SentinelOne Singularity Complete Reviews

My primary use case for this solution to protect my clients and sites that I support from malware and ransom ware. It is installed on the end point clients and servers as a client and then it clean and protects after a reboot. As a managed service provider we found it instrumental at preventing viruses and especially preventing ransom ware. We went from 30% ransom ware infections to zero. The software stops the infection before it executes.

It has saved hundreds of hours fixing destroy and encrypted computers. In the old days even if you restored the files Windows was still damaged. This stops the software from executing.

The valuable feature of this solution is the ability for it to stop a virus or ransom ware. It uses a SOC for active monitoring and AI software that watches where you go and what gets executed. If it sees danger I get alerted and the machine is frozen. If the SOC believes it to be a virus the machines network card is frozen or the machine is automatically returned to the state before the file was executed and the file is erased. If it's safe the machine is auto unfrozen. I can go in look at the logs, verify if it's a false positive and unfreeze the machine. If I believe it is a virus I can return the machine to before the file got executed. Erasing any damage. If I believe it's a false positive I can mark it benign and re execute the file. So far it's stopped four ransomware cases from getting through, so it's doing a good job.

I think communication and documentation could be improved in the solution. When you get a virus alert, there's not a lot of upfront training to let you know how to resolve a situation when it occurs. The first couple of times you're flailing a little bit until you get it sorted. I would probably also suggest that the interface could use a little bit of help. It's a little hunt and peck. 

For additional features, I'd like to see the ability to control it on a cell phone. It would be great if I could have it in the palm of my hand so that if I get a false positive, I can just look at the dashboard on my phone.

I've been using this solution for seven months. 

The solution seems super stable, although you do get some false positives, especially when it encounters a new piece of software. But the SOC is able to quickly whitelist and adopt to the new software fairly quickly.

The solution is scalable. I'm able to put it both in a script and I can see it being able to be deployed in a large environment as well as a small one. I have 285 end points and the roles are anywhere from financial traders to insurance agents. All employees have access to the solution, it's actually turned into my main route for antivirus end protection and the product doesn't require any maintenance except for when it finds a virus.

I've used technical support a few times and it's very good. They're very responsive and they alert you very quickly when there's an issue. They lean heavier on protection, which can sometimes be a problem. A lot of times, by the time I'm logged in to look at it, they've already figured out that it's a false positive and they mark it and whitelist it and put the machine back online. All that can take less than a couple of seconds.

I've previously used several antivirus programs and then I got to the point where I wanted to use an artificial intelligence program. Originally I used CrowdStrike, which I also liked, but the main reason I switched to SentinelOne is because it's incorporated as part of my MSP solution suite.

The initial setup is very straightforward. When you implement, it goes through and does the initial scan and it makes the configuration changes that it needs. I haven't had a problem with any deployment at all and it's a very quick process. 

It's deployed in house

The cost of the solution varies and depends on your relationship with the supplier. My cost is USD $6 per end point. I don't have additional costs on top of that.

I evaluated, Norton 360, Windows antivirus, Webroot, Crowdstrike, and ESET

With solutions like these it's important to keep in mind that any automated system can give false positives, especially when they first encounter your software. Be patient, work with the SOC and the technical support team. If your work is implementation, then do whole sites at one time. It's best to do it in sections, let it sit for a couple of weeks and then do the rest.

I would rate this solution a ten out of 10. 

SentinelOne Singularity Complete has improved our security stack. You don't have to worry about monitoring 24/7. 

The tool's most valuable feature is Vigilance Respond Pro monitoring. You don't have to have a dedicated SOC and worry about staffing. 

I don't like switching the way you switch from legacy to XDR.

I have been using SentinelOne Singularity Complete since March 2023. 

SentinelOne Singularity Complete is stable. 

The product is scalable. 

A reseller consultant helped us with the tool's implementation. Our experience was good. 

SentinelOne Singularity Complete has freed up my staff's time and helped them focus on other tasks. 

The product's interoperability with other SentinelOne solutions and third-party tools is good. 

The solution has reduced our organizational risk. We have faster responses to incidents. 

SentinelOne Singularity Complete is a mature and solid product. I like the standard EDR capabilities. 

I rate it a nine out of ten. 

We primarily use the solution for security. It’s for endpoint and response detection.

It is primarily protecting all my servers now, and most of the end users are connected to SharePoint OneDrive and emails, which are already taken care of from Microsoft through endpoint security. I don't have to really worry too much from the end-user point of view. Still, in case if they ever happen to click on any of the phishing emails or malicious files, it will block their computer immediately without even coming through the server level.

