SentinelOne Singularity Endpoint Reviews

The primary use cases for SentinelOne Singularity Complete include endpoint security to detect, prevent, and respond to cyber threats in real-time using AI-based behavior analysis.

The second use case is that the SOC team will investigate incidents, automate response actions, and protect systems from malware and ransomware.

SentinelOne Singularity Complete has helped me consolidate my security solutions, and there is some improvement overall. SentinelOne Singularity Complete is a good feature that requires skilled analysts and a proper plan for implementation. SentinelOne Singularity Complete is good for S1 analysts and is helpful for analysts with a simple GUI base.

SentinelOne Singularity Complete has helped reduce alerts for my organization. In my organization, we are an MSSP and right now we manage 6,000 plus endpoints and provide services to 10 plus customers because we are a partner with SentinelOne, and our customers are buying from us while we are providing endpoint services. All customers from us are very happy because the biggest difference is that SentinelOne Singularity Complete gives us the support team and the TAC team. There is human intervention between us and the TAC team because SentinelOne Singularity Complete is a SaaS product. If we get a false positive alert or if we get stuck anywhere, the TAC team will resolve that. The biggest advantage is the support from the TAC team to us, which is very helpful. If there was no TAC team, I would not advise using SentinelOne Singularity Complete.

SentinelOne Singularity Complete has helped free up my staff for other projects and tasks. I will tell you how SentinelOne Singularity Complete helps our SOC team. First of all, we have implemented SOAR technology, the Shuffle technology, which is open-source. Whenever an alert comes on SentinelOne Singularity Complete, we have integrated the Shuffle SOAR technology. Automatically the alert will be killed and quarantined, and mitigating action will be taken from SentinelOne Singularity Complete. Before that, we had to raise the alert manually, but we integrated SOAR technology, and automatically the alert raises to the customer within one or two minutes. This reduces the false positive alerts. We give criteria for Sentinel Shuffle: if the alert is triggered and the hash value for that file is bigger than five seconds, a secondary vendor will mark it suspicious or malicious, and we will raise the alert. Before implementing this, we had to manually check and explore and manually check deep visibility to determine where the alert came from or what scheduled task was generated. After implementing SentinelOne Singularity Complete with SOC as Shuffle SOAR, it is reducing the time significantly.

The best features from my perspective are that SentinelOne Singularity Complete includes EDR, XDR, and next-generation SIEM, and additionally, they have also added Purple AI. SentinelOne Singularity Complete is an automated tool with minimal interactions required. Everything works if we install the endpoint SentinelOne Singularity Complete agent on the endpoint. We don't require anything else because all the work will be done from the SentinelOne Singularity Complete agent that conducts real-time monitoring. If malware is detected, the agent will take care of its kill and quarantine and automatically send the alert to the dashboard.

If the agent is online or the desktop is online, it will connect to the dashboards, and we will get the alerts. That is the best feature. The second feature is the rollback feature for Windows, such as VSS rollback feature. If the endpoint is malware infected, we can restore our files and important data. These are the two best features I appreciate about SentinelOne Singularity Complete.

My impressions of SentinelOne Singularity Complete's ability to ingest and correlate across security solutions are that they can ingest logs from all over the device. For example, we have integrated the Shuffle open-source SOAR tool that ingests the logs from that Shuffle tool. Second, we have also integrated different firewalls and additionally, we have integrated the AWS cloud. Ingestion is seamless and awesome from SentinelOne Singularity Complete.

Regarding the role Purple AI plays in amplifying team knowledge, I use Purple AI for advisory and IOC purposes in my organization. I explore it for research purposes and find it very good and fast for sending advisories every week regarding vulnerabilities found. I don't use Purple AI much for other uses because I have limited exposure to it.

Regarding mean time to respond, the improvements I see with SentinelOne Singularity Complete are that genuine files also get alerts. We are getting false positives, but we are also getting genuine true positive alerts. The improvement will be deep visibility because as I am using Splunk as a SIEM, I compare deep visibility with Splunk, but deep visibility has limited access with only a 14-day policy to retain logs. The improvement will be in overall policy management. The third point will be the complexity of policies. If we want some endpoints to use only USB or if we need to block USB on some points, the policy management is very complex. The fourth point will be that Mac OS and Linux don't have the rollback policy; that policy is only for Windows. These four points are improvements if SentinelOne Singularity Complete can address them.

Data privacy and security when utilizing Purple AI is crucial for SentinelOne Singularity Complete, and SentinelOne Singularity Complete lacks in data security. Data security is very important in this world. In my organization, if we deploy SentinelOne Singularity Complete and we have integrated all the firewalls, all devices, and AWS devices to SentinelOne Singularity Complete, logs will be forwarded to SentinelOne Singularity Complete through SentinelOne Singularity Complete. However, SentinelOne Singularity Complete doesn't have data security solutions such as Forcepoint DLP or 48 layer; SentinelOne Singularity Complete doesn't have that DLP solution. From the data security point of view, SentinelOne Singularity Complete is not good.

I have been working with SentinelOne Singularity Complete for 2.3 years.

In terms of stability and scalability, I heard the news that 25,000 plus endpoints can be installed in one go, so scalability is very good. Regarding stability, I haven't heard of any issues with SentinelOne Singularity Complete. Before two years ago, we heard about a blue screen issue with CrowdStrike, but I haven't heard of such issues with SentinelOne Singularity Complete. Stability is important because even if the agent disconnects from our console, it will still protect the desktop or laptop. There aren't many stability issues; the agent handles everything including upgrades.

Regarding the technical support and customer service teams, I rate them 10 out of 10 on a scale of 1 to 10. The TAC team, which is available 24/7, is the reason for this rating. We are now in India, but if we get stuck at midnight, any other TAC team will be in GMT or Europe or America, and they will assign our support engineer and suddenly schedule a call for us and resolve the issue. The TAC team plays a major role and is very important for us.

Regarding cost-effectiveness and ROI, I will say it is cost-effective. In India, before the installation of SentinelOne Singularity Complete, all our organizations used CrowdStrike, which is a competitor to SentinelOne Singularity Complete. After SentinelOne Singularity Complete came into the picture, the cost is more competitive, and the cost of SentinelOne Singularity Complete will be cheaper than CrowdStrike. I also have some exposure to CrowdStrike, so from a price perspective, I would prefer SentinelOne Singularity Complete if my organization has a limited budget for EDR or XDR solutions.

Regarding the initial setup, I can say it is very easy to set up. We just need to create one tenant from my customer name and send and install the packets for Mac OS, Windows, and Linux servers. We take remote access, and within 5 to 10 minutes, one endpoint will be installed, although it takes some time to connect to the dashboard. The setup is very straightforward, and we have installed over 500 agents in one day. That is a very fast process we have accomplished.

For the deployment model, my organization has a tie-up with Amazon Web Services, AWS. We are using the cloud because of that tie-up with AWS.

Pricing-wise, it is very price-sensitive. My customers, enterprises, are buying from us. For small and medium enterprises, it is very costly. The pricing is approximately $7 to $10 per agent per month. My organization selling depends on the size of the endpoint we are dealing with, but the price is around $7 to $10 per agent per month. In terms of functionality compared to other EDR tools, it is the best price.

