SentinelOne Singularity Complete Reviews

In general, we replaced our entire antivirus and anti-spyware with SentinelOne. We use it across all platforms, from servers to workstations, to Macs, to Windows, to Linux, Virtual Desktop Infrastructure, and embedded systems - on-premise and in the cloud. We also use their console and their threat-hunting. We needed a solution that was simple and intuitive, without having multiple agents.

We have also started evaluating their IoT, for the discovery of all IoT devices. This is 

It has improved our operational efficiencies. It saves us time because it does that first level of EDR automatically and that allows us to focus on certain things that it tells us about.

And we have better confidence because of all the threats that have been remediated. In fact, the moment we started deploying, we started picking up stuff that was in a dormant state on machines.

SentinelOne has absolutely reduced the number of threats. We get thousands of hits around the world. I'm looking in the console right now and there are 14,639 suspicious detections in the last few days. Of those, it has blocked 87. Another 30 were mitigated right away, and 24 active threats are being investigated now. Remediation of those threats could not be automated because it needs a response to do certain things right.

The strength of SentinelOne is that it has an automated, active EDR. It does that first level of what a SOC analyst would do, automatically, using artificial intelligence, so we can focus on other things. Active EDR not only notifies you, but it actually fixes that first level. That is unheard of. Very few, if any, companies do that.

The reason we went into this whole selection process and selected SentinelOne is that their strategy is "defense-in-depth." They do not only do what the traditional AV endpoint security solutions used to do, but they go further by looking at behaviors and patterns. Additionally, their big differentiators are in the dept of behavior analysis. There are other companies that claim this - albeit in a lighter flavor. 

The whole behavioral analysis helps us get to the root causes. We can understand and pictorially see the "patient zero" of any threat. It shows the first one who got whatever that threat is. When you look at their console and you see a threat, you can not only pick up the raw data to do forensics on it, but it can actually tell you a storyline: who patient zero was and how this whole threat has spread through your environment or on that machine itself; how it happened. Then, you can check on these things yourself. That's crazy good.

In addition, there is no dependency on the cloud to fully protect. Many products you see today, especially those called next-generation, depend on getting some information from the cloud. With this solution, you don't need to connect. It has the intelligence on the endpoint itself. That's useful because you're not always connected to the cloud. You could be in a lab. We've got laboratories where they aren't necessarily connected to the internet, but you want to have the latest intelligence of machine learning to see that you're doing the right thing. SentinelOne doesn't have to be connected. It's already got that behavioral stuff built-in.

They have a rollback and remediation facility as well. If you've got a virus or some malware on a machine, it's going to detect it and it can actually just clean up that part of that malware. You don't have to do anything else. And if you have ransomware, for example, it will pick it up before it causes a problem. And if it didn't, you can actually roll back and get it to the previous good version.

It integrates well with other products. We've got other cloud services that we use for security, and the intelligence is shared between SentinelOne and the CASB that we have.

And with the threat-hunting, you can validate what it's telling you: Is it a real threat or is it just something that is suspicious?

It can tell you everything that's running on an endpoint: What applications are running there and which of those applications are weak and that you have to watch out for. That's one of their free add-ons. You can do queries, you analyze, you can see who touched what and when. You can check the activities, settings, and policies.

Another advantage is that you can break up consoles. You can have them all in the cloud, or you can have some available physically. You may want to keep certain logs local and not share them because of GDPR. You can do those kinds of things. It's very adaptable and malleable.

If you have an agent on your machine, it will find out what things are neighbors to your machine. You can control machines at different levels. You can even control a device on your machine. If there is, for example, a USB device on your machine, I can control it and not let you use that USB device. I can actually get into your console and do stuff.

The other strength of SentinelOne is that you get almost all these features out-of-the-box. They add many features as a default, you don't pay extra, unlike many other companies. There are services you do pay extra for. I mentioned that SentinelOne handles that first level SOC security analyst-type work. But if you need a deeper understanding, with research, they've got a service for that and it's one that we're using. I was convinced that our current team wasn't good enough, so we had to get that service. It's actually very cost-effective, even cheaper than other ways of getting that level of understanding.

They are already reporting on application vulnerabilities in the landscape and working on providing remediation - another big win. 

Regarding the IoT feature, it's on the fence whether they're going to charge for it but that's an add-on module. However, it's not like you have to do anything to install it. You just have to click something in the solution.

The area where it could be improved is reporting. They have some online reporting, but it would be nice to be able to pick and choose. When I'm looking at the console, I would love to be able to pull certain things into a report, the things that are specific to me. They're very responsive. They regularly ask customers to provide feedback. They've been working on their reporting since the last feedback meetings. It's not only me but other customers as well who would like to see improvements in the reporting.

 File Integrity Monitoring is not a gap, but to do it you have to type several times. It's not the few-click intuitive situation.

It would be nice to have some data leakage included. Also, when it comes to data leakage, while you can get out everything that a person does on a machine, there needs to be a proper way of doing so, like other products that are just focused on data leakage.

I can't wait to see their advances in the cloud infrastructure (containers and serverless).

It would be nice (and is critical) to allow administrators to notate when they make changes to the console configurations - perhaps a tag for reporting. I might, for example, whitelist an application. If I did that today and I leave the company at some point, someone might wonder why I did this. There should be a place to easily notate everything.

I started validating and testing the product back in the fall timeframe of 2017. By the time the proof of concept was done, we were signing the product by the end of 2017 or January of 2018.

In our company, if something happens with a solution, everybody will know, and it will be out of the environment in a jiffy.

So far, the scalability is going really well. It's really lightweight. Using the console, you can break it up into regions. It's integrated with Active Directory and we have it set up as the "research lab" in Melville, New York and something else in China.

Right now, it's our product of choice for endpoint protection. I suspect our usage will grow a lot once they enable the IoT; what they call Ranger.

Technical support started off mainly by email, but support is probably the single biggest improvement since we started with SentinelOne two years ago. They always had the intelligence, like any techie person, but techies are not necessarily good communicators. They always had answers, right up to the top. Their CEO is also a very technical person. But they have improved how tech support is delivered by 100-fold.

We had McAfee, and we were using it for other things too.

I'd never heard of SentinelOne in 2017. I knew of the other big guns but I came across it just by chance by looking at studies that spoke about SentinelOne. I had their sales guys and engineers demonstrate but it didn't mean anything. I still thought it might be fluff. So we had to test it and go through that whole rigmarole.

