SentinelOne Singularity Complete Reviews

Our use cases are for client and server visibility in our enterprise and operational technology environments, as EPP and EDR solutions.

Traditionally, we have had an open policy on endpoints in terms of what has actually been installed. We don't really centrally manage the application. So, we have had a sort of dirty environment. Now that we have SentinelOne with its advanced capabilities, this has enabled us to detect and categorize unwanted applications. It has given us a good foothold into the area of inventory management on endpoints when it comes to our applications as well.

One of the main selling points of SentinelOne is its one-click, automatic remediation and rollback for restoring an endpoint. It is extremely effective. Everything is reduced, like cost and manpower, by having these capabilities available to us.

The Deep Visibility feature is the most useful part of the EDR platform. It gives us good insights into what is actually happening on the endpoints, e.g., when we have malicious or suspicious activity. We came from a legacy type AV previously, so we didn't have that level of visibility or understanding. For simplifying threat-hunting, it is extremely useful, where traditional techniques in threat hunting are quite laborious. We can put in indicators of compromise and it will sweep the environment for them, then they would give us a breakdown of what assets have been seen and where they have been seen, which is more of a forensics overview.

From a forensics point of view, we can see exactly what is going on with the endpoint when we have threats in progress. It also gives us the ability to react in real-time, if it has not been handled by the AI. We have set the policy to protect against unknown threats, but only alert on suspicious ones. 

The Behavioral AI feature is excellent. It is one of the reasons why we selected SentinelOne. We needed a solution that was quite autonomous in its approach to dealing with threats when presented, which it has handled very well. It has allowed us to put resources into other areas, so we don't need to have someone sitting in front of a bunch of screens looking at this information.

The Behavioral AI recognizes novel and fileless attacks, responding in real-time. We have been able to detect several attacks of this nature where our previous solution was completely blind to them. This has allowed us to close gaps in other areas of our environment that we weren't previously aware had some deficiencies.

The Storyline technology is part of our response matrix, where you can see when the threat was initially detected and what processes were touched, tempered, or modified during the course of the threat. The Storyline technology's ability to auto-correlate attack events and map them to MITRE ATT&CK tactics and technique is very effective. By getting that visibility on how the attack is progressing, we can get a good idea of the objective. When we have the reference back to the framework, that is good additional threat intelligence for us.

Storyline automatically assembles a PID tree for us. It gives us a good framing of the information from a visibility standpoint, so it is not all text-based. We can get a visualization of how the threat or suspicious activity manifested itself.

The abilities of Storyline have enabled our incident response to be a lot more agile. We are able to react with a lot greater speed because we have all the information front and center.

The solution’s distributed intelligence at the endpoint is extremely effective. We have a lot of guys who are road warriors. Having that intelligence on the network to make decisions autonomously is highly valuable for us.

The role-based access is in dire need of improvement. We actually discussed this on a roadmap call and were informed that it was coming, but then it was delayed. It limits the roles that you can have in the platform, and we require several custom roles. We work with a lot of third-parties whom we rely on for some of our IT services. Part of those are an external SOC function where they are over-provisioned in the solution because there isn't anything relevant for the level of work that they do.

We have used it for around 10 to 11 months.

In the 11 months that we have had it, we have only had one problem. That was related back to a bug on the endpoint agent. So. it is very stable when I compare it to other platforms that I have used, like McAfee, Symantec, and Cylance.

Being a SaaS service, they take care of all the maintenance on the back-end. The only thing that we have to do is lifecycle the agents when there is a new version or fixes. So, it is very minimal.

It is highly scalable. It is just a case of purchasing more licensing and deploying agents.

We have three global admins, myself included, with about 10 other administrators. Primarily, the way that we are structured is we have a client team and a server team. So, we have resources from each geographical region who have access to the solution to police their own environment on a geographical basis. So, we have three global admins, then everybody else just has a sort of SoC-based level functionality, which goes back to the custom role issue because this is too much access. 

The technical support is very good. My only criticism is they are not very transparent when they are giving you a resolution to a problem. We have had several cases where we have had a problem that we have been given the fix for it. However, when we asked for background information on the actual problem, just to get some more clarity, it is very difficult to get that. I don't know if it's relative to protecting the information regarding the platform or a liability thing where they don't want to give out too much information. But, in my experience, most vendors when you have a problem, they are quite open in explaining what the cause of the issue was. I find SentinelOne is a bit more standoffish. We have gotten the information in the end, but it is not an easy process. 

When responding to fixing a problem, they are excellent. It is any of the background information that we are after (around a particular problem) that we find it difficult to get the right information.

We were previously using Trend Micro Deep Security. The primary reason why we switched was that it is rubbish. It is a legacy-based AV. We had a lot of problems functionality-wise. It was missing a lot of things, e.g., no EDR, no NextGen capabilities, and it had interoperability problems with our Windows platform deployments. So, there was just this big, long list of historical problems.

We specifically selected SentinelOne for its rollback feature for ransomware. When we started looking into securing a new endpoint solution about 24 months ago, there was a big uptick in ransomware attacks in the territory where I am based. This was one of the leading criteria for selecting it.

The initial setup is extremely straightforward. The nature of the platform has been very simplistic when it comes to configuring the structure for our assets and policies. Several other platforms that I have worked with are quite complex in their nature, taking a lot of time. We were up and running within a day on the initial part of our rollout. For the whole organization, it took us about 30 days to roll out completely in five different countries across roughly 20,000 endpoints. 

Behavioral AI works both with or without a network connection. We tested it several times during procurement. It can work autonomously from the network. One of our selection criteria was that we needed it to be autonomous because we have air gapped environments. Therefore, we can connect, install, or disconnect, knowing that we have an adequate level of protection. This mitigates certain risks from our organization. It also gives us good assurance that we have protection.

We had a loose implementation strategy. It was based on geography and the size of the business premises in each country. We started with our administration office, but most of our environment is operational technology, e.g., factories and manufacturing plants.

We did the deployment ourselves, but we had representation from the vendor in the form of their security engineer (SE). We did the work, but he gave us input and advisories during the course of the deployment.

Three of us from the business and one person from Sentinel (their SE) were involved in the deployment of SentinelOne.

We saw a return of investment within the first month.

On several occasions, we found some persistent threats that we wouldn't have known were there by using the Deep Visibility feature.

The solution has reduced incident response time by easily 70 percent.

The solution has reduced mean time to repair by probably 40 to 50 percent. This has been a game changer for us.

Analyst productivity has increased by about 50 percent.

We are on a subscription model by choice. Therefore, we are paying a premium for the flexibility. We would have huge cost savings if we committed to a three-year buy-in. So, it's more expensive than the other solutions that we were looking at, but we have the flexibility of a subscription model. I think the pricing is fair. For example, if we had a three-year tie-in SentinelOne versus Cylance or one of the others, there is not that much difference in pricing. There might be a few euro or dollars here and there, but it's negligible.