Regarding the key differences, both pros and cons of SentinelOne Singularity Complete compared to other technologies such as CrowdStrike or other EDR and NMI products, I have several pros and cons to discuss. The first pro is the fast response. The EDR will immediately get the malicious file, kill or quarantine it, and send the alert to our dashboard. The second is the rollback capability, which is a beautiful feature SentinelOne Singularity Complete gives us for Windows desktops and laptops. The third pro is the automation; 90% of actions will go through the agent. The agent will take all actions—kill, quarantine, alert—and everything is automated; we don't require anything else from our side.

However, cons would include the high false positive alerts; we get alerts for genuine files, and that creates noise, though we can whitelist it. Additionally, there is resource consumption; SentinelOne Singularity Complete uses more disk resources, which reduces the functionality of the desktop. The third con is that when we install the SentinelOne Singularity Complete agent, it takes time to reconnect to the dashboard due to network issues, and it can take 5 to 10 minutes for the endpoint to reflect.

Regarding SentinelOne Singularity Complete's Ranger functionality, I am an L1 analyst and I don't have much hands-on experience with Ranger, but I know that the Ranger is used for detecting rogue endpoints in our network. The Ranger functionality includes network discovery and control features. These two features are very important in Ranger because it ingests logs from network sources and captures the threat matrix including IOC. The most important functionality will be the Ranger's ability to detect rogue device detection. I cannot confirm that we can use Ranger to completely reduce the alerts because I don't have that heavy work as I am only an L1 analyst doing some basic admin tasks.

Additionally, right now we are implementing the next-generation SIEM of SentinelOne Singularity Complete, but this is in the initial phase. Regarding mean time to detect, SentinelOne Singularity Complete is immediately detecting the alerts and giving them to us on the dashboard. The problem is that when we install the agent on the desktop, it takes some time to show on the console. Otherwise, the agent is seamlessly running in the background; while the user is doing their job on desktops, the agent is doing its job greatly in the background.

For threat investigations, I don't have exposure because I am L1, and right now, I have L2. One of my seniors, a senior forensic analyst, uses Purple AI for threat investigation. I don't use Purple AI for threat investigation; I just use it for searching IOC.

For advice or recommendations for organizations considering SentinelOne Singularity Complete, I suggest that before implementation, first, train your SOC on how to handle alerts and investigate. When I started with SentinelOne Singularity Complete, my manager told me to sit with the MBA team and learn about it, which was confusing at first. Start with the pilot deployment instead of deploying thousands of endpoints at once; install a few endpoints to check the performance. Third, integrate SentinelOne Singularity Complete with all your SIEM tools or SOAR tools. We as customers integrate SentinelOne Singularity Complete with Shuffle SOAR and get benefits such as triggering alerts quickly, so implementation is crucial for SentinelOne Singularity Complete to be a powerful tool. Training SOC, proper configuration with skilled analysts, and a well-defined strategy are the key recommendations.

I rate this review 9 out of 10.

I work with SentinelOne Singularity Endpoint's complete Singularity Lake, which includes XDR, SIM, and everything integrated together.

I normally use SentinelOne Singularity Endpoint for endpoint management, with the EDR setup to get data from my endpoints. As an MSSP, I receive alerts and incidents and work on securing endpoints.

For mean time to detect, we promise less than 15 minutes for critical activity as an MSSP. This obviously depends on how good the platform is, and we commit to less than two hours for resolution. Obviously, this depends on many factors beyond what you can do from the platform. As an MSSP, you need to be very mindful that there are company resources which make the final call on whether to block something or not, whether it's malicious but still needed for that particular environment. So I normally commit to 15 minutes for MTTD and less than two hours for MTTR.

I think over the last one and a half years they have been improving significantly. Prior to that, they were also a very good product. In the market, there are hardly three products I can name: SentinelOne, CrowdStrike, Defender for Endpoint, and a bit of Cortex, but I am not that impressed with that product. These are the three major products that are doing very well in terms of their active EDR engine where you get the storyline correct—what exactly has happened, the parent process, child process, command line arguments. You get everything in a single fetch. Now with Purple AI, I think you get everything. Even an L1 engineer does not need to do anything complex. They can just write in natural language and get the details they need.

I think SentinelOne Singularity Endpoint presents a very holistic picture of an alert. Their enrichment layer is quite great. Once you get an alert, you get the complete process around it: how the parent process has started, which child process it has enabled, what kind of command line arguments or modifications have been done, what kind of scheduled task has been created, what kind of network connection you have, and what kind of file activity has occurred. You get everything in a single view.

In terms of their XDR, the consolidation is quite good. They have their own SIM and everything as well. The consolidation point has improved a lot, and you get everything under a single umbrella. This makes life much easier for MSSPs like me to manage a particular customer.

I think a few things are the confidence level you get in an alert. You get that very straightforward, so it is easier and you do not need to worry about it. The second thing is the automation level within the platform. Your alerts lifecycle has false positives reduced dramatically. You get all these features, and they help a lot. Also, the biggest factor is when I am opening SentinelOne Singularity Endpoint and presenting to a customer, the question is whether I can get a complete story of what has happened. That is where the most fatigue happens. When an alert occurs, people have to reach out to multiple sources to find out what exactly has happened. I think the story completeness is quite great with SentinelOne Singularity Endpoint.

The biggest problem for any organization is their L1 layer. That is where you spend more time when you get an alert, determining what exactly happened and whether it should be converted to an incident or whether it is a false positive or a true positive. Now with Purple AI and their LLM module, it is quite easier for the L1 engineers. The fatigue is quite low, and the alert to incident ratio has improved quite a bit. You know what is coming and what is not, and the L1 can add more value than they normally did before. Your load becomes easier on the L1 engineer, and obviously you can cut your costs there as well because one person can do more work. You do not need to teach any new language to manage SentinelOne Singularity Endpoint. As an MSSP, we can utilize the same L1 for multiple providers.

Since the enrichment layer is great and we get the data properly with deep visibility and the storyline is complete, the dashboarding is quite decent. You can make the call quite faster, and resolution time has decreased significantly.

The Purple AI features are notable. One of the most notable features is that you get a complete summarized alert. This works for someone who is not a great security L1 professional who has just joined from college or even for a more experienced professional who wants to see much data. You also get your AI verdict, indicating whether something is a true positive or false positive, so you get validation from AI. You get community verdict as well. If someone else has seen those alerts, you also see if there are similar alerts happening 1000 plus times, 10,000 plus times, or even just twice, or if it is only a standalone alert. Apart from that, you get a complete summary of what has happened, where it has happened, and why it has happened. You get complete details about what exactly has happened in a single click. So I think this makes life much easier for a respondent.

The two things that are top of my mind are Purple AI and the consolidation. What you get is detailed reporting and detailed RCA as well from them. The third thing is the storyline and complete visibility of what has happened and the complete flow of a particular attack vector. You get that very properly in SentinelOne Singularity Endpoint.

