Try our new research platform with insights from 80,000+ expert users
reviewer2277117 - PeerSpot reviewer
Security Engineer at a financial services firm with 51-200 employees
Real User
Provides deep visibility and has competitive pricing, but should support Terraform and dynamic tagging
Pros and Cons
  • "The deep visibility and the ability to perform security investigations and assess our endpoint security posture are the most valuable features."
  • "There should be Terraform support for console administration. Dynamic tagging would be also useful."

What is our primary use case?

We use it as an Enterprise EDR solution for threat detection, anti-malware, and security investigations.

How has it helped my organization?

SentinelOne Singularity Complete has greatly enhanced our security posture. We feel that our endpoints are more secure. We are in the know of what is happening within our company from a security perspective. We are confident in the ability to detect untrue positives. It has also helped us in achieving industry certifications such as SOC 2.

SentinelOne Singularity Complete has absolutely helped reduce our organization's mean time to detect. There has also been an impact on our mean time to respond. With the integrations that we have set up with Splunk and other products, we are able to respond to incidents as soon as they alert us.

We have a couple of integrations with it. They are alright. I am not blown away by its integration capability.

SentinelOne Singularity Complete has not helped reduce alerts. If anything, we create more alerts with it. We are able to fine-tune the product to reduce noise and alerts, but without it, we would not have any alerts. It is the piece of software that provides that alerting capability for us.

SentinelOne Singularity Complete has not helped free up staff. In a way, it creates work for us, but that is the purpose of the product.

What is most valuable?

The deep visibility and the ability to perform security investigations and assess our endpoint security posture are the most valuable features.

What needs improvement?

There should be Terraform support for console administration. Dynamic tagging would be also useful. 

The auto-upgrade capability should be improved.

Buyer's Guide
SentinelOne Singularity Complete
November 2024
Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,636 professionals have used our research since 2012.

For how long have I used the solution?

I have been using SentinelOne Singularity Complete for two years at this company. My company has been using it longer than that.

What do I think about the stability of the solution?

Its stability is pretty good. I like the stability of their agent.

What do I think about the scalability of the solution?

It is extremely scalable.

How are customer service and support?

Their technical support is pretty good. I would rate them an eight out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I was not here when they bought this solution, but I know why we bought the tool. We replaced another EDR solution, and then we used it as our enterprise EDR solution for ransomware prevention, threat hunting, and security investigations. We were using CrowdStrike previously. SentinelOne Singularity Complete also saved us money. It is very competitive compared to CrowdStrike.

I have used a couple of EDR solutions. SentinelOne Singularity Complete is less mature than CrowdStrike, but it is definitely one of the top players in the industry.

SentinelOne Singularity Complete has not helped reduce our organizational risk. It is about the same as CrowdStrike in this aspect.

How was the initial setup?

We have it on our laptops and the cloud, so our setup is hybrid. I am in charge of deployment, and it is as simple or complex as any other solution. 

It requires maintenance on our end.

What about the implementation team?

We have a team, but I do most of the work. I am in charge of it.

What was our ROI?

It is hard to define the ROI. It does not save us money, but it prevents security breaches. In the grand scheme of things, it is definitely worth investing in. 

What's my experience with pricing, setup cost, and licensing?

Its pricing is competitive. 

What other advice do I have?

It has competitive pricing and great support. It is a complete solution.

As a strategic security partner, they collaborate with us quite a bit on our overall posture. They constantly have webinars and education sessions for us to deepen our security knowledge and how to use their product. They have assisted us on various PoCs for different offerings that they have and different services they offer. They help us to understand how each of those components integrates into our overall security posture. We did a PoC of the Ranger functionality.

I would rate SentinelOne Singularity Complete a seven out of ten.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
reviewer2258178 - PeerSpot reviewer
Chief Information Security Officer at a tech services company with 11-50 employees
MSP
Top 20
Good range and functionality with increased visibility of threats
Pros and Cons
  • "Its ability to interact with other third-party tools has been great for us. It can work through APIs and partners and integrate well."
  • "The MDM functionality and maturity still need improvement."

