Try our new research platform with insights from 80,000+ expert users
Chintan-Vyas - PeerSpot reviewer
Associate Director at a financial services firm with 10,001+ employees
Real User
Top 20
Ransomware recovery enhances security while product support needs improvement
Pros and Cons
  • "The platform's ability to easily integrate with various other platforms is highly valuable."
  • "The compatibility with new legacy systems should be enhanced as other EDR products support these systems, which Singularity does not."

What is our primary use case?

We use Singularity Complete for end-to-end endpoint security protection, including EDR integrated with other platforms for XDR. The ransomware rollback feature of Singularity is a key reason for its use. 

It is primarily for integration with SIM to have a single pane of view, integration with web security for sharing insights, and automation of remediation tasks. Additionally, network discovery from the Singularity platform is used to identify rogue devices quickly.

How has it helped my organization?

Visibility is greatly improved with Singularity Complete as it allows visibility into endpoint devices and the processes running on them. 

What is most valuable?

The most valuable feature is the ransomware recovery and rollback feature. The platform's ability to easily integrate with various other platforms is also highly valuable.

It also enables integration with other technologies, saving costs associated with having point solutions. The integrated system allows for significant automation, reducing the time and effort needed for management.

The mean time to response has reduced from hours to minutes due to integrated automation systems.

What needs improvement?

Improvement is needed in terms of product support. The compatibility with new legacy systems should be enhanced as other EDR products support these systems, which Singularity does not.

Buyer's Guide
SentinelOne Singularity Complete
October 2024
Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,562 professionals have used our research since 2012.

For how long have I used the solution?

I've been working with Singularity Complete for three years.

What do I think about the stability of the solution?

Singularity is a very mature product that supports most assets available in any enterprise environment. It runs seamlessly without challenges.

What do I think about the scalability of the solution?

Singularity Complete is suitable for large and mid-scale enterprises.

How are customer service and support?

Technical support could be better. I would rate it around six on a scale of one to ten.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

CrowdStrike is a competitor. Singularity is better because it supports the ransomware rollback feature.

How was the initial setup?

The setup process is simple and user-friendly.

What about the implementation team?

Initially, anyone can deploy out of the box. When tuning aligned with the environment is required, assistance from a system integrator is recommended.

What was our ROI?

Integration helps save costs by reducing the need for point solutions.

What's my experience with pricing, setup cost, and licensing?

Pricing is not pocket-friendly. It can be difficult for small-scale companies.

Which other solutions did I evaluate?

SentinelOne's main competitor in the market is CrowdStrike. However, Singularity Complete is preferred thanks to its ransomware rollback feature.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
reviewer2310321 - PeerSpot reviewer
Cyber Intelligence Analyst at a financial services firm with 1,001-5,000 employees
Real User
Provides a lot of visibility, and enhances our defense and the ability to respond to emerging threats
Pros and Cons
  • "I really like deep visibility. Deep visibility is one of the coolest features of almost any tool that we use. The breadth of data that is collected there is valuable, and it gives us the ability to search back through literally tons of data going back a specific period of time."
  • "Something we are looking forward to is the ability of the SentinelOne backend to ingest data from other sources. Now that they are moving to the Singularity data lake, we are looking forward to being able to query data that is not just collected by SentinelOne endpoint agents. We are looking forward to being able to query against all data that we are ingesting into that backend."

What is our primary use case?

We perform a relatively detailed hunt in our environment for specific IOCs and indicators. Specifically in regards to compliance organizations or regulatory organizations that release data, we need to validate that no IOCs for those specific threats exist in our environment. We can go back to a specific period of time, so we can validate that things like that do not exist. We can also correlate activity in our environment with endpoint data with a high level of efficacy.

How has it helped my organization?

I have administered lots of different AVs in my long tenure as an AV EDR administrator. This is quite honestly the first one of this type. With a tool like Singularity Marketplace, getting an integration running is just a matter of creating an API key and plugging it in. It is really cool. With the Singularity data lake that we have been learning about during this conference, it looks like it is going to be pretty painless to ingest from sources that we are already collecting from and dump them straight into SDL. We have a higher level of visibility and a better grasp of the data we are collecting. There is a reduced time to detection and high efficacy correlations.

I am an analyst, and Singularity Complete definitely makes making a determination, researching a specific threat, or trying to correlate it much quicker. Instead of spending a whole day trying to research something, I can knock it out quickly and then move on to other tasks. It makes me capable of doing a job that would typically require another person at least. There is greater job satisfaction. I do not get burnt out.

Singularity Complete has helped us bolster our defenses, so the downstream impact is reduced alerts because we are able to not only triage issues but also proactively apply defense with STAR rules and things like that. We are able to reduce alerts just because we are getting protection on the front side. There is the granularity of the data that we can query through deep visibility in particular to refine our custom STAR detections. That does help decrease the work.

Singularity Complete has absolutely reduced our organizational risk. Compared to where we came from with the traditional endpoint protection, our ability to respond to emerging threats has really matured. The level of actual attacks that we have to respond to is drastically reduced. It is hard to quantify the reduction, but there is at least a 25% to 35% reduction.

