SentinelOne Singularity Complete Reviews

One of the companies we conduct business with received ransomware. As a result, we sought to enhance our security posture, commencing with our employees. SentinelOne Singularity Complete was procured to gain visibility into our company's resources. We aimed to possess the capability to detect whether our users were encountering malware, viruses, or incidents.

We used to employ Norton antivirus on all our assigned desktops and laptops. Unfortunately, we had no visibility in this setup. Consequently, if a user were to acquire a virus or download malware or anything suspicious, we wouldn't be informed. While users do receive prompts indicating suspicious activities, they might not always report them. Hence, gaining visibility became our top priority. I required a solution that would allow me to monitor such activities. For example, if a user were to download something malicious or suspicious unrelated to their daily tasks, or even if they were to download malware, I needed immediate visibility. This would enable me to promptly quarantine the threat, resolve the issue on the affected device, and collaborate with the respective employee. The goal was to raise awareness about their downloads, educate them on safe practices, and enhance their overall understanding of their actions. SentinelOne Singularity Complete helps address our requirements.

The primary advantage of SentinelOne Singularity Complete for our organization is enhanced visibility. The secondary benefit is my belief in the product having a much stronger support system. This implies that no one in the company has the necessary resources to identify and address malware effectively, resulting in their product not being up to par in terms of providing comprehensive protection for end users. While our previous endpoint management, Norton, was good, it fell short of greatness. I strongly feel that no other product truly excels. I've gone through numerous reviews, made comparisons with alternative solutions, and utilized other options. This wasn't just a slight improvement in polish; it genuinely ensures the safeguarding of end users and the entire company.

I haven't received many alerts. Ironically, of the alerts that I have received, most were originating from my device. As I am the technology leader for the organization, there were certain tools on my laptop that were flagged almost immediately upon installing the agent. So, in an ironic twist, I was flagged. However, it's actually quite positive that my end users haven't engaged in any activities that could be deemed malicious or suspicious. I receive emails and reports promptly, so I'm genuinely surprised that the tool behaves this way. Interestingly, when it did flag certain processes and software on my devices, they were actually legitimate pieces of software that I regularly use. Nonetheless, I'm pleased that SentinelOne Singularity Complete was able to promptly detect these instances.

I am the sole technical person in the company, and the solution has enabled me to concentrate more on enhancing the organization's security posture. This foundation and framework have paved the way for me to pursue additional projects in the field of security for our organization.

The mean time to detect is nearly real-time. When I identified potential threats, the response was nearly instantaneous after installing the agent and running the initial scan. It promptly identified all issues. I received an immediate notification to quarantine those processes and applications. This allowed me to conduct a more in-depth investigation and confirm that these processes should not be present on the device.

SentinelOne Singularity Complete has unquestionably aided in diminishing our organizational risk. The solution significantly reduces overall risk, just as it claims. I have examined numerous white papers and engaged in discussions with numerous individuals within the organization to establish a sense of confidence in recognizing SentinelOne as a market leader. Their enduring presence is apparent, coupled with their commitment to thorough research, which is consistently integrated into their products to ensure their relevance and continued usefulness for consumers.

The visibility component is the most valuable feature. Having the capability to delve into the specific resources that the devices are actively using provides us with the breadth and visibility that we seek. Additionally, being able to accurately track our users' activities, such as identifying when they are downloading PDF attachments, enables us to promptly detect any potential issues.

I would have liked the dashboard to be more user-friendly. I often have to navigate through several menus to locate exactly what I'm searching for. I had difficulty finding the site token required for device installation or agent installation on devices. It actually took me quite a while to locate these menus. Instead of having them at the top after selecting from the left-hand side, they list the sub-menus at the top. This forces me to scroll through my screen to access all the different sub-menus. If they were placed underneath the main menu or bookmarked on the left-hand side, it would make navigation significantly easier. 

I would appreciate having more comprehensive reporting. While I believe the current reporting is accurate, I find it slightly simplistic in my view. However, I want to note that I've been using the product for only about a month, so it might take more time to fully process the information and generate detailed reports.

I have been using SentinelOne Singularity Complete for one month.

SentinelOne Singularity Complete is stable. I haven't encountered any crashes or errors during installation. There have been no unusual glitches on the management console. It's only been a month, but I'm extremely satisfied with the solution.

I don't have any issues with the console scaling. When I logged in earlier today, SentinelOne performed a complete site upgrade in the background, and I didn't even notice it. Scalability is also not a problem with agent inflation in my company. I have been able to deploy agents without any trouble. Initially, there was a minimum purchase requirement, which was slightly higher than our install base's cost. However, I was comfortable with purchasing the additional licenses. Therefore, if we do experience growth, licensing won't be an issue. I want to ensure that we remain within the appropriate range for that.

I have been informed that even if we experience a sudden surge in growth among our customers and we continue scaling and deploying agents, we will catch up with the licensing costs beyond our initial purchase price within the year. So, I am confident that they can scale effectively. Although my installation is relatively small in comparison to some larger organizations I've worked with in the past, I am aware that these products can scale to accommodate thousands of devices. I have full confidence that if we were to experience explosive growth within our company, I would be able to manage it without any issues.

I only had to use technical support once because my email address had not been added to various websites they have, such as their tech support and community website. For that issue, I had to contact my account manager because the tech support site hadn't recognized it yet. However, that single email was corrected almost immediately. Within five minutes, a community manager contacted me, informing me that I had been added, and I could proceed to log in to all the different sub-websites of SentinelOne to access the various resources they provide. The matter was resolved extremely quickly.

