We use SentinelOne Singularity Complete for antivirus and EDR capabilities on both our hosted and internal platforms.
We implemented SentinelOne Singularity Complete to harden the security of our environment.
We use SentinelOne Singularity Complete for antivirus and EDR capabilities on both our hosted and internal platforms.
We implemented SentinelOne Singularity Complete to harden the security of our environment.
Initially, we focused on our client-facing platform. We definitely wanted to ensure adequate antivirus and malware protection, and I believe we have achieved that with SentinelOne Singularity Complete. Our environment is fairly large so it took us a few months to realize the benefits.
SentinelOne Singularity Complete helped save our staff time to focus on other projects. Our security operations team has a little bit more bandwidth now.
SentinelOne has helped us reduce our MTTD. The Storyline feature has definitely cut down on research time when investigating incidents, making the process much faster. What used to take several hours to review logs can now be completed in ten minutes.
It has helped us reduce our MTTR.
Our organization had a costly incident before we implemented SentinelOne Singularity Complete. Since the implementation, we have not had any incidents, which correlate to cost savings.
Singularity Complete has helped reduce our organizational risk.
I really like the storyline feature. It makes it easier to tie together the processes and how they are related when investigating potential incidents. I also like the dashboard and the customization options.
The only integration that we are having a challenge with is our Rapid7 SIM solution. We have created exclusions for it, but sometimes there are still some false positives that the team works through.
The false positive rate has room for improvement.
We can build exclusions in a few ways, but one challenge is that many third-party applications spawn files with random names. This can make it difficult to write rules to account for these files. If there are better ways to deal with this, it would help to reduce conflicts between our Rapid7 solution and some of our other solutions that generate PowerShell scripts.
When agent updates require a reboot, this can be challenging for our large customer environments.
I have been using SentinelOne Singularity Complete for four years.
SentinelOne Singularity Complete is stable. We have not had many stability issues.
We have a large environment and find SentinelOne Singularity Complete to be scalable to meet our requirements.
The technical support ticket for the issue we had with getting the agent installed in our PBS image took almost a year to resolve, and we ended up finding the solution on our own. We had several tickets open, but unfortunately, they didn't lead anywhere.
Neutral
We previously used Cylance, which our hosting provider provided along with Endpoint Detection and Response. However, we experienced several challenges with Cylance, so we purchased SentinelOne Singularity Complete for our corporate network. SentinelOne functions and deploys significantly better than Cylance, so we asked our hosting provider to switch us to SentinelOne instead.
The initial deployment was straightforward for SentinelOne Singularity Complete. We had a bigger challenge installing Cylance.
I would rate SentinelOne Singularity Complete eight out of ten.
SentinelOne Singularity Complete has a lot more functionality right out of the gate.
I recommend considering SentinelOne Singularity Complete for anyone researching security solutions.
SentinelOne Singularity Complete is deployed on our corporate and hosted endpoints. We have between 5,000 and 9,000 endpoints.
We have six people that monitor SentinelOne Singularity Complete.
Our agent updates require maintenance and close monitoring. We sometimes have to manually enable policies that are disabled due to the disruption caused by unexpected reboots. We must carefully plan these updates.
SentinelOne Singularity Complete is a good strategic security partner.
I would definitely recommend doing a POC to see if SentinelOne Singularity Complete is a good fit for the environment.
We outsourced the operation to a partner, a supplier, and they have managed those services. If the product does identify some abnormal behavior, our supplier is informed, and our main IT division or group IT division is informed. They correct the machine, and they do whatever they need to do.
Nowadays, there is a lot of malware and various other malicious threats. Our system is an internal system. There might be a firewall there, however, malware can still get through an email. However, this solution is very good at detecting abnormal behavior. They act very fast and quarantine machines well.
We find that having an endpoint protection solution allows us to adapt and react faster.
I can put something on my pen drive and get the solution to scan it and see if there are any issues. They can identify and block without affecting any core sections.
The solution is easy to set up.
It's stable.