SentinelOne is a big value-add to the organization. They are continually pushing forward and innovating. They are constantly developing new things. As I am learning about new features here at the conference, I am logging into the console, and some of those features are already there. I know they waited until this conference to release that, but they are still cool to see. It feels good to work with the product and to be learning a product that is not getting stale.

What is most valuable?

I really like deep visibility. Deep visibility is one of the coolest features of almost any tool that we use. The breadth of data that is collected there is valuable, and it gives us the ability to search back through literally tons of data going back a specific period of time. We typically go back 90 days for most things, but we could go back further.

The ability to pick it up is also valuable. It is very intuitive. It does not require a lot of training. For example, we had an intern over the summer who joined us. We were able to get him up and running in the visibility very quickly without a lot of hand-holding.

What needs improvement?

Something we are looking forward to is the ability of the SentinelOne backend to ingest data from other sources. Now that they are moving to the Singularity data lake, we are looking forward to being able to query data that is not just collected by SentinelOne endpoint agents. We are looking forward to being able to query against all data that we are ingesting into that backend.

For how long have I used the solution?

I have been using this solution for between two and three years.

What do I think about the stability of the solution?

Its stability is excellent.

What do I think about the scalability of the solution?

Its scalability is excellent.

How are customer service and support?

I have dealt with a lot of support in my time, and SentinelOne's support is the most responsive one I have ever had. However, I currently have an ongoing support case, and I am struggling with getting that escalated, which colors my overall perception of it. We are getting active updates daily though, so they are engaged. Even if we have not found a fix yet, there is an active conversation or two-way communication. Overall, their support is superior to others that I have dealt with. I would rate their support a nine out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We were using another solution previously. The main reason for switching was the efficacy of the product. SentinelOne was tested against several competitors when renewal time came up, and it exceeded expectations and performed better than others. 

The previous product was a traditional endpoint protection. It was very signature-based. It always felt like we were behind with new types of attacks and new types of malware because we had to wait for signatures to come out and things like that. It felt like we were always trying to catch up. With SentinelOne, we feel like we are better protected from the start. 

What's my experience with pricing, setup cost, and licensing?

There are cheaper options out there that I know are not as effective. I have administered several of them, not for this organization but for others. The thing I like about SentinelOne is that I know that if it raises an alert, it is worth looking at, so we are not dealing with a lot of false positives. It is rare.

Which other solutions did I evaluate?

We evaluated Cisco AMP, Microsoft Defender, and McAfee. SentinelOne exceeded expectations and outperformed all of those. We did a bake-off against those solutions and found SentinelOne to be the most effective.

What other advice do I have?

Overall, I would rate Singularity Complete a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
SentinelOne Singularity Complete
October 2024
Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,562 professionals have used our research since 2012.
David Nee; - PeerSpot reviewer
CTO at CyberTek MSSP
Real User
Helps to concentrate on what is needed and provide a better response to our customers
Pros and Cons
  • "The overview is valuable. There are a lot of instances out there, but Singularity Complete cuts the noise down by giving us graphics and color-coding information instead of massive tech dumps. It helps us concentrate on what is actually needed versus just the noise."
  • "The improvement could be in terms of reducing more noise and continuing to cut that down. AI seems to be the big thing with Purple. We are excited to get our hands on that."

What is our primary use case?

We are an MSSP.

How has it helped my organization?

First of all, it helps us with a better response to the end users. Customers are depending on us to make sure we are making the right call, and then we are leaning on SentinelOne to make sure they are giving us the right call by giving us the right tools.

Singularity Complete has absolutely helped free up our staff for other projects and tasks. The amount of time that we are spending doing work that does not keep us on target is just a waste of time. The more it reduces that noise, the better it is for us and our customers. We have been using it long enough, so it is hard to tell how much time it has saved, but we feel that we have a better solution than most of the competitors that we are dealing with.

Singularity Complete has helped reduce alerts over time. We do not have a lot of the frustrations that some of our competitors do, which is our advantage. We have been using it for so long, so we do not have much to compare it to in terms of alert reduction. We are also partners with a competitor. We had to do that for a contract, and we get a lot of false positive noise coming out of that one.

Singularity Complete has helped reduce our organizational risk, but because we have been with it for so long, it is hard to compare it to others.

Singularity Complete helps us save on costs. We continue to get more volume, reduce our costs, and reduce our waste of time, but it is hard to compare the cost savings because we have been using it for so long. We have smooth operations, and we are just keeping it going. We are enjoying all the added features.

SentinelOne is our main strategic partner when it comes to the protection of our customer's data. We have not had a bad incident, and with the reputation that SentinelOne has in the vertical we deal with, it is the gold standard. We start with that, and then we are viewed as more of a serious partner than some of the lesser products that are out there.

In terms of Singularity Complete’s interoperability with other SentinelOne solutions and other third-party tools, we are an MSSP, so we have to deal with a lot of other tools. The integrations are huge for us. It sounds nice to say this is the only solution and you have to use x tools, but it does not work in the real world, so you have to have those integrations.