What is our primary use case?

We deploy and manage the product for hundreds of clients.

How has it helped my organization?

We are a large global insurance company and we're trying to help proactively find a way for clients not to get breached by ransomware. This product is part of the way we do that.

What is most valuable?

The range and functionality are great.

The remote script orientation is good. 

The level of vigilance is impressive.

Its ability to interact with other third-party tools has been great for us. It can work through APIs and partners and integrate well.  

The solution's ability to ingest and correlate across other security solutions is helpful. It's been very important in terms of how we will move forward with the product. We're in the process of consolidating security solutions right now. Hopefully, it will help us reduce the use of some tool sets. It's helped us automate more and correlate better by bringing in data sets from different areas or systems so that we get a sense of threats. That's been really critical.

It provides increased visibility through Ranger. We don't need new agents or hardware. The ability to look for and find new devices that come onto the network helps us protect more efficiently.

It's been a great product in a couple of ways from my analysis of working on it. They have a great user interface, for example. It's easy to install and easy to support. It's allowing integration from all the different parts of our business and data points. Then there is the breadth of services that are tied into it. The support infrastructure overall has been great. 

Singularity can correlate with other data and it helps us put an automated lens around everything to reduce the amount of alerts we'll get.

We can scale with the solution and not have to scale more analysts. It helps us be more efficient.

It has already helped reduce the mean time to detect. The mean time to respond has been okay.

It's also helped us save costs. We're able to deploy a standardized solution that's really well-defined and offers very good training. The ability to scale has been wonderful and it's helped reduce the overall cost of the service we provide. 

Singularity helps us reduce organizational risk from a customer perspective. 

What needs improvement?

I'm able to have my analyst view everything from one console, and we have multiple boxes with them, and we have to log into separate consoles to access each of those one boxes. We really need a more centralized view of all of our environments. 

The MDM functionality and maturity still need improvement.

For how long have I used the solution?

I've been using the solution for two years. 

How are customer service and support?

I have contacted technical support in the past. They've been very responsive and helped us drive problems to completion. We've had no issues there.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We were using Carbon Black previously. Singularity has been much better about mean time to detect. It's likely 15% to 20% better by comparison. 

Carbon Black also didn't operate from a place of integrity.

How was the initial setup?

I was involved in the initial setup and found it to be straightforward. I cannot really how long it took to fully deploy.

What about the implementation team?

We handed the setup internally.

What's my experience with pricing, setup cost, and licensing?

The pricing is great. I don't have any issues with it.

What other advice do I have?

I'd rate the solution eight out of ten.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
SentinelOne Singularity Complete
November 2024
Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,636 professionals have used our research since 2012.
ShashikaKodikara - PeerSpot reviewer
Head of Cybersecurity at Technovage Solution
Real User
Top 5
A valuable autonomous platform but the use case is valid mostly for the cloud deployments
Pros and Cons
  • "The autonomous platform is valuable because we can separate false positives and negatives."
  • "There is not much focus on the on-premise solution as the license cap is so huge for small and medium-sized institutions."

What is our primary use case?

Our primary use case for the solution was covering all the endpoints, including servers. We also added the Kubernetes nodes with the CI/CD platform, which covered end-to-end features that we need to fill the required security controls.

How has it helped my organization?

The solution has benefited us by monitoring most of the activities to endpoints that we control over the USB and the browser monitoring. Activity monitoring was also done through the XDR platform. We had a couple of incidents where there was zero-day malware planted inside the Lenovo firmware upgrade, which we were able to capture through the auto-detection feature. 

What is most valuable?

The autonomous platform is valuable because we can separate false positives and negatives and update the database during certain types of automation.

What needs improvement?

The solution can be improved by ensuring threats are being mitigated on the platform autonomously and by considering introducing an on-premises solution with affordable pricing for government institutions.

There is not much focus on the on-premise solution as the license cap is so huge for small and medium-sized institutions.

