My primary use case for this solution to protect my clients and sites that I support from malware and ransom ware. It is installed on the end point clients and servers as a client and then it clean and protects after a reboot. As a managed service provider we found it instrumental at preventing viruses and especially preventing ransom ware. We went from 30% ransom ware infections to zero. The software stops the infection before it executes.
IT Manager at Telecorp Inc.
Protects our network end users from malware and eliminates ransom ware with timely alerts and automatic resolution
Pros and Cons
- "Prevents ransomware getting through."
- "Communication and documentation could be improved."
What is our primary use case?
How has it helped my organization?
It has saved hundreds of hours fixing destroy and encrypted computers. In the old days even if you restored the files Windows was still damaged. This stops the software from executing.
What is most valuable?
The valuable feature of this solution is the ability for it to stop a virus or ransom ware. It uses a SOC for active monitoring and AI software that watches where you go and what gets executed. If it sees danger I get alerted and the machine is frozen. If the SOC believes it to be a virus the machines network card is frozen or the machine is automatically returned to the state before the file was executed and the file is erased. If it's safe the machine is auto unfrozen. I can go in look at the logs, verify if it's a false positive and unfreeze the machine. If I believe it is a virus I can return the machine to before the file got executed. Erasing any damage. If I believe it's a false positive I can mark it benign and re execute the file. So far it's stopped four ransomware cases from getting through, so it's doing a good job.
What needs improvement?
I think communication and documentation could be improved in the solution. When you get a virus alert, there's not a lot of upfront training to let you know how to resolve a situation when it occurs. The first couple of times you're flailing a little bit until you get it sorted. I would probably also suggest that the interface could use a little bit of help. It's a little hunt and peck.
For additional features, I'd like to see the ability to control it on a cell phone. It would be great if I could have it in the palm of my hand so that if I get a false positive, I can just look at the dashboard on my phone.
Buyer's Guide
SentinelOne Singularity Complete
October 2024
Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
For how long have I used the solution?
I've been using this solution for seven months.
What do I think about the stability of the solution?
The solution seems super stable, although you do get some false positives, especially when it encounters a new piece of software. But the SOC is able to quickly whitelist and adopt to the new software fairly quickly.
What do I think about the scalability of the solution?
The solution is scalable. I'm able to put it both in a script and I can see it being able to be deployed in a large environment as well as a small one. I have 285 end points and the roles are anywhere from financial traders to insurance agents. All employees have access to the solution, it's actually turned into my main route for antivirus end protection and the product doesn't require any maintenance except for when it finds a virus.
How are customer service and support?
I've used technical support a few times and it's very good. They're very responsive and they alert you very quickly when there's an issue. They lean heavier on protection, which can sometimes be a problem. A lot of times, by the time I'm logged in to look at it, they've already figured out that it's a false positive and they mark it and whitelist it and put the machine back online. All that can take less than a couple of seconds.
Which solution did I use previously and why did I switch?
I've previously used several antivirus programs and then I got to the point where I wanted to use an artificial intelligence program. Originally I used CrowdStrike, which I also liked, but the main reason I switched to SentinelOne is because it's incorporated as part of my MSP solution suite.
How was the initial setup?
The initial setup is very straightforward. When you implement, it goes through and does the initial scan and it makes the configuration changes that it needs. I haven't had a problem with any deployment at all and it's a very quick process.
What about the implementation team?
It's deployed in house
What's my experience with pricing, setup cost, and licensing?
The cost of the solution varies and depends on your relationship with the supplier. My cost is USD $6 per end point. I don't have additional costs on top of that.
Which other solutions did I evaluate?
I evaluated, Norton 360, Windows antivirus, Webroot, Crowdstrike, and ESET
What other advice do I have?
With solutions like these it's important to keep in mind that any automated system can give false positives, especially when they first encounter your software. Be patient, work with the SOC and the technical support team. If your work is implementation, then do whole sites at one time. It's best to do it in sections, let it sit for a couple of weeks and then do the rest.
I would rate this solution a ten out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Manager at a computer software company with 501-1,000 employees
Solid and mature with standard EDR capabilities
Pros and Cons
- "The tool's most valuable feature is Vigilance Respond Pro monitoring. You don't have to have a dedicated SOC and worry about staffing."
- "I don't like switching the way you switch from legacy to XDR."