We evaluated:

• Microsoft Defender for Endpoint
• Cisco AMP for Endpoints
• CylancePROTECT
  
• Apex One, which is Trend Micro's NextGen platform.

The main differentiator between SentinelOne has been ease of use, configuration, and performance. It outperformed every single one of the other solutions by a large margin in our testing. We had a standardized approach in tests, which was uniform across the platforms. Also, there is a lot of functionality built into SentinelOne, where other vendors offered the additional functionality as paid add-ons from their basic platforms.

During our evaluation process, SentinelOne detected quite a lot of things that other solutions missed, e.g., generic malware detection. We had a test bed of 15,000 samples, and about 150 were left for SentinelOne. What was left was actually mobile device malware, so Android and iOS specific, fileless attacks, and MITRE ATT&CKs. SentinelOne performed a lot stronger than others. Cylance came second to SentinelOne, even though they were 20 percent more effective in speed and detection. The gulf was so huge compared to other solutions.

SentinelOne's EDR is a lot more comprehensive than what is offered by Cylance. They are just two different beasts. SentinelOne is a lot more user-friendly with a lot less impactful on resources. While I saw a lot of statistics from Cylance about how light it is, in reality, I don't think it is as good as the marketing. What I saw from SentinelOne is the claims that they put on paper were backed up by the product. The overall package from SentinelOne was a lot more attractive in terms of manageability, usability, and feature set; it was just a more well-rounded package.

Give SentinelOne a chance. Traditionally, a lot of companies look at the big brand vendors and SentinelOne is making quite a good name for itself. I have actually recommended them to several other companies where I have contacts. Several of those have picked up the solution to have a look at it.

You need to know your environment and make sure it is clean and controlled. If it's clean and you have control, then you will have no problems with this product. If your environment isn't hygienic, then you will run into issues. We have had some issues, but that's nothing to do with the product. We have never been really good at securing what is installed on the endpoint, so we get a lot of false positives. Give it a chance, as it's a good platform.

I would give the platform and company, with the support, a strong eight or nine out of 10.

We initially implemented SentinelOne Singularity Complete to streamline application installation and patching across our extensive network of over a thousand systems. Managing individual systems has become increasingly challenging. While the platform provided initial visibility during the first attack, its usefulness in further investigation proved limited.

SentinelOne Singularity Complete boasts good interoperability.

It has helped consolidate some of our security solutions.

While the number of security alerts we receive has been successfully reduced, it has occasionally missed some threats. To address this, we have implemented Microsoft Defender alongside SentinelOne for additional protection. This layered approach has identified several malware incidents that SentinelOne, due to its limitations at the kernel level, did not detect.

SentinelOne Singularity Complete has to an extent helped free up our staff time to focus on other tasks. In conjunction with Defender and Automox 60 to 70% of time has been saved.

Our mean time to detect has been successfully reduced by 70%.

SentinelOne Singularity Complete has reduced our mean time to respond to threats it detects by providing informative feedback from malware reviews.

Our costs have been reduced because we use it daily.

SentinelOne Singularity Complete has reduced our organization's risk by 80%.

The most valuable features are asset tracking, patching, endpoint tagging, and policy updates.

While SentinelOne Singularity Complete effectively visualizes security data across our solutions, requiring extensive manual effort for analysis limits its effectiveness. I would therefore rate it a seven out of ten.

The pricing has room for improvement.

I have been using SentinelOne Singularity Complete for two years.

I would rate the stability of Singularity Complete eight out of ten.

I would rate the scalability of Singularity Complete a seven out of ten because of the integrations they have with third-party groups.

The technical support is quick to respond.

Positive

We previously used Automox only for device management, not as a complete EDR.

SentinelOne Singularity Complete's price point is excessive compared to the functionality it provides.

SentinelOne Singularity Complete's longevity in the market may have created an inflated perception of its capabilities. While it was once considered a leading tool, comparisons with newer solutions like Automox, Cynet, and Fortinet reveal a lack of active use cases and functionalities offered by these competitors.

I would rate SentinelOne Singularity Complete eight out of ten.

I haven't observed significant innovation from SentinelOne Singularity Complete lately. Other than obtaining the database, I haven't noticed any new features or third-party integrations being introduced. This leads me to believe that there may not be a high level of ongoing innovation at the moment.

SentinelOne Singularity Complete is deployed across thousands of instances and endpoints in different countries across multiple offices in Europe.

The only maintenance required is for updates to the endpoints.

While SentinelOne offers valuable security protection, it may not be sufficient as a standalone solution. Relying solely on Singularity Complete for a week-long absence might leave our system vulnerable to threats that other Endpoint Detection and Response solutions could identify.

We use SentinelOne Singularity Complete to detect and respond to "unknown unknowns," which are threats that haven't been previously identified. Our process involves monitoring for any unusual activity or deviations from typical program behavior. This includes analyzing parent and child processes to ensure they're loading correctly and not communicating with unauthorized external servers for remote execution.

For example, I encountered a phishing email that triggered an investigation. Fortunately, Singularity Complete offers an event log feature that allows me to analyze the incident. The tool's built-in Advanced Detection Analytics functionality helped me identify the downloaded file, and its access time, and track its interactions with applications, including attempted installations. Furthermore, Singularity Complete boasts a rollback capability, enabling me to revert to a safe state before the malicious activity occurred. I've utilized this feature successfully for several clients.

In addition to Singularity Complete's event log and rollback functions, it excels in antivirus detection. It effectively identified even sophisticated threats like the MimiKatz attack, which attempts to escalate user privileges in Linux and Windows systems. The tool's signature-based detection proved valuable in this instance.

Automating threat resolution has significantly improved our security operations. On average, I scan around forty million files, and the detection rate has been quite good.

The integration capabilities significantly enhance my existing security environment. It is a night and day difference compared to CylanceOPTICS by BlackBerry, which I used previously. While CylanceOPTICS was good, it relied on an algorithmic approach that flagged millions of potential threats, resulting in some false positives that needed manual analysis and training. SentinelOne, on the other hand, leverages eleven different engines simultaneously, including AI, machine learning, heuristics, and dynamic and static scans. This comprehensive approach offers robust protection, and if something falls through the cracks, it can consult a cloud database for the latest threat intelligence. Beyond its detection capabilities, SentinelOne offers exceptional visibility and control. I can easily investigate events at any time, like tracking who accessed Yahoo Finance within my organization across specific timeframes. The global tenancy feature empowers me to apply scans and threat signatures across different segments or even my entire network, ensuring consistent protection. The more I explore SentinelOne's features, the more impressed I am. It's incredibly powerful and versatile, offering a level of security and control that far surpasses my previous solution.

The interface is user-friendly, but there's a learning curve due to its extensive capabilities. Navigating for someone unfamiliar with threat hunting can be challenging as they may need to explore every option. However, some features have tooltips explaining their function when hovered over.

Accessing the knowledge base often requires a partnership with the company. While I lack this access, my distributor provided the comprehensive admin guide.