For how long have I used the solution?

We have been using the solution for approximately one year.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

The solution is scalable and can use the facility to do the same license, which could be used for Kubernetes. So it is the same license but different scales which we have utilized. Approximately 1,000 users are using the solution.

How are customer service and support?

Our team has had a good experience with customer service and support.

How would you rate customer service and support?

Neutral

How was the initial setup?

The initial setup was straightforward. Our team has also done an equally simple upgrade. It took approximately 24-48 hours.

What was our ROI?

I would say that there could be better ROI if we tend to use more than 500 licenses under a multi-cloud solution. But it would not be the same for an on-premise solution. 

What's my experience with pricing, setup cost, and licensing?

The license for the solution is quite expensive, but it is cheaper than CrowdStrike. However, if you consider specific organization requirements, it has covered them all, so we might move to CrowdStrike after evaluating three years. Then, we assess the kind of tool in line with our requirements and implement the latest and the best tool in the quadrant, and currently, in Cambodia, CrowdStrike and TrendMicro are more popular.

What other advice do I have?

I rate the solution a seven out of ten. The solution is good but can be improved by ensuring threats are being mitigated on the platform and considering reducing the license cap for an on-premises solution.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tim Bosman - PeerSpot reviewer
Chief Information Officer at Amadys
Real User
Top 10
Simple deployment and the solution just works
Pros and Cons
  • "SentinelOne is a stable solution."
  • "There is room for improvement with the management interface. It could be more user friendly."

What is our primary use case?

Our primary use case for SentinelOne is antivirus and malware protection. 

What is most valuable?

I found the detection the most valuable. 

What needs improvement?

There is room for improvement with the management interface. It could be more user friendly. 

For how long have I used the solution?

I have been using SentinelOne for less than a year but more than six months. 

What do I think about the stability of the solution?

SentinelOne is a stable solution. 

What do I think about the scalability of the solution?

SentinelOne is a scalable solution. We have some 300 people using it in our organization and plan to increase usage as the company grows. Every machine we roll out gets that product.

Which solution did I use previously and why did I switch?

We used Trend Micro before we switched to SentinelOne. We made the switch because SentinelOne is not signature-based, it's an AI solution. 

How was the initial setup?

The initial setup was straightforward. It entails simple installers and we deployed it through policies. We deployed it as a package on all PCs and servers and it took two weeks.

What about the implementation team?

Deployment can be done in-house with one technical person. 

What other advice do I have?

I recommend it. It just works. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Information Security Principal at Alkhorayef
Real User
A next-generation EDR solution with integrated machine learning and AI
Pros and Cons
  • "SentinelOne is the next-generation EDR solution."
  • "The solution does not have an application security and control module."

What is our primary use case?

The single agent feature in the modules is valuable.

What needs improvement?

The solution does not have an application security and control module.

For how long have I used the solution?

We have been using the solution for two years.

What do I think about the stability of the solution?

It is a very stable solution.

What do I think about the scalability of the solution?

It is a scalable solution. Everyone is using this solution in our organization, with almost 2000 users. It's mandatory for us to install this EDR solution on all the inputs.

How are customer service and support?

The technical support is good, and I rate it a nine out of ten.

Which solution did I use previously and why did I switch?

We switched to SentinelOne because Trend Micro was too complex.

How was the initial setup?

The initial setup was straightforward. We use the SaaS model, cloud-based solution, and console on cloud, so it's very straightforward. I rate the setup a 4.8 out of five, and I would give it a five if they added application control.

What's my experience with pricing, setup cost, and licensing?

Pricing is okay and costs almost the same as Trend Micro. We have a partnership with SentinelOne, and it costs about $30 to $35 per user per year.

What other advice do I have?