How has it helped my organization?
SentinelOne Singularity Complete has improved our security stack. You don't have to worry about monitoring 24/7.
What is most valuable?
The tool's most valuable feature is Vigilance Respond Pro monitoring. You don't have to have a dedicated SOC and worry about staffing.
What needs improvement?
I don't like switching the way you switch from legacy to XDR.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete since March 2023.
What do I think about the stability of the solution?
SentinelOne Singularity Complete is stable.
What do I think about the scalability of the solution?
The product is scalable.
What about the implementation team?
A reseller consultant helped us with the tool's implementation. Our experience was good.
What other advice do I have?
SentinelOne Singularity Complete has freed up my staff's time and helped them focus on other tasks.
The product's interoperability with other SentinelOne solutions and third-party tools is good.
The solution has reduced our organizational risk. We have faster responses to incidents.
SentinelOne Singularity Complete is a mature and solid product. I like the standard EDR capabilities.
I rate it a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
SentinelOne Singularity Complete
October 2024
Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
Head of Information Technology at a healthcare company with 201-500 employees
Responsive support with complete and total protection
Pros and Cons
- "It has saved us from a couple of ransomware attacks already."
- "If they can extend their product further on the DLP side of it so that I don't have to have another agent run exclusively for DLP production, that would be ideal."
What is our primary use case?
We primarily use the solution for security. It’s for endpoint and response detection.
It is primarily protecting all my servers now, and most of the end users are connected to SharePoint OneDrive and emails, which are already taken care of from Microsoft through endpoint security. I don't have to really worry too much from the end-user point of view. Still, in case if they ever happen to click on any of the phishing emails or malicious files, it will block their computer immediately without even coming through the server level.
How has it helped my organization?
It is covering one of my IT audit purposes - not only from the protection of the data and doing security through my network but also addresses most of the compliances from an audit point of view.
What is most valuable?
It is very effective so far. It has saved us from a couple of ransomware attacks already. I'm very impressed.
They support most of the operating systems that we use - not just Windows or not just prominent versions of Apple or Linux. I have various versions that support almost all the operating systems in the market.
If there is any suspicious activity, they just straight away block the computer from further infection. The moment we call the support, they investigate everything in detail. Only then will they release it - if they find it is okay. During their own verification, they’ll see how it works and will not give access to the IT admin or to me. Only they will enable it when they are sure it is safe. The responsibility is taken off of us and onto them completely.
It is all automated. If any user or any Sentinel client is having an issue, the email alert will come, and we'll have to just look at it.
It's complete and total protection.
What needs improvement?
I cannot speak to any missing features. It has what we need.
If they can extend their product further on the DLP side of it so that I don't have to have another agent run exclusively for DLP production, that would be ideal.
For how long have I used the solution?
I’ve been using the solution for a bit more than six months now.
What do I think about the stability of the solution?
The solution is absolutely stable. There are no bugs or glitches.
What do I think about the scalability of the solution?
I haven't seen all the features. However, I will probably start looking at it since it has saved us from a couple of cyber attacks. Probably I will take a walk-through again from the technical team to understand if there are any further scalable options to implement on my infrastructure.
We are using it for service only right now. However, we have decided to scale up for all the end users.
How are customer service and support?
Support is very good, and their help is immediate.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I'm still using VDAT on Windows endpoints. We use Defender. Windows is comprehensive as well. Most Windows users with personal PCs have Windows Defender, and it works well. That said, I was not sure and still am not sure how well it will protect the servers if there is any ransomware attack on the network.
How was the initial setup?
It’s very easy to implement the solution. It’s not complex at all. I’d rate it a five out of five in terms of ease of implementation.
For me to implement across eight servers, it took maybe a day. Two days at a maximum.
It’s on the cloud and therefore doesn’t require maintenance.
What about the implementation team?
They did the implementation. However, I installed the agent. Everything and the configuration were already set. They just guided me through how exactly it was set up. They did the walk-through of the complete product, and that's it.
What was our ROI?
We’ve already seen a 100% ROI even after just a few months. I’d rate it five out of five.
What's my experience with pricing, setup cost, and licensing?
We pay to license every year. However, I’m not sure of the pricing. They might cost $100 each. It’s reasonably priced. I’d rate it four out of five in terms of affordability.