Ranger is an excellent feature for threat scanning. While alternative pen testing tools like Digital Defense exist, Ranger offers a unique advantage. It utilizes SentinelOne agents as probes within the network, allowing scans for irregular connections and identifying devices without the agent. This provides a comprehensive view of potential vulnerabilities. Imagine we decide to deny access to certain devices. In that case, every agent with those policies implemented, throughout our network, would individually isolate their traffic. This isolation prevents communication with the rogue devices. Consequently, even if one of those devices harbors a threat, it's unable to move laterally within the network. All other devices, recognizing it as unauthorized, will refuse to communicate with it.

Ranger requires no additional agents, hardware, or network modifications. It's essentially a built-in feature of the existing agent. Therefore, if we have the module, we already possess the capability. Activation can be done remotely through the cloud. So, when we decide to upgrade to Singularity Complete, they'll offer us the option of adding Ranger Plus. If we agree, a small additional fee, typically around a few dollars, will be applied per client. While it might seem a bit pricey, considering the value it provides, I believe it's worth the investment. It translates to roughly five dollars per client. For instance, with 50 machines, the monthly cost would be $250. In my experience, it hasn't significantly increased my expenses. There might be a slight increase, but I haven't noticed any substantial impact.

SentinelOne Ranger effectively prevents vulnerable devices from being compromised by isolating their network traffic. This feature is just one of many within the SentinelOne platform, which includes a built-in router and firewall integrated directly into the agent. This integration allows for seamless compatibility with Windows firewalls and offers granular control over network traffic. For example, Ranger enables modification of the firewall's IP stack, granting the ability to isolate specific traffic based on defined rules. This can be particularly useful for segregating vulnerable devices and preventing their communication. While not recommended for general use, advanced users can leverage SentinelOne's Singularly Complete feature on, for example, a VMware server to further isolate vulnerable devices. By running the client software on a separate network from the server, administrators can block unauthorized traffic based on Ranger's or the agent's identification. This effectively isolates the vulnerable device, even if it's compromised since it lacks any incoming network traffic. The server acts as a default gateway, filtering and controlling all incoming traffic.

Singularity Complete can help reduce alerts when a threat is identified and a solution is implemented. However, if a threat is known but no solution is available, using Singularity Complete might increase alerts. This is because suppressing alerts for a known threat without addressing it can create a false sense of security. While Singularity Complete allows manual blacklisting of threats, it cannot import large lists of threats from spreadsheets in one go, a feature available in CylanceOPTICS. This can be time-consuming for dealing with many threats. Overall, Singularity Complete has improved in its alert management, but it remains average compared to competitors. While detection is excellent, the alerting system still requires some refinement.

As a threat detector, I perform threat analysis to quickly identify threats. This has significantly reduced the time I spend on analysis, allowing Singularity Complete to free up about 30 percent of my time for other tasks.

Singularity Complete has achieved a 15 percent reduction in our mean time to detection. This efficiency gain is powered by eleven different detection engines running concurrently, ensuring comprehensive identification of potential threats.

Singularity Complete can reduce our mean time to respond by providing a clear path to the root cause of an attack. However, it doesn't always do this, and sometimes further investigation is necessary. Nevertheless, the tool significantly speeds up the process of identifying the root cause. For example, imagine the timeline indicates a suspicious file was executed. We can use Singularity Complete to find out when it last ran in our environment, even if it wasn't detected on the same day. If the threat appeared recently but the file ran a month ago, it suggests a potential Trojan was planted. This prompts further investigation into how the file arrived on the system. It could have been introduced through a USB drive, email attachment, copied file, or existing on a network share. While Singularity Complete won't explicitly state the location like "Share five," it will provide a hash that can often lead us to the network path.

Singularity Complete helps manage costs by eliminating the need for additional products with overlapping functionality. This saves us thousands of dollars per month on full scans, as our existing agent already possesses that capability. By deploying it across all organizational agents and enabling Ranger, we can conduct daily scans that provide comprehensive insights into our network activity.

Singularity Complete has helped reduce our organizational risk. However, it's important to remember that no system is foolproof. While I haven't experienced a security breach since installing it, I deliberately expose some machines to potential threats to test and observe new attack techniques. To strengthen our security posture, I've implemented additional measures. Some machines have less aggressive scan and detection settings to simulate vulnerabilities and observe attacker behavior. Additionally, our network is layered, with weaker points that serve as honeypots, while critical systems are protected by stricter security protocols. Beyond Singularity Complete, we utilize Palo Alto Networks and FortiGate firewalls for further protection. Ultimately, the decision to invest in additional scanning capabilities depends on the cost and our overall security strategy.

The most valuable feature is the ability to drill down into individual sequences of processes. This allows for building a highly detailed timeline of events, which is incredibly helpful. Additionally, the quality of the intelligence provided is excellent, making it difficult to choose between the two. The solution effectively reveals the attacker's tactics, including the mechanism or injection method used, how they exploit vulnerabilities and their use of decoys or misdirection tactics like dequay attacks. They may target one area initially, then shift focus to another, potentially planting seeds for future attacks. Overall, the timeline, intelligence, and overall capabilities of SentinelOne Singularity Complete are highly impressive.

Everything operates in real-time, allowing us to conduct in-depth analysis to uncover previously unknown threats. This capability stems from the use of dynamic libraries, which enable flexible code execution. The key concept here is the ability to pivot within an application. We can dissect and analyze this pivoting behavior, which is a rare feature among software solutions. Additionally, the system allows us to create our custom signatures. By identifying a threat and performing a global search, we can locate other instances of the same threat across our network and establish correlation points. Subsequently, we can create a signature based on a unique identifier (story ID) and integrate it into the initial login scan. This enables us to proactively detect and respond to any attacks that utilize that specific signature, making it a powerful tool for threat prevention.

The uninstallation process for the SentinelOne agent could be improved. While it is currently possible to uninstall through the console, it can be more complex if registry modifications are required. Streamlining this process, especially for users with console access, would be a valuable improvement.

I encountered issues running Singularity Complete alongside other machine-learning tools. The program uses hooks, which we configure through a whitelist to specify allowed functionalities for each app. However, I've observed compatibility problems with certain applications. This seems to stem from my limited access to information from those companies, hindering the creation of effective hooks.

For example, an external scanner's EXE file might not provide hooks for features like memory protection or script locking, potentially conflicting with SentinelOne's capabilities. In my experience, Singularity Complete doesn't always play well with others. While it coexists with Kaspersky's detection without issue, enterprise AI solutions employing algorithmic scans or pre/post-execution analysis can pose problems. We might need to modify the whitelist due to unavailable information about the application's memory range. Sharing this information could create vulnerabilities, so companies understandably keep it confidential. While I believe CylanceOPTICS could likely work with Singularity Complete, I haven't achieved it because I prioritize optimal protection. Disabling all CylanceOPTICS features and putting it in uninstall mode allows it to function but without intervention. In such cases, CylanceOPTICS detects threats first, possibly due to its higher application number in Windows. Similar behavior has been observed with other products.

