfee, which was not enough for our use. Then, SentinelOne came into the picture. It not only had static virus checking (antivirus), but it also had the Behavioral AI features, like triggers, that we could investigate.
The McAfee solution that we had was more demanding, more expensive, and had less functionality. Three to four years ago, we had an incident with ransomware, and it wasn't detected at the time by the McAfee on all the points. There were two points that were affected. Since it wasn't noticed by the McAfee. we were considering other software solutions from that point on.
SentinelOne offered a good solution, which is the main reason that we went with them. It was easy to manage, although we didn't use McAfee the way we use SentinelOne right now. McAfee was incorporated in our company about 20 years ago, so we probably didn't use all the facilities that McAfee can offer now.
SentinelOne made us a good offer, especially regarding the Behavioral AI aspect of the protection. Therefore, we just wanted to see what they could offer us. After a year, we are still very satisfied.
SentinelOne had a smaller footprint, both in resources and time-wise, as in load, than the McAfee solution that we had previously.
How was the initial setup?
The initial setup was fairly straightforward. It was very easy to start up. You didn't have to go into a lot of documentation to roll it out. We used the management from the central platform, not our own central platform on-premise, and did it on the cloud version. This way, it could be delivered and updated remotely.
The deployment took a week. We deployed it to about 90 endpoints.
What about the implementation team?
We just had a discussion with the SentinelOne service provider onsite. He gave a revision of how SentinelOne should be deployed along with some examples. Before we deployed it to the entire company, we had a testing time of about two months.
What was our ROI?
SentinelOne has reduced incident response time. The two main pillars that SentinelOne helps us with:
- Central management: I can ensure management that if there is a breach all the machines and endpoints are up-to-date and protected.
- SentinelOne allows us to switch off an endpoint remotely, which we could do previously. Most people are on-premises, but there are 15 to 20 people all over the world with laptops connected everywhere.
It saves a few hours a week for one person, because you can see the statuses of all the machines in one place.
What's my experience with pricing, setup cost, and licensing?
It was cheaper than McAfee, which was a way to convince management to go with the solution.
What other advice do I have?
At the moment, we are very pleased with the solution.
We saw the Storyline technology briefly. However, the Storyline is only when you have actual attacks, and they are not caught in the beginning. Most of our attacks were caught just by static recognition of the files, so there was no story because the file was not allowed to activate. In the beginning, we did some fake file checks in an enclosed surrounding and in a CM setup, which is how I saw the Storyline facilities, but we don't use it.
I would rate this solution as a nine (out of 10).
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Senior Analyst at a manufacturing company with 10,001+ employees
Went beyond malware and showed us behaviors, and dramatically decreased our false positives
What is our primary use case?
We use it as an EDR solution for all of our endpoints. We use it for our desktop servers, cloud, and Linux. We use it for all of it.
How has it helped my organization?
It showed us things that we were not even aware of. It went beyond malware and showed us behaviors. It showed the bad behaviors of a lot of our end-users.
The interoperability is all there. We are still at the beginning of our journey, but everything is kind of teed up and aligned for that integration. We are talking about the ServiceNow integration. It has been the early placement in our cloud clusters or nodes. Those are the things that have made interoperability, integration, and adoption easier.
Singularity Complete has not helped free up our staff for other projects and tasks because we are still at the beginning, and we still have a lot to deploy, but we will realize that. I am confident that we will realize those efficiencies.
Singularity Complete has changed what we are looking at. It has dramatically decreased our false positives. We are not chasing false positives. It does not save time as such, but it has helped us focus on what is actually important.
Singularity Complete has not helped reduce alerts, but it has changed what our analysts are looking at. We expected a spike in alerts. The product is showing things that we did not previously see, so the increase in alerts temporarily for a short duration or for the next six months is expected.
Singularity Complete has reduced our false positives, and it has helped us see the hygiene of our whole network in our environment.
Singularity Complete compresses the triage time. It is all about the triage time. That life cycle going from information to action is what security operations are all about. SentinelOne does that because it helps analysts focus on those true things that are risk-behavior in our environment, rather than the validation that they were on more traditional signature-based platforms we had before.