I rate this solution a ten out of ten. SentinelOne is the next-generation EDR solution. Once it is installed, no action is required from the end user. It's machine learning and AI integrated, and 95% of threats are blocked. It's a great product.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Technical Team Lead at Alepo
Vendor
It scans quickly and doesn't use a lot of system resources
Pros and Cons
  • "I like that SentinelOne doesn't use a lot of system resources or make the system slow. It also performs a full scan quickly—within two hours. It has an easy-to-use end-user GUI."
  • "We'd like SentinelOne to upgrade automatically. It doesn't automatically update the agent if some system has an older version of the SentinelOne. It has to be triggered from the console."

What is our primary use case?

Sentinel One protects our endpoints from malware, viruses, trojans, and other cyber attacks. We outsource the management of Sentinel One to another organization. They monitor for infections at any endpoint on the console and work to determine if it's a false positive or an actual attack.

Most of the time, Sentinel One can automatically identify an attack, and it quarantines the process to block the attack. If Sentinel One can't make that determination on its own, the third-party team will further investigate the suspicious traffic. 

How has it helped my organization?

SentinelOne is doing its job and protecting our endpoints from various cyberattacks. Since we implemented the solution, we haven't seen any big cyberattacks get through, which has happened before. Any malware and threats we've seen in the past have been resolved by SentinelOne.

What is most valuable?

I like that SentinelOne doesn't use a lot of system resources or make the system slow. It also performs a full scan quickly—within two hours. It has an easy-to-use end-user GUI. 

What needs improvement?

We want more communication about features that we request and when they will be added to the product. For example, they can tell us what is being done about it. part, if that can be shared for the new features. 

We've requested that SentinelOne's agent provide more reporting on the endpoint's OS, system host, modem, and serial number. It's not able to determine this now. If the SentinelOne team can provide us with some updates about whether they're working on it, that would be useful.Also, we'd like SentinelOne to upgrade automatically. It doesn't automatically update the agent if some system has an older version of the SentinelOne. It has to be triggered from the console.

For how long have I used the solution?

We have been using SentinelOne for a year now.

What do I think about the stability of the solution?

We've had SentinelOne for a year and haven't faced any major issues, so I would say it is reliable.

What do I think about the scalability of the solution?

SentinelOne is scalable, but we need to purchase additional licenses. We have purchased two licenses for 300 endpoints. The license not only applies to the users but also to some of the servers. We have SentinelOne installed on some of our critical servers. It can be scaled to whatever size we want if we purchase enough licenses.

How are customer service and support?

We haven't contacted SentinelOne support directly. When we need help, we reach out to our service provider. SentinelOne deals with threats when it detects them. If not, the service provider will analyze them. We haven't had issues with them so far. Their service is satisfactory and cost-effective.  

Which solution did I use previously and why did I switch?

This is the first time we have used endpoint security. We were using an antivirus solution before this. I would say Sentinel One is doing the job perfectly.

How was the initial setup?

Setting up SentinelOne is a pretty straightforward process. We have around 300 systems in our environment. Working with our security service provider and four other colleagues, we completed the deployment 10 to 15. It's worth noting that we were handling our daily tasks, so we weren't working on this the entire time. 

After deployment, we have to scan the endpoint for maintenance and upgrade. We also need to regularly update the endpoint agents from the console. Our security service provider primarily handles upgrades to the console itself. 

What about the implementation team?

We have outsourced this whole thing to a security service provider. They provide complete security services for SentinelOne. They worked with our in-house IT team, and I took the lead. Once I learned the process from them, I could deploy it on a few systems, and they did the rest.

What's my experience with pricing, setup cost, and licensing?

SentinelOne isn't cheap, but it's less expensive than CrowdStrike It's priced competitively. There are no add-ons. We have a Singularity Complete license, which includes everything we need for endpoint protection. 

Which other solutions did I evaluate?

We compared a few endpoint security solutions, including CrowdStrike before introducing SentinelOne to our organization

What other advice do I have?

I rate SentinelOne eight out of 10. It's a good endpoint security tool, and I wouldn't hesitate to recommend it to others. 