For all intents and purposes, they delivered. You have to remember that they were fighting a battle against all the big guns in the industry, solutions that were already entrenched. When we did our test, we actually broke a couple of their competitors, not because we wanted to. We were just comparing and doing it as a proof of concept. SentinelOne kept catching everything that I thought the other guys should have caught.

Also, they were never defensive; they were straight-easy to work with. Their responsiveness was also very good. If we needed to get something — and this might be because of the size of their company — we could go right up the chain and something would happen right away. If changes were required they happened really fast.

The initial setup was straightforward. I co-authored a book on evaluating products and one of the things that you have to take into account is ease of use and how intuitive things are. Some people may not consider that important, but I consider it important.

In general, it was easy to set up. That was one of the reasons I was pleasantly surprised.

What can make it difficult is the environment you are in. For example, we have "freeze periods" during about half the year, where we cannot make any changes. So, during retail, during Christmas, Chinese New Year, Black Friday, etc., nothing can change in the environment and we cannot deploy anything.

Other things, outside of the environment, were that there are financial/fiscal periods, every quarter, where we cannot change certain things. And we have different silos: a server group, a Windows group, a Mac group, and a Linux group that didn't want to touch anything. Everyone had some bad taste left in their mouths at some point in time, not necessarily with SentinelOne, but in general. If everything is working, why change it? So there were some political things, internally. We have about 35 different companies around the world. Each has a variation of things and there is every version of every thing out there. And some have badly written code too that shows up as malware; it manifests just like malware.

For deployment and maintenance it was me. I did almost everything. There were only one or two people. Obviously, we have to follow the sun because we're global, so at times there might have been three or four people involved, but generally it was one or two who were coordinating it. They know the product and how to deploy it and what needed to be done, but I needed those guys around the globe. They had to coordinate with each of those groups I mentioned. But we owned it and we were accountable for it. We have segregated duties. Even though I'm in security, I don't have the rights to get onto our Windows Servers and make changes. I have to ask the server guys to do something and that's why things take time. That's why you need people to coordinate it.

But, once it was detecting those threats, I felt that even though we had an outsourced team, they were lacking in knowledge. If I told them, "Hey, this is malware," without the right experience, they wouldn't know what the heck to do with it. That was the challenge. That's why we went with SentinelOne's managed service. They have people who can deal with it and sort out the things that are real.

The way you do it is that you don't just McAfee take off a machine and put this one in. You run them simultaneously for some time, and then take one out. I wanted to see if something would happen, or it started messing things up, or if people would start calling saying, "Hey, there's something going on in my machine."

We didn't work with any third-party. Over the years, I've seen that a lot of these guys tend to have biases.

We have absolutely seen a return on our investment because it has created that first-level SOC. Plus, it has all these other functions. It has replaced McAfee. We don't need a file integrity monitoring product. And we can see application vulnerabilities without using another product. And they keep adding features. Once they add this IoT feature, the ROI will be much more.

Initially, I was just researching solutions using independent reports and industry reviews. I don't necessarily agree with everything in industry reviews, but I used them to narrow down the field and to figure out which solutions I needed to look at. I also looked into whether there were any legal issues the companies were fighting. In that first phase, I got it down to about four or five that I would take to the next level and actually touch them with live malware. The reason the other ones fell off is either they were too focused on one thing or there were some legal things. The industry is small. You hear things, not necessarily officially, but unofficially you hear things.

I looked at McAfee, CrowdStrike, Carbon Black, Palo Alto Traps, Cylance, Endgame, Tanium.

In my evaluation, back in 2017, I wanted to see the features of each and match them up with our requirements. What were our influences? What was important to us? I tried to map that into what features were available at the time, or look at whether a product could consolidate another product that we had so that we would no longer need that other product. I also looked at operational efficiencies, security efficiency, and whether it meets all our compliance goals.

Then I went to the lab where I had real malware. There was a whole method to that madness of testing. 

McAfee failed miserably, even with their later product. It would have been easier for us to stick with the incumbent, but it couldn't pick up on malware. There was something it never detected. With that type of next-generation, machine-learning algorithm, it's not so much the algorithm as it is the intelligence, the data that they collect over time.

At the time, Palo Alto Traps was not ready for prime time - immature console, limited support across all our platforms and focus on exploits.

I broke Cylance, surprisingly. I didn't expect that. I'm not even a researcher, per se. I have other jobs in our company. When I managed to break them I was looking at how they responded. I'm not expecting everyone to be perfect, but I found them very defensive. They would say, "Oh, it's only one in 100 or 200 or 300 pieces of malware". But it was the way they responded to things. It took a while for them to get back to me, and they were more concerned about whether I was doing the same thing with the others.

The other weakness of Cylance was that, for anything else, like remediation and response to something, you had to buy another piece. It wasn't part of the product, whereas, with SentinelOne, it was part of the product, without paying anything more.

Some of our folks were convinced that CrowdStrike was the way to go but our tests proved otherwise. CrowdStrike has some good features, but it requires going to the cloud. And secondly, whenever you get events, you almost have to use their service, so you're paying them to help resolve something. It gets expensive.

Separately, I did a compatibility test where I checked our environment: I deployed it in a sampling of some of our machines to see if it run without creating another mess.

When you do a thorough proof of concept, you already have all the details, so nobody's going to mess with you. I compared everything. At the end of the day, I gave my boss a report and said, "This is it. You decide."

Have a look at it. Compare it. It's a very good product to have.

It gives you a lot more insight. It has combined many products into one agent and it's expanding. There are a lot of things it can do now on the cloud, like containers. It gives you insight into a lot of the threats with the hunting ability. I have learned from the tool to see how our environment is. I've learned about certain behaviors of our applications, just by observing what pops up.

There is a console that is in the cloud and there are agents that are all over. You put these agents on Macs or Windows or Linux, or on whatever the cloud versions are of all these virtual devices. We are spread out across the globe. We've got nearly 50,000 endpoints in different parts of the world. We generally stay as close to the latest version of the agent as possible, but we go through change-control and it is very strict. We don't just put things on endpoints. We validate and test in our environment because we have nearly every type of operating system and variations of them in our environment. Therefore, sometimes we are something like .1 or .2 of a version behind. In terms of the console, we are at the latest version.