It is covering one of my IT audit purposes - not only from the protection of the data and doing security through my network but also addresses most of the compliances from an audit point of view.

It is very effective so far. It has saved us from a couple of ransomware attacks already. I'm very impressed.

They support most of the operating systems that we use - not just Windows or not just prominent versions of Apple or Linux. I have various versions that support almost all the operating systems in the market.

If there is any suspicious activity, they just straight away block the computer from further infection. The moment we call the support, they investigate everything in detail. Only then will they release it - if they find it is okay. During their own verification, they’ll see how it works and will not give access to the IT admin or to me. Only they will enable it when they are sure it is safe. The responsibility is taken off of us and onto them completely.

It is all automated. If any user or any Sentinel client is having an issue, the email alert will come, and we'll have to just look at it.

It's complete and total protection.

I cannot speak to any missing features. It has what we need.

If they can extend their product further on the DLP side of it so that I don't have to have another agent run exclusively for DLP production, that would be ideal.

I’ve been using the solution for a bit more than six months now.

The solution is absolutely stable. There are no bugs or glitches.

I haven't seen all the features. However, I will probably start looking at it since it has saved us from a couple of cyber attacks. Probably I will take a walk-through again from the technical team to understand if there are any further scalable options to implement on my infrastructure.

We are using it for service only right now. However, we have decided to scale up for all the end users.

Support is very good, and their help is immediate.

Positive

I'm still using VDAT on Windows endpoints. We use Defender. Windows is comprehensive as well. Most Windows users with personal PCs have Windows Defender, and it works well. That said, I was not sure and still am not sure how well it will protect the servers if there is any ransomware attack on the network.

It’s very easy to implement the solution. It’s not complex at all. I’d rate it a five out of five in terms of ease of implementation.

For me to implement across eight servers, it took maybe a day. Two days at a maximum.

It’s on the cloud and therefore doesn’t require maintenance.

They did the implementation. However, I installed the agent. Everything and the configuration were already set. They just guided me through how exactly it was set up. They did the walk-through of the complete product, and that's it.

We’ve already seen a 100% ROI even after just a few months. I’d rate it five out of five.

We pay to license every year. However, I’m not sure of the pricing. They might cost $100 each. It’s reasonably priced. I’d rate it four out of five in terms of affordability.

I did compare it to other solutions and found this product to be more compatible with more operating systems.

We are using the latest version of the solution.

I highly recommend the solution to others.

We’re just customers.

I’d rate the solution nine out of ten.

We primarily use the solution for EDR to protect critical devices.

The AI feature is great, as are its automatic features. The solution can scan for malware easily. And then the ransomware protection is excellent.

It's pretty easy to set up.

The technical support is great.

The product can scale.

The solution just needs to step up and take on other solutions. Some are a bit stronger in comparison.

My improvements have been qualitative. For example, previously they didn't have a mobile device solution. However, two months ago, or three months ago they released the mobile version. Previously, they could only cover Linux, Windows, and macOS. However, two months, three months ago roughly, they start supporting mobile devices.

I'd like to see more documentation. 

SentinelOne documentation is only available to partners or people who own SentinelOne. There is no public documentation of SentinelOne. With other EDRs you can literally fix your problem by going to the documentation publicly. There is always public documentation. However, with this product,  public documentation is hidden from subscribers. If you Google some SentinelOne issue, you don't find any answers. There needs to be more public information about the product.

We added some sessions with a customer to go through testing, including a UAT session and testing session of the solution, and the customer listed some things they wanted to see in the solution. 

I've been dealing with the solution for 14 months. 

Overall, the solution is between 90%  and 95% stable. Sometimes it causes a blue screen and causes the device to crash. It causes servers or computers to crash. That's a huge gamble. You could install SentinelOne on your computer and if you do, there's the risk that your production machine could go down when SentinelOne came on. Stability is a gamble for SentinelOne. There's more chance of crashing your computer. And the only solution when that happens is to go and install it through safe mode.

The product is actually scalable.

Our customers are small, medium, and enterprise companies. We support all of them, both small and medium enterprising arms.

SentinelOne technical support is awesome. If there is a five-star option, I'd give them six stars. They give good support.

Positive

I'm also working with CrowdStrike Falcon. I have worked with Carbon Black as well. SentinelOne is better than Carbon Black.

The priority of EDR before any complex feature is the ability to detect and then prevent malware attacks. That will be main reason of an EDR. SentinelOne does a very good job of detection of online threats. Once you get targeted by a ransomware attack, SentinelOne will notice that. Carbon Black doesn't do that.

The implementation process is pretty easy. 

The pricing is reasonable. I'm an engineer and therefore can't speak to exact pricing. 

We're a partner.

