SentinelOne Singularity Complete Reviews

There are four use cases:

1. Endpoint visibility.
2. Endpoint protection, which includes detection, protection, and error response. We use this for protection endpoints as well.
3. Provides historical loss of any events or changes in files that may have happened in the last 90 days.
4. Threat hunting, which we use to troubleshoot applications.

There are different versions. The SaaS portal has a different version. The agents for each operating system have a different version. For the SaaS platform, we are on the current release. For the agents, we are one behind the current GA release.

We have another tool for network analysis. Last night, it detected some suspicious network activity for a machine that was making an outbound action to a spacious external entity. So, it raised an alert. Other than being a network tool, it couldn't provide any information as to why it suddenly started doing this. As far as response and running through our playbook, the first steps were for the SOC to go and reach out to our engineering teams to see if any users caused what happened. That took them almost until the end of the day. Finally, they came back, and said, "There is nothing that we can see." Then, I went into SentinelOne, spending about 15 minutes, and was able to determine exactly:

• What process caused the activity.
• The reason for it. 
• The user.
• The command line running that caused it.
• What addresses it tried to communicate out, since the network tool wasn't able to capture all the IP addresses. 

We were able to determine it was a process that one of our engineers had set up and forgot about. It took us almost an entire day for the SOC to get a response from a person on that. Whereas, we were able to get that information directly from SentinelOne in less than 15 minutes.

SentinelOne's automation has increased analyst productivity. It can automate actions on a threat, such as, kill/quarantine, remediate, and then roll back. All those automation processes have significantly helped us in making our SOC more effective.

All the features are valuable. Their core product, EDR, is pretty good. We utilize the entire functionality of the feature set that they have to offer with their core product. For EDR, we are using all their agents: the Static AI and Behavioral AI technologies as well as their container visibility engine.

We use SentinelOne’s Storyline feature to observe all OS processes quite routinely. When we want to know a bit more details about any threats or want to investigate any suspicious event types, that is when we use the Storyline quite a bit. Its ability to automatically connect the dots when it comes to incident detection is useful. It significantly simplifies the investigation and research related to threats.

Today, we automatically use Storyline’s distributed, autonomous intelligence for providing instantaneous protection against advanced attacks for threat detection. The AI components help tremendously. You can see how the exploits, if any, match to the MITRE ATT&CK framework, then what actions were taken by the AI engine during the detection process or even post detection actions. This is good information that helps us understand a little about the threat and its suspicious activities.

We use the solution’s one-click remediation for reversing unauthorized changes. In most of the groups, we have it automatically doing remediation. We seldom do manual remediation.

There is an area of improvement is agent health monitoring, which would give us the ability to cap and manage resources used by the SentinelOne agent. We had issues with this in our environment. We reached out to SentinelOne about it, and they were very prompt in adding it into their roadmap. A couple of months ago, they came back to us and got our feedback on what we thought about their plan of implementing the agent health monitoring system would look like, and it looks pretty good. So, they are planning to release that functionality sometime during the Summer. I have been amazed with their turnaround time for getting concepts turned into reality. 

We have been using SentinelOne since early 2020.

It has been very stable. There have been no issues so far.

One person is needed for maintenance (me).

It is scalable with the caveat that we have had some challenges within our infrastructure for 20 agents across Linux servers. Beyond that, scalability is not an issue.

8,000 to 9,000 people are using the solution across our entire organization.

We are using SentinelOne as our de facto endpoint protection software. As a result, it is a requirement for every machine in our infrastructure, except for the devices that do not support their agents. So, as our infrastructure continues to grow or shrink, the users of SentinelOne will either increase or decrease, depending on the state of our infrastructure at that specific point in time.

The technical support is good and very responsive. 99.99 percent of the time, they have been able to provide satisfactory responses. Whenever we have asked them to join a call that requires their assistance on a priority basis, they have been able to join the call and provide assistance. Whenever they felt that they do not have enough information, they were upfront about it, but they realistically cannot do anything about it because there is a limitation on either SentinelOne agent software or deeper logs would need to be captured in order to provide more information. There has been no situation where support provided an unsatisfactory response.

We were previously using Sophos. The primary reason that we switched was Sophos did not provide us the extended capabilities we needed to support our infrastructure, both on-prem and on the cloud. Sophos did not support any of the Kubernetes cluster environmental containers systems on the cloud. It did not have the advanced AI engines that SentinelOne does. Overall, Sophos was very bulky, needing a lot of resources and a number of processes. In contrast, SentinelOne was thinner, very lightweight, and more effective.

The deployment and rollout of SentinelOne are pretty simple. In our environment, we deployed the agents, then we had to remove them from some of the machines because the agent was impacting the performance of those machines. At that time, we found out it wasn't the SentinelOne agent rather an underlying issue on our own system or even the environment that it was in. We had to take SentinelOne out to troubleshoot the root cause, which delayed us a bit in rolling it out to our other infrastructure. That was completely fine. Looking at it from a global and world perspective, the rollout was very simple. 

About 6,000 to 7,000 endpoints took us six to seven months to deploy. Linux took a bit longer to deploy because the tools are not as good for deployment as what is available for Windows and Macs. Using a script, we were able to take care of that. However, we could only do that during maintenance windows, otherwise we couldn't deploy the agents without an approval change.