Singularity Complete has not helped reduce our organizational risk, but it has absolutely increased our awareness of that risk. Knowing what your risks are is half the battle before an organization or a medium-sized organization, so being aware of the risk is the first step, which is available for the first time since we adopted SentinelOne.
What is most valuable?
As far as EDR goes, the behavior analysis of the incidents is my big thing.
Its non-signature-based capabilities and the heuristic analysis for dynamic threats are also valuable.
What needs improvement?
There should be full and complete integration in the single console of the mobile agent.
For how long have I used the solution?
We have been using Singularity Complete for 18 months.
What do I think about the scalability of the solution?
It is scalable, and it has scaled well.
How are customer service and support?
So far, everything has been great. During our deployment, I have bugged them a lot, and it has been pretty good. I cannot complain. I would rate them a nine out of ten. There is always room for improvement. During their deployment, I relied on them to make sure that all of our things went fine. We had some hiccups, and they were there with us. They were there to help through everything. There were some things that took longer time to research and figure out, but for the most part, if I needed a solution, I got it.
We had a bit of a hiccup that was at the SaaS level. Keith W and the complete team made it right once they knew and understood the problem and its impact on our organization. I value that a lot.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We were using another solution before SentinelOne. We made the switch because of functionality, compatibility, interoperability, visibility, and ease of integration. It checked all the boxes that we needed. We definitely needed to go this way.
How was the initial setup?
It was pretty straightforward, and it was pretty easy to get everything out.
We pushed through SCCM, and it went right in. I had very minimal issues with all of our endpoints. The ease was right there, and basically, there was not a disruption. It was one of the easier deployments that we have had. It roughly took half the time as our previous endpoint protection solution. We did it in about nine months, and we rolled from PoC straight into deployment. The previous solution took about 18 months to cover the same population with a lot more complications and finagling to make it work.
What about the implementation team?
We implemented it in-house with some professional services from SentinelOne. Our experience with SentinelOne was good. We have no complaints.
What was our ROI?
It is hard to say, but I can say that we have seen an ROI because we have discovered things that we were not aware of. That alone is a return on the investment in my book, and my leadership understands that, and that is easy for me to make.
Singularity Complete has not saved us costs. We are not there yet. It will, but we are at the beginning of our journey. It is going to zero in on things that need to be corrected. For us, it is hopefully going to be that change agent or the catalyst for the change agent to our behavior. Technology can only go so far. We are starting to look at the behavior of how some of our business processes have been run because the risk has not been fully understood, so the costs are unquantifiable at this time, but I am sure they are there. I am confident that they are there.
What's my experience with pricing, setup cost, and licensing?
It is comparable. Something that I look at for the long term is how sustainable it is. There is quite a bit in the security portfolio that I manage, and we will see.
Which other solutions did I evaluate?
We evaluated about seven other products through an evaluation score guard criteria in-house. It has been so long since I have looked at that matrix, but it came down to analysts evaluating it against our set requirements and evaluation criteria. After that, it becomes a number, and the numbers have a certain magic to themselves that makes things more objective. The numbers just came out where the score was clear and evident based on the analysts' analysis.
What other advice do I have?
It is a good product, and it is something that has future-proofed me in my program for the organization.
I am pretty sure I made a super smart decision when I chose to buy it. The roadmap is sound. Based on the keynotes at SentinelOne OneCon23, there is a lot going on. They are dedicated to improving the product. There are a couple of things, such as SentinelOne Mobile, that cannot be forgotten. That is integral for us or our organization, but, overall, I feel pretty good about the strategic roadmap or journey that we will be on.
From a pragmatic level, it is very mature. There was a bit of a false start with the SentinelOne Mobile, which is important for us, but overall, the product is very mature and adaptable by a variety of talents and skill sets that you find in your SOCs or security operation centers.
I would rate it a nine out of ten because of the Mobile issue. This is something big, and I am a little worried that I did not see it in the keynotes SentinelOne OneCon23.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Principal Security Analyst at a tech services company with 1,001-5,000 employees
A great storyline feature, dashboard, and customization
Pros and Cons
- "I really like the storyline feature."
- "The false positive rate has room for improvement."
What is our primary use case?
