We have deployed SentinelOne Singularity on each end-user machine, as well as on the majority of our servers, utilizing it as an antivirus solution. Additionally, we employ SentinelOne Vigilance for our Security Operations Center. Moreover, we extensively utilize this solution across all our machines for tasks such as inventory control, asset tracking, and software monitoring. Furthermore, we have incorporated Ranger AD to enhance security within our active directory setup.
IT Director at a construction company with 501-1,000 employees
Exceptionally proficient at alerting and identifying any anomalies or unusual behaviors on the machines
Pros and Cons
- "Having the capability to gain insights across our network, observe all our machines, and have a centralized view of what's protected and where things are is incredibly advantageous."
- "The process of uninstalling and reinstalling older agent updates needs improvement."
What is our primary use case?
How has it helped my organization?
We use Ranger and Ranger AD. We incorporate the data from our SentinelOne Singularity into our SIEM. Moreover, in terms of Ranger, they are both accessible through the same console. When I click, the information is readily available. It's quite straightforward. Furthermore, concerning the transmission of logs to our SIEM, I don't believe we've ever encountered any problems with the initial setup or ongoing functionality.
Ranger offers visibility into our network and assets, which is quite significant. While other tools are available, having this functionality integrated is advantageous since we have it incorporated into a couple of our tools. This covers everything from our switches onward; although there are different options available, Ranger stands out because we are already using Singularity for other purposes. Hence, having it included is beneficial. While it may not be a decisive feature, it's something we always keep enabled.
It is important that Ranger does not necessitate new agents, hardware, or network changes. The fact that it's present, and functions seamlessly, alleviates any need for concern on my part. Furthermore, it effectively identifies new elements.
SentinelOne Singularity Complete has helped improve our response time. In areas where we don't have twenty-four-seven support, VigilanceOne will take over. We use VigilanceOne through SentinelOne, and it ensures constant monitoring. This makes me feel more at ease, knowing that there's continuous surveillance. With the addition of Ranger, Ranger AD, and VigilanceOne, I believe we have gained better insight into our entire network. This combination offers us an added layer of comfort.
It has helped reduce our MTTD and MTTR.
It has helped reduce our risk overall.
What is most valuable?
SentinelOne Singularity Complete is exceptionally proficient at alerting and identifying any anomalies or unusual behaviors on the machines. While we do encounter false positives, it has successfully detected several instances of malicious activities on the machines. Having the capability to gain insights across our network, observe all our machines, and have a centralized view of what's protected and where things are is incredibly advantageous.
What needs improvement?
The process of uninstalling and reinstalling older agent updates needs improvement. I am aware that the newer versions of SentinelOne that they have been working on are more effective. One of our major frustrations arises when we attempt to remove SentinelOne Singularity Complete from a machine and it only partially uninstalls.
The initial tier of support, when we call or engage with them in conversation, assigns a representative to assist us. However, we have occasionally encountered difficulties with the initial person, either due to their lack of knowledge or failure to follow through. In such cases, we have had to seek assistance from others or navigate through basic support on our own. Despite this, it appears that everything is progressing in the right direction. This is why we chose to renew our contract with them and even expand our range of products with their company.
Buyer's Guide
SentinelOne Singularity Complete
October 2024
Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete for three years.
What do I think about the stability of the solution?
I would rate the stability a nine out of ten.
What do I think about the scalability of the solution?
I would rate the scalability a ten out of ten.
How are customer service and support?
My feelings are moderate towards the technical support.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We had Sophos Intercept X Advanced Cloud Security initially. We had acquired all these tools through a different program. Despite having these tools, a virus managed to get through and bypass all our defenses. This is why we opted for SentinelOne Singularity Complete – we wanted to test the effectiveness of the AI-based approach compared to the traditional signature-based method.
How was the initial setup?
The initial setup was quite straightforward. During the initial phases of deployment, we had a couple of helpful individuals assisting us with the solution deployment, which resulted in a relatively smooth process.
The deployment was carried out by two administrators collaborating with one or two individuals from SentinelOne. Subsequently, we needed to initiate the installation and verify the installs. Consequently, I assembled a team of technicians for this task as well. To be specific, there were around two administrators and possibly four to six technicians dedicated to checking and ensuring the proper functionality of the setup. This was necessary due to the replacement of the old solution across twelve hundred machines within a limited timeframe.
What about the implementation team?
The implementation was completed in-house.
What's my experience with pricing, setup cost, and licensing?
I believe that the current pricing and licensing structure is fair. While it may not be a budget-friendly solution, I think it's reasonable considering what we are receiving.
Which other solutions did I evaluate?
We evaluated other solutions through online research, but we were recommended SentinelOne Singularity Complete by a company with which we were collaborating. Since the solution performed effectively during our cleanup process, we decided to continue using it.
What other advice do I have?
I would rate SentinelOne Singularity Complete a nine out of ten.
SentinelOne Singularity Complete has matured over the last two years and is a more complete product.
Moderate maintenance is required to keep up with the end users.
I do consider SentinelOne a partner. I do believe that their program is developing, but I wouldn't use them for all purposes everywhere. This is due to my mindset. Nonetheless, I do perceive that SentinelOne is increasingly becoming more of a partner.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
IT Security Engineer at Woodward, Inc.
We have good network and device controls, as well as real-time threat detection
Pros and Cons
- "I appreciate the network control as well as the device control."
- "I would appreciate seeing the browser extension react more effectively to events, going beyond mere detection."
What is our primary use case?
SentinelOne Singularity Complete serves as our everyday Endpoint Defense solution. We oversee daily detections and manage Sentinels, workstations, and servers. We strive to safeguard our assets and environment, while also defending against malicious processes and files.
How has it helped my organization?