Which other solutions did I evaluate?
I did compare it to other solutions and found this product to be more compatible with more operating systems.
What other advice do I have?
We are using the latest version of the solution.
I highly recommend the solution to others.
We’re just customers.
I’d rate the solution nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Engineer at Infoprive
Easy to set up with great AI and helpful technical support
Pros and Cons
- "The product can scale."
- "I'd like to see more documentation."
What is our primary use case?
We primarily use the solution for EDR to protect critical devices.
What is most valuable?
The AI feature is great, as are its automatic features. The solution can scan for malware easily. And then the ransomware protection is excellent.
It's pretty easy to set up.
The technical support is great.
The product can scale.
What needs improvement?
The solution just needs to step up and take on other solutions. Some are a bit stronger in comparison.
My improvements have been qualitative. For example, previously they didn't have a mobile device solution. However, two months ago, or three months ago they released the mobile version. Previously, they could only cover Linux, Windows, and macOS. However, two months, three months ago roughly, they start supporting mobile devices.
I'd like to see more documentation.
SentinelOne documentation is only available to partners or people who own SentinelOne. There is no public documentation of SentinelOne. With other EDRs you can literally fix your problem by going to the documentation publicly. There is always public documentation. However, with this product, public documentation is hidden from subscribers. If you Google some SentinelOne issue, you don't find any answers. There needs to be more public information about the product.
We added some sessions with a customer to go through testing, including a UAT session and testing session of the solution, and the customer listed some things they wanted to see in the solution.
For how long have I used the solution?
I've been dealing with the solution for 14 months.
What do I think about the stability of the solution?
Overall, the solution is between 90% and 95% stable. Sometimes it causes a blue screen and causes the device to crash. It causes servers or computers to crash. That's a huge gamble. You could install SentinelOne on your computer and if you do, there's the risk that your production machine could go down when SentinelOne came on. Stability is a gamble for SentinelOne. There's more chance of crashing your computer. And the only solution when that happens is to go and install it through safe mode.
What do I think about the scalability of the solution?
The product is actually scalable.
Our customers are small, medium, and enterprise companies. We support all of them, both small and medium enterprising arms.
How are customer service and support?
SentinelOne technical support is awesome. If there is a five-star option, I'd give them six stars. They give good support.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I'm also working with CrowdStrike Falcon. I have worked with Carbon Black as well. SentinelOne is better than Carbon Black.
The priority of EDR before any complex feature is the ability to detect and then prevent malware attacks. That will be main reason of an EDR. SentinelOne does a very good job of detection of online threats. Once you get targeted by a ransomware attack, SentinelOne will notice that. Carbon Black doesn't do that.
How was the initial setup?
The implementation process is pretty easy.
What's my experience with pricing, setup cost, and licensing?
The pricing is reasonable. I'm an engineer and therefore can't speak to exact pricing.
What other advice do I have?
We're a partner.
We sell SentinelOne. We implement and deploy. We have a partnership, basically.
I'd rate the solution eight out of ten.
My advice to other users is if you are going to any solution out there, number one is to make sure if there are issues tey can be easily fixed. With this product, you won't have to have a problem going for three months unsolved or going for two months unsolved.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Field Technician at Sonrise Technology Solutions
The threat timeline feature gives a breakdown of the files and network connections
Pros and Cons
- "I have found the activity timeline and threat analysis to be particularly useful."
- "I would like to see something a little more sophisticated than simply being able to mark a false positive as safe or there's usually just one or two options in certain areas and they're a little rudimentary at this stage."
What is our primary use case?
We're a managed service provider, so it's MSP for our clients.
What is most valuable?
I have found the activity timeline and threat analysis to be particularly useful.
What needs improvement?
The automation of certain features could use improvement. For example, it seems common sense to me that if a threat was executed out of a task in your task scheduler that part of neutralizing the threat would be removing that task from the scheduler.
I would like to see something a little more sophisticated than simply being able to mark a false positive as safe or there's usually just one or two options in certain areas and they're a little rudimentary at this stage.
What do I think about the stability of the solution?
In terms of stability, I've seen some issues with the deployment or decommissioning not working the way it's entirely supposed to. I've seen the same thing with other managed antivirus so it's nothing I consider unusual. Occasionally I have to go and clean up an installation or an installation that didn't go off cleanly.