We use SentinelOne Singularity Complete for antivirus and EDR capabilities on both our hosted and internal platforms.
We implemented SentinelOne Singularity Complete to harden the security of our environment.
How has it helped my organization?
Initially, we focused on our client-facing platform. We definitely wanted to ensure adequate antivirus and malware protection, and I believe we have achieved that with SentinelOne Singularity Complete. Our environment is fairly large so it took us a few months to realize the benefits.
SentinelOne Singularity Complete helped save our staff time to focus on other projects. Our security operations team has a little bit more bandwidth now.
SentinelOne has helped us reduce our MTTD. The Storyline feature has definitely cut down on research time when investigating incidents, making the process much faster. What used to take several hours to review logs can now be completed in ten minutes.
It has helped us reduce our MTTR.
Our organization had a costly incident before we implemented SentinelOne Singularity Complete. Since the implementation, we have not had any incidents, which correlate to cost savings.
Singularity Complete has helped reduce our organizational risk.
What is most valuable?
I really like the storyline feature. It makes it easier to tie together the processes and how they are related when investigating potential incidents. I also like the dashboard and the customization options.
What needs improvement?
The only integration that we are having a challenge with is our Rapid7 SIM solution. We have created exclusions for it, but sometimes there are still some false positives that the team works through.
The false positive rate has room for improvement.
We can build exclusions in a few ways, but one challenge is that many third-party applications spawn files with random names. This can make it difficult to write rules to account for these files. If there are better ways to deal with this, it would help to reduce conflicts between our Rapid7 solution and some of our other solutions that generate PowerShell scripts.
When agent updates require a reboot, this can be challenging for our large customer environments.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete for four years.
What do I think about the stability of the solution?
SentinelOne Singularity Complete is stable. We have not had many stability issues.
What do I think about the scalability of the solution?
We have a large environment and find SentinelOne Singularity Complete to be scalable to meet our requirements.
How are customer service and support?
The technical support ticket for the issue we had with getting the agent installed in our PBS image took almost a year to resolve, and we ended up finding the solution on our own. We had several tickets open, but unfortunately, they didn't lead anywhere.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We previously used Cylance, which our hosting provider provided along with Endpoint Detection and Response. However, we experienced several challenges with Cylance, so we purchased SentinelOne Singularity Complete for our corporate network. SentinelOne functions and deploys significantly better than Cylance, so we asked our hosting provider to switch us to SentinelOne instead.
How was the initial setup?
The initial deployment was straightforward for SentinelOne Singularity Complete. We had a bigger challenge installing Cylance.
What other advice do I have?
I would rate SentinelOne Singularity Complete eight out of ten.
SentinelOne Singularity Complete has a lot more functionality right out of the gate.
I recommend considering SentinelOne Singularity Complete for anyone researching security solutions.
SentinelOne Singularity Complete is deployed on our corporate and hosted endpoints. We have between 5,000 and 9,000 endpoints.
We have six people that monitor SentinelOne Singularity Complete.
Our agent updates require maintenance and close monitoring. We sometimes have to manually enable policies that are disabled due to the disruption caused by unexpected reboots. We must carefully plan these updates.
SentinelOne Singularity Complete is a good strategic security partner.
I would definitely recommend doing a POC to see if SentinelOne Singularity Complete is a good fit for the environment.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Head of IT at a transportation company with 501-1,000 employees
Straightforward to install, quick and detailed technical support, and application inventory is helpful
Pros and Cons
- "In terms of the engines that SentinelOne uses, it has stopped various scripts from running and it's highlighted lateral movement that we weren't expecting."
- "With respect to product patches, it should have the ability to patch directly from SentinelOne, rather than be presented with a list and have to do it separately."
What is our primary use case?
Our primary uses are endpoint protection and application inventory.
The management is done through the SentinelOne web interface.
We work strictly in a Windows environment, using it for both workstations and servers.
How has it helped my organization?
At the moment, using SentinelOne brings us peace of mind. It has only highlighted a few things and generally, we've been quite lucky.
In terms of the engines that SentinelOne uses, it has stopped various scripts from running and it's highlighted lateral movement that we weren't expecting. From that perspective, it's been good.