We utilize Visions and its services. Visions and SentinelOne Singularity Complete are closely linked because we are now monitoring not only our products, endpoints, and environment, but we have also engaged Visions as a form of Managed Security Services Provider. Another aspect I find particularly valuable is their API. As a result, we've seamlessly integrated this solution with our SIEM system, which is functioning effectively. This is undoubtedly a tool that we employ, both in conjunction with Visions and our SIEM products.
It's capability to ingest and correlate data across our security solutions is impressive. I utilize tools such as Visions and Sentinel whenever I need to access or retrieve any telemetry. These tools, along with the enhanced visibility they provide, enable me to proactively conduct threat intelligence, explore my environment, and query assets generating alerts.
SentinelOne Singularity Complete has assisted us in streamlining our security solutions. We now possess the capability to identify malicious threats, and the system will automatically safeguard the relevant information, quarantine the threats, and revert any alterations made by the threat.
It has effectively defended our environment against numerous malicious actors. With a membership of over ten thousand, the solutions help safeguard their data effectively.
Singularity Complete has helped us reduce the number of alerts we receive by approximately 30 percent. The false positive issue has been addressed by working with Visions. We remediate these issues and then classify them as false positives, rather than repeatedly receiving alerts as in other solutions. As a result, we now experience fewer alerts than initially expected from day one.
It has assisted in releasing our staff to focus on other projects and tasks. Visions reviews all alerts, forwarding only the true positives to my team for investigation and response.
The agents are live, so our Mean Time To Detect is in real-time.
Our mean time to respond is in real-time. If an issue is escalated by Visions, we receive it instantly. Once it's recorded on the disk, it promptly gets escalated to them. They detect it, review the matter, and subsequently escalate it to us. Then, we review it together, all in real time. There is no downtime during which we have to wait.
SentinelOne Singularity Complete certainly reduces costs for our organization, as we need fewer personnel and don't have to involve numerous analysts due to the presence of Visions. It has also decreased our organization's risk by approximately 30 percent.
What is most valuable?
I appreciate the network control as well as the device control. These two features are truly excellent. I occasionally utilize the custom rules as well.
What needs improvement?
I would love to see improvement in the integration of SentinelOne Singularity Complete and Visions to better utilize the information we receive.
The browser extension for SentinelOne Hunter is a product designed for monitoring and detecting at a browser level. This library is widely recognized. It should not only detect incidents but also proactively block them within the browser environment. Therefore, I would appreciate seeing the browser extension react more effectively to events, going beyond mere detection.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete for one year.
What do I think about the stability of the solution?
I rate the stability of Singularity Complete nine out of ten.
What do I think about the scalability of the solution?
I rate the scalability of Singularity Complete nine out of ten.
How are customer service and support?
We have used technical support a few times, and they were excellent and very competent.
How would you rate customer service and support?
Positive
What was our ROI?
We have seen a return on investment.
Which other solutions did I evaluate?
The organization assessed Carbon Black but found greater value in SentinelOne Singularity Complete.
What other advice do I have?
I rate SentinelOne Singularity Complete nine out of ten.
SentinelOne Singularity Complete is a mature solution that offers a multitude of features and the potential to enhance security within an organization. This presents significant value for security professionals.
We have deployed SentinelOne Singularity Complete across multiple divisions, various business units, and numerous locations spanning Europe, the US, and Japan. As a global organization, Singularity Complete seamlessly integrates with any internet-enabled entity, providing robust agent support upon connection.
Two individuals are responsible for the maintenance tasks, which include updating agents, upgrading policies, and deploying packages.
Having SentinelOne as a strategic security partner is a positive development.
Before assessing Singularity Complete, we need to dedicate a substantial six-month period to thoroughly engage with the product. This entails working with it on a daily basis, comprehending its intricacies, and obtaining full administrative rights to explore and interact with all its features and functionalities.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
SentinelOne Singularity Complete
October 2024
Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
Operations Manager at Proton Dealership IT
Excellent detection rate / allowed our team to focus on proactive management
Pros and Cons
- "The detection rate for Sentinel One has been excellent and we have been able to resolve many potential threats with zero client impact. The ability to deploy via our RMM allows us to quickly secure new clients and provides peace of mind."
- "One area of SentinelOne that definitely has room for improvement is the reporting. The canned reports are clunky and we haven't been able to pull a lot of good information directly from them."
What is our primary use case?
Everyone who is a client of ours gets SentinelOne by default. It provides ransomware protection, malware protection, and increased security. Those are our top-three selling points for SentinelOne when we talk to clients.
How has it helped my organization?
Prior to deploying Sentinel One, we had a team of staff members dedicated to ransomware prevention and malware alerts. Since deploying Sentinel One, we have been able to allow that team to focus on other proactive security measures for our clients.
The dashboard alerting is great and it has helped us out a ton.
SentinelOne has also greatly reduced incident response time, based on the toolsets and the ability to deploy it to new companies through a script. That has been very helpful. It has decreased the amount of time spent on incident response by 40 to 60 hours a month.
And when it comes to mean time to repair, while we haven't had a situation where we've had to reload an operating system or repair to that extent, we've used the 1-Click Rollback feature which saves several hours over a reload of a PC.
What is most valuable?
The detection and response feature is really good for us.
Also, there is a feature called Applications, and it shows all the critical applications that are on devices that may need to be reviewed.
The solution’s Static AI and Behavioral AI technologies are great when it comes to protecting against file-based, fileless, and Zero-day attacks. I would rate that aspect at eight out of 10. They have been great at detection.
The solution’s 1-Click Rollback for reversing unauthorized changes is also huge for us. That is one of the top reasons we have SentinelOne in place. For example, we had a site that had downloaded malware on a share for their sales office. It was trying to move laterally throughout the network but SentinelOne detected it. We then used the 1-Click option to remove it from the 10 or so PCs it had infected. Then we blocked it based on the information SentinelOne provided to us. That way if it happened again, it would already be blocked and wouldn't be allowed to launch.