As a company, we use all variations of clouds, from Ali Cloud, which is China to Azure; we're predominantly Azure. We have AWS and GCP. SentinelOne manages that console and we have access to it. We own that part, our console. It's on AWS, I believe.

Overall, is there room for improvement? Absolutely. There are gaps in the reporting because we need to give reports to different levels. Ideally, we want to just drag and drop things to create reports. They have very nice reports but they're canned. We want to be able to choose what goes into a report. Otherwise, it's right up there and I would give it a nine out of 10.

We use the tool for malware protection and the XDR portion to track intrusions and possible exploitations.

I find the product very easy to maintain and troubleshoot. Their engineers are very helpful if you need additional assistance. It's one of the best products I've used. It's easy to use from my standpoint, both for troubleshooting and with the support we get from their team if necessary.

I find its interoperability with other solutions very good. When there are issues, because everything eventually has issues, the team is very good about running logs and finding out what portion is having issues. We can either exclude a portion of it or make it work. They find a solution.

We haven't had any issues with how we ingest or correlate data across security solutions. We use APIs and things like that to ingest data. For us, we haven't had any issues with the tools we use, but I can't speak for other organizations.

We now have threat hunting, visibility, and malware protection in one console. There are other portions we don't leverage because we choose to keep them separate, like our firewall, but we could if we wanted to.

The solution has helped us reduce false positives. We still get alerts, but I think they're more dynamic now. We have fewer issues with systems. It doesn't take as many resources, so we don't have outages caused by hijacking resources. We've probably reduced our issues with that by 90 percent from the previous program we were using.

The tool has helped free up our team's time. Especially when it comes to upgrades, I went from taking several months with the previous software to getting it done in a week or two for 15,000 to 17,000 assets. It's freed up months.

While I don't track mean time to detect specifically, I know it's very quick because of the way it detects intrusions. It's anomaly-based, not signature-based. It will flag something, review it, determine whether it's a false positive or actually malicious, and then quarantine it. It's pretty instantaneous. We've averted several ransomware attempts before they could infect anything.

Our mean time to respond has decreased significantly. The response is much quicker now, especially since very little gets reverted to us for handling. The Vigilance AI portion usually takes care of most of it, determining the severity of something and whether it needs human attention.

It has helped us save costs, particularly regarding fewer infections throughout the network. While I don't have exact numbers, we've had a reduction in costs associated with reimaging machines due to malware.

It would be nice to be able to adjust the canned reports manually and choose the specific data we want to report on instead of being limited to their pre-set reports.

I have been using the product for three years. 

In terms of stability, we have no downtime from SentinelOne Singularity Complete. We may have some complications with interoperability when we deploy something new that didn't get tested, but that's usually not SentinelOne's fault. It's usually because a third party changed something that had already been whitelisted.

We haven't had any issues with scalability. It scales very well from small to large. We're at 16,000 endpoints, and it's very easy to deploy and manage.

I've contacted technical support myself. Their response time depends on the severity with which you submit the case. For low priority, it takes about a day or two. For high priority, it's within an hour or two, according to their SLA. They're very prompt.

Positive

We switched from Symantec to SentinelOne Singularity Complete mainly because of cost and technology changes. Symantec wasn't changing quickly enough as technology moved toward the cloud, and things were going faster. Broadcom was still using heavy, clunky on-premises agents that used a lot of resources. SentinelOne Singularity Complete was new, next-gen, smoother, and quicker with less downtime. They manage their end in the cloud, so we don't have to maintain our console.

We saw the benefits immediately after deployment. The deployment was seamless, easy to learn, and easy to use—very intuitive. The initial deployment was pretty seamless and easy. It took us about six months to fully deploy, but that was because we did it in segments. We're a global organization with many different entities, so we had to do it segmented. It probably would have taken us a quarter if we had just set it out all at once.

The only maintenance we require is keeping our agents up to date. We do this manually because we go through a change approval process to ensure we don't introduce anything that will harm the system. We then test and deploy.

We used SentinelOne's guidance, but we did the deployment ourselves in-house.

My impression of SentinelOne Singularity Complete as a strategic security partner is that it's state-of-the-art, easy, and uncomplicated. As an engineer, I find the product easy to deploy, maintain, and efficiently. I rate the overall solution a ten out of ten. 

I advise new users to read the manual before they start using it. Understand all the different modules to utilize them as intended and get the best out of them. Also, use their support if you have questions before you deploy. Get a game plan and follow their recommendations.

We use it for endpoint security for all of the systems in our environment. We have servers and workstations. We have macOS and Linux operating systems, and we are using it as an EDR/endpoint protection platform.

There is a lot of improvement from a security maturity perspective. Even though we have a very reputable and well-known SIEM, one of our go-to applications in our environment is SentinelOne. On a daily basis, almost all my staff or my analysts use it and operate it every day. It gives us a lot of information and a lot of data about what is going on. In addition to the detections, we are able to use and leverage Binary Vault. We could also use Remote Script Orchestration, which is an add-on that we could add to the platform. It allows us other functionalities that we would not normally have with another product in the same category. It allows us to run scripts on endpoints remotely out of the SentinelOne administrative GUI, which we use for all kinds of purposes. It has improved our abilities significantly in what we can do.

We have visibility into all our systems. We have visibility into malware or any suspicious activities that are occurring. We have the ability to quarantine systems based on the risks. If there is something going on, we have the ability to do that. We can also run remote scripts on systems, and we can control certain types of devices such as USB access. We have the ability to control what people can do with USBs. That is another functionality we use.

Most traditional antivirus platforms are very basic in terms of how you add exclusions. Usually, you completely exclude an application from detection. They do not provide you with various modes or various levels of visibility into an application. SentinelOne provides different levels of visibility, so you can have a level that has some visibility and does not completely make the application invisible to SentinelOne. It is the first platform that I have ever worked on with such capability. Instead of just a binary exclusion on or exclusion off, they provide different interoperability modes. There are five interoperability modes. Some are performance-focused, and some are visibility-focused. They allow you to select the mode that will give you the best balance of visibility and performance depending on the application. It is very handy. Most endpoint security platforms, antivirus, and EDRs are binary. You apply the exclusion and have zero visibility into what that particular application is doing in your environment. With SentinelOne, you can implicitly trust, or you have the ability to say that you trust it, but you want to have an eye on it if anything ever happens. For example, your third-party software is compromised, as happened with SolarWinds, and it starts doing funny things in your environment. That is what the interoperability exclusions give you with SentinelOne. This is an excellent feature.