We did the implementation ourselves. We have several teams responsible for each area:

• Two to four people for workstations. 
• Two people for a retail environment
• Two people for the server infrastructure. 

This provided resource continuity. In case one resource would be unavailable for any reason, then the other resource would be able to continue. Essentially, the deployment needed three people, but we had six for continuity.

We saw a return of investment during the first year. We far exceeded our ROI expectations, meeting our ROI expectations within the first year.

The Storyline feature has significantly affected our incident response time. Originally, what would take us hours, now it takes us several minutes.

From an overall perspective, it has reduced our mean time to repair in some cases to less than seconds to a maximum of an hour. Before, it would take days.

The licensing is comparable to other solutions in the market. The pricing is competitive.

We subscribe to the Managed Detection and Response (MDR) service called Vigilance, which is like an extension of our SOC. Vigilance's services help us with mitigating and responding to any suspicious, malicious threats that SentinelOne detects. Vigilance takes care of those. 

We also pay for the support. The endpoint license and support are part of the base package, but we bought the extended package of Vigilance Managed Detection and Response (MDR) services.

Sophos was eliminated very early on in the PoC process. Then, we looked at: 

• SentinelOne
• FireEye
• CarbonBlack
• CrowdStrike. 

Out of these solutions, we selected SentinelOne. Their ability to respond quickly in terms of feature functionality was the biggest pro as well as their fee for agents in the cloud. The other solutions' interpretation of a cloud solution did not match with our expectations. From an overall perspective, we found SentinelOne's methodology, its effectiveness, its lightweight agents and their capabilities far exceeded other solutions that we evaluated.

SentinelOne had the highest detection rates and the ability to roll back certain ransomware, where other solutions were not even close to doing that.

It is a very good tool that is easy to deploy and manage. The administration over it is little to none. However, depending on the environment and whoever is trying to deploy the agents, they should test it with the vendor environment before they go and deploy it to production. The reason why is because SentinelOne has the ability to be tuned for optimization. So, it is better to understand what these optimizations would be before deploying them to production. That way, they will be more effective, and it will be easier to get buy-in from the DevOps team and the infrastructure team managing the servers, thus simplifying the process all around. Making the agents and configurations optimized for specific environments is key.

The Storyline feature has affected our SOC productivity. Though, we have yet to fully use the Storyline feature in a SOC. We are using it on a case-by-case basis. However, as we continue to deploy agents throughout our infrastructure and train our SOC to use the tool more effectively, that is when we will start using the Storyline feature a bit more. Currently, this is on our roadmap.

I am very familiar with the Ranger functionality, but we haven't implemented it yet for our environment. Ranger does not require any new agents nor hardware. That is a good feature and functionality, which is helpful. It can also create live, global asset inventories, which will be helpful for us. Unfortunately, we have not yet had an opportunity to roll that out and capture enough information from our infrastructure to be able to maximize the effectiveness of that functionality. We are still trying to get SentinelOne core services fully deployed in our environment.

Now that we have SentinelOne, we cannot go without it. 

Compared to other solutions in the market, I would rate it as 10 out of 10.

Our organization is leveraging SentinelOne Singularity Complete to achieve a comprehensive endpoint security solution. This involves utilizing SentinelOne's EDR functionality across all our endpoints, including IT, OT, and legacy systems. By integrating additional log sources, we're expanding to XDR which will further enhance threat detection, investigation, and response capabilities. This enriched data will also enable the creation of custom workflows to streamline security operations and improve the overall effectiveness of SentinelOne alongside existing security solutions like Office 365, proxy servers, and firewalls, allowing for better correlation and incident response.

Our previous antivirus solution wasn't strong enough to keep up with the growing number and complexity of cyberattacks. Traditional antivirus struggles to monitor all endpoint processes and activities. SentinelOne Singularity Complete addresses this issue with its Endpoint Detection and Response capabilities. EDR collects comprehensive endpoint data and stores it centrally, allowing us to monitor all running processes, identify evolving threats and their techniques, and take appropriate action. Additionally, SentinelOne's built-in AI and ML can detect suspicious behavior that traditional antivirus solutions might miss, providing advanced protection against modern cyberattacks.

Our organization utilizes a two-pronged approach to cybersecurity with SentinelOne. On-premises, SentinelOne Singularity Complete safeguards our sensitive big data that never leaves our network. Additionally, we leverage the cloud-based SentinelOne SaaS solution for further protection.

SentinelOne offers a marketplace that expands its XDR capabilities. This marketplace allows for seamless integration with various security solutions, including Azure AD, email gateways, threat intelligence platforms, firewalls, and proxies. By integrating these tools, we can create automated response playbooks within the XDR platform, streamlining our security posture.

SentinelOne Singularity Complete excels at gathering and analyzing data from various security solutions. Its built-in marketplace offers over 120 connectors that automatically ingest logs, enabling correlation and better incident response through custom workflows. This integration streamlines security operations by minimizing manual effort and allowing security personnel to focus on faster remediation.

We leverage Ranger to secure our raw networks and functionalities that SentinelOne has limited coverage for. Additionally, we actively search for vulnerabilities in our systems.