What do I think about the scalability of the solution?
The scale we operate at is pretty small. We've got less than 100 endpoints on this at the moment. Currently, I only have about 80 users.
Which solution did I use previously and why did I switch?
We still use our traditional antivirus packages, Vipre and Bitdefender, depending on the customer and their use case.
How was the initial setup?
The initial setup took a little bit of orientation but nothing I would consider unusual for learning a new product like this. The deployment did not take very long at all. From the time when we were introduced, got registered for all the different related sites and services it only took a couple of weeks before we could deploy without really needing to think about it. It was pretty simple.
What other advice do I have?
I would advise someone considering this solution to make sure that you leverage the features. It's particularly very useful in sites such as the threat timeline where it gives you a breakdown of the files and network connections.
Call the SOC, the Security Operations Center, with questions. They're always proactive and very helpful but do not rely on the automation to do everything for you. I had an instance where just glancing at the activity timeline, it was very obvious to me there was something traversing the customer's network. There was an infection that was at least partially taking hold and it was worming its way through their network and I would think that the Security Operations Center should see. If they're seeing multiple infections at the same site they should have the same inference happen and call us and notify us and do something about it. That required manual intervention and it would've been nice to get an earlier notice on it without manual review of activity by myself.
I would rate SentinelOne an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Senior Manager INFOSEC AND Risk ASSESSMENT Engineering at Atlas Systems
Beneficial ransomware blocking, simple deployment, and easy to use
Pros and Cons
- "SentinelOne Singularity has hundreds of features. The most valuable feature of the solution is the ease of use and threat control."
- "The training for SentinelOne Singularity should be free. The solution has a lot of features but we do not know how to use them all. The moment someone purchases the solution they should contact them and provide them with a feature session on how to use the features."
What is our primary use case?
We use SentinelOne Singularity for cybersecurity. For example, ransomware protection. It protects our network against the latest cybersecurity threats, continuous monitoring, and real-time checks of our network.
There are many things that we consider in a solution, such as how often it updates and does patches, and what issues are there in the network or on the desktop or OS. If any patch is missing, it should inform me and send me CVSS and CVSE scoring of my threat perspective.
What is most valuable?
SentinelOne Singularity has hundreds of features. The most valuable feature of the solution is the ease of use and threat control.
What needs improvement?
The training for SentinelOne Singularity should be free. The solution has a lot of features but we do not know how to use them all. The moment someone purchases the solution they should contact them and provide them with a feature session on how to use the features.
When we connect the solution to our patch management system they should explain to us how to do it. Additionally, it should be notifying me what patch is missing in my system.
For how long have I used the solution?
I have been using SentinelOne Singularity for approximately six months.
What do I think about the stability of the solution?
SentinelOne Singularity is stable.
What do I think about the scalability of the solution?
We have approximately 250 users using this solution in my organization.
How are customer service and support?
I have used the support team from SentinelOne Singularity.
I rate the support from SentinelOne Singularity a four out of five.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We used two solutions for the comparison, CrowdStrike and McAfee. We did do tests before going to SentinelOne Singularity in many areas, such as ease of use, technical comparison, scanning capabilities in terms of cybersecurity perspective, and ransomware protection. Ransomware blocking is a better feature in SentinelOne Singularity.
We have a team of people who have a set of parameters that we use to scan all these tools. They perform comparisons on each and every aspect and SentinelOne Singularity scored better.
How was the initial setup?
The deployment of SentinelOne Singularity is straightforward and very easy. The whole process of deployment took four hours.
What's my experience with pricing, setup cost, and licensing?
When it came to the price compared to other solutions we tested, SentinelOne Singularity gave us the price of our expectations whereas CrowdStrike could not.
What other advice do I have?
First-time users of this solution should prioritize what they want to protect, and establish if they have the expertise to maintain it. The solutions don't require any high-end expertise to be deployed or maintained but a normal IT system administrator is needed to do it.
I would recommend this solution to others.