Deep Instinct is another excellent detection software I use for remote devices. Expanding Singularity Complete's coverage to include IoT devices, Linux, servers, Docker, and mobile platforms (currently limited to Deep Instinct on my devices) would be highly beneficial. While Deep Instinct allows uploading and installation via email code, Singularity Complete currently lacks this functionality.

I have been using SentinelOne Singularity Complete for over five years.

I've only had one interaction with their tech support, but it was excellent. In situations where we're struggling with an investigation, I believe they have a guardian contract that could allow them to analyze our findings. Alternatively, if we're having difficulty detecting something, they can guide us through the process. However, my access to their tech department was limited to a single instance when I needed it. The impressive part is that they were willing to help me even though I was from a partner company. Such helpfulness is rare in many organizations, which often require expensive fees before offering similar assistance.

Positive

Previously, we used CylanceOPTICS by BlackBerry but transitioned to SentinelOne Singularity Complete due to its enhanced user-friendliness. The latter platform boasts comprehensive investigation capabilities, allowing us to delve deeper into the specifics of security incidents. We can examine parent-child relationships, delve into registry entries, and analyze memory ranges with ease. The feature set is truly extensive.

While CylanceOPTICS offered some of these functionalities, it could not identify pivoting areas within an attack. If I needed to investigate the pivot itself, CylanceOPTICS wouldn't suffice. SentinelOne proves invaluable in such situations. By examining registry entries or monitoring running processes, it helps us pinpoint the root cause, be it a Run DLL or a Windows EXE file disguised as innocuous activity. While CylanceOPTICS might catch the attack, it wouldn't reveal the underlying malicious intent. SentinelOne grants us this crucial level of insight, empowering us to respond effectively.

I rate SentinelOne Singularity Complete a nine out of ten. While the product itself is impressive, the price point is on the higher side. The only drawback is the limited support access. If they offered more affordable support options or provided unrestricted access to their knowledge base, I would easily give it a ten. Unfortunately, they haven't implemented this yet, as it would unlock more resources and expertise for users. Ultimately, it is what it is, but hopefully, they'll consider these improvements in the future. 

In my environment, I support a law firm and a music company while pursuing my research. Additionally, I use Intel hardware for testing purposes. My security strategy prioritizes avoiding complete system reimaging whenever possible. While I have encountered compatibility issues with specific SentinelOne versions and certain software, these were primarily during testing when I intentionally introduced malicious files. In general, the software has proven effective in preventing and mitigating threats.

SentinelOne Singularity Complete has been excellent in its ability to be innovative.

While SentinelOne Singularity Complete is well-established software, the developers continuously strive to improve it. After all, no software ever truly reaches complete maturity. To remain effective, we must constantly adapt, improve, and refine ourselves in response to evolving threats and technologies.

I'd love to partner with SentinelOne right now, but as a small business, cost is a major concern. That's why I'm working with a distributor. They purchase larger license blocks, like five thousand or ten thousand, and because I was one of their early customers, they granted me access. While I have a partnership with them, it's not a formal one. To my knowledge, they require organizations to have at least one hundred or two hundred seats to be considered for a true partnership. I'm unsure if a program exists for smaller businesses, but based on what I've seen, access to their knowledge base, support team, etc., seems to be restricted to contracts with a minimum seat capacity of one hundred or two hundred.

We use SentinelOne Singularity Complete for its end-to-end detection and response capabilities.

We started using SentinelOne Singularity Complete because I wanted to eliminate a number of our existing first-generation tools, which were designed primarily for on-premises use cases. I wanted to move to our new set of tools, which were designed predominantly for cloud deployment and cloud infrastructure. There were two primary drivers for this decision: to reduce complexity and cost and to move to a solution that was specifically designed for our new architecture.

One of the main reasons we bought SentinelOne was for its integration capabilities. We don't have a standalone tool to supplement our overall security architecture. This includes our security data link, analytics layer, and intelligence capabilities. So that was really one of the primary reasons.

SentinelOne Singularity Complete excels at ingesting and correlating data across the security solutions that it has visibility into.

It has helped consolidate two of our security solutions.

SentinelOne Singularity Complete has helped our organization by boosting our confidence in our ability to detect and respond to the broadest range of threats, reducing noise in our security operations capability and resulting in fewer false positives than ever before.

It helped reduce our alerts by around 60 percent per day. SentinelOne Singularity Complete helped free up 20 percent of our staff's time to work on other projects.

Although I do not have data to support the claim, SentinelOne Singularity Complete should reduce MTTD. SentinelOne Singularity Complete has reduced our MTTR. It has saved us around 18 percent of our costs.

I find two features particularly valuable. First, deployment is much simpler than with other solutions with similar capabilities. Second, the fidelity of the detections is excellent. We have had very few false positives or false negatives, which allows our analysts to focus on their work instead of dealing with noise.

SentinelOne plans to integrate its endpoint agents, but the process is slow. The company has multiple agents with different functions, such as the ED Ranger, and each agent has different actual clients. Combining the endpoint agents would be a good step.

The endpoint firewall capability is fairly primitive and basic. It does not use objects and different device types to create a single object that can be easily managed. There is a significant amount of work to be done on the firewall side.

I have been using SentinelOne Singularity Complete for almost seven months.

SentinelOne Singularity Complete is stable.

SentinelOne Singularity Complete is scalable.

Technical support has been excellent so far.

Positive

We previously used Tanium and Symantec, two separate sets of tools. Tanium is a first-generation tool that is not specifically designed for the cloud. It requires a significant amount of manual effort to configure and manage, rather than automate these tasks. Symantec does its job, but we are essentially buying two tools to do what SentinelOne Singularity Complete can do on its own. Therefore, the switch to SentinelOne is primarily a cost-saving measure.

The initial deployment was straightforward. The entire deployment took 16 weeks, with eight weeks spent deploying the endpoints and eight weeks spent deploying the service. A total of 20 people were required for the deployment.

We are beginning to see a return on investment in SentinelOne Singularity Complete due to the reduced number of alerts in the operations center and the high-fidelity data.

After negotiations, the pricing was found to be fair.

I would rate SentinelOne Singularity Complete an eight out of ten.

SentinelOne Singularity Complete is a really mature product and seems to be focused on enhancing core capability and not getting distracted by other stuff.

SentinelOne Singularity Complete is deployed across our entire estate. We have around 10,000 endpoints.

It requires maintenance, such as builds, policies, and other related tasks. We have a team of four responsible for maintenance and another three people for day-to-day operations.

They have stepped up as a strategic security partner.

I recommend organizations do a proper proof of concept with the SentinelOne Singularity Complete in their environment using their tools and their people.

We use it for protection and endpoint detection across our entire customer base because we are a managed service provider. It is also for endpoint protection of our internal machines. 

We have Linux, Mac, and Windows. It has essentially replaced our antivirus solutions. It is our full endpoint detection. We then work in and partner with our outside XDR and our SOC. We interface SentinelOne identifications and alerts into the SOC so that they can manage those for us.