Positive

The initial setup is extremely easy. I collaborated with my team to grant trial access, allowing me to configure a single device and assess its functionality. Furthermore, the website's cloud segment was established automatically by SentinelOne. Upon downloading the package, it was promptly recognized, and the device was seamlessly incorporated into the cloud-based management console. This enabled me to effectively oversee, configure, and comprehend its settings. The overall process struck me as remarkably straightforward, even when I noticed that there was an error in the naming of my management console. A quick email to my account manager rectified the issue, with their prompt resolution at their end.

I completed the deployment on my own.

I would rate SentinelOne Singularity Complete as a ten out of ten. The reason is that I found the visibility I was looking for. It identifies suspicious software immediately; I experienced this firsthand when it detected such software on my device while I was using certain tools. This assures me of the solution's effectiveness. The management dashboard is largely user-friendly and provides all the information I require. It allows me to search deep within the processes of the running instances. Therefore, I consider it a strong offering, especially since many competitors provide similar services. In terms of knowledge, SentinelOne Singularity Complete competes well with these other vendors. I am highly satisfied with my purchase.

SentinelOne Singularity Complete's ability to save us costs is currently unknown. The purchase of SentinelOne Singularity Complete was significantly more expensive than the Norton software we had previously been using on our other devices. However, there is a balance, and I have visibility into this. I have the agent and the support of a much larger organization that is specifically focused on this. Therefore, the increased cost is justified for what we are aiming to achieve. While it might potentially save us a significant amount of money if one of those devices becomes infected with serious malware that leads to ransomware or similar issues, its primary purpose is also to prevent such situations. In conclusion, whether it will ultimately save us costs is a complex question with both positive and negative aspects.

I downloaded the package from the cloud and had to search extensively to find the site token for proceeding with the installation. It would probably be easier if the package were downloaded directly from the cloud. The solution would recognize that it has been downloaded from my account on the cloud and wouldn't require applying that token. I think that might be simpler from an administrator's point of view. I appreciate the ability to create automation for updating the agents. I found that feature very useful, as it eliminates the need to update each device individually to a newer version or to manually check the cloud for a newer version. Once I approve the update, the automation tool handles the update process automatically. I really like that aspect.

Maintenance is straightforward. I accomplish this by creating automation for the agent upgrades whenever new versions are released. Once I receive the email notifying me of a new version, I access the console. In a matter of five minutes, I can generate automation that will proceed to update all the agents within our console automatically. Therefore, performing this task doesn't require much effort from my end.

I value SentinelOne as a strategic security partner. I have experience with other security products within much larger enterprises, some of which are significantly more expensive. Certain products require an entire team to initiate and run, demanding a substantial amount of time and effort to set up the infrastructure, create the necessary site, and proceed with deploying project management, involving multiple meetings. My engagement with SentinelOne was quite streamlined. I had only two meetings with them: one to familiarize myself with the product and a second one to make the purchase and understand the procurement process. Everything was handled by their team from the backend. If I remember correctly, these interactions took place on the same day. I had a meeting around ten o'clock, and by approximately three o'clock, the management console was prepared for my access. This allowed me to start deploying the agent for testing purposes. In my view, SentinelOne exhibits a customer-centric approach. They not only focus on the security aspects of their consumable product but also prioritize their customers. The professionals I collaborated with demonstrated a clear understanding that their clients come first. Overall, I am deeply impressed with SentinelOne. While I have experience with other vendors and larger corporations that hold more industry recognition, my comprehensive impression of SentinelOne over the month and a half of evaluating the product, and the subsequent month of using it, is exceptionally positive. They indeed offer a highly effective product that aids consumers in maintaining the security of their devices.

I recommend that organizations conduct their own thorough research and due diligence. Don't solely rely on marketing speeches. The security field has numerous players, many of whom offer similar services. Personally, I have experience with some of these other solutions that function very similarly to SentinelOne Singularity Complete, including their management platforms and agent-based solutions. What stood out to me was the depth of SentinelOne's research. They delve into the core aspects of security, beyond just product user-friendliness, easy installation, or a visually pleasing dashboard. Their commitment involves meticulous research into prevalent malware and viruses. They ensure that the solutions they provide can rapidly detect zero-day attacks and malware, offering immediate protection to their customers. In my view, SentinelOne stands out because they genuinely prioritize their customers' interests. They demonstrate their commitment through their dedicated research and development, and by offering applications that effectively safeguard customers. 

We use it as an EDR solution for all of our endpoints. We use it for our desktop servers, cloud, and Linux. We use it for all of it.

It showed us things that we were not even aware of. It went beyond malware and showed us behaviors. It showed the bad behaviors of a lot of our end-users.

The interoperability is all there. We are still at the beginning of our journey, but everything is kind of teed up and aligned for that integration. We are talking about the ServiceNow integration. It has been the early placement in our cloud clusters or nodes. Those are the things that have made interoperability, integration, and adoption easier.

Singularity Complete has not helped free up our staff for other projects and tasks because we are still at the beginning, and we still have a lot to deploy, but we will realize that. I am confident that we will realize those efficiencies.

Singularity Complete has changed what we are looking at. It has dramatically decreased our false positives. We are not chasing false positives. It does not save time as such, but it has helped us focus on what is actually important.

Singularity Complete has not helped reduce alerts, but it has changed what our analysts are looking at. We expected a spike in alerts. The product is showing things that we did not previously see, so the increase in alerts temporarily for a short duration or for the next six months is expected.

Singularity Complete has reduced our false positives, and it has helped us see the hygiene of our whole network in our environment.