In terms of advantages, I think I will still use the AI visibility and the storyline. Most of the EDR providers use the same capabilities. Everyone has similar feature sets and everyone has been rated by ISG or other organizations. The end of the story that matters for every end customer or a provider like me is how well I can use it without getting too complicated. I have multiple stacks that I manage in my day-to-day, so how well their dashboard is, how well they are able to tell me the story around it, what exactly has happened, how exactly it happened, and how well they let me customize it matters. I think that is where SentinelOne Singularity Endpoint stands out. They are doing quite great there. At the same time, the Purple AI feature is much better. Imagine going for Copilot, which is a generic AI platform not specific to security. You may need to train it and work around it to get the exact responses you want. Apart from that, you pay for it, and you have to integrate it with your XDR or SentinelOne Singularity Endpoint, which creates lots of complications. When you get SentinelOne Singularity Endpoint, it is easier. Purple AI is already built into it, so you do not have to worry about it. You just buy it and can use it from day one.

I think they are doing pretty decent. The only thing is that once you are competing with someone like Microsoft and CrowdStrike, I think the investment should be slightly more in terms of a holistic view. Their threat feed is also limited. You get a very vast threat feed, but again it is not as mature as you get from a CrowdStrike or Microsoft stack. I think that is where they can look at it. Threat hunting is also something they do, so I think they can improve there as well. I think everyone is almost similar in that regard, so I think the rest of everything looks fine.

In terms of pricing, SentinelOne is slightly cheaper than CrowdStrike and Microsoft from what I have seen. Obviously, it is costlier than Sophos and a few other providers, but cheaper than those two. Deployment-wise I think it is there. I think the only thing is that Microsoft offers some free deployments to their customers with ECF funding and other options. I think that is something which Microsoft, being a bigger partner, has. Otherwise, I think they are doing good.

Regional availability is there, and I do know they are in most locations. In terms of compliance, there are some locations where I have seen them saying they still host on the US or EMEA region. I think the regional maturity is something they need to improve. I think otherwise, everything they are doing is quite good.

I have been using SentinelOne Singularity Endpoint for three to four years now.

I have not experienced any stability issues.

It is a very scalable environment. We have some large deployments on SentinelOne Singularity Endpoint, so the environment is very stable.

As a service provider, we manage most of the discussion in-house. Whenever we reach out to them, we get a very good response from them.

I think SentinelOne Singularity Endpoint is quite straightforward. They have been in the market, so the deployment and initial setup is quite easy. It is not a very tricky task and is very mature.

I think SentinelOne Singularity Endpoint is quite straightforward. They have been in the market, so the deployment and initial setup is quite easy. It is not a very tricky task and is very mature.

We purchased directly from SentinelOne.

As an architect, I do not work directly on ROI, but I think it is understood.

SentinelOne Singularity Endpoint sells on a SaaS model. For us, it does not matter whether it is AWS or Azure, but we work with Azure, AWS, and everything.

SentinelOne Singularity Endpoint sells on a SaaS model. For us, it does not matter whether it is AWS or Azure, but we work with Azure, AWS, and everything.

The ask is always simple from a customer standpoint. What exactly do you want to achieve, and what exactly is your problem base? Take a call in terms of what makes your life easier rather than having a very fancy-looking product and still having to learn a new technology or hire a new set of people. I think that is the concern most companies have. So just go for a genuine product which does serve the purpose and at the same time gets you out of the situations. I would rate this product and experience a 9 out of 10.

The main use case for SentinelOne Singularity Endpoint includes EDR, XDR, and ingest SIM, which means SentinelOne Singularity Endpoint has the ability to ingest and correlate across security solutions extensively. It is a real-time, AI-based behavior analysis tool.

SentinelOne Singularity Endpoint has been reducing the alerts from our side, basically reducing our time to raise the alert to the client because we are an MSSP provider. We are Softcell technology, an MSSP provider. We have integrated SentinelOne Singularity Endpoint with SOAR technology, and whenever an alert comes, the alert is raised directly through SOAR technology within five seconds. The SLA is within five minutes for raising the alerts.

The time saved is around 30%. For the mean time to detect, it is around 20%. For the mean time to respond, it is around 50%.

The first best feature is the fast response and automated response, and the second one is the rollback capability that VSS in Windows. Those are the two best features I can say I like.

SentinelOne Singularity Endpoint seamlessly ingests the logs from various other technologies besides the SentinelOne Singularity Endpoint EDR platform. We have integrated various firewalls, and we also integrate with AWS and GCP, which is seamless. There are other solutions we can integrate with SentinelOne Singularity Endpoint, including Shuffle SOAR technology, Wazir Sentinel and FortiSIEM.

I cannot confirm because I do not have that access as I am an L1 analyst with only read-only access. However, Ranger in SentinelOne Singularity Endpoint is the network discovery and control feature, and its primary role is to identify and manage unmanaged devices, such as identifying the rogue devices in our network. It ingests the logs from network sources and captures any threat metrics, including IOC.

The first improvement is the dashboard because it is very complex. As a beginner-friendly SOC analyst or MDR analyst, the dashboard is a bit complex, so the dashboard needs to be more user-friendly. The second improvement is the VSS rollback feature, which is useful only for Windows laptops and servers, not for macOS and Linux. The third improvement is the policy management complexity; the policy is very complex in SentinelOne Singularity Endpoint, and we have to apply each and every policy for each endpoint. We have to create different groups for different policies, such as USB-based and Bluetooth-based.

I have been using SentinelOne Singularity Endpoint for one year.

SentinelOne Singularity Endpoint is continuously running whenever our laptop is on or the server is on. It is continuously working, and I do not find any disturbance while using SentinelOne Singularity Endpoint. Unlike in CrowdStrike, we see blue screen issues, but I do not see any such issues in SentinelOne Singularity Endpoint. Stability-wise, it is good for us. I would give it 10 out of 10 for stability.

SentinelOne Singularity Endpoint can be scalable up to 10,000 or 15,000 endpoints, depending on your organization. We have already scaled to over 6,000 endpoints in one management console, so it depends on your organization how much you want to scale.

My rating for technical support is 9 out of 10.

We have been using CrowdStrike for the last month. Compared to CrowdStrike, Charter AI, and the Purple AI, SentinelOne Singularity Endpoint is very easy. I just have to put the question in SentinelOne Singularity Endpoint; I want that IOC or that event ID. I can input the event ID and search for any Windows issue or find any malicious file using Purple AI compared to CrowdStrike. For someone who is a beginner, I would recommend SentinelOne Singularity Endpoint over CrowdStrike.

Compared to other vendors, SentinelOne Singularity Endpoint is not very expensive and it is good. I do not have extensive knowledge about other vendors, but just a month ago we were using CrowdStrike also. After comparing both CrowdStrike and SentinelOne Singularity Endpoint, SentinelOne Singularity Endpoint is better because the UI and dashboard in CrowdStrike are very complex. For a beginner, SentinelOne Singularity Endpoint is very beneficial.

We actually deploy it on the cloud; we deploy on public cloud because we have a partnership with Amazon Web Service, AWS, so we have implemented it on the public cloud. The deployment is very easy. We just have to create a tenant, create, and download the package file. The setup is straightforward, and I can also do that setup because I can handle admin tasks.

Two weeks is enough for deployment because we have over 6,000 endpoints as an MSSP provider. Two weeks is sufficient for deploying to every customer. It is very easy.

We do not have to calculate the investment because the major factor is to save our organization and our customer organization. I can say just go for SentinelOne Singularity Endpoint, it is the best investment, so do not look at the price and go for it.