What is most valuable?

The overview is valuable. There are a lot of instances out there, but Singularity Complete cuts the noise down by giving us graphics and color-coding information instead of massive tech dumps. It helps us concentrate on what is actually needed versus just the noise. There is just so much noise. It brings us the information we need to look at quickly.

What needs improvement?

The improvement could be in terms of reducing more noise and continuing to cut that down. AI seems to be the big thing with Purple. We are excited to get our hands on that.

For how long have I used the solution?

I have been using Singularity Complete since its inception. It was probably 2016.

What do I think about the stability of the solution?

Its stability is fantastic. We have no problems.

What do I think about the scalability of the solution?

We have not hit the top end. We are probably running 10,000 agents and have not seen any degradation in the portal.

How are customer service and support?

Their support is very good. We have not had anything come up against that, and our staff has learned to depend on SentinelOne, which, as management, is a little uneasy because we are operating without a net besides SentinelOne in some cases. What we are paying for it is worth it. There is this peace of mind. I would rate their support a ten out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Years ago, we were probably running four to five solutions, but then we kept comparing it with them. We were like, "This is the noise we are getting from X. Let us load SentinelOne." The noise reduced with SentinelOne. That proof of concept worked for us.

We currently have an agreement with a competitor where we have to pick up the remaining part of their contract. That is not a place where we are going to increase our expenditure, but we are waiting for that contract to come to an end. The customer knows SentinelOne, but they are tied into another solution till the end or mid of 2024. We are just waiting for that. What makes SentinelOne Singularity Complete different from others for us is the peace of mind. We know we are covered, and we feel that we are covered. Anytime we have had an incident or event, they have always been there for us. They have responded quickly, and we have not had any flashbacks or second attempts at it. Usually, we could stop it the first time, and that has worked for us in all the years we have been with SentinelOne.

How was the initial setup?

It is easier now than it was back then. We deploy it every month on somebody new. We have enjoyed that. 

Just yesterday, we had a customer convert from a separate partner to us, and that migration from company to company within SentinelOne was flawless. It was just us doing the migration. We have been there for so long, so we just bring it straight across. The process is very straightforward and easy. This partner of SentinelOne was going to uninstall the agents, and I paused them and asked them to just transfer. They had never gone through that before. We took that over and moved all the agents over without any loss of coverage to the actual customer.

What about the implementation team?

For deployments, we have a staff of 40, but onboarding is a no-brainer.

What was our ROI?

We have seen an ROI. It is a very profitable investment for us. SentinelOne is very valuable, and with our price being lower than the expectations gives us a great margin.

What's my experience with pricing, setup cost, and licensing?

We have not been beaten in the market by pricing, so we have been feeling good about that. The discussions we have had over the years keep us at a very low price per unit. It can always get better, but we also know there is a cost to the backend.

What other advice do I have?

To someone who is researching Singularity Complete, I would say that you can read all the information, but the proof is in the actual work and the history that it has so far. We have got no complaints about the quality and maturity of this solution. 

Make sure you are comparing it to whatever you have because that gives you comparative data. If you walk in, sometimes, you do not know you are getting the best of breed right there.

It is a ten out of ten for me, and it gives me peace of mind.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
PeerSpot user
Rashid Torrence - PeerSpot reviewer
Principal Manager of Business Services at ATC Communications (Idaho)
Real User
Top 10
Good automation and storytelling feature with a great GUI
Pros and Cons
  • "The GUI is really easy to use."
  • "We'd like to have a network map or scan to cover network security."

What is our primary use case?

In most cases, the product is used as an XDR or MDR for our customers internally as well. It is used for us to provide some customers with a light SOC service so we could also manage that solution. So as an example, if they don't have dedicated resources to look or monitor it offers that ability for them to do the monitoring for you or for some customers. That is very handy. But most of the time, we use it as an MDR XDR solution for our customers.

We mostly provide customers with MSSP services. We do not resell it as a standalone.

What is most valuable?

The ease of use and has some integrations within their marketplace. Those come in handy. The GUI is really easy to use.

The storyboarding gives you a play-by-play of how an instance or alert came to be.

Some of the automation tools are really good. 

Singularity's ability to ingest and correlate across our security solutions is great. I don't see a platform that does it better. At least from an MDR standpoint. It really is a central tool to ingest that data to begin with and correlate and then it's pushed out other solutions like Splunk or other solutions.

Singularity has helped reduce alerts. The automation tools have been able to lower the number of alerts. We desensitized alerts as there are too many of them. Sentinel One has helped repair it with our team to do that. Just the ability for the automation tools to be in use has been really helpful.

Singularity has helped free up our staff for other projects. The automation tools have really helped there.

Our security team is about ten people. Two people no longer have to worry about anything. We've saved about 20% to 30% of our labor, our staff. 

Singularity helped reduce our organization's mean time to detect. We're able to detect or even dive in and look for issues. We have the freedom to look and inspect. We're proactive now.