It is very strong in terms of the ability to ingest and correlate across our security solutions. They have added cloud capabilities. Some of that is through acquisitions, but a lot of it is native. It allows us to bring in data from everywhere, analyze what we need to analyze, and make sure that we are as secure as we can possibly be. When we have SentinelOne running in an environment, it always makes us feel more comfortable. We require it for every one of our customers. They may have a license elsewhere, but regardless of that, we essentially say that if they are coming on and going to be a customer of ours, we are going to remove whatever they have, and they are going to SentinelOne just because it is a far superior product that we have tested and evaluated.

With SentinelOne, we have not consolidated security solutions, but we have reduced our TCO because we do not have to support customers utilizing other endpoint protection solutions. We simply would not work with other solutions. We enforce SentinelOne to be the only endpoint protection solution that is monitored or managed by us. That obviously has helped our TCO in terms of the knowledge base and being able to support and protect our clients, but we have not reduced any applications or vendors that we work with because we stuck with SentinelOne from day one.

We have used the Ranger functionality a little bit. It provides network and asset visibility. It lets us see everything else that may be on the network that we may not already have an idea of. Just by having an agent in the environment, it lets us see additional switches that may have vulnerabilities or new machines that may pop up on the network that we are unaware of. There is a large benefit to that, for sure.

The fact that Ranger requires no new agents, hardware, or network changes is crucial to it being effective because a lot of different solutions out there require you to have something else running on the network to be able to perform the functions of Ranger. However, the way they designed SentinelOne, we can essentially have the regular SentinelOne singularity agent installed on a machine out there and enable the Ranger functionality on the agent. It will then do the work for us. Rather than having an additional appliance or an additional software service running in the environment to capture the information that we are looking for, we get it from Ranger. Ranger can help to prevent vulnerable devices from becoming compromised, but we have not used it this way.

SentinelOne Singularity Complete without a doubt has helped reduce alerts. With the policies that we enable across the board for our customers through SentinelOne Singularity Complete, we can onboard new clients, and as we onboard them, we are able to quickly and easily protect their environment without filtering through a ton of random alerts that are typically false positives when you are onboarding a new customer. That, to me, has been a huge benefit to having SentinelOne and reducing our overhead to manage the new customers that we are bringing on.

SentinelOne Singularity Complete has helped free up our staff for other projects and tasks by reducing the false positives that we get for our existing customers and when we onboard new ones. It obviously allows us some engineering time to be focused elsewhere. We have been able to do more automation and tie in other protection solutions into SentinelOne, such as our XDR with our SOC.

SentinelOne Singularity Complete has reduced our mean time to detect (MTTD) without a doubt. We get alerts regularly from the console that get notified to our SOC and also internally. We are able to respond to those very quickly. In fact, on average, about 90% to 95% of the time, SentinelOne Singularity Complete automatically remediates the solution based on how it is set up with our policies. Therefore, we do not have to do anything other than verify that it was a legitimate threat that was blocked.

Our mean time to respond (MTTR) is a lot faster than what we experienced with other solutions in the near past. It is almost immediate. It sees the process kick off. It remediates it 90% to 95% of the time, and even when it does not remediate it, it alerts us immediately. We are not waiting for a weekly scan or a daily scan that the other solutions typically use because it is all in real-time with the Singularity agent.

SentinelOne Singularity Complete has helped reduce our organizational risk. It is one of those solutions that lets us sleep easier at night when we have it on a machine. Security, in general, is not set-it-and-forget-it. It is not a single layer. You have to have multiple layers. We have other solutions that we partner with SentinelOne to try and make the environment as secure as possible, but SentinelOne is definitely the starting point. It gets us protected, and it makes our lives easier with the device. We feel more confident that the device is secure from everyday end users who do not necessarily know the difference between a fake or a phishing email that has a fake Adobe or Word Document attached to it that they are going to download and try to run. It definitely makes our life easier, and in my role, it helps me sleep a little better at night knowing that all of our machines are protected by that, both internally and across the board of our customers.

The ability to quickly and easily identify threats on our machines is valuable. The fact that it protects the environment as a whole is also valuable. They have the ability to identify network nodes, and they have Ranger as a component of the solution that allows us to see the whole picture. We can see on what we have SentinelOne and on what we do not. There is always that concern that you protect what you know, but items can be brought into the network that you are unaware of because you are not sitting at every customer location every day or every office every day, so the ability to quickly identify anything new on the network has been a huge benefit to the application. It is something that they have added over time. It has been huge for us.

Interoperability with other SentinelOne solutions and other third-party tools is an area where you can run into some issues. Because of the way the agent works, there are sometimes things that are blocked or prevented from happening that are not identified as a threat, and therefore, not alerted in the console. Sometimes, we do have to dig through the logs, run tests, and adjust the whitelisting or exclusions to make sure that other applications will run properly. It is very effective, and it protects our environment like no other solution that we have ever worked with or tested. It is very strong, but you have to get in and look at the visibility reports and the information in the system, in the console, and on the dashboard to really identify if something is being blocked and causing a performance issue for a customer or on a machine. They have the flexibility there, but it can be a little frustrating at times to find the needle in the haystack until you get used to the console and understand how it works. So, there are times when it can impede the ability of an application. The way I typically look at that is that the application developer or whoever developed the app is probably using some functionality that is not standard, and that is why SentinelOne is effectively not allowing it. The only issue there is that we do not always know that SentinelOne is not allowing it. It could be impeding the traffic for an application or a database connection, but we do not know that initially. It does not flag that as a threat or block anything, so there is no alert.

They have device and network control that they have added over time. It allows you to take over control of the firewall through the network control, and you can block and manage CD-ROMs and USB devices. One thing that I always thought would be beneficial for device control is the ability to enforce encryption on USB and external hard drives. You do not have to have a separate agent to handle any of that even if it is just tying into BitLocker on Windows devices or BitLocker To Go capabilities. To me, that would be a huge benefit to the product so that there is no other application, and you do not have to privately manage BitLocker settings for USB devices or external hard drives.

Between my current organization and prior organization, I have been using SentinelOne for close to nine or ten years.

We have not had any incidents where we have had to contact them for an emergency. There were no ransomware outbreaks and no major attacks or threats running through our environment, so I have not had to deal with that level of support. Typically, we reached out to their support when we had a question on interoperability or we were seeing some weird effects or an agent upgrade not wanting to push from the dashboard properly. For the most part, their support is pretty strong. The turnaround time is usually pretty good. We had only one ticket that had to be escalated above the initial tier 1 support. They get prioritized based on criticality, and even that ticket was closed within eight calendar days. To me, it was not a critical issue. I did not think it was an issue, but it took eight days. That was well within the expected time frames. I would rate their support a nine out of ten.

Positive

In the past, I have used Trend Micro. This was prior to endpoint detection times. It was more than nine years ago. I used Trend Micro, Kaspersky, Norton, and McAfee. I have also used ESET and Malwarebytes. Typically, we were using those in layered approaches. We put ESET and Malwarebytes on the same machine because they served different purposes, but I have not used those in nine or ten years.