We don't have a lot of incidents but SentinelOne has reduced our response time by a couple of hours, per incident. It does a lot more than what the previous AV products did.
What is most valuable?
The most valuable features are application auditing and malware detection.
Application inventory and auditing highlight which applications are installed on the endpoints, and whether there are any known vulnerabilities. If the endpoint is not patched then it will be reported. This helps us in terms of validating our patch management methodology.
On the malware protection, it looks like it stops all malware and detects things such as suspicious activity.
The automatic monitoring of OS processes is a good thing to have. However, I'm not totally familiar with the product in-depth. It gives peace of mind in terms of our security and it doesn't seem to have any impact from an end-user perspective.
We use the threat detection feature.
The Deep Visibility feature is something that we have used once or twice. It gives us visibility of all of the activities that took place, to determine what exactly was caused. We don't use this feature very much, purely because we don't have many things to look at. We did find some things that were suspicious, and we were able to resolve them. It highlights certain things that we weren't aware of, and then we were able to go in and understand them further. At that point, we either marked an issue as a false positive, or we denied it permission to continue. In either case, SentinelOne stopped it from proceeding.
At the moment, my confidence is quite high with respect to the effectiveness of the distributed intelligence at the endpoint. I haven't had reason to determine if it's not working and at the moment, it seems to be doing what it says it does.
What needs improvement?
With respect to product patches, it should have the ability to patch directly from SentinelOne, rather than be presented with a list and have to do it separately. As it is now, it shows you what products require patching, but you need a separate application to install the patch. If you could initiate an update to the application from SentinelOne, that would be a nice feature.
For how long have I used the solution?
I have been using SentinelOne for approximately a year and a half.
What do I think about the stability of the solution?
Overall, the stability is very good. We have had one version where it had a high CPU usage, but the later versions were better.
What do I think about the scalability of the solution?
We have not run into problems with scalability. It can be very good.
There are three users in the company including the IT department, helpdesk, and operations manager. At the moment, we have implemented 100% of our endpoints. Probably, as we add endpoints over time, our usage will increase slightly.
How are customer service and technical support?
The technical support is excellent. We have only had to use them two or three times, and the response has been very fast, very detailed, and very explanatory.
Which solution did I use previously and why did I switch?
Prior to SentinelOne, we used Symantec Endpoint Protection. We switched because SentinelOne offered various features such as Deep Visibility, threat analysis, and application inventory. There were a lot of features that SentinelOne had that Symantec didn't, at the time.
How was the initial setup?
The initial setup is very straightforward. It was pretty much all done for us. Essentially, all we had to do was install the agent on each workstation that was upgraded.
It took about three weeks to deploy, covering all 212 of our endpoints.
We didn't have a specific implementation strategy. We somewhat phased it in, and all of the new devices would be installed with SentinelOne. As we go through the different workstations, we replace what is necessary and upgrade the agent. It was a case of going through our four different offices and because we're quite small, we did it one by one.
There is no maintenance required, post-deployment.
What about the implementation team?
SentinelOne support assisted us with deployment and it was done pretty much right away. They were very good.
Once the tenant was created, they gave us an overview of how to use it. The product is quite straightforward and easy to use and. There are probably elements we could go through further with SentinelOne, but I don't know if it's because I buy through a third party. Maybe, the third party is supposed to do more, but I'm not sure.
The reseller that we purchased SentinelOne from is O2 Mobile, and the experience was fine.
What was our ROI?
Although there isn't a tangible ROI, the product gives us a lot more detail and insight into the threats, which is valuable. There has been ROI, but it's more time value rather than a hard dollar value.
What's my experience with pricing, setup cost, and licensing?
The price is reasonable in terms of what the product offers. SentinelOne is more affordable than some competing products, and it's not overly expensive for what you're getting.
Which other solutions did I evaluate?
We looked at Trend Micro before choosing this product. SentinelOne looked easier to use and it was almost a complete product. We didn't go into too much depth, and I cannot compare the detection capabilities, but the cost was a factor.
What other advice do I have?
My advice for anybody who is implementing this product is to fully understand all of the elements that it provides and to be aware of all of the features. For myself, I think it's important to have a deeper and better understanding of all of the functionality that the product offers.