The solution works quite well and I don't have many notes for improvement.
The solution can use up a lot of resources when scanning. It would be ideal if it was lighter.
We find the initial setup does take some time, as you have to do a lot of whitelisting. We'd like the process to be faster.
I've used the solution for a while. It's been more than two years.
The solution is pretty stable. I'd rate it seven out of ten. It's pretty reliable.
You can scale the solution. However, you do have to pay more to expand as you need to purchase more licenses. At this point, we get additional blocks of licenses when we need them. We do not upgrade one license at a time.
We have about 5,000 clients on the solution currently.
I do not have much experience with technical support.
We also have Microsoft Defender. They are two different products. We use Defender on our machines and workstations, however, not for endpoint security reasons.
IT installed the solution on my machine.
That said, my understanding is the initial setup is not overly complex. At first, however, we had to do some whitelisting. You need to perform a few operations, and we had to reinstall the OS, install a backup, and handle whitelisting. While it takes time, it's not hard.
I'm not sure of the exact pricing of the solution. That's handled by a different team.
We have an IT department that may look at other options, depending on the use case. They've looked at, for example, Sophos, however, they found SentinelOne to be more suitable for us.
I'm an end-user and not very technical.
While the solution is cloud-based, there's an on-prem server, and that is for the administration of our nodes. Mainly, the subscription is controlled by the cloud.
I'd rate the solution seven out of ten. Depending on the use case and if it makes sense for the company, I'd recommend the product.
We use SentinelOne Singularity Complete for EDR. It is a one-click recovery.
SentinelOne Singularity Complete stands out for its ability to collect logs from any security tool we have, bringing together all our data onto a single, unified console.
The Ranger functionality helps identify vulnerabilities in our environment.
Singularity Complete is a complete security solution that goes beyond just alerts. It provides a dashboard that displays all configured security alerts, including lateral movement, consumer attacks, and any other relevant events, on a single console for easy monitoring and response.
Singularity Complete helps free up our time and has reduced the mean time to detection.
It also helps reduce the mean time to remediation and helps cut our client's costs by 75 percent.
Singularity Complete helps reduce organizational risk and improve compliance.
The most valuable feature of SentinelOne Singularity Complete is the STAR Rules.
While our current remote access to SentinelOne Singularity Complete is achieved through publishing, having a direct GUI interface would be a significant advantage for our user and administrator team. This console access would provide a more intuitive and efficient way to manage the platform.
I have been using SentinelOne Singularity Complete for one and a half years.
I would rate the stability of SentinelOne Singularity Complete nine out of ten.
I would rate the scalability of SentinelOne Singularity Complete ten out of ten.
The technical support is excellent.
Positive
SentinelOne Singularity Complete is reasonably priced.
I would rate SentinelOne Singularity Complete ten out of ten.
SentinelOne Singularity Complete stands out in the EDR market by offering a unique million-dollar guarantee, demonstrating their confidence in the product's ability to effectively protect our systems. This financial backing signifies a strong belief in its performance, something no other EDR vendor currently offers.
SentinelOne Singularity Complete is a zero-maintenance product. It's supported by their management defense research team which is working on the console update as well as the automation of the agent-client updates.
I would recommend SentinelOne Singularity Complete.
Our primary use case would be for active XDR protection. We wanted an innovative XDR to keep up with the rising dangers of malware, ransomware, et cetera.
Our visibility and response to a lot of the things that come with an enterprise network have improved. We have users doing multiple things across different platforms. There are applications, servers, endpoints, and certain things that fit in the wild, and it does a really good job protecting all of them.
It has saved time for my team because of what we can do in terms of device control that it provides externally. We have total control.
When it comes to detection, we have email alerts when a threat comes across, so it's pretty quick. And if we have predefined responses to certain threats, then obviously, our response is instantaneous. But in a lot of cases, we like to have our administrators take a look at it and make sure it gets remediated as quickly as possible.
As for security, SentinelOne Singularity puts us in a better place than most solutions. We can look at platform reviews that keep us in the loop regarding what's not considered a good solution.