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1506846 - PeerSpot reviewer
Network & Cyber Security Manager at a energy/utilities company with 51-200 employees
Real User
Cut our response times down to "nothing" and reduces our dependency on a SOC
Pros and Cons
  • "When there is an incident, the solution's Storyline feature gives you a timeline, the whole story, what it began with, what it opened, et cetera. You have the whole picture in one minute. You don't need someone to analyze the system, to go into the logs. You get the entire picture in the dashboard. The Storyline feature has made our response time very fast because we don't need to rely on outside help."
  • "All they need to do to improve it is for it to grow further. The hackers don't sleep. If the hackers don't sleep, the solution continually needs to be updated. They need to keep ahead of the hackers."

What is our primary use case?

We have the solution deployed on-premises and, for the last year, on the cloud as well. We have two systems.

Over the last year of Corona, we provided a lot of laptops to our workers to work at home. But because they're not connected, at first, to our network, they can't connect to the SentinelOne instance on-premises. We wanted something that would protect them when they're on the internet, and not only after they connected to our network. That is why we got the system that is in the cloud, to protect all the company laptops.

We don't have a lot of incidents because ours is a very closed network. We don't connect directly to the internet. So SentinelOne is only a barrier between us and the emails or between us and the files that go into our network. 

How has it helped my organization?

Three years ago, one of our employees got an email from someone and opened a file. It was ransomware. It started to infect the disks and I didn't know if it had started to encrypt the network routes. I stopped the computer, but I didn't know if another computer had also been infected. I waited for a company that was giving us support for those kinds of things. They got the disk and they started to check and analyze it. After four hours—and that was very quick, by their standards—I got the first analysis. If I had had SentinelOne the whole thing would have taken between 10 seconds and one minute. And then there was the cost of the SLA that we paid to the support company for that kind of support. A four-hour SLA costs a lot of money; the basic SLA is eight hours.

It has cut the response times to nothing. When we have an incident, we get an email in seconds and I can respond in a second to any threat. Even if it's a false alarm, I get the alarm immediately. For example, when we started to work from home, I accidentally installed a program that writes to the MBR partition in the laptop. It wanted to write to the MBR partition and SentinelOne stopped the file and it saved me from having to install the whole computer again. So it not only protects against threats but against mistakes. It's like having a big brother sitting behind you who protects you.

When you pay for a system like SentinelOne, along with the other systems that we have, we're less dependent on a SOC.

The solution gives me peace of mind when it comes to the reliability of the computers on our system. We can work through the internet, as has been happening recently with half of the company working from home, and I know that I have a system that has my back, that protects me. I know it does because I have tested it.

What is most valuable?

There isn't a single valuable feature, it's the whole engine and system. It's working online in  real-time and gives us alerts, on-click. We chose SentinelOne because in the millisecond that I clicked on the file, I got a block-alert.

SentinelOne's Static AI and Behavioral AI technologies are among the most effective for protecting against attacks because they analyze not only the file's surface, but the behavior of the file. When I described to my manager what I was going to buy, I described a system that analyzes file behavior. If you open a calculator, calc.exe, you know it's going to open calc.exe, and maybe open service X or Y, but it won't go to the internet, to an IP, and spread something. When you analyze the behavior or reaction of each file that works on your PC, it's something else. It's a different level of EDR.

When there is an incident, the solution's Storyline feature gives you a timeline, the whole story, what it began with, what it opened, et cetera. You have the whole picture in one minute. You don't need someone to analyze the system, to go into the logs. You get the entire picture in the dashboard. The Storyline feature has made our response time very fast because we don't need to rely on outside help. We see the whole picture in front of us, from the beginning to the end. We can see, with the click of a button, if that file ran on more computers, not only one or two, and how it spread to other computers. We can see the whole tree and we can immediately respond. We don't need to wait for analysis.

The UI is very clear. You don't need to look for something or to dig to understand where it is. It's all in front of your eyes.

What needs improvement?

All they need to do to improve it is for it to grow further. The hackers don't sleep. If the hackers don't sleep, the solution continually needs to be updated. They need to keep ahead of the hackers.