Our mean time to respond is good. It helped us fill operational procedures.

Singularity helped save costs. We've saved in terms of operational costs or even salary in terms of time-savings. We didn't save on platform to platform, yet we saved on time. 

It's helped us reduce organizational risk. We're able to monitor our networks better.

They are probably the most mature product at the moment. For the price point, we're getting a good middle ground of price and value. 

What needs improvement?

I would hope that they would increase their prebuilt migrations. As an example, they have one Active Directory in Azure Cloud, which is really good. If they can expand that to other pretty well-known software, some platforms, that'd be great. What they have now is good for some of the key players like Azure, Google, and Splunk. I would just like to see that being expanded.

We'd like to have a network map or scan to cover network security. That would be good to have.

For how long have I used the solution?

I've used the solution for five to six years. 

What do I think about the stability of the solution?

The stability is great. I'd rate the stability nine out of ten. They are never really down. It's usually up and running. 

What do I think about the scalability of the solution?

The solution is very scalable and very easy to scale. 

How are customer service and support?

Every time we have an issue, we get somebody who knows the product and can talk us through it. We can resolve issues pretty quickly. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We had used Crowdstrike and Trend Micro a bit. 

We first switched to Sentinel One based on an audit. It was a next-generation antivirus. There are new options on the market now. We continue to use it due to the fact that are always improving their offering and I don't see a better option on the market.

How was the initial setup?

I was part of the deployment. The initial setup is pretty straightforward. 

We have three people involved in the deployment of the product. 

There isn't too much maintenance. It just works. 

What about the implementation team?

We did use a consultant to assist with deployments in the past. At this point, we just do it ourselves. 

What's my experience with pricing, setup cost, and licensing?

The pricing is good. They are in line with the market.

Which other solutions did I evaluate?

We looked into Crowdstrike, Carbon Black, and Microsoft.

What other advice do I have?

In terms of Ranger, I've used it. I have not used it recently. I'm actually trying to get back into and play with that again.

Sentinel One is good as a strategic security partner. The platform is great and there are a lot of features. Using their managed service really does help. We can partner with them to provide that service to our customers. 

I'd rate the solution ten out of ten. 

I'd advise others considering the solution to get with a good MSP or MSSP. Users should try the complete version and all the features to find out about the entire system. Get the higher feature set and go down from there. I'd also advise at first new users get a good MSP to work through the initial installation process. 

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
reviewer2260857 - PeerSpot reviewer
Sr. Security Engineer at a healthcare company with 5,001-10,000 employees
Real User
Top 20
Provides high-quality alerts, easy to use, and discovers threats and mitigates them quickly
Pros and Cons
  • "Tracking down which devices don't currently have SentinelOne on them is the most valuable feature of the product."
  • "The filtering features of the application management console could be improved."

What is our primary use case?

The solution provides endpoint protection for all our desktops, laptops, and servers. We also use it for some of the firewalls on the endpoints. We are also doing asset discovery for devices.

What is most valuable?

Tracking down which devices don't currently have SentinelOne on them is the most valuable feature of the product. So, we can push SentinelOne onto those devices.

What needs improvement?

Recently, the vendor took away my ability to create a ticket, mostly because we're in an MSSP environment. It has created a lot of extra hoops to jump through. I recently had a single sign-on issue on the console. I had to go through my MSSP. It took a month and a half to two months to get any resolution on it because my MSSP can't test our single sign-on. They don't have an account in that system. It has been very detrimental to effectively solving issues. I understand that the vendor does not want the clients of the clients submitting tickets. However, when I'm the one who's doing the majority of the work inside of SentinelOne, removing that from my ability has been very inconvenient.

The filtering features of the application management console could be improved. If I search for applications that shouldn't be installed on our endpoints, filtering is not the most straightforward process. Running through the search process takes a lot of time and effort. It would be hugely beneficial if the tool blacklists the applications that are not allowed to be installed. It would help with the management of unapproved applications or malicious applications that might be installed.

The automated agent upgrade system could use a little bit more fine-tuning. The maintenance windows must be a little bit more robust. I have to manually set what agent we're pushing each time we want to change instead of asking the tool to do N-1 for agent upgrades. It's automatic, but it's not quite automatic.

For how long have I used the solution?

I have been using the solution for two years.

What do I think about the stability of the solution?

We've had fewer issues with stability recently, mostly because they made some changes to the actual agents. Shadow copies were filling up the drives and causing some crashes. However, the more recent agents have been much more stable, which has been wonderful.

What do I think about the scalability of the solution?

The tool is very scalable. If we use all of our agents, it's very easy to ask the vendor to add more agents to our license. They get that taken care of, which is really nice. It's been very easy to change and modify groups as we need to.

Exclusions have been very straightforward. I would love to see the exclusions to look at the machines in a group and inform us when we have exclusions that are not found in the directories on the machines. It will help with the removal of redundant or unused exclusions. It will remove some of that risk.

How are customer service and support?

I don't have access to create tickets. The vendor removed the ability. I need to talk with our MSSP for support. They sometimes send us support articles that we already have access to. It takes an extra three to four days to get things resolved. In the most recent case, it was a month and a half.