Singularity Complete compresses the triage time. It is all about the triage time. That life cycle going from information to action is what security operations are all about. SentinelOne does that because it helps analysts focus on those true things that are risk-behavior in our environment, rather than the validation that they were on more traditional signature-based platforms we had before.

Singularity Complete has not helped reduce our organizational risk, but it has absolutely increased our awareness of that risk. Knowing what your risks are is half the battle before an organization or a medium-sized organization, so being aware of the risk is the first step, which is available for the first time since we adopted SentinelOne.

As far as EDR goes, the behavior analysis of the incidents is my big thing. 

Its non-signature-based capabilities and the heuristic analysis for dynamic threats are also valuable.

There should be full and complete integration in the single console of the mobile agent.

We have been using Singularity Complete for 18 months.

It is scalable, and it has scaled well.

So far, everything has been great. During our deployment, I have bugged them a lot, and it has been pretty good. I cannot complain. I would rate them a nine out of ten. There is always room for improvement. During their deployment, I relied on them to make sure that all of our things went fine. We had some hiccups, and they were there with us. They were there to help through everything. There were some things that took longer time to research and figure out, but for the most part, if I needed a solution, I got it.

We had a bit of a hiccup that was at the SaaS level. Keith W and the complete team made it right once they knew and understood the problem and its impact on our organization. I value that a lot.

Positive

We were using another solution before SentinelOne. We made the switch because of functionality, compatibility, interoperability, visibility, and ease of integration. It checked all the boxes that we needed. We definitely needed to go this way.

It was pretty straightforward, and it was pretty easy to get everything out.

We pushed through SCCM, and it went right in. I had very minimal issues with all of our endpoints. The ease was right there, and basically, there was not a disruption. It was one of the easier deployments that we have had. It roughly took half the time as our previous endpoint protection solution. We did it in about nine months, and we rolled from PoC straight into deployment. The previous solution took about 18 months to cover the same population with a lot more complications and finagling to make it work.

We implemented it in-house with some professional services from SentinelOne. Our experience with SentinelOne was good. We have no complaints.

It is hard to say, but I can say that we have seen an ROI because we have discovered things that we were not aware of. That alone is a return on the investment in my book, and my leadership understands that, and that is easy for me to make.

Singularity Complete has not saved us costs. We are not there yet. It will, but we are at the beginning of our journey. It is going to zero in on things that need to be corrected. For us, it is hopefully going to be that change agent or the catalyst for the change agent to our behavior. Technology can only go so far. We are starting to look at the behavior of how some of our business processes have been run because the risk has not been fully understood, so the costs are unquantifiable at this time, but I am sure they are there. I am confident that they are there.

It is comparable. Something that I look at for the long term is how sustainable it is. There is quite a bit in the security portfolio that I manage, and we will see.

We evaluated about seven other products through an evaluation score guard criteria in-house. It has been so long since I have looked at that matrix, but it came down to analysts evaluating it against our set requirements and evaluation criteria. After that, it becomes a number, and the numbers have a certain magic to themselves that makes things more objective. The numbers just came out where the score was clear and evident based on the analysts' analysis.

It is a good product, and it is something that has future-proofed me in my program for the organization.

I am pretty sure I made a super smart decision when I chose to buy it. The roadmap is sound. Based on the keynotes at SentinelOne OneCon23, there is a lot going on. They are dedicated to improving the product. There are a couple of things, such as SentinelOne Mobile, that cannot be forgotten. That is integral for us or our organization, but, overall, I feel pretty good about the strategic roadmap or journey that we will be on.

From a pragmatic level, it is very mature. There was a bit of a false start with the SentinelOne Mobile, which is important for us, but overall, the product is very mature and adaptable by a variety of talents and skill sets that you find in your SOCs or security operation centers.

I would rate it a nine out of ten because of the Mobile issue. This is something big, and I am a little worried that I did not see it in the keynotes SentinelOne OneCon23.

I am not an end-user of Singularity Complete. I'm a service provider. We have a complete team that focuses on handling incidents from this platform for our customers. We are an extension of their team, and they outsource these tasks to us.

Singularity has multiple mechanisms to identify threats and transform them into incidents. The solution not only detects but also prevents threats. On the investigation side, it helps our analysts analyze events to understand exactly what's happening and why these events have been generated.  

Singularity helps reduce the number of incidents generated. We can configure it to reduce false positives, but we also need to implement a SOAR platform to automate the resolution of some frequent incidents. 

Singularity Complete saves us some money because we don't need to implement any other additional solutions. SentinelOne is more powerful than an antivirus and can secure the environment without the need to implement an IPS, IDS, or a next-gen firewall. It's a good choice for a medium-sized business. The solution reduces organizational risks in terms of the continuity of activity, maintaining confidentiality, and external threats like malware and ransomware.

The most valuable feature is the rollback functionality, which is highly impactful. We can roll back deleted or compromised files. The Ranger feature is also interesting. It enables the solution to visualize the logs and assets that are not yet covered by the platform. Ranger also enables deployments and revisions. It doesn't always work, but it's effective  90 percent of the time. 

Ranger doesn't require us to deploy an agent on our architecture or integrate anything. We activate and configure it, and everything works. You can choose to visualize assets that have no agent installed so we can get full coverage of all the assets. You can also tell it to block connections to any assets that aren't covered. 

We can identify activities and sensitive connections that we can isolate from the network. We can set all our agents to not communicate with certain IP addresses or assets without the agent. For example, we can limit IoT devices, surveillance cameras, printers, etc. This functionality is critical for covering the gaps. 