What needs improvement?
One area of SentinelOne that definitely has room for improvement is the reporting. The canned reports are clunky and we haven't been able to pull a lot of good information directly from them.
Also, integration is almost non-existent. We would really like to see integration with ConnectWise. Within ConnectWise Automate, you're only allowed to deploy at the top-level group. Our company is dealership-focused, but if we have a parent dealership that has 10 sub-dealerships with SentinelOne, we have to treat them as one large group instead of one parent and 10 sub-groups. That's been a pain point for us. We've done some workarounds, but since there is no integration, it's tough.
For how long have I used the solution?
I have been using SentinelOne for about two years.
What do I think about the stability of the solution?
We haven't had any issues, outages, or upgrades. I would rate the stability at 10 out of 10.
What do I think about the scalability of the solution?
One of the features that we love about SentinelOne is that we don't have to buy licenses ahead of time. It just scales up as we grow. We're bringing on a client now that has 500 endpoints and I don't have to worry about contacting sales at SentinelOne and getting a PO for 500 licenses. It just scales up and we're charged based on what we use, which is awesome.
The solution is on 100 percent of our clients that we manage, and that's going to be the goal moving forward. Our sales team does not put in a contract without SentinelOne.
How are customer service and support?
SentinelOne technical support has always been very quick and responsive. We haven't used them a lot. We're a technology company as well and we're able to fix the minor stuff ourselves or by looking at a knowledge base.
One of our concerns or complaints at the beginning was the lack of training, which they fixed. They allowed us to schedule our staff to do the eight hours of free training, which was great. That would have been my only complaint, but that was resolved a few months ago.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We didn't have any EDR solution in place like SentinelOne. We had Bitdefender for antivirus, but that has been removed. Our existing antivirus was failing in several ways. It wasn't detecting everything that was coming through. That was the big catalyst for the switch.
Originally, we had SentinelOne through SolarWinds, which was our previous RMM tool. And when we migrated to ConnectWise, we moved our existing licenses over.
How was the initial setup?
The initial setup was straightforward. It was through our RMM. We bought licenses and we had a one-click deployment to deploy that software. And when we migrated, the gentleman who helped us was awesome. We migrated 9,000 endpoints from that RMM directly into SentinelOne, and he did a lot of the heavy lifting. We just had to check and confirm things were getting moved over.
The migration of the 9,000 agents took 10 to 14 days.
Our implementation strategy included a deployment where we would do a test phase. We picked certain endpoints at different clients and we would deploy and set it in a "listen-only" mode and see what it caught. If everything was good, we would then turn it on to regular mode. That process helped a lot in the implementation.
We have about 75 people in our company using SentinelOne. The main roles among them are about 60 percent help desk, which is view-only; 20 percent client-side, which is reporting and view-only; and the rest are our engineering level where they have the ability to do rollbacks and fix certain issues that are coming in. There is very little maintenance involved with the solution, maybe a handful of hours a month. We have it set up to auto-update. Prior to that, we had to set up our script to download the most recent version, but that's all been replaced now with automation. Maintenance on the actual system is very minimal.
What's my experience with pricing, setup cost, and licensing?
In the past, we had to purchase licenses in advance, so if we hit our license limit, we could not expand until we got a signed agreement in place with the sales rep after the back-and-forth. That meant if a client had ransomware and they had 200 agents, we couldn't deploy right away if we were up against our limit. So we always had that balancing act of figuring out if we were close to our limit and whether we needed to buy more licenses? We ended up paying for licenses we didn't need because we had to buy them in packages of 100.
We now pay based on usage. They do an audit once a quarter and calculate any overages. We pay a set amount quarterly, based on our licenses in use, and then they true-up the figure. Right now we have 12,800 agents with SentinelOne on them. We charge our clients monthly, so it would be really difficult for us to write a check to SentinelOne, in advance, for a full year's worth, at that level. It's been great for us to have the quarterly payments.
Which other solutions did I evaluate?
We looked at CylancePROTECT in addition to SentinelOne. We liked the pricing better and the contract options better with SentinelOne. The deployment also seemed to be easier. In addition, SentinelOne detected things that others missed. We did a few quick trials of other solutions, but SentinelOne seemed to be the best in terms of detection. For example, we did a test with Mimikatz and SentinelOne detected it immediately, whereas some of the others bypassed or didn't see it at all.
And when we talked to the ConnectWise sales rep—because ConnectWise was integrated with Cylance at that point, and SentinelOne was not—the rep told us that they were actually dropping Cylance and moving to SentinelOne over the next year for integration, which was a big factor for us.
What other advice do I have?
My advice would be to implement SentinelOne immediately. It is one of the top things that we've implemented and it has saved us countless hours. It's really hard to quantify the savings, but if a client were to get ransomware, it could involve weeks of several team members working around the clock to get them back up and running. Since we've implemented this, we haven't had to do that in an environment where we had experienced having to do so previously.
The biggest thing I've learned from using SentinelOne is that there are a lot more attacks out there than a typical antivirus will display. Regular antivirus, rather than an EDR-type platform, gives people a false sense of security because there are a lot of processes running in the background that the typical antivirus solution is not equipped to catch. It was eye-opening when we started deploying this at clients, locations where we felt we had very good peace of mind in terms of what was happening. SentinelOne started detecting things left and right that were completely unable to be seen prior.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: MSP
Cyber Security Engineer at a leisure / travel company with 10,001+ employees
Offers threat hunting, visibility, and malware protection in one console
Pros and Cons
- "I find the product very easy to maintain and troubleshoot. Their engineers are very helpful if you need additional assistance. It's one of the best products I've used. It's easy to use from my standpoint, both for troubleshooting and with the support we get from their team if necessary."