We sell SentinelOne. We implement and deploy. We have a partnership, basically. 

I'd rate the solution eight out of ten.

My advice to other users is if you are going to any solution out there, number one is to make sure if there are issues tey can be easily fixed. With this product, you won't have to have a problem going for three months unsolved or going for two months unsolved. 

We're a managed service provider, so it's MSP for our clients.

I have found the activity timeline and threat analysis to be particularly useful.

The automation of certain features could use improvement. For example, it seems common sense to me that if a threat was executed out of a task in your task scheduler that part of neutralizing the threat would be removing that task from the scheduler.

I would like to see something a little more sophisticated than simply being able to mark a false positive as safe or there's usually just one or two options in certain areas and they're a little rudimentary at this stage.

In terms of stability, I've seen some issues with the deployment or decommissioning not working the way it's entirely supposed to. I've seen the same thing with other managed antivirus so it's nothing I consider unusual. Occasionally I have to go and clean up an installation or an installation that didn't go off cleanly.

The scale we operate at is pretty small. We've got less than 100 endpoints on this at the moment. Currently, I only have about 80 users. 

We still use our traditional antivirus packages, Vipre and Bitdefender, depending on the customer and their use case.

The initial setup took a little bit of orientation but nothing I would consider unusual for learning a new product like this. The deployment did not take very long at all. From the time when we were introduced, got registered for all the different related sites and services it only took a couple of weeks before we could deploy without really needing to think about it. It was pretty simple.

I would advise someone considering this solution to make sure that you leverage the features. It's particularly very useful in sites such as the threat timeline where it gives you a breakdown of the files and network connections.

Call the SOC, the Security Operations Center, with questions. They're always proactive and very helpful but do not rely on the automation to do everything for you. I had an instance where just glancing at the activity timeline, it was very obvious to me there was something traversing the customer's network. There was an infection that was at least partially taking hold and it was worming its way through their network and I would think that the Security Operations Center should see. If they're seeing multiple infections at the same site they should have the same inference happen and call us and notify us and do something about it.  That required manual intervention and it would've been nice to get an earlier notice on it without manual review of activity by myself.

I would rate SentinelOne an eight out of ten. 

We use SentinelOne Singularity for cybersecurity. For example, ransomware protection. It protects our network against the latest cybersecurity threats, continuous monitoring, and real-time checks of our network. 

There are many things that we consider in a solution, such as how often it updates and does patches, and what issues are there in the network or on the desktop or OS. If any patch is missing, it should inform me and send me CVSS and CVSE scoring of my threat perspective.

SentinelOne Singularity has hundreds of features. The most valuable feature of the solution is the ease of use and threat control.

The training for SentinelOne Singularity should be free. The solution has a lot of features but we do not know how to use them all. The moment someone purchases the solution they should contact them and provide them with a feature session on how to use the features.

When we connect the solution to our patch management system they should explain to us how to do it. Additionally, it should be notifying me what patch is missing in my system.

I have been using SentinelOne Singularity for approximately six months.

SentinelOne Singularity is stable.

We have approximately 250 users using this solution in my organization.

I have used the support team from SentinelOne Singularity.

I rate the support from SentinelOne Singularity a four out of five.

Positive

We used two solutions for the comparison, CrowdStrike and McAfee. We did do tests before going to SentinelOne Singularity in many areas, such as ease of use, technical comparison, scanning capabilities in terms of cybersecurity perspective, and ransomware protection. Ransomware blocking is a better feature in SentinelOne Singularity.

We have a team of people who have a set of parameters that we use to scan all these tools. They perform comparisons on each and every aspect and SentinelOne Singularity scored better. 

The deployment of SentinelOne Singularity is straightforward and very easy. The whole process of deployment took four hours.

When it came to the price compared to other solutions we tested, SentinelOne Singularity gave us the price of our expectations whereas CrowdStrike could not.

First-time users of this solution should prioritize what they want to protect, and establish if they have the expertise to maintain it. The solutions don't require any high-end expertise to be deployed or maintained but a normal IT system administrator is needed to do it.

I would recommend this solution to others.

I rate SentinelOne Singularity a nine out of ten.

We are a company with several types of PC users. Our office ranges from marketing to sales, and we also have people who are remote on laptops all over the world, as well as an R&D department. Those people use PCs in different ways. 

We wanted a platform that has ways of dealing with various kinds of users, but we also wanted a central management so we could overview the state of all our endpoints with one view.

We use the central cloud interface to manage all our endpoints.

We only use it on Windows machines.