Ranger is a valuable tool for improving network and asset visibility. It helps us identify gaps in our coverage by highlighting raw networks and unmonitored endpoints. These blind spots represent areas where we lack agent deployment, and Ranger essentially acts as a roadmap for prioritizing where to install them for a full view of our environment.

Ranger has a seamless integration process. From the console, we enable Ranger, triggering the installation of a lightweight agent on our endpoints. This agent then monitors traffic to identify coverage gaps and potential vulnerabilities within our system.

Integrating all log sources and creating a custom workflow will streamline analyst workloads. This will automate most of the basic tasks currently handled manually, freeing up the team for other projects. The analysts performing investigations and remediation will see a significant reduction in time spent on repetitive tasks.

Since implementing SentinelOne Singularity Complete, our mean time to detection has been drastically reduced, going from two full days down to just ten minutes each month.

SentinelOne Singularity Complete has reduced our mean time to remediation.

SentinelOne Singularity Complete has been a valuable asset in reducing our organization's security risks. Its features, including device control and firewall management, provide us with the tools we need to effectively manage and secure our endpoints.

SentinelOne offers several valuable features for threat detection and response. Correlation, static analysis, and other detection engines work together to identify and address security issues. Additionally, the STAR Rules feature allows us to create custom alerts based on specific attacker behaviors or indicators of compromise. This empowers us to not only respond to built-in threats but also proactively detect and prevent emerging ones by defining custom actions for abnormal activity. In short, SentinelOne goes beyond native threat detection, offering customization to tackle even the newest threats.

SentinelOne Singularity Complete needs more connectors for integration with more solutions.

It seems there are currently two separate installers for the same device, one in MSI format likely for Windows and another in a potentially custom EXP format. Ideally, these could be combined into a single installer. If that's not feasible, the EXP format could be used as a self-extracting archive that automatically installs the software using the MSI installer. This would eliminate the need for two separate agents and provide a more streamlined installation experience.

SentinelOne endpoint protection enters a reduced functionality mode during certain resource-intensive events. This mode temporarily limits some features and may require a machine restart. In some cases, the agent might even get disabled. To restore full functionality, we need to re-enable the agent and reboot the machine, which can be inconvenient. Ideally, SentinelOne should improve its handling of resource usage to avoid these disruptions.

The technical support response time has room for improvement.

I have been using SentinelOne Singularity Complete for three months.

The current version of SentinelOne Singularity Complete is stable.

SentinelOne Singularity Complete is highly scalable.

The technical support response time is slow.

Positive

Our previous antivirus solution, Symantec Endpoint Security, struggled to keep up with evolving cyber threats. Additionally, integrating it with other security tools proved to be a slow and cumbersome process. Since switching to SentinelOne, we now benefit from seamless integration with various log sources and other security solutions, enabling a more holistic and responsive security posture.

The initial deployment was straightforward and took four months to complete in our large environment but it was not complex to onboard the machines based on our policies.

Four people were required for the deployment. 

While the cost of SentinelOne Singularity Complete might seem high at first glance, it's important to consider the value it offers. This helps to average out the cost.

I would rate SentinelOne Singularity Complete nine out of ten.

SentinelOne Singularity Complete offers a comprehensive security solution for cloud workloads and endpoints. While it excels at covering all these areas, it could benefit from more granular control and further enhancements. The ability to extend its protection to cloud security or cloud servers, similar to CSPM tools, would be valuable for taking action within cloud or microservice environments.

Maintenance is required for updates.

SentinelOne is a good strategic security partner.

Before implementing SentinelOne Singularity Complete, it's crucial to understand how it will integrate with your existing systems. This ensures compatibility and avoids any unintended consequences. Make sure to create exclusions for any applications that might conflict with SentinelOne to prevent disruptions.

It is our primary software platform for endpoint detection and response and vulnerabilities.

Our overall fleet posture and our security have increased a lot. It is much easier to get the agents out onto machines no matter what their operating system is, and it gives equitable reports back no matter what our platform is.

So far, it is one of the most interoperable applications and platforms that I have seen. There is the ease of bringing things in with the marketplace and the willingness of the company itself to work with you to help you address anything that they do not currently have.

Singularity Complete has helped free up our staff for other projects and tasks. Being new in the department for a year and a half, I am not the one to say how much time it has saved, but it has made my life easier by several hours a week. It gives me a straight line and a story for what I am looking for, so I can quickly identify whether something is to be expected and just a false positive or if it is actually a problem. Usually, when it is a problem, SentinelOne would have already mitigated it.

Singularity Complete has absolutely helped reduce alerts. It has drastically reduced alerts across the board. There is a 40% to 60% reduction. This reduction is because it is tunable. It is very tunable, and you can tweak it to meet your needs where you are not just stuck with what a manufacturer or a software developer said in terms of the alerting that you are going to get.

Singularity Complete has definitely helped reduce our organizational risk. Our risk score has gone down by 15% to 20%. We have better coverage and better insight into what is being covered.

Singularity Complete has probably saved us costs. I do not have enough insight into those budget numbers, but they keep adding things to it, so my guess is that it has saved us costs.

SentinelOne is one of our most important partners. The help that we get from their engineers, success team, and support really and truly has been unparalleled.

I am going to be a little biased because I am a Mac guy. I have been a Mac guy for twenty years, and the feature parity and the capabilities of a Macintosh agent are unparalleled in the industry. It is the first anti-malware and antivirus that does not make you feel that you bought the wrong processor. It is really good and lightweight. 