I rate SentinelOne Singularity a nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Software Engineer at a healthcare company with 51-200 employees
Lets us centrally manage our active endpoints
Pros and Cons
- "It delivers the type of security which we were hoping for, since we have a lot of different endpoint users utilizing different types of software. We have people who only use Office software, like email, Word, and PDFs. Then, we have people who use some applications that other people wrote. We also write applications in-house using people who develop software. Therefore, we have some machines using very high-end developer software for mechanical development, electronic development, and software development. Those users are used to managing their PC on their own. The centralize platform allows us to differentiate between those three groups of people. We have overall control and can oversee the security levels at all the endpoints. They have not yet been blocked in any way when performing the functions"
- "We have had one or two occasions when we had to roll back off our Windows machine. Then, we had an issue with SentinelOne where we couldn't let the client make contact with the cloud service anymore. Therefore, the integration with the Windows Service Recovery could be improved in the future."
What is our primary use case?
We are a company with several types of PC users. Our office ranges from marketing to sales, and we also have people who are remote on laptops all over the world, as well as an R&D department. Those people use PCs in different ways.
We wanted a platform that has ways of dealing with various kinds of users, but we also wanted a central management so we could overview the state of all our endpoints with one view.
We use the central cloud interface to manage all our endpoints.
We only use it on Windows machines.
How has it helped my organization?
It delivers the type of security which we were hoping for, since we have a lot of different endpoint users utilizing different types of software. We have people who only use Office software, like email, Word, and PDFs. Then, we have people who use some applications that other people wrote. We also write applications in-house using people who develop software. Therefore, we have some machines using very high-end developer software for mechanical development, electronic development, and software development. Those users are used to managing their PC on their own. The centralize platform allows us to differentiate between those three groups of people. We have overall control and can oversee the security levels at all the endpoints. They have not yet been blocked in any way when performing the functions.
I have one instance where we had a trigger of an attack. Luckily, it appeared to be in an unregistered program created a lot of threats by renaming files. This was something that the employer developed by his own. This was an unknown program that generated a lot of threats to very quickly rename a thousand files. However, it was not an actual attack, but the behavior of that program was such that the AI protection of SentinelOne kicked in and alarmed us of a possible attack. One of our employees created a program just for his benefit. It had exactly the same behavior as a ransomware attack would have had, then it kicked in. This is why I'm confident that SentinelOne will also detect real ransomware actions. That is the only one instance where I encountered the Behavior AI software kicking in.
We haven't had any real attacks over the last year. We did have some intrusions mainly from suspicious files that people were getting via their browser and some attachments that I tried to open with double extensions. Luckily, in the last year, we haven't had any actual attacks.
The effectiveness of the solution’s distributed intelligence at the endpoint is 100 percent. We haven't had any incidents break through. We only see a very small reduction in PC performance.
What is most valuable?
The main reasons that we use SentinelOne are the antivirus and Behavioral AI protections. We have this solution centrally managed to see what endpoints are active, along with the latest software protection running. It also provides us external control, so we can block machines remotely, even if they are in another country, because we have account managers all over the world. All these features together protect us against strange behavioral programs.
SentinelOne's one-click, automatic remediation and rollback for restoring an endpoint is very handy. We had some issues with programs that were unknown by SentinelOne, then marked as suspicious and quarantined, because we also develop software ourselves and have software packages that were compiled in 1995 and don't conform to the normal rules. SentinelOne always marks those packages as suspicious because they do something different than they should when you compile them with current libraries of Windows, etc. Therefore, we had some interventions of SentinelOne where you can easily whitelist them and rollback the quarantine action so people who use those old-fashioned programs could easily continue with their work.
This was only an issue during the first month when we rolled out the software, then it starts doing scans mainly on the R&D PCs, which was our great concern. Normal office use is fairly straightforward, but when you develop software (and we also develop software to communicate with our embedded systems), then the demands are a bit different. However, until now, we have been very happy with it.
What needs improvement?
We have had one or two occasions when we had to roll back off our Windows machine. Then, we had an issue with SentinelOne where we couldn't let the client make contact with the cloud service anymore. Therefore, the integration with the Windows Service Recovery could be improved in the future.
For how long have I used the solution?
We have been using it for about a year now. We rolled it out in December 2019.
What do I think about the stability of the solution?
All the endpoints are running without problems. It is very stable. We have deployed several versions of agents. I haven't encountered any issues, apart from when that rollback occurred, and the SentinelOne agents were locked out of the cloud platform, and the only way to retrieve that was by installing it again by hand.
Up until now, SentinelOne's effectiveness has been 100 percent.
What do I think about the scalability of the solution?
