The best feature of SentinelOne Singularity Complete is that you don't need to configure a lot with it because it provides an unmatched layer of protection out of the box.
Implementing SentinelOne Singularity Complete is a competitive bid process. As part of the competitive bid process, SentinelOne Singularity Complete stands alone. I work for an enterprise, and the company has old software. CrowdStrike Falcon Pro is a great competitor of SentinelOne Singularity Complete, but CrowdStrike Falcon Pro doesn't fit my company's needs because of its very aggressive deportation policy. If you ever run any software not in the standard manufacturer support or some support package, Crowdstrike cuts you off from updates. In real life, that doesn't work because my company builds software. Some of the company's cluster apps run on Red Hat 7, old Linux kernel, CentOS, or other distros around that era. My company has significant old technologies that it needs to secure.
A pro of SentinelOne Singularity Complete is the approach that it knows isn't the best, but it will still give you the best it has.
I also find that SentinelOne Singularity Complete gives a significant layer of security on top of SD-WAN, mandatory access control, and general information management, which is very helpful.
In assessing the solution's interoperability with other Sentinel One solutions and third-party tools, my company started utilizing Scalar and has a history of using Scalar and other providers. SentinelOne acquired Scalar, an enterprise log management platform, which is very good for the price. Scalar may not be the best platform in the world, but it's very good for the price. SentinelOne, having acquired Scalar, has gone and built an excellent integration for all logging so that you can get the SIEM logs into the Scalar pipeline and run it through a general log analysis platform, so it's unmatched.
In general, I'm pleased with the ability of SentinelOne Singularity Complete to ingest and correlate across my company's security solutions, especially with its price point. I only found very few antivirus or EDR solutions that can compete with SentinelOne Singularity Complete, but I generally prefer working with the solution because of its interoperability.
Another reason why I like the solution is because it works. It doesn't require an Internet connection. The remediation is automated, and the alerting function is excellent. Support for the platform is also great, including multi-tenancy, role-based access control, and automated deployments.
I don't have much bad feedback about SentinelOne Singularity Complete, while in contrast, I've been quite disappointed by many technical aspects of other antivirus solutions, such as the Deep Instinct Antivirus. As for MSP machines, I used to work at MSP and had many problems. I also find the CrowdStrike sales representative incredibly annoying.
I find that SentinelOne Singularity Complete works pretty well for what I want, and it always hits the right price point and options that suit my company's general, overall security platform and management of that platform.
The Ranger functionality of SentinelOne Singularity Complete works well in providing network and asset visibility, especially as my company is a Microsoft Azure AD company at the core, so most of the company's Mac and Windows endpoints are managed, and monitoring the cloud ID and posture is essential. However, I don't need to check it daily because the solution manages itself well. SentinelOne Singularity Complete works very well for active directory management and posture matching.
I appreciate that the solution can consume at an API level, but I don't care as much whether it runs an agent or doesn't because I can automate agent deployment to the fleet. If the agent works, then great. An agentless solution is suitable for old platforms that don't have the most up-to-date technologies. Whenever you try to run an agent on various environments, it might not be the ideal platform for that agent so you could run into unexpected problems. Being agentless makes SentinelOne Singularity Complete better, but I wouldn't be upset if it were a good and solid agent-based solution.
In terms of how significantly the solution helped reduce alerts depends on how many alerts my company was paying attention to before and how many alerts it is paying attention to now. I'm unsure about that because one reason for implementing the SentinelOne Singularity Complete stack at the company has been to increase the security footprint and security posture. My company might have had several useless alerts before and maybe fewer alerts now, but did the company pay more attention to the alerts now? I'm unsure if the alert reduction or paying more attention to the alerts makes a difference.
About SentinelOne Singularity Complete helping to free up staff for other projects and tasks, that isn't easy to tell, as I have a team of four, and some of the work changed upon implementation. For example, instead of fighting with specific agent installs or trying to figure out how to get logs into another system, some of that workload is reduced, but now my team may be paying more attention and uses the same amount of time for alerts, remediations, or other more important aspects, so it is possible that the amount of time spent after the SentinelOne Singularity Complete implementation wasn't really reduced. That would depend on your perspective.
As to SentinelOne Singularity Complete helping the company reduce the mean time to detect, my company didn't record the mean time to detect before implementing the solution. I feel that it is effective, but right now, I don't have a basis of comparison that allows me to point to that periodically says my company reduced the meantime to detect or that it was increased by some percentage.
SentinelOne Singularity Complete has been very effective in helping reduce organizational risk for my company, especially regarding budgetary footprint. The solution has been very effective at what it does and has helped reduce the company's cyber insurance premium. My company is a SOC 2-certified institute and has to go through an annual compliance process with auditors, so going through and being able to explain and show how the company has automated and deployed solutions and minimized its risk profile has been very helpful.
The company I work with now spends slightly less than it did and gets more value from SentinelOne Singularity Complete. Though the cost may not be that different from others, the value provided by the solution is very different. In the past, my company had several decentralized alerts and platforms. Still, after implementing SentinelOne Singularity Complete, the solution could bring and tie them together through an automated platform. It works, and when it comes to enterprise security, for every company you work for, you're not the one who built that network or solution. You have no idea what's going on, so your ability to maintain control relies on understanding the threat surface and how to control it, which SentinelOne Singularity Complete is good at.
My background is in Linux administration, and I've gone through several security tools over the years. I built out mandatory access controls and messy Linux policies. I've worked with a lot of different companies over time. SentinelOne Singularity Complete supports Linux systems really well, which is crucial because I work for a company that builds software with an ecosystem of applications, cluster apps, and containers on Linux.