It seems like they are doing a lot with their automatic updates. They can maybe slow down the actual release cycle to make it easier to deploy the most recent and then do it using the live update. They can continue to work on that because trying to get agent changes through change management platforms and get approvals and testing can be quite difficult.

I have been using Singularity Complete for three years.

I am blown away by their support. Every time I reach out to my customer service manager, they are returning questions after hours. You do not see that from a lot of companies. I would rate their support a 10 out of 10.

Positive

We were not officially using a similar solution. We had other products that we were using, but we did not have a full solution like SentinelOne. We were using multiple things. One of them was McAfee. We switched because they got bought by Trellix, and nobody knew what was going to happen with them. That was our most recent one and what I am most experienced with.

I was involved in its initial deployment. I packaged the Jamf mobile device management installation package for our Macs. As far as security products go, it was the easiest one. The instructions were great. They were aligned with the vendor, which is something not common. Usually, it is like, "Here is what you have to do with your vendor." SentinelOne took that extra step, and it deployed right out of the box.

We have on-premises, public cloud, and private cloud deployment. Our cloud provider is primarily AWS, but we also have a little bit with Google and Mandiant, so we have a hybrid cloud. We are in the middle of a migration. The cloud is fairly new for us, and securing it has been a priority.

We have our deployment segregated on endpoint types, but our entire organization has it.

We did it directly on our own. We rolled it out very quickly. We had been dealing with McAfee before it, so this was like a breath of fresh air.

We had two or three people working on it, so it went out very smoothly.

I believe we have seen an ROI. If nothing else, the investment that they are making, as analysts, engineers, and architects, we feel that we can get more done in SentinelOne and have a better stance overall for our organization. 

They evaluated a lot, but that was before I was in the department, so I do not know exactly which ones they did.

I would advise listening to your sales engineers and letting them give you ideas because SentinelOne can do things that you have no idea about.

For next-generation platforms, it is at the top of what is a small stack right now, and that puts them ahead of a lot of other people.

I would rate it a 10 out of 10. It has been fantastic for us.

We use it for endpoint protection. It's an active EDR endpoint protection tool. Think of it as an antivirus and endpoint protection solution with machine learning, like McAfee on steroids.

In our company it is deployed in 83 countries and on over 40,000 workstations and servers.

It provides incredible visibility in a single pane of glass. The dashboard gives me visibility over all the endpoints, which are broken down by country, and then broken down within each country by brand and machine type. It provides a very simple way for me to understand if

• we're being targeted globally
• my endpoints are actively being attacked
• we have outstanding issues in any one region
• we have malicious activity.

In addition, it logs to my SIEM tool, cloud-natively, which makes it a very effective weapon to help diagnose and remediate any potential bad actors in my environment.

The Behavioral AI feature for ransomware and anti-malware protection does an outstanding job of identifying abnormal behavior patterns in my environment. Once we allowed it to sit in learning mode for about 30 days, we switched all our endpoints into what is called Protect mode, instead of Detect mode. With Protect mode, we have different functions available to us, such as kill, quarantine, identify, and rollback. Using those features, we are really able to protect our endpoints much better. We take advantage of the fact that we have a machine, or an automated process, governing our endpoint protection. That reduces the total headcount needed to babysit my environment.

Furthermore, Behavioral AI recognizes novel and fileless attacks and responds in real-time. It improves my security, reduces my total cost of ownership and management, and provides enhanced protection for what is now a highly mobile population. Due to COVID-19, we have had to take most of our workforce, and that's over 40,000 people around the world, and give them access to work remotely through a series of different mechanisms. In doing so, we felt much more comfortable because we have this endpoint protection tool deployed. It provides us not only the visibility into what the tool is doing and how it's protecting us, but it allows us to look at what applications are installed, what IP range is coming on, and what network it's sourced from.

And with Ranger we're able to help identify additional networks. Using SentinelOne with Ranger, allowed us to take a look at some of our smaller offices in Asia Pacific where we didn't have exceptional visibility.

We also use the solution’s automatic remediation and rollback in Protect mode, without human intervention. I want to protect mode for both malicious and suspicious, and that is in Protect mode. Having turned that on, we saw no negative impact, across the board, which has been an outstanding feature for us. It does save time on having to go in and identify things, because we allowed it to run in learning mode for so long. It learned our business processes. It learned what's normal. It learned file types. It learned everything that we do enough that, when I did turn that feature on, there were no helpdesk calls, no madness ensued, no people complaining that files were being removed that they needed. It worked out very well for us. 

We also use the solution’s ActiveEDR technology. Its automatic monitoring of every OS process, at all times, improves our security operations greatly. There is a learning time involved. It has to learn what processes are normal. But the fact that it's actively engaged with every process—every file that moves across it, every DLL that's launched, whether or not it's automated or process-driven—everything is viewed, inspected, and categorized. And it allows us to have enhanced visibility that ties directly into the Deep Visibility. I can look at and help identify behavior patterns. 