SentinelOne is making a lot of moves to acquire various companies, but the roadmap isn't clear, and it is still uncertain how the new acquisitions will integrate. For example, SentinelOne recently acquired a mobile security solution, but there is no real integration between the platforms. 

We also have a SOAR platform that helps us reduce the number of incidents that our analysts must handle manually. It would be nice if Singularity Complete had native security automation and integrated mechanisms to reduce the number of false positives. 

I have used Singularity for about three years.

I rate SentinelOne support eight out of 10. SentinelOne offers excellent support.

Positive

I rate SentinelOne Singularity Complete eight out of 10 overall. It needs some improvement in some areas, such as backup functionality and performance, but it's a good solution. 

The primary use case for us is to use the lightweight SentinelOne agent on our endpoints. Our previous vendor's agent was heavier, which caused performance issues when scanning our systems. We were impressed with how lightweight the SentinelOne agent is and how few resources it consumes. We also use it for some of our infrastructure, which includes machines with limited resources. We wanted to find a solution that would not impact the performance of these machines.

SentinelOne Singularity Complete has streamlined the mitigation process and the time it takes to analyze and understand whether I have a true positive or a false positive. This has definitely saved me some time. The rollback feature is also a nice addition. Previously, our old solution would link out to services like VirusTotal, but it was difficult to follow these links to determine if an alert was a true positive or a false positive. For example, an alert might be labeled as a potentially unwanted application, which might not be as critical as a true positive. SentinelOne has made it easier to determine the severity of an alert. I have also noticed that SentinelOne has cut down on the number of false alerts. Our old solution would alert us to things like Chrome browser updates, which would download and make registry changes. With SentinelOne I have only encountered one alert that I didn't need to worry about.

We have definitely saved a lot of time. We had to spend some time setting up the environment correctly, scaling up the protections, and setting any exemptions. After that, the most I need to do is troubleshoot issues that are not related to SentinelOne, such as removing the SentinelOne agent if I need to troubleshoot another issue on an end-user device. Application updates, such as when a new installer is released, are the only other times I need to access SentinelOne, besides when I need to review an incident.

It has helped us reduce our MTTD. We are notified of threats quickly, and being able to see the threat on our dashboard has simplified the process. Once a threat is identified and I am on the screen, I can click once to view the visibility and see if the threat is anywhere else on our network. This is fantastic.

SentinelOne Singularity Complete has helped us reduce our MTTR.

Although it is difficult to quantify the direct financial savings of SentinelOne Singularity Complete, we have saved money indirectly through time saved.

Visibility is one of the most valuable features of SentinelOne Singularity Complete. It does not directly replace a dedicated SIM solution, but it works well for our environment and gives us the visibility into our systems that we need.

I appreciate that it is easy to review incidents that have been detected by the behavioral AI or the SentinelOne Cloud. From the notification we can click into the incident to start reviewing, it is just a few clicks. I have all the data in a single pane, and I can pivot to other sources of information, such as VirusTotal, with a single click. I can also hunt for the incident on the network with a single click. This makes things much easier and saves me time from having to review logs.

One way to improve and get additional benefits would be for SentinelOne to host the updated installer files for us, rather than us having to download and host them ourselves. This could be done in cloud storage or through our mobile device management platform. When they release a new package, whether it's an early release or a general release, I believe they could provide more value by hosting those packages directly. Currently, when they release a new package, I get notified, which is great. However, I then have to go to the portal, download the package, and replace the package that we have posted on our own cloud storage. This is time-consuming. If they could simply provide me with a link to the latest general release installer, that would be fantastic. Even if the link changes, I would only need to change the URL in our cloud storage. This would save me a lot of time.

I have been using SentinelOne Singularity Complete for five months.

I keep the central tab open in my browser. If I click Sign in instead of being signed in, the page refreshes, and I have to sign in again. I think this was just a session token expiring. I have not experienced any stability issues with SentinelOne Singularity Complete, such as crashing or downtime.

SentinelOne Singularity Complete is scalable to our infrastructure and endpoints. Once we figured out the deployment hurdle for Windows and Mac, we were able to push it out to all of our endpoints without any problems. I can break out devices into different sites and groups, and some of those groups can be dynamic. For example, if I'm looking for a Mac computer versus a Windows computer, I can just click on the group and see all of them there. I can also add tags for anything, such as the OS version or if the person might be a specific risk. These are non-relational attributes and values that we can set, so we can define whatever schema we want. It's fantastic.

The technical support team was quick to answer my question and their answer was precise. I didn't have to go back and forth with them or explain things multiple times. They gave me exactly what I needed.

Positive

We previously used BitDefender and Malwarebytes. SentinelOne Singularity Complete was priced similarly, and we felt that it had better support. When we had a support issue, it was answered and resolved quickly. Additionally, the visibility and ability to traverse the logs of all the other devices in our network were invaluable. This allowed us to see if a threat might be present elsewhere in our network. This is what ultimately led us to choose the complete solution over the other SKUs that they offer.

SentinelOne Singularity Complete has a lightweight agent. Additionally, some of our servers are running older operating systems. The agents from our previous vendor did not work well with these older systems. I specifically looked for a new solution that would not be a watered-down solution and would function across our legacy architectures as well as our current modern setup.

Another benefit of the Singularity Complete solution is the increased visibility it provides. We are able to collect data on endpoints that are connecting to specific IP addresses or installing specific files with similar hashes. This allows us to see how far a threat has propagated through the network or if anyone else has it installed. This is something that we could not do with our previous solution.