Which solution did I use previously and why did I switch?

We used Symantec Endpoint Protection before. We switched to SentinelOne Singularity Complete because Symantec Endpoint Protection was very old and was not being updated by Broadcom anymore. It was not as effective in terms of reporting. It was very clunky. So we were looking for something new and a little bit easier to work with than what we had at the time.

How was the initial setup?

The initial deployment was pretty straightforward from my perspective. We were able to take the package and deploy it, which made it really easy to get it on all of our endpoints. About ten people were involved in the deployment.

What about the implementation team?

Our MSSP helped us do the deployment. We used the asset management tool Ivanti to push out the agents.

What's my experience with pricing, setup cost, and licensing?

The pricing is packaged in with our MSSP. The cost of endpoint protection is fairly reasonable. Some of the other systems are a little expensive, but there's still value behind them. It's pretty close to what I would expect.

What other advice do I have?

We haven't stepped into other integrations quite yet. We're looking to explore it next year. We're trying to rebuild our security stack. The endpoint protection was one big step. We're planning on expanding a little bit more. I love that it is pretty straightforward to connect between different systems. It makes my life a little easier.

The solution’s ability to ingest and correlate across our security solutions is nice. We haven't done much of that with our systems yet, but having one source of truth to look at all those different pieces is hugely beneficial because we have a very small team. Anything that allows us to connect all the dots and pieces makes our lives really easy.

We're rebuilding our security stack from scratch. We do not have to get many other solutions because much information is built into Singularity Complete. We did a POC of the Ranger functionality for a little bit of time. Ranger's network and asset visibility are about the same as in Rogues.

The automation would be great if I didn't have to create a couple of extra security holes by opening up ports on our devices. So we've gone back to using just Rogues rather than Ranger because there isn't a lot of added value for that extra piece. I can take the whole list, export it, and take it to one of our other solutions and have the agent pushed from there.

It is nice that Ranger requires no new agents, hardware, or network changes for most of the part. If we're going to automate the installation process from another Ranger agent, it will require opening up some extra security holes. I don't love that part. I love that it discovers assets that don't have SentinelOne but could potentially have SentinelOne. It has been beneficial to us.

We like Ranger because it helps find the missing pieces. We must ensure that we're not going over on our licenses, but it helps us discover the devices in our network and how we can better protect the environment. It also gives us an inventory of devices. If they are vendor devices, we can go to our vendors and ask them why the devices have old software versions.

The product has done a much better job of giving us high-fidelity information. The system that we had before was old and antiquated and did not work well. We are getting better-quality alerts. The solution has helped free up our staff for other projects and tasks. All the information is in one place, and a lot of the system has been automated for us. The tool resolves threats almost instantaneously for us. It's hugely beneficial for a very small team.

The product has helped reduce our mean time to detect. It is a lot better at discovering threats and mitigating them quickly than our previous solution. However, I wouldn't say that it's perfect. The solution has helped reduce our organization’s mean time to respond. We have a managed security service provider that's doing a lot of the research for us, but it's been very helpful for us to have the information.

The tool has helped us with a couple of audits that we've had. It has also helped us with some of our cyber insurance because we're able to give much better reporting compared to our previous solution. The reporting is available on the fly rather than us trying to go through multiple systems to try and get some information from it.

The product is easy to use. It is very easy to navigate around. The vendor has added features that we've wanted. It has made our lives quite a bit easier. People who want to buy the product must evaluate their exclusions ahead of time and understand what level of exclusion they need for each system. We spent the most time reevaluating exclusions for each server system.

It was not too big of a deal for our desktops and laptops. However, for some of those bigger systems, especially with us being a healthcare organization, ensuring we weren't impacting the end-user experience was central. For example, we have EMR, which is electronic medical records. If we impact that, it affects patient care, which in turn can be not great.

It was a very big jump for our process to go from monitor-only mode to full-protect mode. We allowed things to just sit there for a very long time and understand the changes in our environment.

Overall, I rate the solution an eight out of ten.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Sumit Saxena. - PeerSpot reviewer
Senior Consultant at a consultancy with 10,001+ employees
MSP
Top 10
Great threat detection and prevention capabilities, but needs to support more common development languages
Pros and Cons
  • "The threat detection and prevention capabilities are valuable, providing development programming support that enables us to perform fair investigations."
  • "SentinelOne needs to provide more documentation for administrators and analytics."

What is our primary use case?

We use SentinelOne Singularity Complete as our endpoint security solution to detect malicious activity and unusual behavior. It is a great tool for analytics and forensic investigations, and it has a good feature for catching threats. I was particularly impressed with this feature.

We implemented SentinelOne Singularity Complete to secure our endpoints.

How has it helped my organization?

SentinelOne Singularity Complete has helped us consolidate our security solutions. We can create use cases and workflows in SentinelOne, and analyze alerts and logs. We can also create custom policies based on our needs. For example, we can create workflows for post situations, or detect specific types of attacks, such as persistence or defense evasion techniques. We can use these techniques to create our own custom use cases, which can then be deployed in production to detect these types of threats.