At the moment, we have a lot of trust in SentinelOne. If it continues to stop future threats then I will continue to rate it highly, or even perfect. At this time, I wouldn't say it's perfect because I can't say that I haven't been compromised because of it.
I would rate this solution a nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Deputy Manager at JK Paper
A great XDR service, good visibility, and helps reduce organizational risk
Pros and Cons
- "SentinelOne Singularity Complete has a valuable feature that allows us to install the agent on every endpoint and extract all asset information for reporting purposes in our live inventory."
- "I would like to have a remote desktop feature added so we can remotely access our endpoints."
What is our primary use case?
We use SentinelOne Singularity Complete for incident management planning to protect against insider and outsider threats, monitor threats, block websites across our branches, and manage assets.
Before implementing SentinelOne Singularity Complete, we could not track our assets, manage the threat insights, or block USB devices. Now we can manage and handle all our assets and keep them healthy. We can also protect our data from malware and ransomware attacks.
How has it helped my organization?
The SentinelOne Singularity Complete reporting suite is essential for providing comprehensive visibility into the security posture of an organization.
We realized the benefits of SentinelOne Singularity Complete two months after we deployed it. We knew after the proof-of-concept that SentinelOne Singularity Complete would be useful in our environment.
SentinelOne Singularity Complete helps our organization track all our systems. We receive an automated weekly threat report on our systems, which helps us manage incidents before they occur. We automatically receive insight threat reports in our emails, which is a great way to identify and track issues so that we can remove the affected asset from the environment to protect our systems and network.
SentinelOne Singularity Complete has helped reduce our organizational risk.
What is most valuable?
SentinelOne Singularity Complete has a valuable feature that allows us to install the agent on every endpoint and extract all asset information for reporting purposes in our live inventory.
SentinelOne's XDR service is valuable. We use them to find the root cause of an issue.
What needs improvement?
I would like to have a remote desktop feature added so we can remotely access our endpoints.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete for six months.
Which solution did I use previously and why did I switch?
We previously used Kaspersky, but we found that it could not clearly identify all of our assets and risks. With SentinelOne Singularity Complete, our environment is more secure.
How was the initial setup?
The initial deployment was straightforward.
What about the implementation team?
We used a third party for the implementation.
What's my experience with pricing, setup cost, and licensing?
SentinelOne Singularity Complete is expensive, but we must be willing to pay for it if we want a high level of protection.
What other advice do I have?
I would rate SentinelOne Singularity Complete nine out of ten.
We recommend that people evaluate SentinelOne Singularity Complete before buying it. At a minimum, they should compare it to their current solution and other products to see the difference. They should do a small comparison of the major points that each product covers and does not cover. Once they have a good understanding of the options, they can have a demo or proof-of-concept before making a purchase. Additionally, it is helpful to check which companies are currently using SentinelOne Singularity Complete in their live environment for a long period of time without experiencing any challenges.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Product Categories
Endpoint Detection and Response (EDR) Endpoint Protection Platform (EPP) Anti-Malware Tools Extended Detection and Response (XDR)Popular Comparisons
CrowdStrike Falcon
Microsoft Defender for Endpoint
Fortinet FortiEDR
Microsoft Defender XDR
Cisco Secure Endpoint
IBM Security QRadar
Elastic Security
HP Wolf Security
Trend Vision One Endpoint Security
Kaspersky Endpoint Security for Business
Intercept X Endpoint
Trend Vision One
Check Point Harmony Endpoint
Buyer's Guide
Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the biggest difference between Carbon Black CB Defense, CrowdStrike, and SentinelOne?
- Which is better - SentinelOne or Darktrace?
- What do you recommend to choose when replacing Symantec EDR: SentinelOne or CrowdStirke Falcon?
- Cortex XDR by Palo Alto vs. Sentinel One
- Which solution do you prefer: CrowdStrike Falcon or SentinelOne Singularity Complete?
- Does SentinelOne have a Virtual Patching functionality?
- What is the biggest difference between EPP and EDR products?
- What is the difference between EDR and traditional antivirus?
- What is your recommendation for a 5-star EDR with low resource consumption for a financial services company?
- Which is the best EDR for a logistics company with 500-1000 employees?