For how long have I used the solution?

I have been using SentinelOne for two years.

What do I think about the stability of the solution?

It has never gone down. In two years I haven't had any software or hardware problems.

What do I think about the scalability of the solution?

The scalability is driven by demand. If I need to buy 100 licenses, I can buy 100 licenses. We started with 50 and now we have 200 on-premises and 100 on the cloud.

In terms of expanding our usage, we have a SCADA network. It is our operational network. That network is 100 percent disconnected from the outside world. It's not connected to any network, not to IT and not to the internet. We use a regular antivirus there. We plan on deploying SentinelOne to support that and to remove the old antivirus.

Which solution did I use previously and why did I switch?

Prior to using Sentinel one we were using McAfee Endpoint Security. We switched because I understood that the systems that are only checking file signatures don't work anymore.

How was the initial setup?

We installed it, in the beginning, on-premises on our computer inside the network, and the installation was done with an integration company. Every three or four months we upgrade because our location is not connected to the internet directly.

The on-premises deployment took something like a week to get it deployed to everyone, but the installation itself was very quick, half a day. Then, to see what should be put in the blacklist or what to exclude took about two weeks. The deployment was done by me and the IT manager.

The cloud version was very simple, no problem. Things were done automatically.

What about the implementation team?

The integrator we used was DnA-IT. They only did the installation for the first implementation.

Now that we are going back to the workplace, I will start to work with them on an hourly basis, and we'll learn about all the features from them. They have good guys who know what I need and what we're going to do. I am one person who supports 400 people, so I need the time to sit with the system and to learn it. The system has a lot of features that we don't use or that we don't understand how to use because we haven't had a lot of time in the past year to research them and sit with the company to teach us. We work with the basic features, things like the blacklist and the USB restrictions. The integrator will show us how to use the more advanced features. I'm starting to think that if we can implement all the features from SentinelOne, I will be able to cut the antivirus that we are paying for.

We also use DnA-IT for support. If necessary, they open a ticket with SentinelOne.

What was our ROI?

It's cost-effective. The price of 100 licenses that I need in the cloud is cheaper than one Bitcoin I would need to pay in the case of ransomware. It's already paying for itself.

What's my experience with pricing, setup cost, and licensing?

The pricing is very fair for the solution they provide.

Aside from the standard licensing fee, the only other costs are for the hardware, because we use Hyper-V on-premises.

Which other solutions did I evaluate?

I don't remember the names of the other solutions we tested because it was more than two years ago. At that time, SentinelOne was a very young, small, Israeli company with a new product. We were using another startup on our OT network and I asked them if they knew of a good EDR company and they told me there's a little company like ours, our friends, check them out. We also checked two other companies.

We did a penetration test on some solutions. A company that we work with on pen testing planted malware in Excel files, in a macro. We tested how each of the solutions alerted us on the macro and about what it was doing. SentinelOne alerted us at the moment I clicked on the mouse. When I got the popup alert from SentinelOne, I said, "That's it."

In the other software that we checked, there was a little delay because the software got the file, transferred it to the cloud, waited for the cloud to handle the file, and then got the answer back. It took about half a minute or a minute. But in half a minute or a minute, an attack can destroy half of the network. In fact, one of the others didn't detect it at all.

What other advice do I have?

My advice is check out SentinelOne. See how the system works in a real-time attack. Only when you see how it works in real life, in real time, will you understand the ROI of the system. Simulate an attack, simulate a file, simulate that file changing something, and see how it works. I can say to my manager, "I have McAfee installed on my system, I'm safe," and they'll check the checkbox and move on, without understanding what they are doing. I need to sleep well at home and I can do so by knowing I have a system that has my back. That is what SentinelOne is.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
CIO at a manufacturing company with 1,001-5,000 employees
Real User
For the first time we have global knowledge of what's happening in all of our subsidiaries
Pros and Cons
  • "One of the features that convinced us to adopt SentinelOne was that the solution can recognize and respond to attacks with or without a network connection. That is very important."
  • "Generally, the stability is good, but I would like to see better stability from the solution. The stability issue is partially a con of a behavioral-based product, but being behavioral-based, it also has a lot of pros."