After deploying SentinelOne Singularity Complete, we were confident we would not face any endpoint security threats. SentinelOne was able to block the type of events that were a true positive. Sometimes, we have also received false positives, but SentinelOne should detect this activity. So, that was the expectation, and SentinelOne has met it. This is very helpful.

SentinelOne Singularity Complete met our business needs and requirements. It was easy to deploy and manage as an administrator, and we can manage the console without having to constantly connect to the user or machine. We can do many things from the console alone, such as taking remote sessions, uninstalling any other solutions or products, and performing cleanup activities. This has been very helpful. We saw these benefits within one month of deploying Singularity Complete.

SentinelOne Singularity Complete helped reduce the number of false positive alerts we were receiving with our previous solution.

SentinelOne Singularity Complete has helped us save three hours per day of our staff's time. The single console makes it easy to manage compliance, including health check reports and the applications we are managing. We were able to identify and remediate malicious files through the console, without having to resolve the issue directly with users or other teams. This is a significant improvement.

SentinelOne Singularity Complete has helped reduce our MTTD and our MTTR.

SentinelOne Singularity Complete has helped reduce our organizational costs by eliminating the need for other endpoint security solutions. It is a cost-effective solution that provides comprehensive protection.

It has reduced our organizational risk by 90 percent.

What is most valuable?

The threat detection and prevention capabilities are valuable, providing development programming support that enables us to perform fair investigations. SentinelOne also provides security for installed devices for all operating systems, including Mac, Windows, and Linux, for users who cannot install SentinelOne themselves and need to connect with the administrator.

What needs improvement?

SentinelOne Singularity Complete needs to support more common development languages, such as PowerShell and Python so that we can better use the solution.

In the release, I would like to have application management features and pre-defined command features that allow us to take control of the system. 

SentinelOne needs to provide more documentation for administrators and analytics.

For how long have I used the solution?

I have been using SentinelOne Singularity Complete for six months.

What do I think about the stability of the solution?

I would rate the stability of Singularity Complete eight out of ten.

What do I think about the scalability of the solution?

I would rate the scalability of Singularity Complete eight out of ten.

How are customer service and support?

We have 24/7 support, but it is just moderate.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

SentinelOne is more secure and offers better scope for threat hunting on Linux than other security solutions, such as CrowdStrike and Microsoft Defender for Endpoint. SentinelOne Singularity Complete allows us to consolidate solutions and is easy to administer from a single console.

How was the initial setup?

The initial setup is straightforward. After completing the proof of concept, we deploy the Singularity Complete solution for our clients. We install the agent and create group policies for detection and prevention. We use a configuration management solution to deploy Singularity Complete within five to ten minutes.

One person can complete the deployment.

What about the implementation team?

We implemented the solution in-house.

What other advice do I have?

I would rate SentinelOne Singularity Complete seven out of ten.

I would rate SentinelOne Singularity Complete's ability to be innovative eight out of ten.

SentinelOne Singularity Complete has a mature GUI.

We deployed SentinelOne Singularity Complete in one of our client environments with 13,000 machines and 1,000 servers.

SentinelOne Singularity Complete maintenance consists of daily monitoring for updates and prioritizing policies and requires around five administrators.

SentinelOne is a good strategic partner.

SentinelOne Singularity Complete makes it easy to perform operations and investigations.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
reviewer2277096 - PeerSpot reviewer
Director or IT Security at a educational organization with 11-50 employees
Real User
Provides a single pane of glass and takes care of a lot of things for us
Pros and Cons
  • "The single pane of glass is probably the most valuable. That is a big one. We could see everything from one view."
  • "It is not so much on the Singularity platform itself, but they have their own built-in SIEM that is included with it. That needs to evolve a little bit. It is relatively basic in its capabilities. They have potential there for a great product and a needed product too. Having some kind of SIEM capability with the endpoint solution will save me from buying a bigger SIEM or buying another one. I could just use the one that comes with my endpoint solution."

What is our primary use case?

We use it for our endpoints. It is installed on all of our servers and desktops. It is a replacement for the AV platforms that we used to have. 

Overall, the product monitors what is happening on your machines. It monitors incoming mail and web addresses that your browsers are trying to access. It looks for suspicious activity that may occur on your desktop or on your server and generates alerts based on the type of activity. It might find a malicious file that you downloaded. Like a virus scanner, it would scan something. It might find something that it suspects to be malicious. It will look at that item and go to its own threat intelligence sources to see if it is a known threat. If it is a known threat, it will either block it or do something to it based on how you have pre-configured it. If it suspects something to be a threat but does not have any reference, meaning that it is an unknown threat, then depending on what it detects or how that thing may behave, it would either alert you or suppress or isolate it. It can do a number of things. It depends on the inner workings of the product itself, but our use cases are to protect our endpoints. It is a replacement for our AV, but it is a whole level above what AV used to be. It is the evolution of AV.

How has it helped my organization?