- "It would be nice to be able to adjust the canned reports manually and choose the specific data we want to report on instead of being limited to their pre-set reports."
What is our primary use case?
We use the tool for malware protection and the XDR portion to track intrusions and possible exploitations.
What is most valuable?
I find the product very easy to maintain and troubleshoot. Their engineers are very helpful if you need additional assistance. It's one of the best products I've used. It's easy to use from my standpoint, both for troubleshooting and with the support we get from their team if necessary.
I find its interoperability with other solutions very good. When there are issues, because everything eventually has issues, the team is very good about running logs and finding out what portion is having issues. We can either exclude a portion of it or make it work. They find a solution.
We haven't had any issues with how we ingest or correlate data across security solutions. We use APIs and things like that to ingest data. For us, we haven't had any issues with the tools we use, but I can't speak for other organizations.
We now have threat hunting, visibility, and malware protection in one console. There are other portions we don't leverage because we choose to keep them separate, like our firewall, but we could if we wanted to.
The solution has helped us reduce false positives. We still get alerts, but I think they're more dynamic now. We have fewer issues with systems. It doesn't take as many resources, so we don't have outages caused by hijacking resources. We've probably reduced our issues with that by 90 percent from the previous program we were using.
The tool has helped free up our team's time. Especially when it comes to upgrades, I went from taking several months with the previous software to getting it done in a week or two for 15,000 to 17,000 assets. It's freed up months.
While I don't track mean time to detect specifically, I know it's very quick because of the way it detects intrusions. It's anomaly-based, not signature-based. It will flag something, review it, determine whether it's a false positive or actually malicious, and then quarantine it. It's pretty instantaneous. We've averted several ransomware attempts before they could infect anything.
Our mean time to respond has decreased significantly. The response is much quicker now, especially since very little gets reverted to us for handling. The Vigilance AI portion usually takes care of most of it, determining the severity of something and whether it needs human attention.
It has helped us save costs, particularly regarding fewer infections throughout the network. While I don't have exact numbers, we've had a reduction in costs associated with reimaging machines due to malware.
What needs improvement?
It would be nice to be able to adjust the canned reports manually and choose the specific data we want to report on instead of being limited to their pre-set reports.
For how long have I used the solution?
I have been using the product for three years.
What do I think about the stability of the solution?
In terms of stability, we have no downtime from SentinelOne Singularity Complete. We may have some complications with interoperability when we deploy something new that didn't get tested, but that's usually not SentinelOne's fault. It's usually because a third party changed something that had already been whitelisted.
What do I think about the scalability of the solution?
We haven't had any issues with scalability. It scales very well from small to large. We're at 16,000 endpoints, and it's very easy to deploy and manage.
How are customer service and support?
I've contacted technical support myself. Their response time depends on the severity with which you submit the case. For low priority, it takes about a day or two. For high priority, it's within an hour or two, according to their SLA. They're very prompt.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We switched from Symantec to SentinelOne Singularity Complete mainly because of cost and technology changes. Symantec wasn't changing quickly enough as technology moved toward the cloud, and things were going faster. Broadcom was still using heavy, clunky on-premises agents that used a lot of resources. SentinelOne Singularity Complete was new, next-gen, smoother, and quicker with less downtime. They manage their end in the cloud, so we don't have to maintain our console.
How was the initial setup?
We saw the benefits immediately after deployment. The deployment was seamless, easy to learn, and easy to use—very intuitive. The initial deployment was pretty seamless and easy. It took us about six months to fully deploy, but that was because we did it in segments. We're a global organization with many different entities, so we had to do it segmented. It probably would have taken us a quarter if we had just set it out all at once.
The only maintenance we require is keeping our agents up to date. We do this manually because we go through a change approval process to ensure we don't introduce anything that will harm the system. We then test and deploy.
What about the implementation team?
We used SentinelOne's guidance, but we did the deployment ourselves in-house.
What other advice do I have?
My impression of SentinelOne Singularity Complete as a strategic security partner is that it's state-of-the-art, easy, and uncomplicated. As an engineer, I find the product easy to deploy, maintain, and efficiently. I rate the overall solution a ten out of ten.
I advise new users to read the manual before they start using it. Understand all the different modules to utilize them as intended and get the best out of them. Also, use their support if you have questions before you deploy. Get a game plan and follow their recommendations.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Sep 4, 2024
Flag as inappropriateCISO at Katholische Universität Eichstätt-Ingolstadt
Robust security with efficient threat detection, minimal false positives and user-friendly features, empowering organizations to safeguard their systems effectively
Pros and Cons
- "The platform is user-friendly, easy to administer, and aligns well with GDPR requirements, which is crucial for us."
- "It primarily operates on local machines, monitoring processes, and not always providing detailed insights, relying on external information to determine the nature of a file."
What is our primary use case?
Our primary use cases involve Endpoint Detection and Response and Extended Detection and Response.
How has it helped my organization?
My positive experience with SentinelOne lies in its comprehensive version, allowing for rollback and replay of events, which is especially useful for EDR. The strength of behavior-based solutions like SentinelOne, CrowdStrike, CyberArk, and others lies in their ability to reveal the consequences of opening a file. Witnessing the impact of a virus gaining control over a computer or understanding the ramifications of opening a file adds a layer of insight.
It stands out for its seamless interoperability with other SentinelOne products and tools, facilitated by REST interfaces. This integration is particularly potent when connecting SentinelOne as an endpoint solution to firewalls like Fortinet, allowing the firewall to receive insights from SentinelOne clients. In today's landscape, where file transfers often occur through encrypted channels, traditional firewalls face challenges in inspecting these streams effectively. SentinelOne's endpoint security addresses this by analyzing downloaded files in their decrypted form, providing a crucial layer of protection. The bidirectional information flow between the firewall and endpoint security, enabled by SentinelOne's REST API, empowers proactive threat prevention and detection, contributing to a robust cybersecurity posture.