By implementing SentinelOne Singularity Complete, we were not necessarily trying to solve a problem. We wanted to try and find a best-of-breed solution that was more effective than legacy AV because legacy AV is based on somebody getting hit by the virus, and then it allows the fingerprint to be used to block hashes, etc. Somebody has to get hit, and then everybody else can benefit from that. That was the old model, and we wanted to go next-gen. We wanted to make sure that we were using something that could be as protective as possible on zero-day outbreaks. After reviewing many of the solutions out there, we felt like SentinelOne was the best of the breed. That is justified year over year, and that is why we have continued to stay with them both in my last organization and this one. When you review different reports that are out there every year, SentinelOne is the leader year after year.

It has helped us save a lot of soft dollar costs. I do not know if they offer it to everybody, but we have the ransomware insurance policy from SentinelOne that provides us a certain amount of reimbursements per endpoint should there actually be a ransomware outbreak. In all our time, we never had to use it because there simply has not been a ransomware outbreak on a single one of the machines that has SentinelOne properly installed on it.

We buy the licensing in bulk. From a pricing standpoint, because we buy in bulk, we get very good pricing. Based on its functionality and capabilities, it is well worth the price. I do not think it is at all expensive based on what you get in the solution. We use the complete up to the core. Our pricing is probably a little bit more than somebody who is on the core. In general, it is well worth what you get for the price you pay.

Overall, I would rate SentinelOne Singularity Complete a nine out of ten.

We use SentinelOne Singularity Complete as an endpoint detection and response solution to detect advanced threats in memory and protect our environment from ransomware attacks.

We are ingesting data from Singularity Complete into our team. The integration between Singularity Complete and Splunk works well, pushing all alerts from Singularity Complete to our soft tool. We have also looked at other SentinelOne products, but we only use a few of them.

We use Ranger to detect rogue sensors by scanning networks for endpoints that do not have SentinelOne installed. We do not use Ranger Pro.

Ranger is used to identify endpoints that do not have SentinelOne installed, ensuring 100 percent coverage. However, we also use a network access control tool to verify that endpoints have the necessary security telemetry and toolsets installed. The NAC tool can either orchestrate the installation of missing components, quarantine endpoints or simply notify us that components are missing.

The biggest benefit for us, other than mitigating the risks, is that Singularity Complete has raised the bar for red teaming, compared to the previous tool we were using. Some of the agent coverage in the previous toolset was becoming a limitation, but Singularity Complete gives us better coverage and visibility, both for red teaming and in general.

Over time, Singularity Complete has helped to reduce alerts. At the beginning of the implementation, we had to spend some time training the system, accepting events, and so on. However, over time, the number of alerts has been reduced.

Singularity Complete has helped our MTTD by providing broader visibility into our environment.

We collect a lot of telemetry from Singularity Complete. We then use this telemetry to search for malicious processes, which we would not have been able to see before. In other words, in addition to the standard setup that we expect, we are extracting additional telemetry from Singularity Complet to identify malicious processes and other types of threats running on endpoints.

Singularity Complete can be improved by allowing for better nesting of policies. Currently, when we create a policy and want to apply two different policies to an endpoint, we cannot do so. Instead, we must create two separate policies and place the endpoint in each policy, even if the only difference between the policies is slight. This makes the policy nesting process cumbersome and inefficient. Therefore, allowing for nested policies would be a valuable improvement to Singularity Complete.

The Endpoint Health telemetry could be improved. This is likely true of all tools, but I think it would be particularly useful for us to be able to see the sensor when it is running on an endpoint and starts to consume more memory, or if there is a memory leak. This would allow us to collect better telemetry on this topic.

I have been using SentinelOne Singularity Complete for one and a half years.

Singularity Complete is stable, but there are occasional instances where the sensor monitors a specific process that starts to malfunction, which is naturally possible. In these cases, we need to investigate and add an exception to prevent the sensor from monitoring the process so heavily, if it is a valid process so that it can return to normal operation. Therefore, there is a significant amount of tuning required. If the tuning is correct, Singularity Complete operates quite well and is certainly stable.

Singularity Complete is scalable. We have 2,500 endpoints. I know other organizations that have over 70,000 endpoints.

We have technical support that we can access, but I think it could be stronger. Currently, we deal with some local support, but their knowledge is limited. I would like to establish a closer relationship with SentinelOne International support, especially for the upgrade we are planning next year. I was in Tel Aviv in June and July and visited the SentinelOne offices to speak to them about this.

Neutral

Our previous solution, Cybereason was not very good at detecting things happening in memory, so we were looking to replace it with SentinelOne, CrowdStrike, or Cortex XDR by Palo Alto Networks. The replacement had to be able to see things happening in memory and deal with ransomware attacks. SentinelOne Singularity Complete was able to meet our requirements.

The initial deployment was slightly more complex than our previous tool because we needed to understand and implement the exceptions. These exceptions included both standard exceptions and our own custom exceptions related to how applications behave. However, the complexity is justified by the better coverage and protection that the new tool provides.

Three people from our company were involved in the deployment, which took about six months. This included removing the previous solution and replacing it with Singularity Complete.

The cost of Singularity Complete is similar to our previous solution but it comes with additional options such as Kubernetes integration. We make sure to benchmark the prices against other EDR solutions before renewal to ensure we are not overpaying.

I would rate SentinelOne Singularity Complete eight out of ten.

We started looking at the reception technology, but it was too much for us and required too many permissions. As a result, we did not proceed with it.

Ranger provides network and asset visibility, but we use other telemetry to build a data lake, which we then use to give us more holistic visibility.

Singularity Complete is definitely innovative. It offers better coverage of endpoints and sensors than our previous solution, as well as better coverage from red teams and other threats. It also provides us with much better telemetry from endpoints than our previous solution. This includes features that our previous EDR tool promised but did not deliver.

SentinelOne is a fairly mature product. I think we first looked at it about six or seven years ago when it first came out. It has definitely matured a lot since then. When we first saw SentinelOne, it had a lot of problems with automatically killing things without alerting us. However, we have definitely seen improvements in the solution from a product perspective. Additionally, there are now more modules and integrations available. We have looked at the reception part of it, as well as quite a few other pieces, including Rogue Sensor Pro. We have looked at a lot of little bits, so it has quite broad coverage in terms of what it actually will cover.

We have deployed Singularity Complete across the company and all lines of business, including our branches in South Africa and other parts of Africa. This includes approximately two and a half thousand endpoints.

Four people are managing Singularity Complete. Every six months we have to update the sensors. 

We have definitely told others about and shown them Singularity Complete, and we have told them that we are happy with it. When implementing Singularity Complete, we need to know what our expectations are and, obviously, test the solution thoroughly to prevent any negative outcomes.

We utilize SentinelOne Singularity Complete to manage the endpoints, including workstations on both Windows and Mac platforms. This enables us to detect any anomalous behavior and threats on these workstations. Essentially, it empowers us to safeguard our enterprise, effectively replacing our conventional antivirus solution.

