SentinelOne Singularity Complete Reviews

Every five years, we research tools that could replace our old software. We combine our AV and intrusion detection. We were trying to find out if there’s an agent for the whole nine-yard, and we came across SentinelOne.

The product has an automated process where we find security issues. It’s a 24/7 behavior analytical tool to execute certain actions. The tool deletes the problem-causing process and prevents issues. It discovers, kills, and protects. The software is good. I don't see much of an issue with it.

They should train their own people so that they can train us better. The theory is good. If the product is good, but we cannot rely on it or pass it along to the customer, it's useless. When we purchased the solution, we were told that certain functions could be done. I understand it is part of sales, but I feel like I'm being fooled. We couldn't test it because it was in production. We first had a proof of concept but didn't connect it to our Azure portion.

I have been using SentinelOne Singularity Complete since February.

The product's stability is okay.

The tool's scalability is average.

The support people of SentinelOne do not know the different products offered by SentinelOne. How can they support their customer if one person knows one thing and the other doesn't? They tell us the issue does not come under them and point us to a different team.

There is a SentinelOne support team and a Singularity support team. SentinelOne's support team is okay. Once, the technical support and help desk director got involved with all our issues. However, the director got involved after we strongly complained about the issues. That's not the way it's supposed to be.

Neutral

I have used Arctic Wolf.

The initial deployment was good. The solution is cloud-based.

We took help from SentinelOne to deploy the solution. We paid for it, but it was not worth the money we paid for. Two people from our company are required for the deployment. The solution requires maintenance.

The licensing is okay. I don't see any issues with it.

We evaluated other options. We were trying to have one solution for everything. We heard that SentinelOne purchased another company. Other products like Rapid7 provide multiple solutions and products for our needs. We saw that SentinelOne provided us with one product and one support system. However, even while using SentinelOne, I have to contact different teams.

When we purchased the solution, it did not do what we expected. We didn't use all of the features. It has quite a few options. There are a bunch of more add-on modules. Other products from SentinelOne are not good. I am really disappointed with them. The user must understand the solution by just reading the training documents. The team claims it is professional, but it lacks a lot of functions.

The integration is fine, but the feature is not how they market it. It looks good on paper, but it's not what we think it is. It's not a ready product in marketing. I am disappointed with it. The interoperability is still under development. Not many people know or understand it, including people from SentinelOne. When we call and try to figure out what's going on with the solution, not many understand what it is. There is a lack of training on their products and services.

The Ranger functionality is fine. It’s only been six months since we started using it. We're still learning as it goes. I think Ranger is probably better than Singularity. Sometimes, they send false positives. It's not really a big feature for us. It's good. They're trying to prevent any networking attack, but I don't think it’s there yet. They're just trying to discover what is on the network, but we already have other tools for that.

It is important for us that Ranger requires no new agents, hardware, or network changes. Ranger is just trying to discover whatever issues we have. I don't think it can prevent it. I don't think it can block issues or protect our devices.

Overall, I rate the product a seven out of ten.

I use it for company computers in reference to end-point protection scanning for malware, hunting for malware on the network, and on the devices. 

One is the behavioral engine and the AI are both built into the agent, so it doesn't need the internet. 

The interface is good and it is easy to use. The engine that they use to look for malware and for viruses is very good. 

There are features that I would like them to add. They have little to do with endpoint protection, but if they could add encryption and DLP on, it would make it even better. 

I have been working with SentinelOne for just over a year now.

Yeah, it is stable. It does not use a lot of computer resources, even though the engine is built into the agent. If there are new updates, it alerts you when the updates are there and need to be installed. SentinelOne is an efficient solution.

Yes, it is scalable.

I have not had any issues that I needed to talk to customer support about.

The initial setup is very straightforward and easy. Once you install it, auto-updates are initialized. When you put in watches, you are searching for items, you need customization, and you add or remove rules, which is quite easy.

I use in-house implementation.

We are seeing a return on our investment.

The licensing is okay. I don't think it is bad. Depending on which one you get, I think it is fifty dollars for each user annually. The more users you have, the cheaper it is.

I use all security tools from SIMS to DAMs, to DLP solutions, firewalls, etc.

For me, the experience has been very good. I would rate SentinelOne a nine out of ten.

It is an endpoint solution. It is for our workstations and other devices to alert us to any kind of malware threats that might be lurking. 

In terms of deployment, it is through a managed service.

It is a good endpoint solution. That's the reason we chose it. We looked at other solutions, such as CrowdStrike, and based on the cost and the services it delivers, it was the better choice.