Utilizing SentinelOne has significantly reduced the number of alerts for us. We might have experienced more false positives and missed potential attacks without it. Its alert system is efficient, with a low rate of false positives compared to other solutions I've heard about. Managing alerts is straightforward, and the platform allows for creating white lists to handle false positives, such as those related to old printer drivers. The administration is user-friendly, offering features like multi-factor authentication for secure connections to the console and automatic updates within the SentinelOne interface.
It has proven to be a time-saver for our staff, significantly reducing the likelihood of falling victim to various cyber threats. By addressing the spectrum of attacks, from initial malware infiltration to potential worst-case scenarios like Active Directory compromise, SentinelOne has played a pivotal role. It effectively diminishes the probability of becoming a target for attacks that exploit stolen passwords, infiltrate the company's IT infrastructure, and escalate privileges, ultimately leading to severe consequences such as a randomized Active Directory.
What is most valuable?
The platform is user-friendly, easy to administer, and aligns well with GDPR requirements, which is crucial for us. What makes SentinelOne stand out is its speed and efficiency, consuming minimal computing resources. It operates by checking data only when it's accessed, synchronizing with the process that opens the data which is well-designed and effective.
I don't actively use SentinelOne's Ranger functionality because we haven't implemented it university-wide. While we've employed it in specific cases, my experience with it is limited. However, it provides valuable insights into past events, allowing you to trace the history of a virus download or malware activity. For instance, you might discover that a virus was downloaded two weeks ago using the Safari web browser, saved to the computer, and later opened with Excel, triggering certain actions before SentinelOne intervened. The ability to roll back such ransom actions is a valuable capability provided by SentinelOne.
What needs improvement?
It primarily operates on local machines, monitoring processes, and not always providing detailed insights, relying on external information to determine the nature of a file. This limitation becomes apparent in more complex scenarios, such as analyzing or assessing the content of files at the byte level, especially in cases involving files like Excel, where there may be some difficulty in discerning potential issues. They should consider incorporating a cloud-based service where users can upload suspicious links, documents like Excel sheets, or ambiguous files to observe their behavior in a sandbox environment. Currently, with SentinelOne, the process involves setting up a separate network and machine for this purpose, requiring users to upload the file and monitor its behavior on the dedicated machine. Offering a free and accessible service like this would be a noteworthy enhancement to their product, providing users with a convenient and efficient way to analyze potentially harmful content.
For how long have I used the solution?
I have been working with it for four years.
What do I think about the stability of the solution?
I would rate its stability capabilities ten out of ten.
What do I think about the scalability of the solution?
I would rate its scalability abilities nine out of ten.
How are customer service and support?
I am highly satisfied with their technical support; it is truly excellent. I would rate it ten out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Comparatively, SentinelOne has certain drawbacks, particularly when measured against CrowdStrike. CrowdStrike offers a free sandbox at hybrid-analysis.com, allowing the examination of links and downloaded files on a virtual machine. This proves especially valuable in assessing potential phishing emails. Uploading the file or link to hybrid-analysis.com provides a detailed analysis, complete with screenshots of what transpires on the virtual machine. This includes actions like the opening of links, prompting CEO impersonation attempts, and other background information. While SentinelOne may lack these specific features, its advantage lies in being an all-encompassing solution, whereas CrowdStrike functions primarily as a managed service, which may not align with specific preferences.
How was the initial setup?
The initial setup was straightforward.
What about the implementation team?
The deployment of Singularity Complete involved some consultation, as we collaborated with a partner who facilitated the onboarding process with SentinelOne. While the partner occasionally provides support, larger issues are infrequent, and overall, the deployment has been relatively smooth. We have implemented it across various locations. There is some maintenance involved in managing Singularity Complete.
What was our ROI?
It's challenging to quantify precisely, but the implementation of Singularity Complete has significantly reduced organizational risks. Currently, we employ it on critical systems, constituting approximately fifty percent of our infrastructure.
What other advice do I have?
Creating separate groups for various types of computers, like Windows servers and clients, enables efficient management and customization of security configurations tailored to specific needs. Overall, I would rate it ten out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Deputy CISO at The University of Texas at El Paso
Interoperable with great support and documentation
Pros and Cons
- "It is great for security monitoring and blocking when needed."
- "I've had some issues with the specific agents, however, we are moving off of that particular OS that we were having issues with. Other than that, it's been a pretty solid tool."
What is our primary use case?
It's our main EDR solution on campus for our university. It's the main solution that we deployed to our host throughout the university.
How has it helped my organization?
I wasn't here for the initial implementation, however, it was to replace a previous product that we had, so we wanted to move to something cleaner, easier to use, and an overall better product.
Its basic use, which is just an EDR solution for actively hunting and killing threats, is good. It does what we had intended it to do, and that's what it does a great job of.
What is most valuable?
The main feature, its EDR capabilities, is the most valuable. It is great for security monitoring and blocking when needed. It offers good basic operations of an antivirus solution.
Singularity's ability to ingest and correlate across security solutions is good. It does not ingest as much as it gives out. Right now, for us, there is not any ingesting happening for it right now. We don't have that set up.
The interoperability with other solutions or other third-party applications has been pretty solid. It's pretty standalone by itself. We're exporting a little bit of data from it, however, and we haven't had any issues.
Our mean time to detect is good. I wouldn't have the numbers on that, however, it's relatively quick. From some of the stuff that we've done investigations on, it's within the minute. It responds when it sees something within minutes and runs through its normal process of blocking and then alerting us about whatever was done.
The response comes to us. That's a human response. It's just the detection and alerting system, and then the response falls on us, and that varies depending on workload.
The quality is obviously great. They are mature. They change, they adapt as any security tool would in response to the threats in the threat landscape.