For example, yesterday I wrote a series of queries for Deep Visibility that are based on MITRE ATT&CK parameters. Those give me reports, on a daily basis, of how effective this tool really is because I can use MITRE ATT&CK engine parameters to help define what's going on. Even if something is not considered malicious behavior by the tool itself, if I take that information and couple it with information I can pull from Tanium and information I pull from other tool sets, and aggregate that into my SIEM tool, my use case is provided. I get more positive and actionable intelligence on how my endpoints are behaving. If I have somebody out there who is doing testing of software, I can pick that out of a crowd in a second.

We have application control and containers available. Since we have AWS, Azure, and a myriad of cloud platforms, it's been hugely beneficial to us. Considering that we are endeavoring, as an organization, to move into cloud-based solutions, this has been a huge benefit.

Overall, SentinelOne has absolutely reduced incident response time. It's instantaneous. It has reduced it by at least 95 percent.

I use the tool to help me determine how well my other tools are working. For example, we have a role called a RISO, a regional information security officer. Those people are responsible for regions of the globe, whether it be Latin America, Asia Pacific, or AMEA. The RISOs now use the tool because it can help them identify other tools we have rolled out, like Zscaler. They can go into the SentinelOne console and query for Zscaler and look at all the machines in their environment and determine what the delta is. It allows people with different levels of knowledge and different roles in an organization to have visibility. It's been outstanding. That, in and of itself, makes it a better tool than its counterparts and it makes it usable for non-technical and non-security people.

We get the long-term strategic benefits of having enhanced visibility and the more short-term tactical benefits of knowing that our endpoints are protected, the visibility is there, and that no matter what lands on top of it, it's going to get taken care of.

The most valuable feature of the solution is its ability to learn, the fact that once you tune it correctly, it knows how to capture and defeat malicious activity on the endpoints. It's not set-it-and-forget-it, but it does give me a much more comfortable feeling that my endpoints are secure and protected from malicious behavior.

SentinelOne also provides equal protection across Windows, Linux, and macOS. I have all of them and every flavor of them you could possibly imagine. They've done a great job because I still have a lot of legacy infrastructure to support. It can support legacy environments as well as newer environments, including all the latest OS's. The latest Mac OS X that's coming out is already supported and in test for our organization. The complete coverage of every OS that we have in our environment has been a huge benefit because I don't have to have different tools to support them. There are cost savings not only on licensing but because I don't have to have different people managing different consoles. For me, having single pane of glass visibility is incredibly important because we run a very lean team here. We are a skeleton crew governing all 83 countries. In doing so, it provides us the ability to do a lot more with a lot less.

I use the Deep Visibility feature every single day. It is outstanding because I just create hunting cases and then I can load them. I can figure out what queries I want to run and I can go digging. And with the queries that I have built for the MITRE ATT&CKs, it makes it very simple to identify something. And now that I have reporting set up based on those queries, I get emails every day.

Using Deep Visibility I have identified a threat and figured out information about it. I've also used Deep Visibility to be proactive versus reactive as far as my alerting goes. I know that SentinelOne will protect my endpoints, but there's also a case where there isn't specific malicious behavior but the patterns look malicious. And that's really what I'm writing these queries for in Deep Visibility.

Here's an example. You can do a lateral movement in an organization. You can RDP to one server and RDP to another server, depending on how your software defined perimeter is configured. Unless you do something malicious, SentinelOne will look at it, but it won't necessarily stop it, because there is no malicious activity. But I can write a query in Deep Visibility to show me things. Let's say somebody breached my secure remote access solution. With the Deep Visibility queries that are being run, I can see that that one machine may have RDPed to a server and RDPed to another server and been jumping around because they may have gotten compromised credentials. That can be reported on. It might not have been malicious behavior, but it's an activity that the reporting from Deep Visibility allows me to pursue and then do a deeper dive into it.

If they would stop changing the dashboard so much I'd be a happy man. 

Also, if it had a little bit more granularity in the roles and responsibilities matrix, that would help. There are users that have different components, but I'd be much happier if I could cherry-pick what functions I want to give to which users. That would be a huge benefit.

The nice thing about SentinelOne is that I get to directly engage with their leadership at any time I want. That allows me to provide feedback such as, "I would like this function," and they've built a lot of functions for me as a result of my requests. I don't really have much in the way of complaints because if I want something, I generally tend to get it.

I have been using SentinelOne for about 14 months now.

It's incredibly stable. We really haven't had any significant issues. There have been a couple of things here and there where certain versions of the product weren't disabling Windows Defender effectively. I think that was predicated on a GPO that we identified that had been accidentally linked and that kept turning Defender back on again. The issues were very trivial things.

I talk to my TAM once a week, minimum. I think I have the best customer support in the business.

I had an issue that I raised a couple of weeks ago and within minutes I had an army of engineers working on it. By the end of the week, I had senior management calling me asking me what else I want, what else I need, and how else they could help me. 

They go all-in. I have never had to wonder or concern myself with whether I will be getting adequate support? Will the support be on time? Will the support be effective and accurate? Not once, not ever.

I have such a close relationship with the team, not only the team that sold it to me but the team that supports me. We call each other on a first-name basis and we talk about how we're doing. It's that kind professional relationship. That's how good it is.

Before, we had a mix of dozens of different solutions across the enterprise. We didn't have any one, ubiquitous solution. We had a mix of McAfee and Panda and Kaspersky. You name it, we owned a copy of it, and that didn't provide a unified field of view. It also didn't provide the best protection that money can buy and, in my opinion as a professional in this industry for 25 years, this is the best protection money can buy.