Some other solutions were stuck a decade ago, particularly running Windows and .NET and other affordable systems, and though I love Windows and Mac, those are user endpoints, and endpoints extend beyond user endpoints, for example, endpoints include servers and the full scope of internet-connected devices in a company.
If you're trying to implement a zero-trust framework and a system resilient to failure across a Swiss cheese layer of multiple problems. In that case, finding one solution capable of dealing with that kind of threat is complicated. You look at Microsoft Defender, and Microsoft has improved its security over the last decade. Obviously, Microsoft still has ways to go, given that it still keeps losing its signing keys. Still, the reality is that, similar to Windows and Azure, Microsoft has improved its security footprint. Microsoft Defender went from being a joke of a product to a very viable solution. That's great, but I can't run that on Mac, and I can't run that on Linux clusters.
Looking at CrowdStrike Falcon Pro, it is a great product. It has a very annoying sales team, but it is excellent. The problem in enterprise, however, is that sometimes, you have to run old technology, and when you cut off the solution from working on old technology, that's not helpful and makes everything worse, so I appreciate the aspect of SentinelOne Singularity Complete supporting even the old technology my company is on, which is a significant differentiator that is very useful about the platform.
When you think of Carbon Black and VMware, each platform is good, works quite well on Mac and Windows, and has some capabilities, but the level is not the same as SentinelOne Singularity Complete. SentinelOne Singularity Complete can be a stand-alone product versus other products.
If you're running a decent company, you should be able to invest in security and be willing to spend whatever it takes to have a very competent solution. Since I control the budget, SentinelOne Singularity Complete provides more value for the dollars spent and a more cohesive structure than what you can get from other solutions.
I'm unsure if SentinelOne Singularity Complete is amazingly the best, but it's the best overall product because it fits my company's needs. I work for a SaaS building enterprise company that does financial transactions, which has public internet-facing applications that get constantly attacked. If I can't run a comprehensive security product across all systems, I'd have to look in three different places, which means I lose some of that robust information. I lose some of that ability to correlate threats and figure out what's happening, and so do automated platforms. An automated platform can lose the ability to correlate the different events it doesn't know about, and this is where SentinelOne Singularity Complete really shines. It's a cohesive, widespread solution that's great in various aspects.
In terms of being innovative, SentinelOne Singularity Complete is quite innovative. I grew up with the internet and have seen different generations of security products and ideas. When SentinelOne Singularity Complete came to market, it was significantly different than the other solutions. SentinelOne could either be acquired or build very useful products, taking interoperability between different products to a level you won't find in other companies.
With how my company uses SentinelOne Singularity Complete and the Scalar platform for all its servers, the company logs into Scalar and runs alerts and rejects, flags alerts, and also gets to ingest all SIEM logs from SentinelOne Singularity Complete into Scalar, and then gets automated alerts. This means that my company gets multiple layers of visibility across its stack and analysis pipeline. My company then gets to log push to S3 after the hot tier access is over, which means it gets to retain all security alerts and problems for up to seven years, just in case, which is essential for a financial services company like the one I work for. Doing that is much more complex with other solutions versus SentinelOne Singularity Complete, so I chose it because, currently, it is the best.
I care about aspects that other people don't care about, such as supporting old Linux distros and being able to run the solution in some weird cloud environments easily. I care about SentinelOne Singularity Complete working with my company's log analysis platform, which makes the process easier.
It's difficult to pinpoint areas for improvement in SentinelOne Singularity Complete because I always like to see certain aspects. Still, if I look into the EDR solution itself, I don't have many negative thoughts about it, as it is very good.
If something could be improved in the solution, I'd say better pricing, as I'd always take better pricing. I would appreciate lower pricing. The lower the pricing, the easier it is for me to sell it. A solution with lower pricing tends to sell itself at some point.
Building a more advanced "if this, then that" logic in SentinelOne Singularity Complete, in terms of when to cold shutdown, particularly when it detects a threat, would isolate it from the network, could be an improvement. There could be a better way of saying "yes" or "no" to doing an action or specific actions unless it's one of the exceptions on your list. Having an additional logic layer could improve the solution, mainly because I run multiple systems with different layers. For example, if I'm running a very important server with this agent, and that server gets infected, I may not necessarily be sure that I want to shut it down right away. Maybe I want to isolate some of the connectivity but not do the entire security remediation automatedly or curtail network access type of activity.
If I could have a more advanced control layer where I could say, "Hey, I want to do that on almost every system, but these systems are so important, and they have to keep running, so maybe if there is a problem, you can do these things instead," then that would make SentinelOne Singularity Complete better.
In terms of getting ROI from SentinelOne Singularity Complete, some factors must be considered. There is a requirement for a few layers to start with. My company has to spend some money just as a baseline.
One requirement is to be SOC 2 compliant, which means an auditor will come in and ask about the company's antivirus software, whether it's running an EDR, including analyzing logs.
Another player is the cyber risk insurance, as the company tries to get the premiums as low as possible and takes security as seriously as possible, by demonstrating to insurance partners that the company is a very low risk in terms of threats becoming problems.
In terms of cost-effectiveness, mainly based on adjustments to your premium, which either raises or lowers the price, SentinelOne Singularity Complete is quite effective.
On behalf of the entire SentinelOne team, thank you for your extensive and thoughtful review, RS. It is rewarding to hear how customers derive value from our endpoint protection and EDR, whether for user endpoint, Linux VMs, or Kubernetes-managed container clusters. Cheers.