We aimed to bolster our security and achieve more comprehensive coverage, which is why we adopted SentinelOne Singularity Complete.

Singularity Complete's interoperability with third-party tools is good. The integration with the Singularity XDR platform enables us to collect logs from various other platforms and consolidate them into a single console. This greatly facilitates swift issue diagnosis and identification, making it an advantageous perspective.

We have recently begun using the ingestion and correlation functionalities of Singularity Complete. Currently, we are in the process of integrating it with our existing networking equipment, namely Palo Alto and Fortinet. Our objective is to ingest specific data from these sources and derive meaningful insights from the collected information. The integration processes are quite straightforward and user-friendly. It seems that any challenges we are facing might be attributed to configuration issues on our side, which we need to improve upon.

Singularity Complete has assisted us in consolidating our security solutions. With Singularity Complete, we now have a centralized platform for monitoring alarms. We are gradually phasing out the other solutions we had in place.

It has enabled us to gain more confidence and autonomy. The solution is comprehensive as it effectively manages both workstations and threats. Consequently, it significantly reduces the burden of dealing with operational issues and reacting to problems. This approach eliminates the need for excessive proactivity, as we trust the platform to handle these tasks on our behalf. Thus, we no longer need to spend time searching for threats, as the platform efficiently performs this task for us.

It helped reduce false positives. We fine-tuned the solution by creating some exclusions that have reduced the number of alerts.

Singularity Complete has freed up two to three hours per week of our staff's time to work on other projects and tasks.

Singularity Complete has reduced our MTTD by around five hours and has reduced our MTTR by around three hours on average.

It has indirectly helped save costs because we spend less time having to deal with configuration and proactively configuring alarms and alerts.

Singularity Complete has reduced our organizational risk by around 40 percent.

The most valuable aspect, in any scenario, was the rollback feature. There were instances when some workstations detected infections, and having the rollback feature proved to be incredibly valuable.

Native integration with the mobile console is an area that can be improved.

I'd like to see more operations with the XDR platform.

I have been using SentinelOne Singularity Complete for one year.

I would rate the stability of Singularity Complete a ten out of ten.

I would rate the scalability of Singularity Complete a nine out of ten.

The technical support is of high quality, strong, and responsive.

Positive

We previously used ESET but we were often missing threats and not finding out until after the fact.

The initial setup is straightforward. We collected several samples for each department, and subsequently, we distributed them to ensure their functionality among the users in different departments. After conducting the necessary tests, we proceeded to implement the final version.

Two individuals were engaged in the deployment: a Cyber Hunter and an administrator.

The implementation was completed in-house.

We have observed a return on investment through the time saved managing our workstations and addressing threats. This has provided us with additional time to dedicate to operational projects.

The pricing was very similar in terms of its competitors, but I believe SentinelOne's capability and willingness to attract new business allowed us to save some extra money. I think the pricing aligns well with the market. They encountered competition, so their pricing was slightly more adaptable. That's where we gained an advantage from it.

We evaluated CrowdStrike and Defender. We didn't find Defender to be a strong enough technology. CrowdStrike was more expensive, while SentinelOne offered a combination of good technology and affordability.

I would rate SentinelOne Singularity Complete ten out of ten.

SentinelOne is ahead of the curve. They are certainly leading the way. When we consider the kinds of integrations being developed and the AI integrated into the platform, it's evident that they are the latest entrants to the market. This current position enables them to be more innovative in their approach.

SentinelOne Singularity Complete is extremely mature at this level.

We have 50 end users based out of multiple locations. A lot of our users work from home. Singularity Complete is deployed on laptops, workstations, and our servers.

The maintenance is minimal and is overseen by one person.

We're very satisfied with SentinelOne as a strategic partner. They've given us what we need, and we see a long-term future relationship with them.

Planning the rollout is crucial because we need to effectively manage the changes with the users. Therefore, meticulous planning of the rollout, organized by department, ensures a seamless transition and allows us to anticipate any potential issues. Adopting a staggered approach, rolling it out per department, is likely the most effective strategy for deploying Singularity Complete.

One of the companies we conduct business with received ransomware. As a result, we sought to enhance our security posture, commencing with our employees. SentinelOne Singularity Complete was procured to gain visibility into our company's resources. We aimed to possess the capability to detect whether our users were encountering malware, viruses, or incidents.

We used to employ Norton antivirus on all our assigned desktops and laptops. Unfortunately, we had no visibility in this setup. Consequently, if a user were to acquire a virus or download malware or anything suspicious, we wouldn't be informed. While users do receive prompts indicating suspicious activities, they might not always report them. Hence, gaining visibility became our top priority. I required a solution that would allow me to monitor such activities. For example, if a user were to download something malicious or suspicious unrelated to their daily tasks, or even if they were to download malware, I needed immediate visibility. This would enable me to promptly quarantine the threat, resolve the issue on the affected device, and collaborate with the respective employee. The goal was to raise awareness about their downloads, educate them on safe practices, and enhance their overall understanding of their actions. SentinelOne Singularity Complete helps address our requirements.

The primary advantage of SentinelOne Singularity Complete for our organization is enhanced visibility. The secondary benefit is my belief in the product having a much stronger support system. This implies that no one in the company has the necessary resources to identify and address malware effectively, resulting in their product not being up to par in terms of providing comprehensive protection for end users. While our previous endpoint management, Norton, was good, it fell short of greatness. I strongly feel that no other product truly excels. I've gone through numerous reviews, made comparisons with alternative solutions, and utilized other options. This wasn't just a slight improvement in polish; it genuinely ensures the safeguarding of end users and the entire company.

I haven't received many alerts. Ironically, of the alerts that I have received, most were originating from my device. As I am the technology leader for the organization, there were certain tools on my laptop that were flagged almost immediately upon installing the agent. So, in an ironic twist, I was flagged. However, it's actually quite positive that my end users haven't engaged in any activities that could be deemed malicious or suspicious. I receive emails and reports promptly, so I'm genuinely surprised that the tool behaves this way. Interestingly, when it did flag certain processes and software on my devices, they were actually legitimate pieces of software that I regularly use. Nonetheless, I'm pleased that SentinelOne Singularity Complete was able to promptly detect these instances.

I am the sole technical person in the company, and the solution has enabled me to concentrate more on enhancing the organization's security posture. This foundation and framework have paved the way for me to pursue additional projects in the field of security for our organization.

The mean time to detect is nearly real-time. When I identified potential threats, the response was nearly instantaneous after installing the agent and running the initial scan. It promptly identified all issues. I received an immediate notification to quarantine those processes and applications. This allowed me to conduct a more in-depth investigation and confirm that these processes should not be present on the device.

SentinelOne Singularity Complete has unquestionably aided in diminishing our organizational risk. The solution significantly reduces overall risk, just as it claims. I have examined numerous white papers and engaged in discussions with numerous individuals within the organization to establish a sense of confidence in recognizing SentinelOne as a market leader. Their enduring presence is apparent, coupled with their commitment to thorough research, which is consistently integrated into their products to ensure their relevance and continued usefulness for consumers.