We use Windows and Mac computers. Deploying SentinelOne on Windows was fairly easy. We were able to do it through our remote management solution. The installation was straightforward and simple. The most difficult part of the process was that the device had to reboot in order for SentinelOne to connect to the visibility service and bring everything online.

Deploying SentinelOne on Mac was a bit different. This is primarily due to the way the macOS operating system works. We need to grant specific privacy permissions to applications in order for them to have full disk access or screen recording capabilities. We found that if we installed SentinelOne on the user profile of a Mac computer, the user's administrator could remove it. This is not ideal, so we had to go back to the drawing board and deploy SentinelOne through our MDM solution.

The biggest headache was that, in order to deploy SentinelOne through MDM so that users did not have to grant privileges to the application, we needed to create a Privacy Preferences Policy Control profile with the specific permissions granted for the SentinelOne bundle ID. We then pushed this profile out to all users. Once we did this, the installation was seamless.

A few colleagues and I completed the implementation in-house.

We have seen a return on investment in the form of time savings. We used to spend more time on incidents, but now we can quickly triage them and move on to other things. This has freed up our time so that we can focus on more important tasks.

We did receive a competitive price for SentinelOne Singularity Complete. However, I believe the retail pricing, or MSRP, is a bit high. I hope we can get the same competitive pricing through our reseller when it comes time to renew. I still believe there are benefits to the solution, even if we had to pay the list price. However, I think they could be more competitive with their upfront pricing.

I would rate SentinelOne Singularity Complete eight out of ten. The room for improvement is to add some additional features, such as Ranger, which they sell separately. I see a lot of value in Ranger, and I wish it was included with the complete purchase.

We do not have any direct plugins for SentinelOne Singularity Complete, such as Ranger. Ranger is an add-on that I believe can be purchased through SentinelOne to expand our visibility. We do not have that, and I wish it was included because there are quite a few nice features that I would hope to see eventually included or trickled down to the complete solution. I feel like those are just a few other cherries on top that would really put this package over the top. One of the struggles I have in a Mac environment is creating a custom application creating the Privacy Preferences Policy Control profile and setting everything correctly so that users do not need to interact with the application when it is pushed to them. SentinelOne has clear documentation and works with a few MDM vendors that have documentation already published. So when we were running a POC for a few of these vendors, it was very easy to get that set up, which is not something I can say for other applications.

SentinelOne Singularity Complete is an intuitive product. I found the getting started guide and active preparation checklist to be very helpful. The checklist is well-documented and comprehensive, and it covers everything from the initial purchase to GoLive. The support team was also able to answer any questions I had about navigating the application. The interface is mature and user-friendly. I have not encountered any major issues so far. Overall, I am very happy with SentinelOne Singularity Complete.

SentinelOne Singularity Complete is definitely valuable as a strategic security partner. SentinelOne Singularity Complete was our top choice, and we are happy with it. I would definitely recommend it to my colleagues if they were looking for a solution for their company.

Maintenance is only required when the vendor releases a new general access version of the installer. I need to download the new version, upload it to our servers, and make sure it deploys successfully to our machines. This is the extent of my maintenance responsibilities. I do not need to directly interact with the application itself.

I would recommend that people evaluating SentinelOne Singularity Complete try it out to see if it is right for their environment. SentinelOne offers a trial that can be set up for their environment. When an organization purchases the product, they will flip a switch and there is no need to set anything else up. This was beneficial for us because we did not have to waste time setting up and deploying the product to a few devices in our environment only to have to do it again after we purchased it. I would also recommend engaging with the resources that SentinelOne provides to get a good understanding of the product. We can tweak the settings and see how it responds to different threats. If organizations have any specific needs, they can talk to an engineer during the trial. This was helpful for us because the engineer was able to make changes to the settings to meet our needs. Overall, I would recommend taking a look at SentinelOne Singularity Complete. I was initially overwhelmed by the different SKU offerings, but I was able to work with sales to find the best package for our needs. The SentinelOne team has been very helpful.

This is our main endpoint and detection response platform. 

It's our antivirus for all of our endpoints, including workstation servers, Linux Windows, Macs, et cetera. We're also deploying it to some of our mobile endpoints as well. We also do incident threat hunting here so that if we see an incident in our environment, we can use it to hunt down that incident and try to get a better analysis of it. We're using it to scan our active directory environment. 

We just wanted a better antivirus. It fixed a lot of problems that we were facing.

We get a lot of benefits from them, including its ease of use. We don't have to really go digging or spend hours a day trying to configure something. 

They have a really good knowledge base. That eliminates a lot of the time having to do manual research. The time it cuts down is great. It removes a lot of time from doing some of these manual and tedious tasks.

Their basic endpoint and detection platform is pretty much their bread and butter. The features that it comes with get a lot of love. You can add custom solutions, rules, et cetera. 

The mobile device management platform is also really good.

They have a lot of integrations with a lot of common platforms that we use. We integrate them with three or four other platforms including data analysis platforms. We haven't really come across too many instances where we had to create custom APIs for them. 

Our impressions of the solution's ability to ingest correlated data across our security solutions are good. They do it really well. They tend to take a lot of the data that they ingest and do a really good job showing you exactly what you need to do or utilizing that data the better way than just receiving it and then manually parsing it. 

We can consolidate our security solutions. It's nice. We have a lot of our security solutions right in the platform itself. They don't offer everything that we need as a security team, yet they do offer a lot. We've been acquiring more of their products as the years go on.

We use the Ranger functionality. That was something we acquired a little over a year ago, and we had quite a lot of endpoints in there, and we actually reduced that number down to under 20 recently. So we're working our way through it, and it's made a lot of progress in our environment.