I would like to see a better control panel for the managed service side of it.

We have been working with it for about six to eight months. 

It is stable.

As far as I know, it is easily scalable.

It is through a managed service.

It takes a little time to put it in.

It is a good solution. You just need to check out the managed service part of it.

I would rate it a nine out of ten.

Our primary use case for the solution was covering all the endpoints, including servers. We also added the Kubernetes nodes with the CI/CD platform, which covered end-to-end features that we need to fill the required security controls.

The solution has benefited us by monitoring most of the activities to endpoints that we control over the USB and the browser monitoring. Activity monitoring was also done through the XDR platform. We had a couple of incidents where there was zero-day malware planted inside the Lenovo firmware upgrade, which we were able to capture through the auto-detection feature. 

The autonomous platform is valuable because we can separate false positives and negatives and update the database during certain types of automation.

The solution can be improved by ensuring threats are being mitigated on the platform autonomously and by considering introducing an on-premises solution with affordable pricing for government institutions.

There is not much focus on the on-premise solution as the license cap is so huge for small and medium-sized institutions.

We have been using the solution for approximately one year.

The solution is stable.

The solution is scalable and can use the facility to do the same license, which could be used for Kubernetes. So it is the same license but different scales which we have utilized. Approximately 1,000 users are using the solution.

Our team has had a good experience with customer service and support.

Neutral

The initial setup was straightforward. Our team has also done an equally simple upgrade. It took approximately 24-48 hours.

I would say that there could be better ROI if we tend to use more than 500 licenses under a multi-cloud solution. But it would not be the same for an on-premise solution. 

The license for the solution is quite expensive, but it is cheaper than CrowdStrike. However, if you consider specific organization requirements, it has covered them all, so we might move to CrowdStrike after evaluating three years. Then, we assess the kind of tool in line with our requirements and implement the latest and the best tool in the quadrant, and currently, in Cambodia, CrowdStrike and TrendMicro are more popular.

I rate the solution a seven out of ten. The solution is good but can be improved by ensuring threats are being mitigated on the platform and considering reducing the license cap for an on-premises solution.

Our primary use case for SentinelOne is antivirus and malware protection. 

I found the detection the most valuable. 

There is room for improvement with the management interface. It could be more user friendly. 

I have been using SentinelOne for less than a year but more than six months. 

SentinelOne is a stable solution. 

SentinelOne is a scalable solution. We have some 300 people using it in our organization and plan to increase usage as the company grows. Every machine we roll out gets that product.

We used Trend Micro before we switched to SentinelOne. We made the switch because SentinelOne is not signature-based, it's an AI solution. 

The initial setup was straightforward. It entails simple installers and we deployed it through policies. We deployed it as a package on all PCs and servers and it took two weeks.

Deployment can be done in-house with one technical person. 

I recommend it. It just works. 

The single agent feature in the modules is valuable.

The solution does not have an application security and control module.

We have been using the solution for two years.

It is a very stable solution.

It is a scalable solution. Everyone is using this solution in our organization, with almost 2000 users. It's mandatory for us to install this EDR solution on all the inputs.

The technical support is good, and I rate it a nine out of ten.

We switched to SentinelOne because Trend Micro was too complex.

The initial setup was straightforward. We use the SaaS model, cloud-based solution, and console on cloud, so it's very straightforward. I rate the setup a 4.8 out of five, and I would give it a five if they added application control.

Pricing is okay and costs almost the same as Trend Micro. We have a partnership with SentinelOne, and it costs about $30 to $35 per user per year.

I rate this solution a ten out of ten. SentinelOne is the next-generation EDR solution. Once it is installed, no action is required from the end user. It's machine learning and AI integrated, and 95% of threats are blocked. It's a great product.

Sentinel One protects our endpoints from malware, viruses, trojans, and other cyber attacks. We outsource the management of Sentinel One to another organization. They monitor for infections at any endpoint on the console and work to determine if it's a false positive or an actual attack.

Most of the time, Sentinel One can automatically identify an attack, and it quarantines the process to block the attack. If Sentinel One can't make that determination on its own, the third-party team will further investigate the suspicious traffic. 

SentinelOne is doing its job and protecting our endpoints from various cyberattacks. Since we implemented the solution, we haven't seen any big cyberattacks get through, which has happened before. Any malware and threats we've seen in the past have been resolved by SentinelOne.

I like that SentinelOne doesn't use a lot of system resources or make the system slow. It also performs a full scan quickly—within two hours. It has an easy-to-use end-user GUI. 