The initial setup of SentinelOne was very simple. I packaged the executables into MSIs, including the token ID, I created a package in Tanium, and I dropped it on all the workstations. I was able to deploy it to over 40,000 endpoints in 35 days.

When you govern as much real estate as I do, meaning the number of endpoints and the number of different business units that those endpoints comprise, there had to be a deployment strategy for it. I broke it down into countries, and in each of those countries I broke into brands and I broke it into asset types, whether they be servers or workstations, whether they're mobile or localized. It's not difficult to push out there, as long as you create exclusions. I used my legacy tools in parallel with this for a month and still never faced any issues.

For any organization, if you have any kind of deployment mechanism in place, you could put your entire workforce on this and it wouldn't matter how many endpoints. If they're online and available and you have a deployment solution, you could do it in a month, easily, if not less. I could've done it much faster, but I needed to do a pilot country first. I did all the testing and validations and then, once we went into production mode, it was very fast.

I got a really good deal so I'm very happy with the pricing.

I looked at everything. I looked at CrowdStrike, Cylance, Carbon Black, and I had McAfee as the largest of the incumbents. I tested them all and I validated them all and I pushed every malware virus—everything in my collection—at them. I built a series of VMs to test and validate the platform. I tested against multiple operating systems. I tested against downloads, I tested against uploads. I tested visibility. I did this entire series of tests and listed out 34 or 35 different criteria. And at the end of the day, SentinelOne came out on top.

One of the huge benefits of SentinelOne is the Full Remote Shell. That has been an incredibly useful tool for me.

Cylance came in second. It has very similar functionalities, very similar builds, but not a full remote shell. It had the single pane of glass dashboard, but the visibility I get out of SentinelOne, as well as the protection and the capability to run the Full Remote Shell pushed it over the top.

Carbon Black was nice, but I had to run two different dashboards, one cloud and one local. I couldn't get single pane of glass visibility from that.

When I tested SentinelOne against all the engines, they all pretty much found everything. Mimikatz was the deciding factor. A couple of the solutions flagged it but didn't remediate it. SentinelOne just rolled everything back as it started to discover it. It actually pulled the installer out, so that was nice. 

A lot of new technologies that are out there are very similar. They are pulling from public threat feeds and other learning engines. But if you compare and contrast all the features available, SentinelOne is just going to edge everybody else out. And they're constantly evolving the product to make it more efficient and to have a smaller footprint too. When they came out with Ranger, we were still doing some network discoveries around our environment to try to figure out exactly what was still out there. That came to be a very useful tool.

It really just shines. If you compare it to everybody else there are a lot that come close, but nobody else can really quite get to the top. SentinelOne really gives you the best overall picture.

Do your homework. I would encourage everybody, if you have the capabilities, to do what I did and test it against everything out there. If you don't have those capabilities and you want to save yourself a lot of time, just go straight to SentinelOne. I cannot imagine any organization regretting that decision. With the news stories you read about, such as hospitals under attack from malware and crypto viruses—with all the bad actors that exist, especially since the pandemic took over—if you want to protect your environment and sleep soundly at night, and if you're in the security industry, I highly encourage you to deploy SentinelOne and just watch what it's capable of.

I don't use the Storyline technology that much simply because I'm really turning this into a more automated process for my organization. An example of where we may use Storyline is when we download an encrypted malicious file. Let's say that email was sent to 500 people. If it gets through our email gateway, which is unlikely, I can not only identify those users quickly, but I can also use the Storyline to determine where it came from, how it got there, and what it was doing along the way. And while it killed it, it will tell me what processes were there. It helps us create and identify things like the hash, which we then summarily blacklist. Overall, Storyline is better for identifying what had happened along the way, but after the fact. For me, the fact that it has actually taken care of it without me having to go hunt it down all the time is the real benefit.

The only thing we don't take advantage of is their management service. We do have a TAM, but we don't have Vigilance.

For top-down administration, there's only about six of us who work with the solution. For country level administration, we have one or two in every country in those 83 countries.

We run a myriad of different front office and back office environments. SentinelOne had to learn different environments in different countries. It had to understand the business processes that are surrounding those. We did a substantial amount of tuning along the way, during the deployment. And then, of course, there are agent updates and there are considerations when you get a new EA version and are creating test groups. But, as an organization, we have reduced our total cost of ownership for our EPP platform, we have improved our visibility a hundred-fold, and we have maintained our data integrity. It really is the one end-all and be-all solution that we needed.

It's a home run. I've been doing this a long time and I've done this in over 48 countries around the world. Given what we do with this product and the visibility it has given us and the protection it has given us, I feel very comfortable with my security right now.

We use SentinelOne Singularity Complete for network protection and response.

SentinelOne Singularity Complete effectively ingests and correlates data from all our security solutions, providing a unified view for better threat detection and response.

SentinelOne Singularity Complete aggressively identifies and quarantines potential threats. It effectively catches threats that other EDRs might miss. Overall, we find this level of aggressiveness acceptable for an endpoint protection solution and are satisfied with SentinelOne Singularity Complete's performance. We saw the benefits immediately.