The visibility and, obviously, the protection aspects are second to none when it comes to speed. Another thing we fall back on is the option to roll back an endpoint if it is infected. There is a shadow copy so that if a PC downloads malicious content, we can roll it back to the state it was in before that package was imported.
It also has a lot of flexibility with its ability to ingest things.
And the AI feature of the solution is prompt in how it learns a certain network and how it responds to certain things. If you do come across false positives, it's relatively easy to get around them.
There are some obstacles you have to overcome when it comes to whitelisting and the like, but that's true of every XDR platform.
Their documentation could afford to be a little bit better communicated. A lot of times we have to look at things in the knowledge base, and much of that could be communicated better, but that would probably be the only thing that needs to be improved.
We've been using SentinelOne Singularity Complete for about three years.
I would give it an A-plus in stability. A lot of times, when you download a new endpoint protection agent or an AV agent, you might run into a lot of compatibility issues or programs kind of freezing up.
I would give it an A-plus for scalability as well.
Our experience with their technical support has been straightforward and good. We got good, timely responses.
As a strategic partner, they're "the new guy on the block." There is some talk of them being bought out. I have heard some rumors like that. But from what I've seen, SentinelOne is just as good as, or better than, any other security partner out there.
Positive
We did use an endpoint protection platform, but I can't comment on which one we used.
I was involved in the whole process of deployment. One thing that wasn't SentinelOne's forte was compatibility with a script for an on-premises software distribution tool. Most of what we did was homegrown to deploy the agents to the machines.
We did it in-house. There were a handful of us involved, probably 10 at least.
I don't deal with the cost side of things, but the licensing, as far as endpoints go, is a pretty straightforward and simple process.
We looked at a couple of other solutions but, again, I can't disclose more about those.
The speed and user friendliness that this platform offers break down some complex aspects of the security industry, and the solution lays them out in a way that a general user can understand.
Definitely compare and contrast Singularity with other solutions. It depends on what fits best for you, what industry you're in, how mobile your network is.
We use the solution for antivirus protection. We do know it does more, however, we're trying to just get the antivirus program up and working and functioning at this point.
It's allowed us to really cover all of our endpoints, including servers, Macs, and services. We're hoping to do a kiosk mode in some of these services for our labs and facilities, and we're hoping that SentinelOne can actually do that. We're going to work with them to make sure we can get that rolled out.
The fact that they have a lot of search features is very helpful. We can go into their filters and we can filter out by specific computer name, for example. We can specify if we want Macs or we want Windows computers, or if we want just laptops, or desktops. There's just a lot of versatility as to how we can look up the devices and really drill down.
The interoperability with other SentinelOne solutions and other third-party tools is good. For other third-party tools, I've used other antivirus software that doesn't have this type of interface. This gives you a lot more latitude to control the computer to basically push out updates and monitor what's going on with the endpoints immediately. It really helps with everything that you need to be on top of quickly, and it really helps that we can monitor everything in real-time.
It integrates smoothly with other solutions. We were able to push out the software and the agent to all the endpoints rather easily. There were only a few stragglers who just weren't physically on and weren't getting the endpoint, however, the rollout went pretty smoothly. The few endpoints not covered were ones that weren't turned on or not in use.
My impressions of the solution's ability to ingest and correlate across our security solutions are positive. It works really well.
We like the fact that we actually have a dedicated person at SentinelOne that we can talk with and work with.
It's helped to reduce alerts. The alerts have really gone down. We've actually had a lot of good coverage. There really haven't been that many alerts or issues. They've actually caught a lot of issues and threats before it's even been a problem. It's really helped cut down on the amount of work that we have to do on our end for troubleshooting and the prevention of viruses or phishing attempts.
This solution helped us to free up the time for other projects and tasks for your team members. We just rolled out a new software program, and it allowed us to focus on that more rather than having to deal with virus alerts that come through from our previous virus program. They've really managed it for us and really helped us find more time to work on the projects that we really need to focus on to advance our business rather than worry about threats that are coming through. It's been quite a time saver.