It delivers the type of security which we were hoping for, since we have a lot of different endpoint users utilizing different types of software. We have people who only use Office software, like email, Word, and PDFs. Then, we have people who use some applications that other people wrote. We also write applications in-house using people who develop software. Therefore, we have some machines using very high-end developer software for mechanical development, electronic development, and software development. Those users are used to managing their PC on their own. The centralize platform allows us to differentiate between those three groups of people. We have overall control and can oversee the security levels at all the endpoints. They have not yet been blocked in any way when performing the functions.

I have one instance where we had a trigger of an attack. Luckily, it appeared to be in an unregistered program created a lot of threats by renaming files. This was something that the employer developed by his own. This was an unknown program that generated a lot of threats to very quickly rename a thousand files. However, it was not an actual attack, but the behavior of that program was such that the AI protection of SentinelOne kicked in and alarmed us of a possible attack. One of our employees created a program just for his benefit. It had exactly the same behavior as a ransomware attack would have had, then it kicked in. This is why I'm confident that SentinelOne will also detect real ransomware actions. That is the only one instance where I encountered the Behavior AI software kicking in.

We haven't had any real attacks over the last year. We did have some intrusions mainly from suspicious files that people were getting via their browser and some attachments that I tried to open with double extensions. Luckily, in the last year, we haven't had any actual attacks.

The effectiveness of the solution’s distributed intelligence at the endpoint is 100 percent. We haven't had any incidents break through. We only see a very small reduction in PC performance.

The main reasons that we use SentinelOne are the antivirus and Behavioral AI protections. We have this solution centrally managed to see what endpoints are active, along with the latest software protection running. It also provides us external control, so we can block machines remotely, even if they are in another country, because we have account managers all over the world. All these features together protect us against strange behavioral programs.

SentinelOne's one-click, automatic remediation and rollback for restoring an endpoint is very handy. We had some issues with programs that were unknown by SentinelOne, then marked as suspicious and quarantined, because we also develop software ourselves and have software packages that were compiled in 1995 and don't conform to the normal rules. SentinelOne always marks those packages as suspicious because they do something different than they should when you compile them with current libraries of Windows, etc. Therefore, we had some interventions of SentinelOne where you can easily whitelist them and rollback the quarantine action so people who use those old-fashioned programs could easily continue with their work. 

This was only an issue during the first month when we rolled out the software, then it starts doing scans mainly on the R&D PCs, which was our great concern. Normal office use is fairly straightforward, but when you develop software (and we also develop software to communicate with our embedded systems), then the demands are a bit different. However, until now, we have been very happy with it.

We have had one or two occasions when we had to roll back off our Windows machine. Then, we had an issue with SentinelOne where we couldn't let the client make contact with the cloud service anymore. Therefore, the integration with the Windows Service Recovery could be improved in the future.

We have been using it for about a year now. We rolled it out in December 2019.

All the endpoints are running without problems. It is very stable. We have deployed several versions of agents. I haven't encountered any issues, apart from when that rollback occurred, and the SentinelOne agents were locked out of the cloud platform, and the only way to retrieve that was by installing it again by hand. 

Up until now, SentinelOne's effectiveness has been 100 percent.

We are a relatively small company with about 80 employees. Most things are offsite. We do not use automated things very much.

There are four users from the admin side.

Together with another colleague, we chose SentinelOne, then tested and deployed it. A few other colleagues have monitoring views in SentinelOne, e.g., if a site has to be whitelisted. 

I had one issue that I brought up with customer support. They delivered a solution in about two hours. It was related to the issue with the agent. I just issued an email, and in about an hour, the problem was solved. I was delivered a good solution: an uninstalling procedure and how to go about it. That's the only thing that we needed it, and the only time we needed the technical support.

Before this solution, we used McAfee, which was not enough for our use. Then, SentinelOne came into the picture. It not only had static virus checking (antivirus), but it also had the Behavioral AI features, like triggers, that we could investigate.

The McAfee solution that we had was more demanding, more expensive, and had less functionality. Three to four years ago, we had an incident with ransomware, and it wasn't detected at the time by the McAfee on all the points. There were two points that were affected. Since it wasn't noticed by the McAfee. we were considering other software solutions from that point on.

SentinelOne offered a good solution, which is the main reason that we went with them. It was easy to manage, although we didn't use McAfee the way we use SentinelOne right now. McAfee was incorporated in our company about 20 years ago, so we probably didn't use all the facilities that McAfee can offer now. 

SentinelOne made us a good offer, especially regarding the Behavioral AI aspect of the protection. Therefore, we just wanted to see what they could offer us. After a year, we are still very satisfied.

SentinelOne had a smaller footprint, both in resources and time-wise, as in load, than the McAfee solution that we had previously.