We want more communication about features that we request and when they will be added to the product. For example, they can tell us what is being done about it. part, if that can be shared for the new features. 

We've requested that SentinelOne's agent provide more reporting on the endpoint's OS, system host, modem, and serial number. It's not able to determine this now. If the SentinelOne team can provide us with some updates about whether they're working on it, that would be useful.Also, we'd like SentinelOne to upgrade automatically. It doesn't automatically update the agent if some system has an older version of the SentinelOne. It has to be triggered from the console.

We have been using SentinelOne for a year now.

We've had SentinelOne for a year and haven't faced any major issues, so I would say it is reliable.

SentinelOne is scalable, but we need to purchase additional licenses. We have purchased two licenses for 300 endpoints. The license not only applies to the users but also to some of the servers. We have SentinelOne installed on some of our critical servers. It can be scaled to whatever size we want if we purchase enough licenses.

We haven't contacted SentinelOne support directly. When we need help, we reach out to our service provider. SentinelOne deals with threats when it detects them. If not, the service provider will analyze them. We haven't had issues with them so far. Their service is satisfactory and cost-effective.  

This is the first time we have used endpoint security. We were using an antivirus solution before this. I would say Sentinel One is doing the job perfectly.

Setting up SentinelOne is a pretty straightforward process. We have around 300 systems in our environment. Working with our security service provider and four other colleagues, we completed the deployment 10 to 15. It's worth noting that we were handling our daily tasks, so we weren't working on this the entire time. 

After deployment, we have to scan the endpoint for maintenance and upgrade. We also need to regularly update the endpoint agents from the console. Our security service provider primarily handles upgrades to the console itself. 

We have outsourced this whole thing to a security service provider. They provide complete security services for SentinelOne. They worked with our in-house IT team, and I took the lead. Once I learned the process from them, I could deploy it on a few systems, and they did the rest.

SentinelOne isn't cheap, but it's less expensive than CrowdStrike It's priced competitively. There are no add-ons. We have a Singularity Complete license, which includes everything we need for endpoint protection. 

We compared a few endpoint security solutions, including CrowdStrike before introducing SentinelOne to our organization

I rate SentinelOne eight out of 10. It's a good endpoint security tool, and I wouldn't hesitate to recommend it to others. 

We have the solution deployed on-premises and, for the last year, on the cloud as well. We have two systems.

Over the last year of Corona, we provided a lot of laptops to our workers to work at home. But because they're not connected, at first, to our network, they can't connect to the SentinelOne instance on-premises. We wanted something that would protect them when they're on the internet, and not only after they connected to our network. That is why we got the system that is in the cloud, to protect all the company laptops.

We don't have a lot of incidents because ours is a very closed network. We don't connect directly to the internet. So SentinelOne is only a barrier between us and the emails or between us and the files that go into our network. 

Three years ago, one of our employees got an email from someone and opened a file. It was ransomware. It started to infect the disks and I didn't know if it had started to encrypt the network routes. I stopped the computer, but I didn't know if another computer had also been infected. I waited for a company that was giving us support for those kinds of things. They got the disk and they started to check and analyze it. After four hours—and that was very quick, by their standards—I got the first analysis. If I had had SentinelOne the whole thing would have taken between 10 seconds and one minute. And then there was the cost of the SLA that we paid to the support company for that kind of support. A four-hour SLA costs a lot of money; the basic SLA is eight hours.

It has cut the response times to nothing. When we have an incident, we get an email in seconds and I can respond in a second to any threat. Even if it's a false alarm, I get the alarm immediately. For example, when we started to work from home, I accidentally installed a program that writes to the MBR partition in the laptop. It wanted to write to the MBR partition and SentinelOne stopped the file and it saved me from having to install the whole computer again. So it not only protects against threats but against mistakes. It's like having a big brother sitting behind you who protects you.

When you pay for a system like SentinelOne, along with the other systems that we have, we're less dependent on a SOC.

The solution gives me peace of mind when it comes to the reliability of the computers on our system. We can work through the internet, as has been happening recently with half of the company working from home, and I know that I have a system that has my back, that protects me. I know it does because I have tested it.

There isn't a single valuable feature, it's the whole engine and system. It's working online in  real-time and gives us alerts, on-click. We chose SentinelOne because in the millisecond that I clicked on the file, I got a block-alert.