It provides network and asset visibility for us. Ranger scans our network. It does a really good job of identifying that. In correlation with some of our other network tools, it does a really good job of evaluating what's out there and also being able to provide a proper review and analysis of those endpoints.

We like that Ranger requires no new agents, hardware, or network changes. It's actually really nice. Every time we want to do something that involves the installation of an agent, we have to put in a change request, and we have to wait for the proper easy to improve it. The nice thing about it was we just alerted a couple of teams. We were going to do some scans, and that was it. We've never had any issues. Agentless is definitely the way we've been trying to go moving forward.

We have more insight into our environment. While it doesn't cut down on alerts, we gain more visibility.

The solution, on average, saves us a couple of days' worth of time in total.

It's helped reduce our company's mean time to detect. In correlation with the SOC, we've seen quick alert times. We get an alert almost immediately after an incident.

It also improved the mean time to respond. It does depend on the situation.

From the standpoint of having to suffer through an attack, the solution has saved money in saving us a potential loss. We're paying for the product. The savings are all hypothetical numbers, however, we are definitely saving money. It's helped us reduce organizational risk. We were in bad shape before. We're looking a lot better now. 

The grouping feature needs improvement. There are many times I've wanted to do blacklisting or exclusions for specific people in a group, however, I don't want to remove them from the group itself. 

I'd like to see an auto-update feature. 

I've been using the solution for about over three years. I've been dedicated to it only for a year or two.

They are pretty stable. The company is expanding at a good rate and they are releasing new features to maintain the stability effectively.

We have almost 3,000 endpoints. We have a spike of 500 to 600 endpoints in the summer to December season. We are primarily Windows and also have about 200 Linux endpoints. They are all deployed across the same organization. 

Scaling is flexible. They do a really good job.

Technical support is helpful. Sometimes Level One support may not be the greatest, however, you can push to someone higher. Issues are always resolved. 

Positive

I don't have any personal experience working with other solutions. 

We are at about 98% deployment. There are endpoints that pop up that don't have the agent to get it, however, we're past the deployment phase or past the initial configuration phase. It's all just maintaining and tweaking, and as new features come out, we adjust.

I wasn't here for the initial deployment process. I've done a lot of configurations for new features that they've implemented.

Our team does general maintenance. They do a really good job of giving you the information you need to troubleshoot. Their knowledge base is really good. 

We've definitely seen an ROI. I'm not sure where we would be without it right now. 

The pricing is fair. It's not cheap, nor is it expensive.

The solution seems to be quite innovative. They are coming out with network products. Every month we have a webinar on new features coming out.

The quality and maturity of the solution are both great. The stuff they give us is really detailed.

There are instances of the solution on the cloud, however, all the endpoints are on-premises. 

I'm pretty satisfied with the product as a security partner. I'm happy with where we are with them. 

This is a great product. If a company is unhappy with its current EDR, SentinelOne is a good choice. They are acquiring a lot of companies and solutions to add to their roster in order to provide a more centralized platform.

I'd rate the solution nine out of ten. It's going to be a good one-stop-shop and I enjoy working with them.

We used it only for six months. Initially, it turned out to be a good product, but then we had an issue, so we stopped using it. We are now using CrowdStrike.

From an endpoint perspective, we have a heterogeneous environment. We have Windows, we have Mac, and we have Linux endpoints. We deployed it on all the endpoints, all different operating systems, and cloud instances as well. Our AD was also integrated along with the identity solution, but the issues specifically get reported on the endpoints for open-source or Linux. That is why we decided not to move forward with it.

By implementing SentinelOne Singularity Complete, we wanted security for our endpoints. After COVID, endpoint security became even more critical because our perimeter was more exposed. It was expanding wherever the end users were, so endpoint security became much more critical. Previously, in terms of endpoint security, the traditional antivirus, anti-malware, and endpoint protection were disconnected systems. We did not have any offline correlation, log collection, or policy management, whereas SentinelOne, as well as CrowdStrike, come with a central console. For compliance requirements, such as ISO, SOC 2, or PCI, we have to provide evidence in terms of the status of the endpoint patches and security posture. That is possible through the central console. That was the motivation for us to move to one of these products. SentinelOne was our first choice, but we ran into a specific issue.

We had not specifically signed up for any risk management, but we were also looking to expand that to a completely managed SOC where we do the log correlation as well. When we initially started, we only started with the endpoint, identity, and cloud.

The main reason for getting this solution was that it was a new-gen endpoint solution for having an organization-wide view of security vulnerabilities or abnormal behavior. That was the main reason we got started with SentinelOne Singularity Complete. It gave us a lot of that information. It also helped us with compliance requirements. In the case of any specific instance or any abnormal behavior, its reports certainly helped us with the root cause analysis and collection of logs. It helped us in providing or collecting the evidence that we could use in our compliance reports to ensure proper reporting for relevant legal entities.

The ranger product helped us to do discovery of endpoints. We could identify our rogue devices.

SentinelOne Singularity Complete helped to reduce alerts. It groups the alerts. If you have similar alerts coming from the same server or a couple of servers at a similar time frame, it groups them and sends a single alert along with the device ID. This way, you have less number of alerts for the team to work on. If the agent itself is not in the running state or does not have the latest signatures available, it basically groups the alerts and tries to create a single alert. You have all the endpoints listed out, and you can take action against that particular issue rather than the same issue being reported from thousands of machines together. It is hard to provide the metrics, but generally, it helped quite a bit. I had around 8,000 endpoint licenses, and if 20% of the services started reporting the same issue, there would have been 1,500 to 1,600 alerts in a minute. It merges them into a single alert. We can also define a real-time action. A single alert helps our backend team to take action easily. The same is applicable to the SentinelOne support as well. If certain patches or certain actions are required to mitigate an issue, their team can do the mitigation in one shot and the fixes get pushed to all the servers that were reporting that particular issue. In one shot, you can automate and orchestrate your mitigation.