What needs improvement?
Off the top of my head, I can't think of much that’s wrong with the product. It's a pretty solid tool from top to bottom. I've had some issues with the specific agents, however, we are moving off of that particular OS that we were having issues with. Other than that, it's been a pretty solid tool.
We had a problem on the Singularity side. So for that particular issue, I’m not sure why it didn’t work with the OS, a Windows Server. It was an issue with some of the clients connecting to the console. We’ve been working with them and haven't been able to find out a single cause of failure.
For how long have I used the solution?
I've been using the solution for a year and a half.
What do I think about the stability of the solution?
We haven't had any issues. There is nothing that's noticeable and it's never offline for long periods of time.
What do I think about the scalability of the solution?
It's pretty scalable. There are a few operating systems that we've had issues with. Other than that, everything else has been pretty scalable.
How are customer service and support?
Technical support is super. They are very helpful and relatively quick to respond. Sometimes they take a little bit to respond, however, it's not super long.
The company also has good online knowledge and it's pretty helpful. Usually, we'll access the database knowledge first and then go to support.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We used CrowdStrike previously.
How was the initial setup?
I was not involved in the initial setup.
I'm not hands-on. I'm more on the management side. Basically, we make sure that they connect, and I'll handle the management once everything's set up. I'm handling monitoring. Deployment is handled by another team. We have maybe ten team members who manage deployments.
The maintenance is minimal. It's pretty self-sufficient. We just do normal reviews.
From my point of view, the deployment is straightforward.
What about the implementation team?
We use internal teams to handle deployment.
What's my experience with pricing, setup cost, and licensing?
I'm not sure of the pricing. That's above me. I'm a technical person. It's not my arena.
What other advice do I have?
They also have this feature called Ranger. That one we don't have implemented. That's an extra fee, so we don't have it.
Overall, I'd rate the solution ten out of ten. It's been a pretty solid tool.
I would probably recommend it over some of the other ones that I've seen only based on the ease of use. It does what it's supposed to do. It's been relatively fast and is also pretty complete from what we've seen. The product is not very difficult to learn.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Soc Analyst at a retailer with 10,001+ employees
We can easily deploy the agents, have great visibility, and log correlation
Pros and Cons
- "The most valuable aspects of SentinelOne Singularity Complete are the ease of deployment with the Sentinel Agent and the enhanced visibility with Skylight, which provides correlation of logs and all endpoint data in a centralized location."
- "We often experience interruptions to our investigations in SentinelOne Singularity Complete."
What is our primary use case?
I review the data logs from each SentinelOne agent using Skylight to develop queries. We have been using Star Alerts to create custom alerts based on those rules. We also partner with their Vigilance team for 24/7 monitoring.
We implemented SentinelOne Singularity Complete to gain widespread visibility into global markets and to facilitate easy agent deployment for EDR and XDR solutions.
How has it helped my organization?
SentinelOne Singularity Complete's interoperability with other SentinelOne and third-party applications is excellent. We recently used a proof of value to integrate some of our other email products, such as Proofpoint, with SentinelOne Singularity Complete. The ease of use has been amazing. Singularity Complete has been a great data ingestion platform, and we have already gained a wealth of data that we never had access to before.
Singularity Complete's ability to ingest and correlate data across our security solutions has been effective. We can see a significant number of events from our DNS logs, firewall logs, and email tenancy. Overall, it has performed very well thus far.
We ended up getting rid of QRadar and relied heavily on Singularity Complete. Singularity Complete allowed us to deploy the SentinelOne agent on a significant number of domain controllers and collect much more information than we could with QRadar alone. We needed to purchase additional licenses to quantify the data more effectively. However, Singularity Complete provided the same if not even more enrichment because it allowed us to see a lot of things about the transitioning of IP ranges, the ingressing of traffic from different IP ranges if they are open to the internet, and who is contacting those ranges via different endpoints. Overall, Singularity Complete has provided a significant improvement in data ingestion over our previous solution of QRadar.
Overall, we have seen a quicker response time with Singularity Complete. We are able to drill down into events in a much more granular way. This allows us to respond better, correlate the information that Singularity has gathered, and come up with a definitive answer to certain questions. Because of Singularity's enrichment of the data that we currently have, we are able to answer these questions more accurately, carefully, and with more specific timestamps. Since we have some of these deployed globally, it is very important for us to get the centralized time zones correct so that we know exactly when an event occurred.
Singularity Complete has helped us reduce the number of false positives. It provides us with a wealth of data enrichment, which allows us to distinguish between normal and abnormal events in our environment. This is important because we have billions of events happening every ten minutes across our many deployed endpoints. In the past, we would waste analyst time investigating alerts that turned out to be false positives. However, with Singularity Complete, we can now quickly identify which alerts are most likely to be legitimate and prioritize those for investigation. For example, if Singularity Complete tells us that a particular event has been seen a thousand times on one endpoint but only twenty times on another endpoint, we know that the twenty occurrences on the second endpoint are more likely to be abnormal and worth investigating.
Singularity Complete has helped free up our staff's time for other projects. With all the data enrichment that Singularity Complete has provided us, we are no longer chasing false positives. We are able to set our custom Star rules so that we receive the alerts that are most relevant to our organization, rather than broad alerts that may or may not be relevant. This allows us to focus our attention on what matters most and to investigate more accurate alerts. As a result, we are able to dedicate time to other projects. Before Singularity Complete, our analysts spend two to four weeks. With Singularity Complete in place, we've seen a reduction of two to three weeks, depending on the vendor. On average, analysts now spend three to ten days analyzing logs.
Singularity Complete substantially reduced our MTTD.
Our MTTR has been substantially reduced by Singularity Complete. We are now able to respond within the hour of receiving the alert.