We had three different AV platforms in our organization. There was no central way to manage them. We had no complete visibility. From one part of our organization, we had no visibility into another part of our organization. By putting this platform in, we now have one view of the entire organization. We can look at threats as they span our organization. Threats could potentially be moving around. We can detect if they are spreading to other parts. We could not do any of that before.

Singularity Complete has a much better detection engine. It detects a lot more than an AV can. AV is pretty much finished. There would not be AV anymore.

In terms of interoperability, we do not have any other SentinelOne solution. This was our first one. There is not a lot of interoperability between endpoints and everything else. The only interoperability that is useful for us right now is the log data that it provides to our SIEM. It allows us to do correlative analysis between different areas. If we have a threat that could be going from endpoints to internet devices, such as switches, or places where the EDR system is not installed, it becomes valuable when we are sharing data from the EDR and our other systems, and we have a tool that analyzes all that data to look for threats that may span in our entire environment. I do not see the interoperability being a problem with our other tools, and I am sure it would not be an issue amongst SentinelOne's own tools as well, but I do not have any data points on that yet.

Singularity Complete has helped big time to reduce our alerts. In fact, that was my concern with it. I was concerned that we are not seeing too many alerts anymore. I had a meeting with them recently, and I mentioned to them that I feel that we should be getting more alerts. They are going to take a look at our platform to make sure it is working fine, but it seems to be doing a great job of dealing with the alerts in an automated fashion. I became a little bit suspicious that it might be doing too good of a job, so we are just having them double-check. It is just me making sure all my I's are dotted, and my T's are crossed. As a security person, I do not like to have questions out there, but otherwise, it is doing a great job.

It has freed up our time. It takes a lot less time to investigate things. It takes care of a lot of things for us. It has offloaded 30% to 50% of some of the work that we had to do in the past. It allowed us to work and focus more on higher-priority items.

It has absolutely reduced the mean time to detect. It has probably reduced the time to detect by 75% because we just did not have some of these capabilities before.

Singularity Complete has also reduced our mean time to respond but not as much as the mean time to detect. It does a lot of resolution of issues for us. It has probably improved that by 30% to 50% because it does a lot of that automatically, but it frees up our time. We can resolve the stuff that needs our personal assistance a lot quicker because we have more tools and capabilities at our disposal through SentinelOne than we had before.

Singularity Complete has saved us costs big time. We have eliminated three different vendors and the associated maintenance of those platforms. We needed more people and resources to manage three different things, but now, we do everything with just a couple of folks. Our time savings are about 50%.

It has helped reduce our organizational risk because we can detect more things that are hitting us. I cannot give a number on that, but it has definitely reduced our risk exposure. From a pure security standpoint, our risk frame point used to be flagged as red. We were missing a lot of things, and now, it is green.

What is most valuable?

The single pane of glass is probably the most valuable. That is a big one. We could see everything from one view. 

The automatic detection and response is great. It takes care of a lot of alerts that it generates before they even cross our desks, which is great. 

It has advanced detection capabilities. It has the ability to go and look for known threats that are in the environment. Its ability to detect even unknown threats and any suspicious activity is great. We are very happy with it.

What needs improvement?

It is not so much on the Singularity platform itself, but they have their own built-in SIEM that is included with it. That needs to evolve a little bit. It is relatively basic in its capabilities. They have potential there for a great product and a needed product too. Having some kind of SIEM capability with the endpoint solution will save me from buying a bigger SIEM or buying another one. I could just use the one that comes with my endpoint solution.

From the looks of it, it does pretty much what we need, but it could do more. It would be nice if it had some newer features that other players have. They would have a good market advantage if they were offering SIEM as a part of it. They kind of do that, but it is not something they are promoting. We just stumbled on it, so you can use it for doing other things as well, not just endpoint incident and event collection.

For how long have I used the solution?

We installed it in January, and we were doing a gradual ramp-up over three months. It has been up and running for about four months now. It is completely up and running.

What do I think about the stability of the solution?

We have not had any issues. The performance seems good. 

What do I think about the scalability of the solution?

It seems very scalable. We have not run into any issues. We pushed it over about 2,000 endpoints. It performs the exact same way it has been.

How are customer service and support?

I have not personally contacted them, but my team has contacted them. Especially during deployment, they were very helpful. They helped us to get it done. The feedback I got was positive.

Which solution did I use previously and why did I switch?

We had three different AV platforms. We eliminated McAfee, Defender, and ESET. Singularity Complete does everything better than these because it has got capabilities that these products did not even have. The biggest thing for us is the single pane of glass, so we can see right down to the machine. It is great at machine isolation, and it has better detection and mitigation capabilities than any of these products. It does a lot of it behind the scenes. A lot of it is automated and does not require us to do anything.

How was the initial setup?

It is a cloud solution with local installs at the endpoints, so everything is cloud.

I manage security for the organization. I was not doing the deployment, but I was a part of the deployment team, the meetings, and the decisions when we were going to do different things. I was not pushing the software to anybody's desktop but my team was.