SentinelOne Singularity Complete helped reduce the mean time to detect and the mean time to resolution. There was at least a 10% reduction.

SentinelOne Singularity Complete did not help us save any direct costs, but there is an opportunity in terms of manhours saved in the backend because of having all these features integrated. There were indirect cost benefits. We saved a lot of hours because our engineers did not have to keep an eye on all the alerts. They could automate certain actions. That was an indirect cost benefit. I cannot list any direct cost benefits. These are costly products.

SentinelOne Singularity Complete absolutely helped reduce organizational risk. It is meant for that. We had different levels of reporting available. We could have an executive view. We could view the standards or framework that we were using. We could see the level of compliance to various standards in terms of percentage. We could also define the actions by accepting something as a risk or mitigating that by orchestrating.

There is centralized reporting and view. We can have role-based access management where technical people or monitoring people can have a central dashboard with a single view of all the endpoints. Whether our endpoints are running on Windows, Mac, Linux, or any flavor of operating systems, and even mobile devices, we can have a central dashboard through which we can do complete user management and policy management. We can have a complete security posture organization-wise, department-wise, or business-wise.

They have a good data lake kind of feature where you can ingest all the security logs. They can be from your endpoint, your identity management system, or your cloud. They can be from any of those services, so you get to do log analytics. That is one of the features that I liked about it. The same capability is also available with CrowdStrike which we are now exploring because of the issue with SentinelOne. However, at the time, with SentinelOne Singularity Complete, because of log analytics, we could do threat intel or sandboxing or have custom logic written for any specific kind of reaction. Those kinds of things were quite easy.

Log analytics and a couple of other things were also pretty good.

We ran into production issues related to CPU utilization on Linux endpoints. Our production environment's performance got degraded like anything. After a lot of debugging, we figured out that because it consumed a big percentage of the CPU and memory. Some of the applications were restarting automatically or randomly. We had an auto-healing infrastructure, so if the system memory was available, the application would restart on its own. When this issue got prolonged, we could see a lot of service failures because of being out of memory. This issue started hitting us wherever we had persistence connection requirements. Because existing connections were breaking completely, any transaction that somebody was doing online got terminated, and that was a big issue.

They should improve it for the open-source or Linux endpoints. They can provide customizations where we can limit the on-access CPU utilization or memory utilization. It should honor the specified limit and use only a limited percentage of CPU and memory rather than utilizing all the CPU or memory available on a system. 

Other than that, I do not have any input. There is a lot of potential. There are a lot of possibilities for orchestration and sandboxing. Because we hit one particular issue, we were not able to continue using it, but I see a lot of opportunities there.

With SentinelOne Singularity Complete, we did not work for a long time. We gave away this product within six months. There were some problems or issues reported, and that is why we discontinued using this product. We stopped using it nine to ten months ago. We have now migrated completely to CrowdStrike.

I discarded this product within six months. I would rate its stability a five out of ten.

Its scalability is fine. I would rate it a nine out of ten for scalability. 

We used it in a heterogeneous environment. We had about 8,000 endpoint licenses.

I would rate their support a six out of ten because the issues that I had reported were not resolved.

As a strategic partner, SentinelOne is pretty good. They are very proactive.

Neutral

Prior to SentinelOne Singularity Complete, we had multiple pieces. We did not have one single product for everything. For endpoint security, we had McAfee as an antivirus and anti-malware. For identity, there was a different application altogether. For SIEM, there was a completely different solution, and for log correlation, we had a different log management server. Dashboarding solutions were completely different. EPO was the tool that we had to orchestrate some of the endpoint and antivirus-related policies.

We were having some challenges with SentinelOne Singularity Complete, so we migrated to CrowdStrike. We are now also exploring CrowdStrike's SIEM solution.

From a maturity standpoint, both SentinelOne Singularity Complete and CrowdStrike are mature products.

We deployed it on-prem and on the cloud. Its deployment was straightforward. It was orchestrated via my backend tool.

It does not require much maintenance. The maintenance required is similar to an endpoint. One or two people are sufficient for 8,000 to 9,000 licenses because they need to just monitor the status. In case they find a rogue device, then only they have to take action. Otherwise, once they have a complete deployment done, they just need to automate reports and tasks. Those kinds of things certainly help.

It is expensive. There is no doubt about it. If one of the functions does not work, it becomes very difficult for any CIO to justify the cost.

I would not be able to share the exact price, but we had almost 8,000 endpoint licenses, and it was a huge cost.

CrowdStrike is not cheaper than SentinelOne. Both products go neck to neck. Both are costly products. 

I would advise going for this solution only if you have a clear use case.

I have only one recommendation. If anybody wants to use such a solution to its potential, they need to be very clear about their use case. They need to know whether they want to go for the complete solution or they are just focusing on the endpoint solution. If you have a complete use case that requires EDR, identity, cloud, and log analytics, then SentinelOne or CrowdStrike makes sense. If you only have an endpoint use case, then these solutions do not make sense. It would not be a cost-effective deal.

After the complete endpoint deployment, you have complete asset visibility. We never used the life cycle management piece. We were just using the EDR feature.

SentinelOne Singularity Complete did not help free up the time of our staff for other projects and tasks. It has a lot of potential to do that, but we used it for a very short duration. Because of the issue we had, we did not continue using this solution. However, it has a lot of potential.