In terms of its ability to ingest and correlate across our security solutions, they have recently added the Singularity marketplace in XDR. Not all of them but most of them are included in the license. We do leverage it. It gives us additional context. For example, we were able to add the VirusTotal API, which adds the context of what VirusTotal has in terms of information on a particular detection or binary that is detected in SentinelOne. They are starting to build those APIs out. We are able to add more context from other third-party applications. It is excellent. It is at no cost to us. We are using quite a few of them already for other platforms that are built out of the box. We are starting to leverage any out-of-the-box APIs for the platforms that we have.

It has helped us with a little bit of consolidation. We were able to consolidate the device control. We were using another platform for that. We had another completely separate vendor for USB control, and now, we have decided to not renew that license and move all the controls through SentinelOne.

It has not helped reduce alerts. The point is not to reduce alerts. It is to increase alerts. The point of Singularity is to reduce incidents, and, we for sure, have achieved that. The point of the Singularity platform is to block things that we do not want to occur in our environment or at least have visibility to them so that we can take action. If we were to strip it out completely, the organization would be in a much worse place.

It has helped free up our staff for other projects and tasks because the incident response has diminished. I do not have my analysts responding to threats. I have them just validating when something is detected to ensure that we are okay. For sure, it has freed them up. There are about 25% of time savings.

It has reduced our mean time to respond (MTTR). Without it, we would not have very much visibility into detections. It has improved our mean time to detect by 80% to 90%. If we did not have Singularity Complete, we would have very little visibility on the endpoints at least, and that is where most of our threats are occurring.

We have a service from SentinelOne called Vigilance. This service has reduced our mean time to react or respond. This 24/7 service has improved our mean time to respond significantly because it is the SentinelOne analysts who are responding. It has improved our mean time to respond by 80% because they are performing the analysis. They are the experts, and they are looking at the detection in our console. We do not have to go out and try to perform that same level of understanding of what we have just seen. Their experts take a look at that. Instead of spending hours and hours trying to figure out what we are seeing, it is literally down to just minutes by the Vigilance team. It is a separate license that we have incorporated with our Singularity license. It is a part of their MDR solution. It is a service they offer.

It has overall reduced our organizational risk.

The EDR functionality of the platform is what we use the most. That was the primary reason why we got SentinelOne. That is what we use the most in terms of functionality.

The ease of use can be better in Deep Visibility. It is not always the easiest. If I have not been in there in the Deep Visibility module for a long time, I do not always find it that easy to use. I tend to go and have to consult the help quite often if I have not been in there a long time. I am not a primary user of the application, so I do not always find it second nature to go in there and gather information. It could be a little easier. 

We have been using this solution for four years.

Its stability is next to nothing. It probably has an uptime of 99.99%. The only issue you would have is that the agent sometimes becomes unresponsive or corrupt, but there is not a single application in the world where you do not have some level of corruption or issues that may arise. If anything, it is much better than the others that we have.

It is very scalable. We have doubled the number of licenses or agents we have had in the last three years, and we have not had any issues.

They are excellent when it comes to interoperability and exclusions. For example, you may have somebody in your environment complaining about slowness, or you may have several situations where end-users may report that a certain application has been slow on their computer. SentinelOne gives you the ability to remotely pull the logs off a computer and send the logs to tech support for them to perform an analysis. They can perform their analysis from the logs and come back to you and say, "From what we are seeing, it looks like you have an application running application ABC that seems to require an exclusion. We recommend this interoperability type." All you have to do is say, "Oh, perfect. Thank you very much for that information. Add the exclusion." They have done all the analysis for you. You check back with your end-user to see if that has rectified the situation. In almost every circumstance that we have run into, it got rectified. I have never seen that type of analysis performed by an EDR or endpoint protection provider before. It is the first time I have seen that. This aspect of their support is excellent. However, some of the other things are not always detailed enough in terms of what we should be doing. They can be a bit vague, and if it does not help the situation, they may have to raise the issue to a different tier. So, they can be a little vague about exactly what you should do, but at least they set you on the right path. Overall, I would rate them an eight out of ten.

Positive

It was a product by Carbon Black called Carbon Black Response and Carbon Black Defense. We switched because Carbon Black was purchased by VMware at the time, and their customer service was diminishing substantially. Some of the older products that we still had by Carbon Black were not being supported as well as they were previously. Their technology roadmap was not fantastic. We started looking at other products. We found CrowdStrike and SentinelOne to be more up-to-date and more modern EDR solutions. We saw a noticeable improvement in terms of technology and detection. At the time, SentinelOne was priding itself on the level of number of detections it could detect. A lot of that came into the reviews of the product at the time and the type of tests that it was undergoing and its performance in those tests. That was a primary reason for deciding to go with SentinelOne and going away from Carbon Black. Pricing was another excellent aspect of the platform.

They host the platform in the cloud. It is a SaaS application for us.

Its deployment was extremely straightforward. All you have to do is deploy their agents on your computers. The agent checks in with your cloud console, and you start retrieving information immediately. Carbon Black Defense has that capability as well, but we went with SentinelOne because it did have that cloud capability. When COVID hit, and everybody left the office to go home to work, it was seamless for us. We have full visibility into every single system and asset in the organization whether they are on-premises or off-premises. They could be traveling. They could be anywhere in the world. As long as they have Internet connectivity, we have full visibility into their computers.

In terms of maintenance, the only maintenance that is required is to maintain the health of the agents. Sometimes the agents can become corrupt or stop functioning, so you have to ensure that you are checking for assets in which you run into those situations. The other thing would be the agent versions. You have to maintain agent versions as new versions of the agents come out. You can either automate it so that your agents get updated automatically on whatever schedule that you want, or you can do it manually. You can also do it through some other software deployment platform. That is the only thing you have to do maintenance on. The backend is all maintained by SentinelOne. All the updates to the console environment are taken care of by SentinelOne. Because it is a SaaS application, the only thing that the customer is responsible for is the agent deployment and upgrades.

We worked directly with the SentinelOne team. From our side, there were two of us. From their side, there was probably just one engineer.

It has helped our organization save costs. In terms of metrics, I can only go by what other competitors were charging at the time, and we got it at a significantly better price than what some of the other competitors were charging.