We are a relatively small company with about 80 employees. Most things are offsite. We do not use automated things very much.
There are four users from the admin side.
Together with another colleague, we chose SentinelOne, then tested and deployed it. A few other colleagues have monitoring views in SentinelOne, e.g., if a site has to be whitelisted.
How are customer service and technical support?
I had one issue that I brought up with customer support. They delivered a solution in about two hours. It was related to the issue with the agent. I just issued an email, and in about an hour, the problem was solved. I was delivered a good solution: an uninstalling procedure and how to go about it. That's the only thing that we needed it, and the only time we needed the technical support.
Which solution did I use previously and why did I switch?
Before this solution, we used McAfee, which was not enough for our use. Then, SentinelOne came into the picture. It not only had static virus checking (antivirus), but it also had the Behavioral AI features, like triggers, that we could investigate.
The McAfee solution that we had was more demanding, more expensive, and had less functionality. Three to four years ago, we had an incident with ransomware, and it wasn't detected at the time by the McAfee on all the points. There were two points that were affected. Since it wasn't noticed by the McAfee. we were considering other software solutions from that point on.
SentinelOne offered a good solution, which is the main reason that we went with them. It was easy to manage, although we didn't use McAfee the way we use SentinelOne right now. McAfee was incorporated in our company about 20 years ago, so we probably didn't use all the facilities that McAfee can offer now.
SentinelOne made us a good offer, especially regarding the Behavioral AI aspect of the protection. Therefore, we just wanted to see what they could offer us. After a year, we are still very satisfied.
SentinelOne had a smaller footprint, both in resources and time-wise, as in load, than the McAfee solution that we had previously.
How was the initial setup?
The initial setup was fairly straightforward. It was very easy to start up. You didn't have to go into a lot of documentation to roll it out. We used the management from the central platform, not our own central platform on-premise, and did it on the cloud version. This way, it could be delivered and updated remotely.
The deployment took a week. We deployed it to about 90 endpoints.
What about the implementation team?
We just had a discussion with the SentinelOne service provider onsite. He gave a revision of how SentinelOne should be deployed along with some examples. Before we deployed it to the entire company, we had a testing time of about two months.
What was our ROI?
SentinelOne has reduced incident response time. The two main pillars that SentinelOne helps us with:
- Central management: I can ensure management that if there is a breach all the machines and endpoints are up-to-date and protected.
- SentinelOne allows us to switch off an endpoint remotely, which we could do previously. Most people are on-premises, but there are 15 to 20 people all over the world with laptops connected everywhere.
It saves a few hours a week for one person, because you can see the statuses of all the machines in one place.
What's my experience with pricing, setup cost, and licensing?
It was cheaper than McAfee, which was a way to convince management to go with the solution.
What other advice do I have?
At the moment, we are very pleased with the solution.
We saw the Storyline technology briefly. However, the Storyline is only when you have actual attacks, and they are not caught in the beginning. Most of our attacks were caught just by static recognition of the files, so there was no story because the file was not allowed to activate. In the beginning, we did some fake file checks in an enclosed surrounding and in a CM setup, which is how I saw the Storyline facilities, but we don't use it.
I would rate this solution as a nine (out of 10).
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
CIO at a manufacturing company with 1,001-5,000 employees
For the first time we have global knowledge of what's happening in all of our subsidiaries
Pros and Cons
- "One of the features that convinced us to adopt SentinelOne was that the solution can recognize and respond to attacks with or without a network connection. That is very important."
- "Generally, the stability is good, but I would like to see better stability from the solution. The stability issue is partially a con of a behavioral-based product, but being behavioral-based, it also has a lot of pros."
What is our primary use case?
We were looking for an EDR solution to get the best protection available, especially against ransomware. For us, any EDR solution needed to be supported by a 24/7 SOC.
We deploy it on-premise, in all of our factories and branch offices, worldwide.
How has it helped my organization?
Security operations have been improved as SentinelOne is easier to manage and update compared to most traditional anti-malware products. It enables us, for the first time, to have global knowledge of what's happening in all of our subsidiaries. Previously, each of them had a local antivirus solution.
What is most valuable?