It was not a difficult installation. Based on the feedback that we got, it was pretty straightforward. It went over relatively smoothly.

It does not require any maintenance. It is cloud-based, so we do not have to do much to it. The endpoints will update themselves periodically, so there is not much for us from a maintenance standpoint. It does not have a lot for us to do.

What about the implementation team?

We acquired our SentinelOne implementation through a reseller. We used the reseller's help, but we did almost 90% of it ourselves. They helped us manage the project piece and provided expertise and guidance. Between SentinelOne and the vendor itself, we got it done, but we did 90% of the heavy lifting.

There were probably four or five people between all of our locations, but most of it was done remotely. There was no need to touch individual desktops. We were able to push most of it out.

What's my experience with pricing, setup cost, and licensing?

SentinelOne was half the price of CrowdStrike.

Which other solutions did I evaluate?

We looked at all the big ones, such as CrowdStrike. That is the first one that comes to mind. We even looked at Microsoft Defender and Sentinel. We looked at a few other solutions out there. We had an IBM demo there, but I do not remember what theirs was called. Bitdefender was another one that we looked at.

We went to Singularity Complete for the feature set. They did not have a robust feature set the way CrowdStrike does, but they had everything that we needed. CrowdStrike had even more advanced features, but SentinelOne's pricing was half of what CrowdStrike sells for. It was a pretty easy decision for us to go with SentinelOne. They were much better than the other players that we looked at. It came down to between SentinelOne and CrowdStrike, and the pricing made all the difference. They also seemed pretty easy to deal with, whereas with CrowdStrike, it felt like they were doing us a favor. When we talked to them, I just did not get a great sense of them, but price was one of the main things. CrowdStrike's price was double of SentinelOne's price.

What other advice do I have?

I would advise a couple of things. If you are using a reseller to buy this and install it for you, have a good reseller that you can call upon for support and help manage the project. The other thing that I would probably suggest is to negotiate your education up front and not after the fact. It does not come with a lot of training. They even charge for the online university, so you should probably negotiate that as a part of the negotiation process before you sign a deal. Other than that, it is good.

I would rate Singularity Complete a nine out of ten. For my use case, it is definitely a nine.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Director of IT at a construction company with 51-200 employees
Real User
Saves us time and cost, and is easy to upgrade
Pros and Cons
  • "The most valuable features include the agent installation and update processes."
  • "The UI appears to be flat, and I wish to have the ability to customize it with features and buttons that are tailored to our needs."

What is our primary use case?

We utilize SentinelOne Singularity for endpoint malware protection and to gain visibility into threats across the network.

How has it helped my organization?

SentinelOne Singularity has the potential to ingest and correlate data across our security solutions.

Ranger provides network and asset visibility.

Ranger saves us time by not having to make changes to our hardware and systems.

Ranger helps prevent vulnerable devices from being compromised.

SentinelOne Singularity assisted our organization by saving deployment time and decreasing the volume of support calls.

Singularity helps reduce the number of alerts.

Singularity has helped our staff free up around 15 minutes of their time to focus on other projects.

It has reduced our MTTD.

It has helped our organization save costs through time savings.

What is most valuable?

The most valuable features include the agent installation and update processes.

What needs improvement?

The UI appears to be flat, and I wish to have the ability to customize it with features and buttons that are tailored to our needs.

For how long have I used the solution?

I have been using SentinelOne Singularity Complete for seven months.

What do I think about the stability of the solution?

SentinelOne Singularity is stable. We have not experienced any crashes or downtime.

What do I think about the scalability of the solution?

SentinelOne Singularity scaled easily in terms of deployment. We haven't experienced any performance issues, whether it's installed on a higher-end machine or a low-end machine. SentinelOne Singularity has been excellent.

Which solution did I use previously and why did I switch?

We faced issues with our previous endpoint solution, Panda Adaptive Defense 360. SentinelOne Singularity seemed to be a more reliable and easier-to-manage alternative. Panda Adaptive Defense 360 caused significant downtime during deployments and updates.

How was the initial setup?

The initial setup was straightforward. The deployment required three people.

What about the implementation team?

The implementation was completed in-house.

Which other solutions did I evaluate?

We assessed McAfee, Trend Micro, and BlackBerry. We opted for SentinelOne Singularity due to its smaller footprint and more efficient software that uses fewer resources.

What other advice do I have?

I rate SentinelOne Singularity a nine out of ten.

SentinelOne Singularity is a mature product.

Maintenance is necessary only when we are periodically carrying out updates.

Having a vendor like SentinelOne is crucial for a solid security strategy, as we aim for a product that seamlessly caters to both the IT department and end users. We intend to avoid exacerbating issues more than resolving them. Therefore, I believe SentinelOne is a suitable solution for us – easy to deploy and maintain on a daily basis.

I suggest trying out SentinelOne Singularity and comparing it to more traditional security vendors. SentinelOne Singularity offers a slightly distinct approach, but it's an effective method.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros sharing their opinions.
Updated: October 2024
Buyer's Guide
Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros sharing their opinions.