It will be moderate, compared to CrowdStrike. Based on my knowledge about our organization, it is costing around 11 to 12 dollars per endpoint for our customers, so compared to CrowdStrike, it is moderate or cheap for us.

Purple AI is a tool I have used because we have the analyst access. I had limited access to Purple AI, but I have used it for finding the IOC in our networks and our customers' networks. It is a co-pilot feature where I can use a pull-down menu to identify based on the present IOC. The retrieve time is very fast, and we get the answer within five to ten seconds. We have IOC, zero-day vulnerability, or any other hashes present in our network.

Because I am an L1 analyst, we have a forensic analyst team also, and they are using Purple AI. This tool is very helpful for our forensic team.

SentinelOne Singularity Endpoint is reducing our time because we do not have that access to Purple AI. SentinelOne Singularity Endpoint is reducing our time to find the IOC in the organization. I gave this review an overall rating of 10 out of 10.

SentinelOne Singularity Endpoint is used for endpoint security to detect, prevent, and respond to cyber threats using real-time AI-based behavior analysis, and it also helps the NJS and Purple AI.

I ingest logs from various multiple devices, such as from firewalls and clouds, so I am correlating all the rules to SentinelOne Singularity Endpoint for better endpoint security.

My organization is a partner with SentinelOne Singularity Endpoint and we provide MSSP services to our customers.

The first feature I appreciate is the rollback feature, which is very important.

I appreciate the fast connection we get from the agent to the management console; the second benefit, as I have already mentioned, is the rollback capability. The third feature is that if any ransomware or malware attack occurs, the agent takes care of it and initially performs a full disk scan. I also get the process tree with the help of the agent, which includes a process tree diagram with the star rule ID, providing me with a clear picture from start to finish of how attackers execute their attacks on the laptop.

For mean time to detect, it has improved by 50%, and mean time to respond is now reduced by 40%.

I use Purple AI mainly for my organization, not for our customers because I do not have that admin access. I have access to my NFR, which is a separate management console for our organization to protect our system, so I do use it.

The solution frees up about 30% of time.

I would suggest a lot of improvements; first, the dashboard is critical for new joiners, especially with the addition of Purple AI and EDR, which makes it complex for new SOC users. Second, the rollback feature is only available for Windows systems, not for Linux and Mac OS. Third, the dashboard is not customizable; I cannot create a dashboard as it is already inbuilt in SentinelOne Singularity Endpoint management console.

I have been using the solution for six months.

In terms of stability, it is good; even though I have heard of CrowdStrike's blue screen issues, during my six months with SentinelOne Singularity Endpoint, I have not encountered any stability problems—it is continuously running in the background on the endpoint without any issues.

Stability-wise, I would rate it an eight.

Regarding scalability, I can scale up based on my company's agreement with SentinelOne Singularity Endpoint; in my organization, I manage at least 6,000 to 7,000 endpoints for multiple clients, supported by my contract with SentinelOne Singularity Endpoint.

Technical support is very important, and I would rate it nine out of ten.

I do not have much knowledge about other solutions as I am a SOC analyst with understanding of SIM tools and additional EDR such as SentinelOne Singularity Endpoint, as I recently graduated last year and joined the company in December 2025.

The solution does not require much maintenance; I just install the endpoint on the desktop or server, and I need to upgrade the solution regularly to ensure I receive support from the TAC team.

I have a central team of both SOC and EDR members actively using SentinelOne Singularity Endpoint, totaling about 30 to 40 people, with 20 to 25 being L1 and 10 being L2, along with two managers and two team leads.

Regarding pricing, I would say it is medium; compared to CrowdStrike and Microsoft Defender EDR, which I am aware of, SentinelOne Singularity Endpoint is cost-efficient, fitting into a medium range—not high or low.

I do not use the Ranger functionality because I am an L1 and I have only read-only access, but I know the functionality. The main function is network discovery and control, which identifies and manages unmanaged devices on the network and detects rogue devices on the system.

Before I joined, I can say my organization reduced alerts by 30-40% due to integrating multiple devices with SentinelOne Singularity Endpoint, impacting mostly the false positive alerts.

Data privacy and security with Purple AI are important for my organization; the co-pilot feature of Purple AI helps pull down any IOC present in my network, allowing me to identify any IOC, hash, vulnerability, or malicious activities that occur.

I am the only SOC analyst L1, and while my organization has an investigating team that uses Purple AI mainly for investigation and threat hunting purposes, I have only used it for basic commands and queries for investigation.

My clients are medium-sized, not exceeding 2,000 to 4,000 crore companies.

If you are considering implementing SentinelOne Singularity Endpoint in your organization, I have several recommendations: first, train the SOC team, especially if there are new joiners; second, start with a pilot deployment rather than deploying to all endpoints; third, integrate SentinelOne Singularity Endpoint with other products such as SIM tools or SOAR tools to realize the true value of SentinelOne Singularity Endpoint; using it alone will not provide its full potential.

I would rate this solution a nine out of ten overall.

My use case for SentinelOne Singularity Endpoint is endpoint security to detect, prevent, and respond to cyber threats in real time using AI, which includes Purple AI, behavior analysis, and additionally, NG-SIEM, EDR, and XDR, which is a combination of EDR and XDR.

The best feature of SentinelOne Singularity Endpoint that I appreciate the most is the rollback feature, because just yesterday, we had a ransomware incident for one customer, and we were able to protect our customer through the rollback feature.

Another aspect of SentinelOne Singularity Endpoint that I appreciate is the automation; they have added Purple AI and created a new dashboard for XDR that works very well with Purple AI and NG-SIEM. SentinelOne Singularity Endpoint consolidates security features effectively through the rollback feature.

SentinelOne Singularity Endpoint helps reduce alerts by approximately 40%, as it streamlines the analysis process for alerts we receive. It helps free up about 70 to 80% of our time when managing alerts.

The mean time to respond with SentinelOne Singularity Endpoint is reduced by about 30%. When we receive alerts, we can raise them within 10 minutes, and the SLA from our side is one hour.

Purple AI helps with data privacy and security by efficiently retrieving IOCs in our organization and network, allowing us to quickly query and identify vulnerabilities. Regarding threat investigations, Purple AI significantly aids in our forensic processes; for instance, it recently helped us track down a ransomware attack to its source in a customer's network.

In terms of improvements for SentinelOne Singularity Endpoint, the dashboard is complex for new users, and there are a lot of false positive alerts, particularly from genuine EXE files.

I have been using SentinelOne Singularity Endpoint for 2.6 years.

The stability of SentinelOne Singularity Endpoint is very high; I would rate it 9 to 10 for EDR.

The scalability of SentinelOne Singularity Endpoint can be substantial, allowing for up to 15,000 to 20,000 endpoints for one management console, depending on the organization's relationship with customers. I rate the scalability of SentinelOne Singularity Endpoint as 9 out of 10.

I rate the technical support for SentinelOne Singularity Endpoint as 8 out of 10.

We work with SentinelOne and PingPlotter.

The deployment of SentinelOne Singularity Endpoint is very easy, as we only need to create a tenant in our management console and can deploy endpoints to numerous devices within two to three days.

We have about 30 to 40 people working with SentinelOne Singularity Endpoint in our SOC and MDR teams.