The initial setup was fairly straightforward. It was very easy to start up. You didn't have to go into a lot of documentation to roll it out. We used the management from the central platform, not our own central platform on-premise, and did it on the cloud version. This way, it could be delivered and updated remotely.

The deployment took a week. We deployed it to about 90 endpoints.

We just had a discussion with the SentinelOne service provider onsite. He gave a revision of how SentinelOne should be deployed along with some examples. Before we deployed it to the entire company, we had a testing time of about two months. 

SentinelOne has reduced incident response time. The two main pillars that SentinelOne helps us with: 

1. Central management: I can ensure management that if there is a breach all the machines and endpoints are up-to-date and protected. 
2. SentinelOne allows us to switch off an endpoint remotely, which we could do previously. Most people are on-premises, but there are 15 to 20 people all over the world with laptops connected everywhere. 

It saves a few hours a week for one person, because you can see the statuses of all the machines in one place. 

It was cheaper than McAfee, which was a way to convince management to go with the solution.

At the moment, we are very pleased with the solution.

We saw the Storyline technology briefly. However, the Storyline is only when you have actual attacks, and they are not caught in the beginning. Most of our attacks were caught just by static recognition of the files, so there was no story because the file was not allowed to activate. In the beginning, we did some fake file checks in an enclosed surrounding and in a CM setup, which is how I saw the Storyline facilities, but we don't use it.

I would rate this solution as a nine (out of 10).

We were looking for an EDR solution to get the best protection available, especially against ransomware. For us, any EDR solution needed to be supported by a 24/7 SOC.

We deploy it on-premise, in all of our factories and branch offices, worldwide.

Security operations have been improved as SentinelOne is easier to manage and update compared to most traditional anti-malware products. It enables us, for the first time, to have global knowledge of what's happening in all of our subsidiaries. Previously, each of them had a local antivirus solution.

• Easy to install and update
• Management Console in the cloud
• Ability to partition it in "sites" (our subsidiaries) with local site admin
• Overall good quality protection

Also, in terms of impact on the endpoint, we carefully manage endpoints for specific purposes (such as for connection to industrial machines) to avoid the false positives that are quite typical in a behavioral engine like SentinelOne. But generally, the impact is quite low, and the Management Console and SOC support allow us to check if everything is working properly or not.

In addition, one of the features that convinced us to adopt SentinelOne was that the solution can recognize and respond to attacks with or without a network connection. That is very important.

We started to install SentinelOne on the first endpoints in August of 2019.

Generally, the stability is good, but I would like to see better stability from the solution. The stability issue is partially a con of a behavioral-based product, but being behavioral-based, it also has a lot of pros.

The scalability is good. At present, I can't see scalability limits.

We have SentinelOne installed on almost 1,700 endpoints and have one main admin for deployment and maintenance and about 20 local site admins.

We have some factories and branch offices where the solution is not yet installed. We hope to complete most of them by the end of this year and, by then, have it installed on about 2,300 endpoints.

Support is quite fast to solve problems. The SOC is very good and really operates 24/7. When necessary, they contact SentinelOne support directly and their replies, generally, are quite fast.

We used traditional antivirus solutions. None of them could stop ransomware attacks and that's the main reason we choose SentinelOne.

In terms of the time it takes for SentinelOne to catch malware compared to our previous platform, the results are similar, with an advantage of SentinelOne being its discovering of Zero-day threats and ransomware.

A SOC provider showed us the product, and we worked out a global agreement for EDR and SOC with them.

The initial complexity was mainly related to finding the right exclusions to avoid false positives, especially with endpoints running technical and industrial software.

The rollout in our main company, with about 600 endpoints, was completed in about three months, including the initial fine-tuning for the AI engine.

In terms of our deployment strategy, in the first company where we installed SentinelOne, we chose to maintain our traditional antivirus product, and run SentinelOne together with it. The decision came about because we were not initially confident with SentinelOne. When we deployed it later to all of our subsidiaries, SentinelOne replaced the local antivirus solution.

Main support was provided by the SOC company, working together with our IT Staff.

We have seen a good ROI about the SOC service and the product.

The solution's price/performance ratio is reasonable.

In addition to the standard licensing fees there is, of course, the SOC service fee.

We evaluated main SOC companies and the solutions they provide. Most of them required a SIEM platform but not specifically an EDR solution. In the end, we chose the best and most affordable combination of SOC and EDR.

My advice is to start with a few endpoints and become comfortable with SentinelOne, and test the exclusion rules for endpoints running specific software.

At present, it looks like the most advanced EDR solution on the market, but I think we have to stay tuned to the market and to what's happening in cybercrime, as 100 percent security doesn't exist.