- Easy to install and update
- Management Console in the cloud
- Ability to partition it in "sites" (our subsidiaries) with local site admin
- Overall good quality protection
Also, in terms of impact on the endpoint, we carefully manage endpoints for specific purposes (such as for connection to industrial machines) to avoid the false positives that are quite typical in a behavioral engine like SentinelOne. But generally, the impact is quite low, and the Management Console and SOC support allow us to check if everything is working properly or not.
In addition, one of the features that convinced us to adopt SentinelOne was that the solution can recognize and respond to attacks with or without a network connection. That is very important.
For how long have I used the solution?
We started to install SentinelOne on the first endpoints in August of 2019.
What do I think about the stability of the solution?
Generally, the stability is good, but I would like to see better stability from the solution. The stability issue is partially a con of a behavioral-based product, but being behavioral-based, it also has a lot of pros.
What do I think about the scalability of the solution?
The scalability is good. At present, I can't see scalability limits.
We have SentinelOne installed on almost 1,700 endpoints and have one main admin for deployment and maintenance and about 20 local site admins.
We have some factories and branch offices where the solution is not yet installed. We hope to complete most of them by the end of this year and, by then, have it installed on about 2,300 endpoints.
How are customer service and technical support?
Support is quite fast to solve problems. The SOC is very good and really operates 24/7. When necessary, they contact SentinelOne support directly and their replies, generally, are quite fast.
Which solution did I use previously and why did I switch?
We used traditional antivirus solutions. None of them could stop ransomware attacks and that's the main reason we choose SentinelOne.
In terms of the time it takes for SentinelOne to catch malware compared to our previous platform, the results are similar, with an advantage of SentinelOne being its discovering of Zero-day threats and ransomware.
A SOC provider showed us the product, and we worked out a global agreement for EDR and SOC with them.
How was the initial setup?
The initial complexity was mainly related to finding the right exclusions to avoid false positives, especially with endpoints running technical and industrial software.
The rollout in our main company, with about 600 endpoints, was completed in about three months, including the initial fine-tuning for the AI engine.
In terms of our deployment strategy, in the first company where we installed SentinelOne, we chose to maintain our traditional antivirus product, and run SentinelOne together with it. The decision came about because we were not initially confident with SentinelOne. When we deployed it later to all of our subsidiaries, SentinelOne replaced the local antivirus solution.
What about the implementation team?
Main support was provided by the SOC company, working together with our IT Staff.
What was our ROI?
We have seen a good ROI about the SOC service and the product.
What's my experience with pricing, setup cost, and licensing?
The solution's price/performance ratio is reasonable.
In addition to the standard licensing fees there is, of course, the SOC service fee.
Which other solutions did I evaluate?
We evaluated main SOC companies and the solutions they provide. Most of them required a SIEM platform but not specifically an EDR solution. In the end, we chose the best and most affordable combination of SOC and EDR.
What other advice do I have?
My advice is to start with a few endpoints and become comfortable with SentinelOne, and test the exclusion rules for endpoints running specific software.
At present, it looks like the most advanced EDR solution on the market, but I think we have to stay tuned to the market and to what's happening in cybercrime, as 100 percent security doesn't exist.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Endpoint Detection and Response (EDR) Endpoint Protection Platform (EPP) Anti-Malware Tools Extended Detection and Response (XDR)Popular Comparisons
CrowdStrike Falcon
Microsoft Defender for Endpoint
Fortinet FortiEDR
Cisco Secure Endpoint
Splunk Enterprise Security
Microsoft Defender for Cloud
Fortinet FortiClient
Cortex XDR by Palo Alto Networks
Microsoft Defender XDR
IBM Security QRadar
Elastic Security
Symantec Endpoint Security
Trend Micro Deep Security
Buyer's Guide
Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the biggest difference between Carbon Black CB Defense, CrowdStrike, and SentinelOne?
- Which is better - SentinelOne or Darktrace?
- What do you recommend to choose when replacing Symantec EDR: SentinelOne or CrowdStirke Falcon?
- Cortex XDR by Palo Alto vs. Sentinel One
- Which solution do you prefer: CrowdStrike Falcon or SentinelOne Singularity Complete?
- Does SentinelOne have a Virtual Patching functionality?
- What is the biggest difference between EPP and EDR products?
- What is the difference between EDR and traditional antivirus?
- What is your recommendation for a 5-star EDR with low resource consumption for a financial services company?
- Which is the best EDR for a logistics company with 500-1000 employees?