Singularity Complete has helped our organization save costs by eliminating the need to replace equipment infested with malware. We can now detect, remediate, and roll back malware attacks as needed, thanks to the visibility that Singularity Complete provides. We can drill down into actual alerts, not just false positives, and eradicate any malware that may be infecting our systems.
Singularity Complete has reduced our organizational risk by providing us with much broader visibility into various endpoints deployed globally. This allows us to see what is normal in our environment, rather than reacting to what may not be normal.
What is most valuable?
The most valuable aspects of SentinelOne Singularity Complete are the ease of deployment with the Sentinel Agent and the enhanced visibility with Skylight, which provides correlation of logs and all endpoint data in a centralized location.
What needs improvement?
The ingestion and correlation of data would be improved by integrating with email security solutions such as Proofpoint or our email security solution. We do not yet have a marketplace integration, so we had to build it from scratch. As a result, it has been somewhat difficult for this particular use case, but the data is available and we are able to correlate it with users, not necessarily with endpoints, but we are making progress.
We often experience interruptions to our investigations in SentinelOne Singularity Complete. It would be helpful if we could resume our search query from where we left off, even if we lose internet connectivity or the platform is caching results. This would reduce our MTTR by eliminating the need to wait for the platform to load results again. We expect some load times due to the amount of data in our environment, but the current load times are too long and sometimes produce no results. We would like to see the overall response time of the platform improved.
One area for improvement would be per-user dashboarding. This may be a permissions issue, but we currently only have organization-wide dashboards. I think per-user dashboards would be beneficial because they would allow users to focus on their specific investigations. For example, when a user opens Singularity Complete, they can see a dashboard that is tailored to their current investigation.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete for three years.
What do I think about the stability of the solution?
I would rate the stability of SentinelOne Singularity Complete as a seven out of ten. We have sometimes encountered problems where queries do not load or take an abnormally long time to load, especially when we are narrowing down the search range to a fourteen-day period, which is standard for us. We have also seen queries that run for twenty minutes or so and then log us out. Additionally, the time narrowing feature, or at least the custom time slots, where we can specify a date, such as September 18, may not work depending on how we write the query. We have had to get used to the custom syntax for the time stamps. Finally, we have sometimes seen data that does not update as often as it should.
What do I think about the scalability of the solution?
We have not experienced any problems with scalability. We are able to onboard new machines, and within a day or two, we see more data populate for those machines. So far, scaling has been very helpful for us. This is one of the reasons why we wanted to onboard with Singularity Complete, to get that visibility and to get it right away.
How are customer service and support?
Most of the technical support team members I have spoken to at the level two and level three levels of support have been very helpful and willing to share resources and documents from the help portal and knowledge base articles.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We previously used IBM Security QRadar but it did not provide the level of data ingestion we required so we switched to SentinelOne Singularity Complete.
What was our ROI?
We have seen a return on investment from SentinelOne Singularity Complete, based on our reduced time to detect and respond to threats, as well as the overall risk reduction to the organization.
What's my experience with pricing, setup cost, and licensing?
Our organization is very satisfied with SentinelOne Singularity Complete, especially compared to other options available. It is very affordable and easy to license, and it allows us to onboard new analysts quickly, with a turnaround time of one day at most.
Which other solutions did I evaluate?
We evaluated CrowdStrike, but the way their deployment platform worked would not work for our organization.
What other advice do I have?
I would rate SentinelOne Singularity Complete eight out of ten.
We just started using Ranger this week. So far, we've done small test use cases to see what our endpoints can communicate with. Ranger has identified a significant number of machines, including printers, other endpoints, and personal machines, which gives us a better understanding of our network security.
SentinelOne Singularity Complete has come a long way. I believe it used to be called Power Query or even Data Set at one time. We're currently using the Skylight portion of Singularity Complete, which is a newer addition. Compared to where it was, Singularity Complete is now leaps and bounds ahead. It's the product we use when we need a lot of raw data and the ability to customize what we're looking for in our environment. The wealth of information that we get from every endpoint with the Singularity Complete agent installed allows us to create a large number of custom rules and alerts. This saves us a lot of time, especially for our analysts, who no longer have to respond to as many false positive alerts.
We have a maintenance process in place for our custom rules and alerting. We have a dedicated team of members who are responsible for maintaining these aspects, but overall, we have not encountered any major issues that have impacted our team. A lot of this maintenance does occur outside of office hours.
With SentinelOne Singularity Complete, experiment and use it to its fullest potential, even if a mistake is made. It is a robust platform, so causing any serious damage is unlikely. Some specific features to play around with include custom roles, alerting, fields, power queries, search queries, data retention, and customized displays for the analysts. Tailoring the platform to specific needs will help get the most out of it. Singularity Complete collects a lot of data, so make sure to parse and categorize it in the most efficient way for the organization.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Cybersecurity Analyst at a manufacturing company with 1,001-5,000 employees
Gives us a good eyes-on-glass approach, displaying vulnerabilities automatically without need for manual work
Pros and Cons
- "It identifies what applications are vulnerable. If I go to the applications, such as Adobe Photoshop or Adobe Reader, I can see our current list of vulnerabilities: How many are vulnerable and how many need to be updated with patching. One of the most valuable aspects is the ease of finding specific vulnerabilities."
- "If there is a vulnerability that we know about, I search for that vulnerability—for example, Adobe. There are different versions of Adobe, but I'm not able to compile them into one report. I have to create separate reports for those versions."
What is our primary use case?
One of our use cases is that we wanted some type of visibility into our vulnerabilities and insight into our endpoints.
How has it helped my organization?
Ranger really helps us because, even though we're a smaller team of security professionals, it gives us a good eyes-on-glass approach. And if there is a known vulnerability, we can automatically see that without having to spend more time looking at it. In the past, we would do all of this manually. We would have to go into our systems and see which IP address is coming from the outside world and see the IP address, workstation, current version, hostname, MAC address, et cetera. Now, we can easily see that in the report that we get every day.