What is our primary use case?

We were looking for an EDR solution to get the best protection available, especially against ransomware. For us, any EDR solution needed to be supported by a 24/7 SOC.

We deploy it on-premise, in all of our factories and branch offices, worldwide.

How has it helped my organization?

Security operations have been improved as SentinelOne is easier to manage and update compared to most traditional anti-malware products. It enables us, for the first time, to have global knowledge of what's happening in all of our subsidiaries. Previously, each of them had a local antivirus solution.

What is most valuable?

  • Easy to install and update
  • Management Console in the cloud
  • Ability to partition it in "sites" (our subsidiaries) with local site admin
  • Overall good quality protection

Also, in terms of impact on the endpoint, we carefully manage endpoints for specific purposes (such as for connection to industrial machines) to avoid the false positives that are quite typical in a behavioral engine like SentinelOne. But generally, the impact is quite low, and the Management Console and SOC support allow us to check if everything is working properly or not.

In addition, one of the features that convinced us to adopt SentinelOne was that the solution can recognize and respond to attacks with or without a network connection. That is very important.

For how long have I used the solution?

We started to install SentinelOne on the first endpoints in August of 2019.

What do I think about the stability of the solution?

Generally, the stability is good, but I would like to see better stability from the solution. The stability issue is partially a con of a behavioral-based product, but being behavioral-based, it also has a lot of pros.

What do I think about the scalability of the solution?

The scalability is good. At present, I can't see scalability limits.

We have SentinelOne installed on almost 1,700 endpoints and have one main admin for deployment and maintenance and about 20 local site admins.

We have some factories and branch offices where the solution is not yet installed. We hope to complete most of them by the end of this year and, by then, have it installed on about 2,300 endpoints.

How are customer service and technical support?

Support is quite fast to solve problems. The SOC is very good and really operates 24/7. When necessary, they contact SentinelOne support directly and their replies, generally, are quite fast.

Which solution did I use previously and why did I switch?

We used traditional antivirus solutions. None of them could stop ransomware attacks and that's the main reason we choose SentinelOne.

In terms of the time it takes for SentinelOne to catch malware compared to our previous platform, the results are similar, with an advantage of SentinelOne being its discovering of Zero-day threats and ransomware.

A SOC provider showed us the product, and we worked out a global agreement for EDR and SOC with them.

How was the initial setup?

The initial complexity was mainly related to finding the right exclusions to avoid false positives, especially with endpoints running technical and industrial software.

The rollout in our main company, with about 600 endpoints, was completed in about three months, including the initial fine-tuning for the AI engine.

In terms of our deployment strategy, in the first company where we installed SentinelOne, we chose to maintain our traditional antivirus product, and run SentinelOne together with it. The decision came about because we were not initially confident with SentinelOne. When we deployed it later to all of our subsidiaries, SentinelOne replaced the local antivirus solution.

What about the implementation team?

Main support was provided by the SOC company, working together with our IT Staff.

What was our ROI?

We have seen a good ROI about the SOC service and the product.

What's my experience with pricing, setup cost, and licensing?

The solution's price/performance ratio is reasonable.

In addition to the standard licensing fees there is, of course, the SOC service fee.

Which other solutions did I evaluate?

We evaluated main SOC companies and the solutions they provide. Most of them required a SIEM platform but not specifically an EDR solution. In the end, we chose the best and most affordable combination of SOC and EDR.

What other advice do I have?

My advice is to start with a few endpoints and become comfortable with SentinelOne, and test the exclusion rules for endpoints running specific software.

At present, it looks like the most advanced EDR solution on the market, but I think we have to stay tuned to the market and to what's happening in cybercrime, as 100 percent security doesn't exist.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros sharing their opinions.