The ROI is not just from the platform itself. It is also from the Vigilance service perspective that has freed up my guys to do many other things. It saves my analysts at least two to three hours per day in man-hours, so there is a huge return on investment there. For the price that the service costs, it is extremely good value.

Their pricing was extremely competitive. That is why we stayed with them so long. We are renewing at the end of next month. We have already put in the approval. It is all set to go. We are renewing for another year or so year over year. It has been a very effective product, and it has been priced very competitively.

To someone who is researching Singularity Complete, I would say that it is excellent in terms of quality and maturity.

I would advise performing an extensive proof of concept. If you have the ability to use a security tool validation platform to test out multiple platforms before choosing one, that would be a good idea. You should also understand various modules that are add-ons to the platform. It is extremely important.

I have used the Ranger functionality, and I am very familiar with it. It provides network and asset visibility. You can configure the agent to scan the subnet that it sits on and look for other assets that are missing the SentinelOne agent. You can create a policy saying that if a device sits on a specific subnet and has, for example, more than five systems, try to interrogate those systems to see if they are the systems that may be eligible for the SentinelOne agent but are missing one. We did not renew the license for that specific functionality of SentinelOne about a year ago. We decided to go with another vendor to give us that type of visibility.

Overall, I would rate SentinelOne Singularity Complete a nine out of ten.

One of the companies we conduct business with received ransomware. As a result, we sought to enhance our security posture, commencing with our employees. SentinelOne Singularity Complete was procured to gain visibility into our company's resources. We aimed to possess the capability to detect whether our users were encountering malware, viruses, or incidents.

We used to employ Norton antivirus on all our assigned desktops and laptops. Unfortunately, we had no visibility in this setup. Consequently, if a user were to acquire a virus or download malware or anything suspicious, we wouldn't be informed. While users do receive prompts indicating suspicious activities, they might not always report them. Hence, gaining visibility became our top priority. I required a solution that would allow me to monitor such activities. For example, if a user were to download something malicious or suspicious unrelated to their daily tasks, or even if they were to download malware, I needed immediate visibility. This would enable me to promptly quarantine the threat, resolve the issue on the affected device, and collaborate with the respective employee. The goal was to raise awareness about their downloads, educate them on safe practices, and enhance their overall understanding of their actions. SentinelOne Singularity Complete helps address our requirements.

The primary advantage of SentinelOne Singularity Complete for our organization is enhanced visibility. The secondary benefit is my belief in the product having a much stronger support system. This implies that no one in the company has the necessary resources to identify and address malware effectively, resulting in their product not being up to par in terms of providing comprehensive protection for end users. While our previous endpoint management, Norton, was good, it fell short of greatness. I strongly feel that no other product truly excels. I've gone through numerous reviews, made comparisons with alternative solutions, and utilized other options. This wasn't just a slight improvement in polish; it genuinely ensures the safeguarding of end users and the entire company.

I haven't received many alerts. Ironically, of the alerts that I have received, most were originating from my device. As I am the technology leader for the organization, there were certain tools on my laptop that were flagged almost immediately upon installing the agent. So, in an ironic twist, I was flagged. However, it's actually quite positive that my end users haven't engaged in any activities that could be deemed malicious or suspicious. I receive emails and reports promptly, so I'm genuinely surprised that the tool behaves this way. Interestingly, when it did flag certain processes and software on my devices, they were actually legitimate pieces of software that I regularly use. Nonetheless, I'm pleased that SentinelOne Singularity Complete was able to promptly detect these instances.

I am the sole technical person in the company, and the solution has enabled me to concentrate more on enhancing the organization's security posture. This foundation and framework have paved the way for me to pursue additional projects in the field of security for our organization.

The mean time to detect is nearly real-time. When I identified potential threats, the response was nearly instantaneous after installing the agent and running the initial scan. It promptly identified all issues. I received an immediate notification to quarantine those processes and applications. This allowed me to conduct a more in-depth investigation and confirm that these processes should not be present on the device.

SentinelOne Singularity Complete has unquestionably aided in diminishing our organizational risk. The solution significantly reduces overall risk, just as it claims. I have examined numerous white papers and engaged in discussions with numerous individuals within the organization to establish a sense of confidence in recognizing SentinelOne as a market leader. Their enduring presence is apparent, coupled with their commitment to thorough research, which is consistently integrated into their products to ensure their relevance and continued usefulness for consumers.

The visibility component is the most valuable feature. Having the capability to delve into the specific resources that the devices are actively using provides us with the breadth and visibility that we seek. Additionally, being able to accurately track our users' activities, such as identifying when they are downloading PDF attachments, enables us to promptly detect any potential issues.

I would have liked the dashboard to be more user-friendly. I often have to navigate through several menus to locate exactly what I'm searching for. I had difficulty finding the site token required for device installation or agent installation on devices. It actually took me quite a while to locate these menus. Instead of having them at the top after selecting from the left-hand side, they list the sub-menus at the top. This forces me to scroll through my screen to access all the different sub-menus. If they were placed underneath the main menu or bookmarked on the left-hand side, it would make navigation significantly easier. 

I would appreciate having more comprehensive reporting. While I believe the current reporting is accurate, I find it slightly simplistic in my view. However, I want to note that I've been using the product for only about a month, so it might take more time to fully process the information and generate detailed reports.

I have been using SentinelOne Singularity Complete for one month.

SentinelOne Singularity Complete is stable. I haven't encountered any crashes or errors during installation. There have been no unusual glitches on the management console. It's only been a month, but I'm extremely satisfied with the solution.

I don't have any issues with the console scaling. When I logged in earlier today, SentinelOne performed a complete site upgrade in the background, and I didn't even notice it. Scalability is also not a problem with agent inflation in my company. I have been able to deploy agents without any trouble. Initially, there was a minimum purchase requirement, which was slightly higher than our install base's cost. However, I was comfortable with purchasing the additional licenses. Therefore, if we do experience growth, licensing won't be an issue. I want to ensure that we remain within the appropriate range for that.

I have been informed that even if we experience a sudden surge in growth among our customers and we continue scaling and deploying agents, we will catch up with the licensing costs beyond our initial purchase price within the year. So, I am confident that they can scale effectively. Although my installation is relatively small in comparison to some larger organizations I've worked with in the past, I am aware that these products can scale to accommodate thousands of devices. I have full confidence that if we were to experience explosive growth within our company, I would be able to manage it without any issues.