SentinelOne Singularity Complete significantly reduces alerts by filtering out many false negatives. This allows us to identify actual threats as soon as they are categorized, separating true positives from the filtered noise. This helps us focus on the real threats, eliminating the need to sort through irrelevant alerts. The number of alerts has been reduced by 75 percent. It also helped to free up a significant amount of our time to work on other tasks.

SentinelOne Singularity Complete has significantly improved our ability to detect threats, even those previously unknown. This advanced EDR solution provides alerts for any suspicious activity, regardless of classification, allowing us to proactively assess and mitigate potential risks.

While SentinelOne Singularity Complete shows promise in reducing our organization's costs, the solution is still new to us and we haven't quantified the exact savings yet.

It improved our organization's security posture by enabling us to proactively identify and neutralize emerging cyber threats, thereby reducing overall risk in the ever-present threat landscape.

SentinelOne Singularity Complete stands out for its threat-hunting abilities and the agility of its agents in detecting malicious content across our gateways and endpoints. We're impressed by the breadth of threats covered by their constantly updated signature base, providing full protection against new cyber threats. While we're still exploring the platform's full potential, Singularity Complete's extensive capabilities, and superior coverage compared to our previous solution have already given us a significant security advantage.

SentinelOne Singularity Complete offers competitive pricing, but there's always potential for even better value.

I have been using SentinelOne Singularity Complete for one year.

SentinelOne's technical support was good at assisting with onboarding through troubleshooting actions and resolving configuration problems.

Positive

After using Symantec and Fortinet's EDR solutions, we migrated to SentinelOne Singularity Complete seeking a more comprehensive defense. SentinelOne's aggressive threat detection capabilities were a major factor in our decision.

The initial setup was seamless thanks to the SentinelOne support team. We had three people involved with the deployment from our local team and the support engineers online.

The SentinelOne support team helped us with the implementation in-house and it was seamless.

The pricing for SentinelOne Singularity Complete is competitive.

We evaluated several endpoint detection and response solutions, including Symantec, SentinelOne, CrowdStrike, and Bitdefender. While Symantec offered a phased migration option from on-premises to cloud and maintained endpoint interoperability, its EDR and threat-hunting capabilities fell short compared to SentinelOne. SentinelOne's robustness ultimately outweighed the advantages of the other options, including CrowdStrike's strong detection capabilities but higher price point, and Bitdefender's overall offering.

I would rate SentinelOne Singularity Complete nine out of ten.

We're in the process of consolidating our security solutions by migrating some services to the SentinelOne platform. While SentinelOne is a strong contender, we're also evaluating other tools to diversify our security posture and avoid vendor lock-in. This multi-platform approach will ensure we have the full protection needed.

As of now, no maintenance has been required for SentinelOne Singularity Complete.

SentinelOne is a strategic partner for our security operations. Their solution helps us maintain the safety of our internal systems, applications, and users. As security is a top priority, we consider them a top-tier partner in our overall operations.

I recommend SentinelOne Singularity Complete for anyone needing a robust Endpoint Detection and Response solution. However, to ensure it meets your specific needs, thoroughly evaluate its capabilities against your current operational requirements. If it aligns with your needs, consider a trial to experience SentinelOne's operation firsthand before committing to a contract.

Considering our sensitive data and security needs, we require a top-tier endpoint protection solution. SentinelOne Singularity Complete stands out as a market leader, achieving high ratings and verification from industry experts like Gartner.

We use SentinelOne Singularity Complete as our EDR to monitor our network. We incorporated SentinelOne Singularity Complete into our SIEM to mitigate threats.

We implemented it because we needed more insight into the interactions that occurred on our endpoints.

SentinelOne Singularity Complete's interoperability with third-party tools enables seamless data exchange and effortless information extraction or export between them.

Its ability to ingest and correlate data across our security solutions simplifies the process considerably. It's akin to pulling data into a SIEM and correlating timestamps, IP addresses, MAC addresses, and any other metric that would link the two machines.

It helps reduce alerts which is one of the things that attracted us to the solution. It has reduced the alerts by around 75 alerts per week.

Singularity Complete frees up our staff for other projects and tasks, thanks to its out-of-the-box setup and automated operation. I only need to intervene when a real threat emerges.

It helps reduce our mean time to detect and our mean time to respond.

Singularity Complete helps our organization save on costs by preventing malware from entering our machines which would result in downtime and machine repairs.

It helped reduce our organizational risk by 20 percent. 

The most valuable features are threat hunting, the ability to disconnect or disable a machine's network connection in real time, and the ability to restore the connection once the issue is resolved quickly.

Singularity Complete needs to improve its ability to granularly select and extract the executable files that I want to run.

I have been using SentinelOne Singularity Complete for four years.

I would rate the stability of SentinelOne Singularity Complete a nine out of ten.

I would rate the scalability of SentinelOne Singularity Complete an eight out of ten.

The technical support is difficult to contact.

Neutral

In my previous company, I used VMware Carbon Black. When I changed jobs, my new company was already using SentinelOne Singularity Complete. 

We've seen a positive return on investment with SentinelOne Singularity Complete. The key benefit for me was the ability to proactively prevent suspicious activity on our endpoints. As a practitioner rather than a manager, I dealt with an incident on an endpoint and was impressed by the solution's capabilities. Singularity Complete automatically contained the threat, allowing me ample time to clean the infected machine. Most importantly, it prevented the need to rebuild any other machines, even the affected ones in most cases. I often resolved issues on endpoints within an hour or two, minimizing downtime and ensuring user productivity.