The visibility component is the most valuable feature. Having the capability to delve into the specific resources that the devices are actively using provides us with the breadth and visibility that we seek. Additionally, being able to accurately track our users' activities, such as identifying when they are downloading PDF attachments, enables us to promptly detect any potential issues.

I would have liked the dashboard to be more user-friendly. I often have to navigate through several menus to locate exactly what I'm searching for. I had difficulty finding the site token required for device installation or agent installation on devices. It actually took me quite a while to locate these menus. Instead of having them at the top after selecting from the left-hand side, they list the sub-menus at the top. This forces me to scroll through my screen to access all the different sub-menus. If they were placed underneath the main menu or bookmarked on the left-hand side, it would make navigation significantly easier. 

I would appreciate having more comprehensive reporting. While I believe the current reporting is accurate, I find it slightly simplistic in my view. However, I want to note that I've been using the product for only about a month, so it might take more time to fully process the information and generate detailed reports.

I have been using SentinelOne Singularity Complete for one month.

SentinelOne Singularity Complete is stable. I haven't encountered any crashes or errors during installation. There have been no unusual glitches on the management console. It's only been a month, but I'm extremely satisfied with the solution.

I don't have any issues with the console scaling. When I logged in earlier today, SentinelOne performed a complete site upgrade in the background, and I didn't even notice it. Scalability is also not a problem with agent inflation in my company. I have been able to deploy agents without any trouble. Initially, there was a minimum purchase requirement, which was slightly higher than our install base's cost. However, I was comfortable with purchasing the additional licenses. Therefore, if we do experience growth, licensing won't be an issue. I want to ensure that we remain within the appropriate range for that.

I have been informed that even if we experience a sudden surge in growth among our customers and we continue scaling and deploying agents, we will catch up with the licensing costs beyond our initial purchase price within the year. So, I am confident that they can scale effectively. Although my installation is relatively small in comparison to some larger organizations I've worked with in the past, I am aware that these products can scale to accommodate thousands of devices. I have full confidence that if we were to experience explosive growth within our company, I would be able to manage it without any issues.

I only had to use technical support once because my email address had not been added to various websites they have, such as their tech support and community website. For that issue, I had to contact my account manager because the tech support site hadn't recognized it yet. However, that single email was corrected almost immediately. Within five minutes, a community manager contacted me, informing me that I had been added, and I could proceed to log in to all the different sub-websites of SentinelOne to access the various resources they provide. The matter was resolved extremely quickly.

Positive

The initial setup is extremely easy. I collaborated with my team to grant trial access, allowing me to configure a single device and assess its functionality. Furthermore, the website's cloud segment was established automatically by SentinelOne. Upon downloading the package, it was promptly recognized, and the device was seamlessly incorporated into the cloud-based management console. This enabled me to effectively oversee, configure, and comprehend its settings. The overall process struck me as remarkably straightforward, even when I noticed that there was an error in the naming of my management console. A quick email to my account manager rectified the issue, with their prompt resolution at their end.

I completed the deployment on my own.

I would rate SentinelOne Singularity Complete as a ten out of ten. The reason is that I found the visibility I was looking for. It identifies suspicious software immediately; I experienced this firsthand when it detected such software on my device while I was using certain tools. This assures me of the solution's effectiveness. The management dashboard is largely user-friendly and provides all the information I require. It allows me to search deep within the processes of the running instances. Therefore, I consider it a strong offering, especially since many competitors provide similar services. In terms of knowledge, SentinelOne Singularity Complete competes well with these other vendors. I am highly satisfied with my purchase.

SentinelOne Singularity Complete's ability to save us costs is currently unknown. The purchase of SentinelOne Singularity Complete was significantly more expensive than the Norton software we had previously been using on our other devices. However, there is a balance, and I have visibility into this. I have the agent and the support of a much larger organization that is specifically focused on this. Therefore, the increased cost is justified for what we are aiming to achieve. While it might potentially save us a significant amount of money if one of those devices becomes infected with serious malware that leads to ransomware or similar issues, its primary purpose is also to prevent such situations. In conclusion, whether it will ultimately save us costs is a complex question with both positive and negative aspects.

I downloaded the package from the cloud and had to search extensively to find the site token for proceeding with the installation. It would probably be easier if the package were downloaded directly from the cloud. The solution would recognize that it has been downloaded from my account on the cloud and wouldn't require applying that token. I think that might be simpler from an administrator's point of view. I appreciate the ability to create automation for updating the agents. I found that feature very useful, as it eliminates the need to update each device individually to a newer version or to manually check the cloud for a newer version. Once I approve the update, the automation tool handles the update process automatically. I really like that aspect.

Maintenance is straightforward. I accomplish this by creating automation for the agent upgrades whenever new versions are released. Once I receive the email notifying me of a new version, I access the console. In a matter of five minutes, I can generate automation that will proceed to update all the agents within our console automatically. Therefore, performing this task doesn't require much effort from my end.

I value SentinelOne as a strategic security partner. I have experience with other security products within much larger enterprises, some of which are significantly more expensive. Certain products require an entire team to initiate and run, demanding a substantial amount of time and effort to set up the infrastructure, create the necessary site, and proceed with deploying project management, involving multiple meetings. My engagement with SentinelOne was quite streamlined. I had only two meetings with them: one to familiarize myself with the product and a second one to make the purchase and understand the procurement process. Everything was handled by their team from the backend. If I remember correctly, these interactions took place on the same day. I had a meeting around ten o'clock, and by approximately three o'clock, the management console was prepared for my access. This allowed me to start deploying the agent for testing purposes. In my view, SentinelOne exhibits a customer-centric approach. They not only focus on the security aspects of their consumable product but also prioritize their customers. The professionals I collaborated with demonstrated a clear understanding that their clients come first. Overall, I am deeply impressed with SentinelOne. While I have experience with other vendors and larger corporations that hold more industry recognition, my comprehensive impression of SentinelOne over the month and a half of evaluating the product, and the subsequent month of using it, is exceptionally positive. They indeed offer a highly effective product that aids consumers in maintaining the security of their devices.

I recommend that organizations conduct their own thorough research and due diligence. Don't solely rely on marketing speeches. The security field has numerous players, many of whom offer similar services. Personally, I have experience with some of these other solutions that function very similarly to SentinelOne Singularity Complete, including their management platforms and agent-based solutions. What stood out to me was the depth of SentinelOne's research. They delve into the core aspects of security, beyond just product user-friendliness, easy installation, or a visually pleasing dashboard. Their commitment involves meticulous research into prevalent malware and viruses. They ensure that the solutions they provide can rapidly detect zero-day attacks and malware, offering immediate protection to their customers. In my view, SentinelOne stands out because they genuinely prioritize their customers' interests. They demonstrate their commitment through their dedicated research and development, and by offering applications that effectively safeguard customers.