I only had to use technical support once because my email address had not been added to various websites they have, such as their tech support and community website. For that issue, I had to contact my account manager because the tech support site hadn't recognized it yet. However, that single email was corrected almost immediately. Within five minutes, a community manager contacted me, informing me that I had been added, and I could proceed to log in to all the different sub-websites of SentinelOne to access the various resources they provide. The matter was resolved extremely quickly.

Positive

The initial setup is extremely easy. I collaborated with my team to grant trial access, allowing me to configure a single device and assess its functionality. Furthermore, the website's cloud segment was established automatically by SentinelOne. Upon downloading the package, it was promptly recognized, and the device was seamlessly incorporated into the cloud-based management console. This enabled me to effectively oversee, configure, and comprehend its settings. The overall process struck me as remarkably straightforward, even when I noticed that there was an error in the naming of my management console. A quick email to my account manager rectified the issue, with their prompt resolution at their end.

I completed the deployment on my own.

I would rate SentinelOne Singularity Complete as a ten out of ten. The reason is that I found the visibility I was looking for. It identifies suspicious software immediately; I experienced this firsthand when it detected such software on my device while I was using certain tools. This assures me of the solution's effectiveness. The management dashboard is largely user-friendly and provides all the information I require. It allows me to search deep within the processes of the running instances. Therefore, I consider it a strong offering, especially since many competitors provide similar services. In terms of knowledge, SentinelOne Singularity Complete competes well with these other vendors. I am highly satisfied with my purchase.

SentinelOne Singularity Complete's ability to save us costs is currently unknown. The purchase of SentinelOne Singularity Complete was significantly more expensive than the Norton software we had previously been using on our other devices. However, there is a balance, and I have visibility into this. I have the agent and the support of a much larger organization that is specifically focused on this. Therefore, the increased cost is justified for what we are aiming to achieve. While it might potentially save us a significant amount of money if one of those devices becomes infected with serious malware that leads to ransomware or similar issues, its primary purpose is also to prevent such situations. In conclusion, whether it will ultimately save us costs is a complex question with both positive and negative aspects.

I downloaded the package from the cloud and had to search extensively to find the site token for proceeding with the installation. It would probably be easier if the package were downloaded directly from the cloud. The solution would recognize that it has been downloaded from my account on the cloud and wouldn't require applying that token. I think that might be simpler from an administrator's point of view. I appreciate the ability to create automation for updating the agents. I found that feature very useful, as it eliminates the need to update each device individually to a newer version or to manually check the cloud for a newer version. Once I approve the update, the automation tool handles the update process automatically. I really like that aspect.

Maintenance is straightforward. I accomplish this by creating automation for the agent upgrades whenever new versions are released. Once I receive the email notifying me of a new version, I access the console. In a matter of five minutes, I can generate automation that will proceed to update all the agents within our console automatically. Therefore, performing this task doesn't require much effort from my end.

I value SentinelOne as a strategic security partner. I have experience with other security products within much larger enterprises, some of which are significantly more expensive. Certain products require an entire team to initiate and run, demanding a substantial amount of time and effort to set up the infrastructure, create the necessary site, and proceed with deploying project management, involving multiple meetings. My engagement with SentinelOne was quite streamlined. I had only two meetings with them: one to familiarize myself with the product and a second one to make the purchase and understand the procurement process. Everything was handled by their team from the backend. If I remember correctly, these interactions took place on the same day. I had a meeting around ten o'clock, and by approximately three o'clock, the management console was prepared for my access. This allowed me to start deploying the agent for testing purposes. In my view, SentinelOne exhibits a customer-centric approach. They not only focus on the security aspects of their consumable product but also prioritize their customers. The professionals I collaborated with demonstrated a clear understanding that their clients come first. Overall, I am deeply impressed with SentinelOne. While I have experience with other vendors and larger corporations that hold more industry recognition, my comprehensive impression of SentinelOne over the month and a half of evaluating the product, and the subsequent month of using it, is exceptionally positive. They indeed offer a highly effective product that aids consumers in maintaining the security of their devices.

I recommend that organizations conduct their own thorough research and due diligence. Don't solely rely on marketing speeches. The security field has numerous players, many of whom offer similar services. Personally, I have experience with some of these other solutions that function very similarly to SentinelOne Singularity Complete, including their management platforms and agent-based solutions. What stood out to me was the depth of SentinelOne's research. They delve into the core aspects of security, beyond just product user-friendliness, easy installation, or a visually pleasing dashboard. Their commitment involves meticulous research into prevalent malware and viruses. They ensure that the solutions they provide can rapidly detect zero-day attacks and malware, offering immediate protection to their customers. In my view, SentinelOne stands out because they genuinely prioritize their customers' interests. They demonstrate their commitment through their dedicated research and development, and by offering applications that effectively safeguard customers. 

We provide SOC services for mostly UK clients and use SentinelOne to monitor our clients' endpoints and remedy threats. Some threats are remedied automatically, but others require investigation. We analyze the file and log any new vulnerabilities in our threat intel account. 

Singularity Complete is a one-stop solution that encompasses all the endpoint protection solutions from SentinelOne. We've eliminated about 99 percent of our other solutions by switching to Singularity. It's easy to integrate SentinelOne logs, and we don't need any other tools for threat hunting or SIEM. Everything is on one platform. You can fully realize Singularity's benefits after about 3 months of deployment and training.

The solution is supported by Vigilance, SentinelOne's MDR service. They monitor 24/7 since we have other things to do. We have an SLA that threats will be mitigated within 45 minutes to an hour after detection. Singularity has virtually eliminated our organizational risk from threats. 

Singularity's threat-hunting platform is user-friendly, and I like the built-in remote access feature. External parties can log in securely via the S1 agent. It's easy to integrate S1 logs with our SIS. That's one good thing. We don't need to use any other tools, like a SIEM. 

I would like SentinelOne to add a threat-hunting report and more UEBA features. They could add more SIEM functionality. It would be nice to have the ability to easily drag all the logs from the agents, so there's no need for multiple agents installed on the endpoint. 

I have used Singularity Complete for a year and a half. 

We haven't seen any downtime outside of normal maintenance windows every few months. 

Singularity's scalability is good. 