The pricing for SentinelOne Singularity Complete is competitive. SentinelOne has a better price out of the box compared to Carbon Black and CrowdStrike.

Carbon Black lacked the same level of back-end support as CrowdStrike Falcon Complete.

I would rate SentinelOne Singularity Complete a nine out of ten.

SentinelOne Singularity Complete is an innovative solution that is ahead of Carbon Black and on par with CrowdStrike.

It is a high-quality mature solution that will help improve any security stack.

We are deploying it across eight locations, encompassing all departments and protecting our 500 employee endpoints.

I am an IT security analyst and I update the sensors myself.

The whole purpose of having the product is to have endpoint security and visibility with those endpoints as well. After an evaluation period, we determined the product would be a fit for our organization.

The security and visibility we have on all endpoints helped our organization immensely.

There's not one particular item that stands out the most besides the availability of the product itself. We're a small organization. Having the visibility and the protection that it provides helped out greatly. Plus, it fits with our requirements.

The product does not have to go across a lot of different solutions. We don't have a cloud or anything like that where we have to push it in terms of visibility. The deployment is fairly simple. In the end, the overall visibility of it is very simple and the usability has been very simple for us as well.

So far, it helped to reduce our alerts. Based on the application that we would utilize prior to this product, the alert reduction is similar. It is not 100% the same, just similar. They gave us some visibility into what was going on, which provided a 30%, if not more, alert reduction.

It helped free up staff time. Using this solution, we don't have to keep our eyes on it 100% of the time.

It reduced our mean time to detect and respond. 

The product helped reduce organizational risk.

The overall product quality is good. I'd give it three and a half stars out of five. It checked all of our boxes. It met the requirements of the security we needed.

If for some reason, we were breached, it gave us the comfort of knowing that we could either automatically set the product to fix the issue or at least record it and let our team go in and resolve the issue. However, it also has the data to hunt the threat if need be. It's given us so much more than we would have expected from a product. Their dashboard is great. We log in and we get everything we need to know right out of the box on our dashboard. If we have anything that's infected it will tell us all of that information in real time. In our environment, it works without giving us any issues or slowing down our productivity in the process. The agent that runs on the system is not heavy. It's easily portable.

Initially, when we first deployed the solution, it caused some third-party connectivity issues. It would see it as an application that was not secure. However, we were able to put in a white listing, to help us operate well. We had to do that with around five applications that we ran. Once we applied those fixes, we haven't had any issues since.

I'd like them to make it easier to log in. 

I've been using the solution for two years. 

I have not experienced any downtime with it. It has not crashed. 

It won't run on our accounting server and we're not sure why the agent caused the conflict with this particular server. Beyond that, it's fine.

We deployed the solution to about 200 endpoints. 

We've only contacted technical support for the licensing portion of the process. They were very helpful and very straightforward. Everything was right on the money. Once we made the call over the ticket, we were contacted and it was resolved while we were on the phone.

Positive

We used Fortinet as well. We've used a few products and this solution does everything we've asked it to do. It was a good replacement for the free Fortinet solution and it protects against things Fortinet does not. 

In the past, for some reason, we found that somehow or another, the agent was disabled, and we have not determined as to why that is just yet. 

I was involved in the solution's initial deployment.

The deployment was fairly easy. We had a product that allowed us to push the agents out there. It was time-consuming based on the fact that we didn't have full automation. The only other drawback was when it was going through and doing some form of machine learning, it would block certain applications that we had to whitelist with the system in order to get it to work. However, we deployed it in less than thirty days, and it's been running everything well since then.

Our team, comprised of four people, handled the implementation. 

There isn't really any maintenance needed. All the agents update well. It is fairly automated.

The initial onboarding was done with SentinelOne. After that, we took it from there.

The pricing is good. It's a big factor for us. Their pricing comes in at much less than Fortinet or CrowdStrike.

We looked at similar products, such as CrowdStrike and other versions of Fortinet.

I'd rate the solution an eight out of ten.

I'd advise new users to do a proof of concept. That way, you get some time with the system before you deploy it into the environment and you can iron out issues. If you have 1,000 endpoints and only 1% of the issues that we ran into, it would still be significant and you'd want to deal with them head-on to make the full deployment easier. 

I mainly focus on endpoint security. Customers often ask me about solutions to detect malware threats, and SentinelOne is one of the options I recommend. The main focus is detecting malware threats on endpoints.

The AI solution makes it easy for customers to detect and manage policies, as well as documents that help customers manage their platform.

I would like to have the same features such as ransomware that are available on the cloud version of SentinelOne also made available for the on-prem version because a lot of people in our region are not ready for cloud solutions.

I have been using the solution for one year.

Our clients range from small, medium, to large scale and the solution is stable for all of them. I give the stability a ten out of ten.

The solution is highly scalable. I give the scalability a ten out of ten.

The technical support is very good, and quick.

The initial SentinelOne setup is easy to set up in the environment and also easy to download the packet to install. 

We do not encounter a lot of issues with the pricing of SentinelOne. The pricing is reasonable.

The solution offers a standard licensing fee.

I give the solution a ten out of ten.