We used Rapid7, but Singularity has certainly helped reduce alerts. We have a threshold set in Singularity so that if one of our critical devices is vulnerable, we get automated email alerts. The alerts tell us what we need to look at in terms of logs and the like, and they help us automate some of our internal processes.
Personally, it has saved me a lot of time, about one-third of my day. And our mean time to detect has been reduced by anywhere from 45 minutes to an hour. But our mean time to respond has been pretty much about the same. I'm logging into SentinelOne every day and I see what's going on. If there is anything that needs to be talked about with our sysadmin team to get patches rolled out, we have a meeting about it every week. SentinelOne, overall, has brought our organizational risk down by at least 35 to 40 percent.
It helps us with our compliance efforts too, especially for auditing. If someone asks, "Do you have a list of all your endpoints?" we can definitely say "yes." And if they ask, "How is it categorized, by IP address, workstation, or OS?" we can see it's on this particular network and it's made by that manufacturer.
What is most valuable?
With Ranger, we can see the device inventory, the networks, how many workstations we have that it's scanning, how many printers, how many mobile and IoT devices, and servers.
It identifies what applications are vulnerable. If I go to the applications, such as Adobe Photoshop or Adobe Reader, I can see our current list of vulnerabilities: How many are vulnerable and how many need to be updated with patching. One of the most valuable aspects is the ease of finding specific vulnerabilities.
What needs improvement?
About every month, when I go into SentinelOne, if there is a vulnerability that we know about, I search for that vulnerability—for example, Adobe. There are different versions of Adobe, but I'm not able to compile them into one report. I have to create separate reports for those versions. Some of the reporting could be improved a little bit. I wish all Adobe products could be included together, or that you could mix and match Adobe with some other software or video player.
For how long have I used the solution?
We have used SentinelOne for the last year and a half, and we're pretty happy with it.
What do I think about the stability of the solution?
I haven't had any issues with the platform. There hasn't been any crashing or lagging. Everything seems to be current. Overall, it's pretty seamless and I get really good results with it. I include it in my routine every morning and afternoon. I review the SentinelOne reports to see what vulnerabilities have been detected.
What do I think about the scalability of the solution?
It is definitely scalable. You can really expand it and, for us, that is huge. As our organization grows, we will likely look at acquisitions, and, with those acquisitions, we will definitely get the other company's devices deployed through SentinelOne. It will allow us to grow and have their devices in the SentinelOne console as well, and have visibility.
How are customer service and support?
I have contacted their support for a vulnerability issue, and they were able to help out with that. They told me how to get it remediated and what scan to perform.
Which solution did I use previously and why did I switch?
It has helped us consolidate our security solutions. At one point, we had Rapid7 and SentinelOne. However, we realized we could take what Rapid7 has and consolidate it into one platform. At a high level, they're almost the same tool, but SentinelOne has a few more features and functionalities.
Also, we could see how many operating systems we have in our current environment through the standard image system we had. But now, we can see that through SentinelOne. That has been a key takeaway because we can see how many Windows, Linux, Apple, and Android devices we have.
Which other solutions did I evaluate?
In addition to Rapid7, we were looking at CrowdStrike for our endpoint detection, and at Sophos as well. Clearly, SentinelOne was the best for us.
SentinelOne is definitely a leader in the marketplace because it has a lot of features to offer. There are some pretty good integrations with it as well, and there are things you can change in the settings and how it's deployed.
The quality of the solution is great. I don't have any complaints other than that small reporting issue I mentioned. In terms of maturity, Singularity is one of the top-notch eyes-on-glass solutions that you can have, especially as it relates to your endpoints and vulnerabilities. It gives you that technical deep dive into what the vulnerability is, what workstation it's on, and whether there are any other endpoints affected.
What other advice do I have?
There are some integrations that we could possibly use, but we haven't used any. There is one with KnowBe4 that we are looking to use.
As for maintenance, I don't have to do any in my role, but it does require some, such as upgrading versions.
If you're looking for a solution like SentinelOne, and you're looking to get an eyes-on-glass approach for your endpoint devices and your vulnerability management program, this could be one of your top solutions. Overall, I'm happy with it and my team is very happy with it. Our scans are fully automated and that is never an issue for us. It offers a lot of capabilities, expansion, and growth. If your company is looking to grow, it's definitely all there for you. You get a really good report on your devices and your networks.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Endpoint Detection and Response (EDR) Endpoint Protection Platform (EPP) Anti-Malware Tools Extended Detection and Response (XDR)Popular Comparisons
CrowdStrike Falcon
Microsoft Defender for Endpoint
Fortinet FortiEDR
Cisco Secure Endpoint
Microsoft Defender XDR
IBM Security QRadar
Elastic Security
Intercept X Endpoint
Trend Vision One Endpoint Security
Kaspersky Endpoint Security for Business
VMware Carbon Black Endpoint
Check Point Harmony Endpoint
Trend Vision One
Trellix Endpoint Security (ENS)
Buyer's Guide
Download our free SentinelOne Singularity Complete Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the biggest difference between Carbon Black CB Defense, CrowdStrike, and SentinelOne?
- Which is better - SentinelOne or Darktrace?
- What do you recommend to choose when replacing Symantec EDR: SentinelOne or CrowdStirke Falcon?
- Cortex XDR by Palo Alto vs. Sentinel One
- Which solution do you prefer: CrowdStrike Falcon or SentinelOne Singularity Complete?
- Does SentinelOne have a Virtual Patching functionality?
- What is the biggest difference between EPP and EDR products?
- What is the difference between EDR and traditional antivirus?
- What is your recommendation for a 5-star EDR with low resource consumption for a financial services company?
- Which is the best EDR for a logistics company with 500-1000 employees?