I used CrowdStrike before, but SentinelOne is easier because I can do more stuff on that. For example, let's say I want to fetch some files from an end user's machine or install something, but I do not manage the machine as a security person. If we need to do something inside, I can do a full scan and use remote access to see everything. 

The SentinelOne suite is appropriate for our use case. If the scope and tasks were different, another EDR might be better. CrowdStrike has built-in UEBA, but it's not as user-friendly as SentinelOne. 

I'm not involved with purchasing decisions, but I believe Singularity must be cost-effective because the management selected it. 

I rate SentinelOne Singularity Complete 9 out of 10. It's an excellent solution for monitoring and managing endpoints. I recommend doing SentinelOne's training to familiarize yourself with how to leverage the entire product. 

We have deployed SentinelOne Singularity Complete on all of our internal employee workstations. It is our endpoint solution for extended detection and response and all of the components within that scope.

We implemented SentinelOne Singularity Complete to help us address our cybersecurity challenges, mitigate threats to our machines and organization, and protect our data.

SentinelOne Singularity Complete integrates well with other third-party solutions, such as Palo Alto Networks, which we use for VPNs, and Zscaler, which we use for content filtering. The fact that it is not an invasive program is great. Therefore, staying in alignment with what SentinelOne is currently doing with the platform is something I would definitely recommend. Something to avoid when choosing an endpoint protection solution is resource consumption. People develop a bad reputation for a product when they detect it impeding their workflow. So, as long as SentinelOne can avoid this, they are on the right track.

It ingests and correlates data across all of our security solutions. It is a modern solution that I am extremely satisfied with.

SentinelOne Singularity Complete has helped us consolidate our security solutions. It is an extended detection and response solution that provides us with detection and response capabilities, as well as heuristic-based protection. It is a very modern endpoint protection solution. I think it is very competitive with other software such as Trend Micro.

SentinelOne Singularity Complete is a modern endpoint protection solution that addresses the cybersecurity needs of the organization realistically and from a compliance perspective. Since I joined the team a year ago, I have seen the benefits.

SentinelOne Singularity Complete reduces the number of alerts because it is an easy-to-manage solution without thousands of data sources. When we do receive alerts, Singularity Complete provides concise and actionable information.

SentinelOne Singularity Complete is a manageable solution that scales and does not require a dedicated person to handle it.

I am satisfied with SentinelOne Singularity Completes MTTD.

SentinelOne Singularity Complete helps reduce the MTTR because it provides actionable steps when something is detected. It also helped us reduce our organizational risk. It uses modern techniques to identify threat actors and helps us maintain compliance. As a large international company involved in governance, it is important to us that Singularity Complete reduces our organizational risk. 

SentinelOne Singularity Complete does not consume many resources compared to the competition, like McAfee. The external drive scanning is great.

I am not a fan of the UI and feel it has room for improvement.

Heuristic analysis can always be improved. Many companies need to work on this. So, I think the sooner SentinelOne, for example, can get ahead of the curve on that, the sooner we can count on it as a realistic enterprise solution.

I have been using SentinelOne Singularity Complete for over one year.

SentinelOne Singularity Complete is one of the most stable solutions we have in our stack.

SentinelOne Singularity Complete is scalable.

The few times I have used the technical support it has been a good experience.

Positive

I would rate SentinelOne Singularity Complete eight out of ten.

Although we can use a multifaceted approach with different products, this has both advantages and disadvantages. For example, if one product fails, the entire system does not. However, it would be an advantage if SentinelOne offered other tools, such as VPN and encryption. SentinelOne Singularity Complete is a cutting-edge, modern solution that offers a multifaceted approach to XDR. It is not outdated like many other programs. As long as SentinelOne continues to innovate and evolve in the cybersecurity landscape, it will remain a leading solution.

One of the things that really impressed me about SentinelOne Singularity Complete compared to other solutions was their commitment to taking cybersecurity practitioners seriously. This is anecdotal, as I met some of the most technical professionals working at their booth at Black Hat, while many other booths were staffed by sales representatives. As a practitioner, the fact that I can't ask many sales representatives very technical questions is not a good reflection on the company. SentinelOne was different. I was able to have very technical discussions with their staff, which shows that they take their approach very seriously.

SentinelOne Singularity Complete is at the forefront of cybersecurity protection. I consider it a great solution option, and I strongly recommend comparing it to other offerings. I believe it will stand up well against the competition.

We are a Fortune 500 company, and SentinelOne Singularity Complete is deployed on tens of thousands of endpoints.

SentinelOne Singularity Complete is a set-and-forget solution when it comes to maintenance.

I have good impressions of SentinelOne as a strategic security partner.

Organizations should research any solution before implementing it. The price of one product may make sense for some organizations but not others. Apply the same due diligence to any solution that will affect the organization's overall security posture.

We use it for endpoint protection. It is our antivirus and EDR solution. 

We are also using it for device control, such as blocking USBs, and we also use it for network control. We are blocking port access on machines.

Singularity Complete has saved us time. I recently did the agent upgrade. I used their upgrade policy and just specified the maintenance window and things like that. The first two times I updated the agents, I used to sit there and highlight the endpoints and run agent updates, but this time, I used auto-upgrade. With auto-upgrade, it ran between 6 PM to 8 AM, and then it ran all day on the weekend, and it was up in there. In one day, it updated 1,000 endpoints. That was pretty cool. I did not have to sit there and do the manual work. I just watched the system to make sure that the endpoints got updated. That was pretty cool. It is nice to know that I do not have to sit there, and I can just create a policy and let it go. It definitely saves time.

Singularity Complete has reduced our mean time to detect (MTTD). I get an email pretty much right off the bat. When an alert pops up, I get an email from my ticketing system, so it is pretty quick. If I am on my desk. I take care of it pretty quickly. Currently, I am the main person running this, and other people back me up when I am not around. I am hoping I can get somebody else trained on this. 

Singularity Complete has helped reduce our organizational risk. It is somewhere in the middle when it comes to contributing to our security posture.

SentinelOne has been a good partner. We mostly use Mac and Windows systems, and we were able to do device control and network control out of SentinelOne rather than through MDM. We are doing it all through SentinelOne. We did not have any conflict in the apps.

In terms of interoperability, we have plugged it into our Alert Logic MDR. It flags to our MDR. For example, if a threat cannot be mitigated or it is hard to mitigate a threat, then the MDR will notify us. Some of the things related to applications could use some work, but they are in the process of fixing this. We will then be able to update and disable applications through SentinelOne.