SentinelOne Singularity Endpoint helps reduce alerts by approximately 40%, as it streamlines the analysis process for alerts we receive. It helps free up about 70 to 80% of our time when managing alerts.

Regarding pricing, I find SentinelOne Singularity Endpoint to be very affordable, at around $12 to $15, as indicated by my manager.

SentinelOne Singularity Endpoint seamlessly ingests logs from various other technologies besides SentinelOne EDR platform, integrating with server firewalls. As a SOAR analyst, I have integrated SentinelOne with Shuffle SOAR technology and Wazuh into Level 40's NG-SIEM.

I do not have access to the Ranger functionality because our organization did not purchase it from SentinelOne, but we are planning to buy it next financial year.

I work with Purple AI for our internal use, not for customer use, as we have an NFR set up.

I do not have much knowledge about comparing SentinelOne Singularity Endpoint with other products or vendors since we have primarily used SentinelOne along with PingPlotter.

SentinelOne Singularity Endpoint does not require much maintenance; we just need to upgrade the agent to ensure we receive support from the TAC team.

I will definitely recommend SentinelOne Singularity Endpoint to other organizations, emphasizing the importance of training the SOC team and potential integrations for maximum effectiveness. Our clients using SentinelOne Singularity Endpoint are medium and enterprise businesses. I rate this review overall as a 9.

Our use case primarily involves using SentinelOne Singularity Complete for other clients as an EDR to monitor endpoint-related alerts, including malware and any malicious files, ransomware files, and any attack on endpoints such as servers or laptops. We use it as an EDR.

SentinelOne Singularity Complete has behavior-based AI that detects alerts that are not predefined without relying on predefined rules. For example, it detects zero-day attacks or any behavioral changes in the baseline of the user, or any suspicious anomalies through AI-based threat detection only.

In terms of SentinelOne Singularity Complete's ability to ingest and correlate across our security solutions, when using this AI SIEM, it provides any incident in a unified view only. It correlates and gives the information in one view rather than requiring access to other data sources. It connects the dots and gives a complete, correlated incident.

With SentinelOne Singularity Complete integrated with AI, false-positive alerts have been reduced significantly. I can say that 50% of false-positive alerts have been reduced, and we mostly get true positive alerts. I cannot say 100%, but the false-positive to true-positive ratio has been reduced by 50%.

We do not currently use the Ranger functionality option as it has not been enabled by our organization.

SentinelOne Singularity Complete itself is somewhat laggy and loads slowly at times. Sometimes when there are alerts in the dashboard, we cannot see them and it shows zero alerts. In this case, we have to log out and log in again and refresh it before we can see the alerts. We also experience some flickering issues. The UI needs significant improvement. In this case, I would rate it around 6.5 to seven on stability and performance.

I have been using SentinelOne Singularity Complete for one year and two months.

The mean time to detect with SentinelOne Singularity Complete depends on AI automation as well. Mean time to detect does not process for more than three or four seconds. We get real-time alerts that arrive as incidents occur. The product is performing very well in terms of MTDD and MTTR.

Scalability for SentinelOne Singularity Complete is good. It works well with all the endpoints, even if there are large numbers of endpoints. For example, in an enterprise environment, it performs well. Proper configuration and policies need to be set, but overall it is effective. I would rate it around 8 out of 10 for scalability.

Technical support is good. I would rate it 8 out of 10 because there is a feature of AI support. If we require any help with documentation, we receive it immediately. With a single prompt, we receive help with documentation, and those documentations are very clear.

I have previously used CrowdStrike. I can say SentinelOne Singularity Complete is better than CrowdStrike because it is more AI-capable and integrated. It gives us alerts based on behavior using the AI. In this aspect, I have only used CrowdStrike as an EDR, and I can rate SentinelOne as better than CrowdStrike.

Deployment of SentinelOne Singularity Complete is easy. Installing agents is straightforward. We can do it using Active Directory and group policies. It is easy to install agents in endpoints.

In my company, SecureIntelli, we are a team of 15 members with two leads. The 15 members use SentinelOne Singularity Complete on an everyday basis to monitor for our clients.

SentinelOne Singularity Complete saves 50% time for me and my team in responding to alerts, and it has reduced response time by 50%.

SentinelOne Singularity Complete does not require any maintenance from our end. There is maintenance scheduled once a month from SentinelOne itself. We receive prior notification if there is any maintenance scheduled, but it does not take much time. The system will be offline for no more than five minutes. The security is still maintained during this time. If any alerts come or if anything is automatically remediated, it is taken care of in the backend.

I would recommend SentinelOne Singularity Complete over others. If they are using CrowdStrike, I can recommend SentinelOne Singularity Complete over that product. However, it requires some fine-tuning of policies and configuration. If that is done correctly, it works very well as an EDR.

With Purple AI, it summarizes the alerts. Without much manual intervention, we can determine if it is a true positive or not by seeing the Purple AI alert summarization, what has been happening, what process activity is occurring, and what the user behavior is. It also provides recommendations on what to look for and what needs to be done to remediate the attack. This has helped us to respond to low and medium alerts very quickly, but it still requires manual intervention for high and critical alerts because Purple AI is not that accurate. Sometimes it gives more generic answers for any queries. In this way, we use Purple AI and it has benefited us.

I can say that with Purple AI, security is maintained in terms of data privacy. We cannot share it outside. I do not have much detail on this, but based on my experience, it is secure. There is no insecurity in using Purple AI and GenAI.

In terms of threat intelligence with Purple AI, it depends on the quality of the data that it is receiving. With AI analysis, it correlates with the threat intelligence databases, and if there are any matches, it shows whether the observable is a threat or malicious. It is very good in this aspect and it will be updating very frequently.

Purple AI summarizes the alerts in a very concise format. We can determine if it is a true positive or false positive by seeing a summary. Sometimes it is very precise. As it provides remediation recommendations as well, it is very helpful for us to respond in a shorter amount of time.

I am not sure about the financial aspect as I am in a technical department as an analyst and do not have much information on financial matters.

Overall, I would rate this product 8.5 out of 10.

From my IT experience, I have been working with multiple endpoints for about eight to ten years, and specifically with SentinelOne Singularity Endpoint for over four years.

I am a current administrator of SentinelOne Singularity Endpoint, and I have been involved in decision-making from vendor assessment to purchasing and deploying the product to end-users.

For SentinelOne Singularity Endpoint, our main use cases include endpoint patching and updating, whereby we roll out the agent to different operating systems. Overall, our experience with SentinelOne Singularity Endpoint has been very positive; the combination of MDR and endpoint protection significantly strengthens our security posture, especially as we grow as a small to medium business in the energy sector and battery manufacturing. I come from the US Energy sector, which manufactures zinc batteries in the United States and globally, with our headquarters in Pittsburgh, Pennsylvania.

The most valuable features of SentinelOne Singularity Endpoint include robust MDR support, autonomous EDR capabilities, real-time detection, rollback, and automatic remediation, which reduce manual workload. The lightweight agent that runs on any endpoint is crucial, and it provides clear visibility in the event of an incident, including a detailed storyline with guidelines for analysts. SentinelOne Singularity Endpoint works with all platforms—Windows, Linux, Mac, and even ARM devices—making it compatible across our devices.