It helped to reduce our organization's mean time to detect. It's got a much nicer interface to work with, and it's really helped to have them as a working partner rather than our previous vendor which was just a little harder to get a hold of and not as easy to work with.
The mean time to respond is much quicker than what we did have.
It has helped to reduce our organizational risks. We save a lot of hours by not having to deal with all the alerts and managing them. It has saved us many hours of work and really helped us focus on what we really are there to do rather than working on the threats that come our way.
The solution does allow us to be innovative. The product has a nice interface and is quite robust in comparison. We like the options and availability and how it allowed us to manage our endpoints.
Using the filters takes a little bit of time to get used to. There are so many. You have to scroll from side to side in the filter section to find them. It's not very user-friendly.
Some of the options they have up top are a bit much. It is a bit daunting. It minimizes, and then you have to click on select filters for it to completely open, and then you've got a scroll to the right or scroll to the left. Even if you maximize your screen from left to right, there are still more filters to scroll through. They're not well laid out.
I haven't used the reporting feature much, however, having a little bit more options in reporting would be helpful.
I started using the solution about six months ago.
The solution is very stable.
We have about 400 endpoints. They are all deployed in one location.
It is a scalable product. If we need to add more endpoints, we can. That said, we have yet to scale.
Technical support has been really good.
Positive
We had a current vendor called Carbon Black who did our antivirus software, however, it wasn't it wasn't working as well as we would have liked. So we went with SentinelOne to give us a more complete solution.
There is just a lot of functionality on the end of SentinelOne that we just didn't have with Carbon Black, and it just made a lot more sense to go with this. Even though it was priced a little bit more.
I was involved in the deployment of the solution. The process was very simple. SentinelOne took care of most of it for us.
SentinelOne pushed out the agent for us.
We did not need a lot of resources in terms of staff members. We were involved in the planning yet not too much of the implementation. We're still working on covering the last few machines.
There is some maintenance, however, they are mostly updates and those are pushed out by SentinelOne.
We had a representative from the vendor who helped with the deployment.
I can't speak to the exact numbers in terms of ROI. However, other programs do not have as much support and in that sense, support, along with savings, has provided some form of ROI.
My understanding is the pricing is reasonable.
We evaluated other options as well. We looked at Norton, McAfee, and Avast, which were built-in. We went with this product based on the support we would get and the fact that they were personable and easy to work with. We have a dedicated customer service rep that we can talk with about any issues.
We do not use the Ranger feature at this time. We would need to upgrade if we wanted to use that, apparently. So we just decided not to go with that.
The quality is good. I like the way it works and the amount of options it has. However, it has so many options and functionalities you need to really figure out how it works. It takes care of a lot of things for you. You can just set it and forget it.
They are great as a strategic security partner. They worked closely with us and were good at explaining the layout and how the solution would work. They are very helpful.
I'd recommend the solution for users looking for antivirus or endpoint management. It's got great features for both small and large companies. I'd talk with SentinelOne about a company's individual needs. They are quite flexible.
I'd rate the solution eight out of ten.
Using SentinelOne isn't part of my daily tasks. My team only uses it when there's a detection, so the tool is only kept as a screenshot or wallpaper and is only used when there's an alert. It doesn't give us many alerts anyway.
My company uses SentinelOne for EDR purposes for alerts, detections, and patch deployment. For example, some clients ask my team to patch multiple devices and apply policies to the devices, so my team updates policies, applies patches, and updates machines per Windows and Mac updates.
My company also uses SentinelOne for EDR detections and investigations, including forensic purposes.
The most valuable feature of SentinelOne is the good graph it provides. It has a specific page where it detects the recent attacks on other machines or the hackers, for example, group APT28 and all. It shows the active group or predators in the market, the tactics the group uses, and the recent attacks the group performed.
My company even asked a particular client to onboard devices on SentinelOne because it's easier to graph the alerts. The tool can provide you with a better graph that shows when the alert started, the process, the challenges, and the parameters of the processes.