Device control and network control are valuable. 

They updated the console, and on the incidents page, we can break down the incidents and see all attack attempts. It is pretty cool and in-depth. 

The application management needs improvements, but I understand that they are working on it. We talked to them a few months ago, and it is something they are trying to get up to speed and fix. This way, we will be able to disable critical apps or vulnerable apps through SentinelOne. We will be able to patch applications or disable applications through the Application Management tab.

Singularity Complete has not helped reduce alerts. In fact, it produces a lot of false positives. It does its job, but I have spent the last week fine-tuning the system and trying to suppress false positives. I am getting a hang of it.

I have been using SentinelOne Singularity Complete for about a year and a half.

Its stability is very good. Recently, one person had an issue, and I had to reinstall the agent. They had lost their Internet connectivity. We put in some strategy work, and we had to go in there and figure out which ports are open, but other than that, it has been very good.

Its scalability is pretty good. 

I have interacted with their support. They are always pretty easy to get a hold of. I never have to wait. They are helpful. They have resolved any issue that I have ever brought up with them in a timely manner. I would rate them a 10 out of 10.

Positive

It is a cloud solution. I inherited it, so I was not there when they implemented it. It was implemented about six months before I got hired. It was probably deployed in late 2021, and I started in February 2022.

It requires a little bit of maintenance in terms of fine-tuning the false positives and things like that. For example, because people use Logitech devices, I had to suppress the alerts because they kept popping up because the hash was always different. I have noticed that when a new agent comes, it can be a little aggressive in the beginning. I have to fine-tune the alerts a little bit, but that is a part of the process. I update the agents twice a year. I will try to do it more because now I know how the upgrade policy works. The only thing I am not yet good at is reviewing the Mac logs. Windows logs are easy because of the years of Windows experience and the use of Windows Event Viewer. I just got to be better with the Mac logs.

In terms of cost savings, I am starting to get into the budget, but we have not got any malware or serious incidents. There are money savings when you do not have serious incidents.

We have not had any downtime. We have not had anybody's machines compromised. It has been protecting the endpoints pretty well. It has been pretty quiet. We have not had anything that we would consider a major incident, so it is doing pretty well.

I do not know much about it. From what I understand, it is pricey, but it works. It is a very good product. 

I also used SentinelOne five years ago at another company, and I find it to be way better now. It is a much more refined product. It does not actively scan the system the way it used to. It has come a long way in terms of performance on the machines. It does not hinder the performance of developers' machines. I hear no complaints about SentinelOne blocking or grinding machines to a halt with scans when developers are doing builds and things like that. It has improved greatly. Five years ago, I used to hear complaints about SentinelOne slowing down the systems, but I have not heard that once here.

We tested the Ranger functionality a bit. We were demoing it. Ranger was pretty cool for the visibility of devices, but we did not find a use for it.

Overall, I would rate SentinelOne Singularity Complete a 9 out of 10.

SentinelOne Singularity Complete is the best antivirus available, and it also provides a vigilant service, so I don't need to keep an eye on the portal. Someone else monitors my antiviruses and all the threats out there for me.

SentinelOne Singularity Complete helped us address the missed viruses and potential ransomware attacks from a single location for our security needs.

The interoperability with other SentinelOne solutions and third-party tools is good. We have integrated it with Mimecast.

SentinelOne Singularity Complete ingested all the data from Mimecast and displayed it in a single location.

It has helped consolidate our security solutions in one place.

It has helped our organization improve its visibility by allowing us to see which users are risky, which machines are at risk, and which machines are outdated.

SentinelOne Singularity Complete has helped reduce the number of alerts. In addition, we use Vigilance to hide all alerts, so we don't see any of them.

We have freed up 30 percent of our staff time. As the only person in the IT department, I can now focus on other tasks. SentinelOne Singularity Complete is like having an extra pair of hands.

It has reduced our MTTD by up to 80 percent depending on the time of day.

SentinelOne Singularity Complete has reduced our MTTR. We have an SLA with Vigilance, and they respond quickly to alerts.

SentinelOne Singularity Complete has reduced our organizational risk by 40 percent.

The portal is the most valuable feature because it provides us with a single pane of glass view and is highly intuitive.

The adware and pop-up blockers have room for improvement.

I have been using SentinelOne Singularity Complete for six years.

SentinelOne Singularity Complete is stable. The portal has never been down. We occasionally have an agent fall off the network, but this is usually due to the latest version of Windows being installed on an old agent, which causes it to stop working. However, this is very rare.

As a growing company, I'm glad that the SentinelOne Singularity Complete portal will show more and more devices, but I'm not particularly concerned about that because I've paid for Vigilance service. I'm confident that we're covered no matter how many threats or issues arise.

Technical support is quick and provides great documentation to explain issues and remove agents.

Positive

I previously used McAfee and it often caused our machines to blue screen and crash. SentinelOne, on the other hand, is a stable agent. If we install the latest agent on our machines, it will not affect their performance or speed. Many other agents can have adverse effects on our machines, but SentinelOne will not.

SentinelOne Singularity Complete is a next-generation antivirus that is far more innovative than McAfee. One of its selling points is that it constantly improves and looks for new threats, while McAfee has not changed significantly in years.

The initial deployment was straightforward. SentinelOne provides easy-to-follow well-documented instructions. I completed the deployment myself within half an hour.                                   

SentinelOne Singularity Complete has protected us against infected machines, resulting in a 20 percent return on investment.

SentinelOne Singularity Complete is fairly priced. After discussing the per-user cost, we found it to be acceptable for the functionality it offers, and we are happy with the protection it provides.

I would rate SentinelOne Singularity Complete a nine out of ten.

SentinelOne Singularity Complete is deployed across all departments and devices, and everything is in Intune. When anything is deployed to Intune, antivirus is applied first. It is mandatory on all devices. We have 270 endpoints.

No maintenance is required on our end.

SentinelOne, as a strategic security partner, meets all the requirements for being the solution to our cyber risk on devices, which is essential for us to know that we are safe.

I chose SentinelOne Singularity Complete at a previous company and sold it to the company I am with now. It is very easy to do a proof of concept and see everything that is missing from other solutions. I recommend SentinelOne Singularity Complete.