I would rate SentinelOne Singularity Complete a six out of ten. After they improve the product and their support, I may increase the rating. At this time, I cannot rate it more than six.

SentinelOne Singularity Complete is an MDR solution. It is used mainly to detect advanced threats in our teams and on-site teams.

I have used two different vendors before Singularity. Each had its pros and cons. However, Singularity is the most complete tool for EPP and EDR. From a financial, operational, and performance point of view, it is very efficient to have a single solution.

Ranger is a good feature. The XDR functionality provides the timeline of the attack. The product provides deep analytics for threat hunting. My team uses it to detect incidents and for threat hunting. I like the app inventory feature. It is very good for detecting unauthorized apps by our security policy.

I have raised a couple of comments regarding the speed of investigating incidents and performing analysis by the MDR service team. We are a telecom company. We are sensitive to the information of the users. The speed of investigation of the MDR service team must be improved.

I have been using the solution for one year.

The product is pretty stable. It didn't create any issues on the endpoints, laptops, and PCs.

We haven't tried to scale the tool yet, but the solution will be scalable after we increase our license.

The support team is very collaborative. We have a dedicated account manager who is also a part of our support line. We do not face any delays or major inconveniences from the support team. I rate the support an eight out of ten. I will give it a ten out of ten when SentinelOne has better coverage in the Middle East.

Positive

I have used Kaspersky, CrowdStrike, and Carbon Black. After using these solutions for a year, I chose Singularity Complete. The other solutions are existing products and are leaders. However, Singularity Complete is better than them from a financial and technological perspective.

The initial setup is not complex. It's similar to any endpoint solution implementation. We require one staff to deploy the solution. We mainly use AWS as our cloud provider. We also use GCP.

We did the implementation ourselves. It was like any other solution. We faced similar issues. They were not big issues, though. It doesn't require a lot of technical expertise.

We have seen a return on investment because we have saved at least 50% to 60% since we bought the tool. It is an achievement when we get one solution instead of two at 50% less cost. It improved our KPIs.

The licensing is convenient, straightforward, and very clear. I care more about the breakdown of the license than the licensing itself. Some vendors have very complex licensing schemes. SentinelOne's licensing scheme is very clean.

Carbon Black has a competitive version of Singularity Complete, but it is not at the same level as Singularity Complete. It lacks features like threat hunting and Ranger. So, I chose Singularity.

We didn't have any major issues related to the integration. However, we had some issues related to the implementation on the server site. It was solved by upgrading the agents. Initially, we had a couple of issues related to integration, but after that, it was solved.

The solution gives us more visibility into alerts but doesn't reduce them. It might help after we conduct the patching and vulnerability management, but we haven't tested it yet.

Singularity Complete has helped free up our staff for other projects and tasks. We have a full-fledged SOC team that uses SIEM tools. We use it to complement our SOC and our XDR and MDR solutions. We have Singularity Complete as a technology for further investigation and threat hunting.

When we get an alert from the SOC team, we use the tool to do the analysis and threat hunting in 30 minutes per incident. It is a considerable saving in the team's time because we have limited engineers and security analysts. The tool saves 50% of the staff's time.

The product has helped us save on operation and acquisition costs by 70%. We have replaced two solutions from other vendors with Singularity Complete. Singularity Complete has surely helped reduce our organizational risk. We had a lot of alerts from the previous vendors. Now, we see fewer alerts.

Compared to its competitors, Singularity Complete is very mature. It exceeds in some areas, especially in threat hunting. I have seen other solutions. They have very strong capabilities in detection but not in threat hunting. Singularity Complete makes a difference with our analysts when they perform threat hunting and threat analysis.

I like the product's vision very much. Everything has to be on a single agent, and the integration is very much worked on. It has a very good integration roadmap. It has a very complete and strategic vision. It doesn't sell only endpoint products. I like the completeness of its vision.

People who want to buy the tool must test all the features to see how they will get value from the product because it's very complex and feature-rich.

Overall, I rate the solution a seven out of ten.

I use SentinelOne Singularity Complete as our next-generation antivirus on our endpoint. I review detected malware and verify whether it is legitimate or a false positive. Additionally, we can control endpoints, such as correlating them or blocking specific activities on any endpoint. We also have visibility into what is happening, including what is installed, being installed, or uninstalled on endpoints.

SentinelOne Singularity Complete can help reduce alerts, but we must first add exclusions based on our existing features to keep the false positive rate low.

SentinelOne has helped our staff save time investigating and handling incidents.

It has helped reduce our MTTD and our MTTR.

The hunting feature is most valuable for detecting malicious or suspicious activity.

The way Singularity Complete handles blocking external mass storage is annoying because it is so difficult to unblock single endpoints. We can only add a general rule to block everything, and we cannot add any exceptions. Additionally, Singularity Complete uses different names for endpoints other than the actual actions that will happen or be taken, such as quarantining a device. This is also confusing, as the wording used by Singularity Complete is slightly different from other endpoint security solutions and can be difficult at the start.

I have been using SentinelOne Singularity Complete for almost three months.

Singularity Complete is stable.

Singularity Complete is extremely scalable.

Technical support is super helpful. 

Positive

The price of Singularity Complete compared to some of its competitors is competitive.

I would rate SentinelOne Singularity Complete eight out of ten.

SentinelOne Singularity Complete has room to grow, but it is overall very good. It is a mature software product with an awesome UI. There are many options and actions available. 

No maintenance is required from our end.

SentinelOne Singularity Complete is a straightforward, stable solution that is easy to learn.