SentinelOne also has a knowledge base embedded in it. You have to visit the page to get the details.
I also like that you can see the activities performed for the alerts received from your end. You have a bunch of people working on SentinelOne, and you don't have to worry about not knowing who received and resolved the alerts because you can get information on the activities on the tool. You can view the actions on the alerts and who has taken action. This is a valuable feature of SentinelOne that's not usually provided on the other EDRs because it's unrelated to the investigations. I can see who recently closed or resolved a particular alert on SentinelOne because the name of the person who took action will appear on the activity page.
Another feature I like a lot about SentinelOne that I can't find in other EDR solutions is the AI segregation and categorization of events. You'll be directed to the logon events category if you're looking into logon-related events. If you're looking into network-related events, you'll be directed to another category, the appropriate one. Based on your search, the SentinelOne AI will segregate the results into categories. You can click on the category and view the categories related to your events. The segregated results then make it easier to do the investigations.
An area for improvement in SentinelOne is the search feature. It could be easier. For example, you can select the number of results that will be shown to you, such as two thousand events, and you can even go up to twenty thousand events for the search you've made, but you can't go beyond twenty thousand. You can only receive up to twenty thousand if you find login-related, detection-related, or process creation-related events. That's the limitation in the search feature of SentinelOne, which ruins the task because it isn't enough when you're doing your investigation.
The retention period of the tool also has room for improvement. The retention period is a time when you can patch up the logs, even older ones. Still, on SentinelOne, the retention period is only one week or one week up to twenty-eight days, and that period is insufficient, especially for a security breach. If a security breach occurs within the company, it could be six months to a year, so if you want to view the logs, you cannot go beyond the limit set by SentinelOne.
The retention period of the tool is way less than what other EDR solutions provide. SentinelOne and CrowdStrike come with a shorter retention period, which means you cannot go beyond one month when investigating the logs.
One month is the timeframe of the retention period, and one week is real-time, as scheduled by the vendor. For forensics purposes, the retention period is critical, so what would make SentinelOne better is a more extended retention period that lets you investigate logs. If you want to patch logs, you can directly call or reach out to the vendor who can provide you with the logs. If the vendor has no logs, you won't get the initial alert when the incident starts.
What I want to see from SentinelOne in its next release is a faster search. I also wish that the twenty thousand event limitation be removed.
I've been using SentinelOne for nine to ten months now.
SentinelOne is a stable tool that never crashes. It's a good product.
Its stability is nine out of ten because, at times, the tool lacks robustness when searching. For example, if I want to search, it can take some time based on my ability to search. Searching on SentinelOne can be much faster because, search-wise, it could be a little laggy.
The scalability of SentinelOne is much better than other tools, so it's a ten for me, scalability-wise.
I haven't contacted the technical support for SentinelOne, but many of my colleagues had experience getting SentinelOne support. One case was about the retention period because a client had been compromised and needed more logs from SentinelOne, but the support team couldn't provide more logs as the retention period was too short.
My company chose SentinelOne over other solutions because it's powerful in the areas of detection, flagging for alerts, and logs. The alert creation is stronger in SentinelOne, so my company went with this tool.
The initial setup for SentinelOne was easy, and I manually performed it. It's easy to deploy a device onto SentinelOne. You have to run the agent, and the application, then the tool will be onboarded. It's that easy.
The deployment of SentinelOne hardly took me half an hour. Once you've learned how and executed the agent file on the machine, you'll start getting the logs. You'll test, configure, and collect the right resources and receive the logs.
I implemented SentinelOne, so it's in-house.
As a developer, I have no information on the pricing of SentinelOne.
I'm using SentinelOne, the EDR solution.
SentinelOne is deployed on the cloud, probably the public cloud, though I wonder if it's private or public. It's on the cloud because it has many more features and doesn't use up many resources even when there's a high workload, and as a tool, SentinelOne performs very well. It may be on AWS or Azure, though.
Within the company, twenty people personally use SentinelOne daily.