The cross-platform support and ease of deployment make it a great fit for the energy sector, providing scaling from SMB to enterprise-level protection.

Regarding SentinelOne Singularity Endpoint's ability to ingest and correlate across our security solutions, we approach security as a defense-in-depth layer; if one tool misses a detection, others will pick it up. So far, we have not missed any detections, and we have a positive outlook on strengthening our overall security posture with the help of SentinelOne Singularity Endpoint, which reduces manual workload while providing enterprise-level protection, especially since we are a small to medium business with limited resources.

In terms of consolidating our security solutions, I would rate SentinelOne Singularity Endpoint a 9 out of 10 because it meets all our use cases effectively. It provides granular insights into endpoints and comes with feature roadmaps, including AI security analysis that helps us understand the usage of shadow AI in our environment, vulnerabilities, and overall system alerts. This functionality allows us to monitor how many threats were remediated and triggered, significantly enhancing our security posture.

We assessed the Ranger functionality a couple of months ago; we turned it on for a trial and subsequently turned it off. When we activated it, it scanned our network for shadow endpoints without SentinelOne Singularity Endpoint, identifying devices such as printers or scanners. It provided insight into unknown devices on our network and scanned for vulnerabilities, giving us valuable reports through the Singularity dashboard.

For reducing alerts, we need to collaborate with the MDR team to manage false positive alerts. The support from MDR is frequent; once an alert is triggered, they respond within 48 to 72 hours based on criticality. We are pleased with their support, which helps us address false positives. Although we receive more than one hundred alerts, we mark them as false positives to reduce noise. SentinelOne Singularity Endpoint interface is user-friendly, allowing us to manage daily tasks efficiently while maintaining high security without a large team.

Currently, we are managing about 10 to 20 different tasks or projects simultaneously, requiring minimum input from analysts. SentinelOne Singularity Endpoint MDR team provides guidance on handling alerts, helping us maintain a small security team while effectively minimizing the noise created by alerts.

The mean time to detect has significantly improved since implementing SentinelOne Singularity Endpoint from the previous technology we used, which lacked MDR functionality. With higher priority alerts, the response time is swift, enhancing our overall security and asset protection.

The mean time to respond has significantly decreased thanks to the features available, such as isolating compromised servers directly through the UI, which helps prevent the spread of threats on our network effectively.

We have not activated Purple AI yet, but when alerts occur, the guidance provided is helpful, summarizing what triggered the alert and offering steps for analysis. It aids our small team by providing high-level overviews of alerts.

To improve SentinelOne Singularity Endpoint, I suggest enhancing the dashboard and reporting functionalities for better customization, making it easier for management to access tailored reports. Also, deeper integration with other tools would streamline daily operations, especially as it currently does not support mobile devices—though I know this feature is on their roadmap.

From my IT experience, I have been working with multiple endpoints for about eight to ten years, and specifically with SentinelOne Singularity Endpoint for over four years.

So far, I find the stability and reliability of the service to be excellent, estimating 99.95% uptime.

The scalability of SentinelOne Singularity Endpoint has been impressive; as we have grown from 200 employees to where we are now, SentinelOne Singularity Endpoint has scaled alongside us, ensuring effective threat management and security.

My experience with SentinelOne's customer service has been positive; I would rate them four out of five. Although there were times communication was delayed by one or two days, they provided solutions reliably.

Before adopting SentinelOne Singularity Endpoint, we used McAfee.

We decided to switch from McAfee due to limited visibility on threats, manual remediation taking too long, a lack of centralized incident storylines, and difficulty managing alerts, particularly with their legacy AV missing modern threat detection.

The initial setup was straightforward, with SentinelOne Singularity Endpoint's dedicated team managing the backend script running migration for any online endpoints, ensuring a seamless onboarding process.

I participated in the initial setup of SentinelOne Singularity Endpoint as part of the migration project.

Prior to choosing SentinelOne Singularity Endpoint, we evaluated a few other vendors through POCs, and ultimately, everyone agreed to proceed with SentinelOne Singularity Endpoint.

During the POC, we tested a couple of endpoints in our environment, confirming that SentinelOne Singularity Endpoint is a good fit for our executive membership side, leading us to choose SentinelOne Singularity Endpoint.

In terms of consolidating our security solutions, I would rate SentinelOne Singularity Endpoint a 9 out of 10 because it meets all our use cases effectively. It provides granular insights into endpoints and comes with feature roadmaps, including AI security analysis that helps us understand the usage of shadow AI in our environment, vulnerabilities, and overall system alerts. This functionality allows us to monitor how many threats were remediated and triggered, significantly enhancing our security posture.

We assessed the Ranger functionality a few months ago; we activated it for a trial and subsequently turned it off. During activation, it scanned our network for shadow endpoints without SentinelOne Singularity Endpoint, identifying devices such as printers or scanners, and provided insights into unknown devices on our network, offering valuable reports through the Singularity dashboard. Although we have not yet activated Purple AI, the guidance provided when alerts occur is helpful, summarizing what triggered the alerts and offering analysis steps for our small team, providing high-level alert overviews.

I rate this review a 10 out of 10.

We are using SentinelOne Singularity Endpoint as we are currently working with it in our MSsp. We have been using SentinelOne Singularity Endpoint for threat detection in endpoints, and we have created multiple use cases to detect malware or any other suspicious activity that has been identified in any endpoint of our clients. We are using it for mitigating those threats.

What I appreciate about SentinelOne Singularity Endpoint is that it has a very fast response and a rollback capability, which I feel is a very big benefit for our customers in many ways where mostly everything is automated and the threat detection as well. The auto-remediation rules and setup are quite impressive compared to other CrowdStrike or any other EDR.

For correlation, SentinelOne Singularity Endpoint plays a very initial role when it comes to correlating with different devices. When we have to create use cases based on multiple rules, then creating a correlation between different use cases plays a very major role. We have deployed it for our client as well, but most of the time, we use our client's perspective while creating those correlation rules based on their recommendations and what they prefer to create. That is the time we create those customized correlated rules.

SentinelOne Singularity Endpoint has benefited us because it has a very fast response. It has helped our clients secure their endpoints so that no exploits can easily access their system. From a security perspective, it has helped our clients majorly.

Regarding mean time to respond, if I talk about improvement, it does need a few improvements, such as the limited deep visibility feature in SentinelOne Singularity Endpoint, policy management complexity, and also in the Mac OS and Linux feature. There are a few gaps in no VSS, so I could recommend several improvements that would be best to implement. One basic improvement is that in SentinelOne Singularity Endpoint, we cannot create a customized dashboard, which would have been better for visibility regarding managing threats and alerts.

Initially, I felt that it produced very high false positive alerts, which led to a resource consumption issue being a major setback for us, such as high CPU and disk utilization. Sometimes, SentinelOne Singularity Endpoint Complete tasks take time to reflect on some machines, possibly due to poor network connectivity. Additionally, we encounter problems with creating the star custom rule in SentinelOne Singularity Endpoint. Those are some cons or disadvantages I feel.

There are a few improvements, such as missing features that could be implemented appropriately. The limited deep visibility feature compared to other SIEM or XDR tools is limited, so that aspect could have been much better.