SentinelOne's Static AI and Behavioral AI technologies are among the most effective for protecting against attacks because they analyze not only the file's surface, but the behavior of the file. When I described to my manager what I was going to buy, I described a system that analyzes file behavior. If you open a calculator, calc.exe, you know it's going to open calc.exe, and maybe open service X or Y, but it won't go to the internet, to an IP, and spread something. When you analyze the behavior or reaction of each file that works on your PC, it's something else. It's a different level of EDR.

When there is an incident, the solution's Storyline feature gives you a timeline, the whole story, what it began with, what it opened, et cetera. You have the whole picture in one minute. You don't need someone to analyze the system, to go into the logs. You get the entire picture in the dashboard. The Storyline feature has made our response time very fast because we don't need to rely on outside help. We see the whole picture in front of us, from the beginning to the end. We can see, with the click of a button, if that file ran on more computers, not only one or two, and how it spread to other computers. We can see the whole tree and we can immediately respond. We don't need to wait for analysis.

The UI is very clear. You don't need to look for something or to dig to understand where it is. It's all in front of your eyes.

All they need to do to improve it is for it to grow further. The hackers don't sleep. If the hackers don't sleep, the solution continually needs to be updated. They need to keep ahead of the hackers.

I have been using SentinelOne for two years.

It has never gone down. In two years I haven't had any software or hardware problems.

The scalability is driven by demand. If I need to buy 100 licenses, I can buy 100 licenses. We started with 50 and now we have 200 on-premises and 100 on the cloud.

In terms of expanding our usage, we have a SCADA network. It is our operational network. That network is 100 percent disconnected from the outside world. It's not connected to any network, not to IT and not to the internet. We use a regular antivirus there. We plan on deploying SentinelOne to support that and to remove the old antivirus.

Prior to using Sentinel one we were using McAfee Endpoint Security. We switched because I understood that the systems that are only checking file signatures don't work anymore.

We installed it, in the beginning, on-premises on our computer inside the network, and the installation was done with an integration company. Every three or four months we upgrade because our location is not connected to the internet directly.

The on-premises deployment took something like a week to get it deployed to everyone, but the installation itself was very quick, half a day. Then, to see what should be put in the blacklist or what to exclude took about two weeks. The deployment was done by me and the IT manager.

The cloud version was very simple, no problem. Things were done automatically.

The integrator we used was DnA-IT. They only did the installation for the first implementation.

Now that we are going back to the workplace, I will start to work with them on an hourly basis, and we'll learn about all the features from them. They have good guys who know what I need and what we're going to do. I am one person who supports 400 people, so I need the time to sit with the system and to learn it. The system has a lot of features that we don't use or that we don't understand how to use because we haven't had a lot of time in the past year to research them and sit with the company to teach us. We work with the basic features, things like the blacklist and the USB restrictions. The integrator will show us how to use the more advanced features. I'm starting to think that if we can implement all the features from SentinelOne, I will be able to cut the antivirus that we are paying for.

We also use DnA-IT for support. If necessary, they open a ticket with SentinelOne.

It's cost-effective. The price of 100 licenses that I need in the cloud is cheaper than one Bitcoin I would need to pay in the case of ransomware. It's already paying for itself.

The pricing is very fair for the solution they provide.

Aside from the standard licensing fee, the only other costs are for the hardware, because we use Hyper-V on-premises.

I don't remember the names of the other solutions we tested because it was more than two years ago. At that time, SentinelOne was a very young, small, Israeli company with a new product. We were using another startup on our OT network and I asked them if they knew of a good EDR company and they told me there's a little company like ours, our friends, check them out. We also checked two other companies.

We did a penetration test on some solutions. A company that we work with on pen testing planted malware in Excel files, in a macro. We tested how each of the solutions alerted us on the macro and about what it was doing. SentinelOne alerted us at the moment I clicked on the mouse. When I got the popup alert from SentinelOne, I said, "That's it."

In the other software that we checked, there was a little delay because the software got the file, transferred it to the cloud, waited for the cloud to handle the file, and then got the answer back. It took about half a minute or a minute. But in half a minute or a minute, an attack can destroy half of the network. In fact, one of the others didn't detect it at all.

My advice is check out SentinelOne. See how the system works in a real-time attack. Only when you see how it works in real life, in real time, will you understand the ROI of the system. Simulate an attack, simulate a file, simulate that file changing something, and see how it works. I can say to my manager, "I have McAfee installed on my system, I'm safe," and they'll check the checkbox and move on, without understanding what they are doing. I need to sleep well at home and I can do so by knowing I have a system that has my back. That is what SentinelOne is.