My company is a partner of SentinelOne, so my team recommends it to clients, especially if clients require more detection and easy onboarding.
I'd tell anyone looking into implementing the tool that it's fun to learn and use. You can use it without needing many clicks to isolate the machine or perform your required activities. One of the best features of SentinelOne is that it has minimal mouse actions. For example, when you click on a machine, you'll get the hyperlink that shows you the machine details, the uptime, when it was first and last seen, the memory, and all the machine details. You get the details in one location, such as the applications installed on the machine, the network-related configurations of the machine, and the machine processes. You won't get as many features from other EDR solutions. You can isolate the machine, repair and update the machine, update the knowledge base and software, and onboard a particular device on SentinelOne. The tool has many more features. It's a good tool.
My rating for SentinelOne is nine out of ten. Still, if the twenty-thousand event limitation is removed, then that's the time I'd give the tool a score of ten because if there's no limit set, then you can get all process details related to your investigation.
The primary use case is as an endpoint detection and response software. Basically, it is an enhanced antivirus, anti-malware, and anti-ransomware solution. It protects from ransomware attacks and other types of cyber attacks. It protects the endpoint from malicious actions.
Protection from cyber attacks is the feature we find the most valuable.
It's a stable product.
We find the solution to be scalable.
Technical support is good.
The pricing is not too high.
It has a pretty simple user interface and is user-friendly.
They need to improve how we install the software. For the agent of SentinelOne in the endpoint, it's not an automated process. We have to download it and then upload it on the endpoint. That is something that can be made simple. The uploading of the software in the endpoint, if that can be done publicly, would be great. The setup should be available publicly. The agent installation should all be done in the cloud.
I've been using the solution for more than a year.
The solution is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze.
The solution scales well. You can expand it as needed.
We are a small organization and have around 200 to 250 people on the solution.
The management is outsourced, and I find they are doing a very good job. We are satisfied with how we are able to get help if we need it.
This is the first EDR solution we used. We did not have another solution in place beforehand. We only used basic antivirus software previously.
The initial setup is annoying since you have to download the agent and then upload it to the endpoint.
For maintenance, basically, I'm the admin for SentinelOne. Also, there is a different organization altogether to whom we have outsourced the management of SentinelOne. They have their own employees. Their particular team would be working for our organization. They are an SoC organization, and they work 24/7 for various clients. We are one of their clients.
The pricing is reasonable.
I'm not sure of the exact costs, as those are managed by a different team.
I'm a client and end-user.
The solution is pretty easy to implement and administrate. We have not tried to integrate it with other solutions. While the pricing is reasonable, it's a bit more than typical antivirus software. That said, it has advanced functionalities that make the price worthwhile. Therefore, I would rate it nine out of ten.
We primarily use the solution for security purposes.
It's an easy tool and it offers a different experience. It is a new generation product.
The initial setup was easy.
It's stable and reliable.
The product can scale as needed.
While I'm sure improvements are necessary, there isn't one specific area I've found to be lacking.
Security could always be better. It always needs to be adjusted to keep up with what's happening.
I've been using the solution for two years.
We haven't had any issues with stability. It's reliable. there are no bugs or glitches and it doesn't crash or freeze.
It's scalable. We are using management software on the cloud. Therefore, if we want to install 1,000 agents, it doesn't impact our business now. We can scale and it's got a central implementation method for agents.
Technical support has been very good and we are quite pleased with them.
Positive
We actually use regular antivirus solutions as well, such as Sophos and McAfee.
It's a simple, straightforward setup. It is not overly complex or difficult.
We have a small IT team and have found that we just need to have one person managing the product.
We deployed it using an outside resource.
I cannot speak to the exact cost. Our managers buy the licenses. That said, it is my understanding that we are using the subscription model and pay for it yearly. I'm not sure if there are any other ancillary fees beyond that.
I'm a customer and end-user.
I'm not sure which version of the solution I'm using.
I'd rate the solution eight out of ten. It's a good overall product.