I have been using SentinelOne Singularity Endpoint for more than two years.

The main benefits that SentinelOne Singularity Endpoint brings to our table are stability and its ability to run continuously 24/7. The threat engine continuously works, and while we are scanning, the scanning feature in SentinelOne Singularity Endpoint allows us to scan any endpoints or servers. If any malicious threat is identified directly, I do not have to search for any breaches manually. I feel it is very stable.

SentinelOne Singularity Endpoint is scalable; we can scale up or scale down as per our requirement. If we want a higher number of endpoints to be deployed, we can easily scale up our requirements or scale down if there is no need for certain endpoints.

I feel the customer service and technical support of SentinelOne Singularity Endpoint are very good because whenever we need help, customer support gives us an immediate response. In day-to-day operations, we encounter scenarios where we have to connect with customer support for various questions from the client. Most of the time, we are not aware of how to resolve those questions, and SentinelOne Singularity Endpoint's customer support helps us significantly with a prompt response.

We are working with SentinelOne Singularity Endpoint only, as we have just started MDR services recently. We currently have SentinelOne Singularity Endpoint only.

I personally have not managed the initial setup; we have a different team for integration purposes. I feel it was very easy; we just have to install it on those laptops or endpoints, simply dropping the SentinelOne Singularity Endpoint agents.

I do not have proper knowledge of that, but I believe we do have a partnership.

Regarding return on investment, from a security perspective, SentinelOne Singularity Endpoint covers your endpoint security effectively. It is very cost-effective, and while we provide services to our customers, the ROI is very great because we are getting returns from what we earn by selling the product. In that perspective, I feel the ROI is very positive.

SentinelOne Singularity Endpoint Complete is not that expensive; they are very aggressive when it comes to price points compared to Microsoft and other competing solutions. SentinelOne Singularity Endpoint Complete is very competitive price-wise, with the cost depending on the device per device basis as per the client's needs. The full-fledged platform should be around seven to ten dollars per month, which is just a random estimate.

We are working with CrowdStrike as an alternate solution.

Comparing SentinelOne Singularity Endpoint with other technology, the basic thing that stands out is the user interface, which is very understandable and user-friendly. We do not have to rack our brains to think about how it works; it is very user-friendly and easier to manage admin tasks while whitelisting specific endpoints or users compared to other vendors.

SentinelOne Singularity Endpoint identifies threats in real-time. Anytime a client or user opens any malicious file and accesses it, if SentinelOne Singularity Endpoint marks it as a threat, then immediately the alert is raised. If the alert is a true positive based on the search engine of SentinelOne Singularity Endpoint, then it takes action on it and kills and quarantines the alert in real-time. It does reduce many manual efforts as the automation takes care of the major part itself.

For mean time to detect, it does identify the threat in real-time, so it does affect the overall time it takes to identify a threat.

Although it generates a lot of false positive alerts, if we create customized alerts for our clients, then it creates those alerts that are only useful for our clients. It depends on what the client is requiring from us. If we use the best capabilities of SentinelOne Singularity Endpoint, it does reduce false positive alerts.

SentinelOne Singularity Endpoint Complete is not that expensive; they are very aggressive when it comes to price points compared to Microsoft and other competing solutions. SentinelOne Singularity Endpoint Complete is very competitive price-wise, with the cost depending on the device per device basis as per the client's needs. The full-fledged platform should be around seven to ten dollars per month, which is just a random estimate.

Although I have very limited experience with Purple AI, we have used it while creating and managing security advisories for our clients to clear the gaps across the ongoing vulnerabilities in the market. While creating security advisories, Purple AI has greatly helped me in my day-to-day work.

We have used Purple AI. If we consider data privacy, Purple AI has an inbuilt feature in SentinelOne Singularity Endpoint that helps in data privacy because there are different LLMs in the market such as ChatGPT and Claude. While they are good as well, we cannot trust giving our personal data and sharing it with them. For Purple AI, we can rely much more on that because we know that our data is in good hands, making Purple AI much more reliable from a data privacy perspective.

I can use the pull-down menu in Purple AI to identify based on the IOCs present in the market. The retrieval time is very fast, so I frame certain queries on the dropdown menu and immediately see whether those telemetry matches present in my system. Using that feature, Purple AI has helped me a great deal.

Purple AI does help us find the IOCs, which makes it very useful. There are a few instances where we get confused while creating use cases, and during those times, Purple AI has helped us clear our process much more reliably.

SentinelOne Singularity Endpoint has benefited us because it has a very fast response. It has helped our clients secure their endpoints so that no exploits can easily access their system. From a security perspective, it has helped our clients majorly.

I am aware of the Ranger functionality; it is the network discovery control feature. However, in our environment, we have blocked the Ranger functionality currently, but I am a bit aware of what it does.

SentinelOne Singularity Endpoint has benefited us because it has a very fast response. It has helped our clients secure their endpoints so that no exploits can easily access their system. From a security perspective, it has helped our clients majorly.

While we provide services to our customers, the ROI is very great because we are getting returns from what we earn by selling the product. In that perspective, I feel the ROI is very positive.

Regarding data security, it is very important because in today's organizations, we have endpoints, networks, and applications everywhere on the internet. Data privacy is very important, and with SentinelOne Singularity Endpoint offering XDR solutions, Purple AI plays a major role.

On a scale of ten, I rate SentinelOne Singularity Endpoint an eight.

My use cases for SentinelOne Singularity Complete are mainly for endpoint security to detect, prevent, and respond to cyber threats in real time. SentinelOne Singularity Complete serves as the first use case for endpoint security.

Our organization does not have the Ranger functionality because our customer does not require it.

We have integrated SentinelOne Singularity Complete with Shuffle SOAR technology, which is a most powerful tool.

Our organization is an MSSP provider with 10+ customers for whom we are providing security. We have 8,000 endpoints installed for our customers, and we are a 24/7 team providing security to our clients.

We have applied the protect policy and take basic analysis, which takes a couple of minutes before we raise the alert.

Regarding Purple AI, we are using it to identify the IOC. We have limited access to Purple AI, but we are using it for threat hunting purposes to find the IOCs.

What I like the most about SentinelOne Singularity Complete is the rollback capability for Windows systems. The TAC team and VSS rollback are the two features I appreciate most about SentinelOne Singularity Complete.

The response of the TAC team is very good. If SentinelOne Singularity Complete did not have a TAC team or support team, I would say it would be very lacking. When we get stuck anywhere, whether in any admin task or any threat hunting or investigation path, they are very helpful because there is a human voice on the other side helping us.

What I dislike about SentinelOne Singularity Complete is the high number of false positive alerts we get because our client sends us mail within one week stating that the CPU is highly utilized and resource consumption is high.

Regarding data privacy and security when using Purple AI, I can say that security-wise, it is good, though anyone can exploit that one.

I have been using SentinelOne Singularity Complete for two years.

Stability-wise, SentinelOne Singularity Complete is very good. It runs continuously, and if our endpoint is online, it will protect our endpoint 100 percent.

Regarding scalability, I heard that one of our competitor organizations deploys 15,000-plus endpoints for their customers. Scalability-wise, SentinelOne Singularity Complete is very good in that 15,000-plus endpoints are managed on one management console, which is double of our organization's deployment.

I have contacted the technical support or customer support, and this is the most significant reason we are using SentinelOne Singularity Complete. They are very helpful because there is a human voice on the other side helping us.

If you compare with CrowdStrike, our organization has shifted to SentinelOne Singularity Complete only because of that TAC team or support team.

We are using CrowdStrike, and in CrowdStrike, we are using Charlotte AI. If we raise a ticket on the community portal, within one or two hours, we get a reply from the team, and they are very helpful and can also come to the call. However, with CrowdStrike, I do not prefer it from my perspective as compared to SentinelOne Singularity Complete.

For the initial deployment of SentinelOne Singularity Complete, I can say that it is very easy. We just need to create one tenant for the SentinelOne Singularity Complete platform. SentinelOne Singularity Complete setup is very easy.

Maintenance is not actually required from my end because we are an MSSP provider, so no maintenance is necessary.

I can say that when an alert comes, we already have the protect policy and protect mode. After applying the protect policy, everything is taken care of by SentinelOne Singularity Complete.

I do not have knowledge about the pricing for SentinelOne Singularity Complete because our sales team handles that. SentinelOne Singularity Complete is very valuable to me.

I would give SentinelOne Singularity Complete a rating of 10 out of 10 because you can compare it with CrowdStrike, and I can say that SentinelOne Singularity Complete is top tier.

We are managing 7,000 to 8,000 endpoints for clients, and the setup is very easy. I have given SentinelOne Singularity Complete an overall review rating of 10 out of 10.

I have extensive experience with SentinelOne products and am particularly impressed with SentinelOne Singularity Complete. The solution integrates effectively with third parties.

I find it extremely reliable. For instance, I report monthly for compliance and other security metrics across our multi-cloud platforms. Primarily, we rely on Microsoft, especially with Entra ID and MFA. While Microsoft provides decent reporting tools, they can make it difficult to get high-level summaries. In contrast, Singularity allows me to pull insights across various platforms, not just Microsoft and Azure. Whether I’m using it within AWS, with single sign-on, or with one of our partners, I can see all the relevant data.

It has improved significantly with its upgrades, especially in threat hunting and analysis. Now, when it identifies a threat, it efficiently kills the process and attempts to quarantine the affected items. If it cannot, the system continues its automated threat hunting. This feature is fantastic because it remediates issues while maintaining a clear audit trail, which is great for compliance. However, a drawback is that although it handles threats effectively, I sometimes cannot access the necessary data quickly enough to address recurring problems and prevent them from escalating. The good news is that the platform is robust and supports our security needs. While it's not perfect, it certainly has its strengths.

The analytics and reporting can be a bit overwhelming. I love the dashboards, but I find that I need to better understand PowerQuery—specifically when to turn it on and off and its limitations. It's similar to SharePoint in that regard. As a former SharePoint instructor, I know it like the back of my hand. The best thing about SharePoint is that it can do whatever you want; the worst part is also that it can do whatever you want. You really need to know what you want before diving in. Most people usually have a good idea of what they need. SharePoint offers a lot out of the box, but you can customize it further if you wish. However, customization often requires hiring someone, which can be risky since you never know if it will work as intended. On the other hand, PowerQuery can help bridge some of those gaps within Singularity. The challenge arises when you want to incorporate what you've done into dashboards and charts, as there are limitations. For instance, I want more clickable drill-down options that allow me to filter on specific sections of the data, but that's currently not possible. It’s not to say that improvements won’t come in the future; it's just that it feels a bit early at this stage.

Additionally, I find some navigation features frustrating, like the back button in certain contexts. For example, if you open PowerQuery from a chart, it doesn't open in a new window or tab. Clicking the back button takes you all the way back to the previous state, causing you to lose whatever progress you made. However, I'm actively providing this feedback to my partner, Pro Circular, through whom we access SentinelOne. They take our input seriously, and I've been sharing my observations. They have their own views but are addressing the issues I raise. It's good to see that suggestions occasionally lead to updates and improvements.

I have been using SentinelOne for approximately three and a half to four years, with particularly intensive use in the last two and a half years.

Though I wasn't present for the implementation, the success of SentinelOne Singularity Complete migration heavily depends on having a quality partner. Prior to the purchase and recent changes, experiences with SentinelOne's support and product were not positive.

I obviously want it to be more affordable, and I believe we should be able to achieve that. However, my main concern is partner pricing; that's where they really need to focus. While we can manage it ourselves, if we're going back to the traditional service management model with trusted service providers, I depend heavily on ProCircular as our SOC partner. They offer a few different solutions, but SentinelOne Singularity appears to be the preferred choice.

Similarly, SHI can provide various options as well, but according to my account representative, SentinelOne is gaining momentum and improving significantly. However, it’s important to note that we're only talking about a timeframe of around six months. I'm happy to share this feedback because insights like these can impact future purchasing decisions for other tech leaders like myself who have decision-making authority.

As for pricing, it’s essential to address that. Reputation and quality are important, but especially in today’s economy, price is a significant factor. Unfortunately, many organizations are prioritizing price right now. My hope is that SentinelOne and Singularity can recognize the importance of partner pricing and economies of scale.

Right now, I'm focusing on the basics of cloud integration. I have established a standard that I need to recreate, particularly with SentinelOne. It serves two main purposes: it is our primary antivirus solution for both Windows and Linux. There are various ways to forward logs from other systems where SentinelOne cannot be installed, such as firewalls and databases. However, they all provide similar functionality. There are two types of integrations available: you can use a plug-in, or you can utilize the standard Singularity integration. For AWS specifically, I've standardized the ingestion of AWS CloudTrail data across all platforms. Azure has a similar capability, so now I can view all my cloud reports in one place instead of having to switch between different dashboards, like SentinelOne's or AWS's Security Hub and GuardDuty. I can consolidate everything into one platform, which is very convenient. The integrations are robust, and from a plug-in perspective, I realize that I might not even need to use them. Some older systems, such as Cisco, can forward logs to a log management system, and SentinelOne Singularity Complete handles those logs seamlessly, which is fantastic. There's still a lot more I want to accomplish, but I'm pleased with the progress so far.

It has evolved significantly. Prior to SentinelOne Singularity's acquisition of DataSet, there were numerous issues and negative feedback. Previously, common complaints involved having to implement exclusions due to lack of thorough investigation. However, these complaints have ceased since the changes were implemented.

They offer a lot of options, especially when it comes to integration. With the recent upgrades they've made to their platform, it truly appears cohesive, almost like a single pane of glass. There is a lot of consistency, which makes navigation easier. However, the challenge lies in the distinction between EDR and XDR. SentinelOne is still part of the product, but it’s important to recognize that SentinelOne and Singularity operate separately. This situation is both a positive and a negative. The positive aspect is the uniformity of the interface, which you would expect to make it more intuitive and user-friendly. I know they’re working toward that, but the systems are fundamentally different. Your EDR, XDR, and other tools need to be considered separately; one involves installation and monitoring logs, while the other focuses on ingestion. They do an impressive job of bringing together commonalities among EDR, XDR, and the managed extended detection response, but if you choose one path over the other, you need to understand that the approach may vary. It’s a bit of a blessing and a curse at the same time.

I would rate it an eight out of ten. For ten, it has got to be rock solid all over the place.