SentinelOne Singularity Complete Reviews

We use it for endpoint security for all of the systems in our environment. We have servers and workstations. We have macOS and Linux operating systems, and we are using it as an EDR/endpoint protection platform.

There is a lot of improvement from a security maturity perspective. Even though we have a very reputable and well-known SIEM, one of our go-to applications in our environment is SentinelOne. On a daily basis, almost all my staff or my analysts use it and operate it every day. It gives us a lot of information and a lot of data about what is going on. In addition to the detections, we are able to use and leverage Binary Vault. We could also use Remote Script Orchestration, which is an add-on that we could add to the platform. It allows us other functionalities that we would not normally have with another product in the same category. It allows us to run scripts on endpoints remotely out of the SentinelOne administrative GUI, which we use for all kinds of purposes. It has improved our abilities significantly in what we can do.

We have visibility into all our systems. We have visibility into malware or any suspicious activities that are occurring. We have the ability to quarantine systems based on the risks. If there is something going on, we have the ability to do that. We can also run remote scripts on systems, and we can control certain types of devices such as USB access. We have the ability to control what people can do with USBs. That is another functionality we use.

Most traditional antivirus platforms are very basic in terms of how you add exclusions. Usually, you completely exclude an application from detection. They do not provide you with various modes or various levels of visibility into an application. SentinelOne provides different levels of visibility, so you can have a level that has some visibility and does not completely make the application invisible to SentinelOne. It is the first platform that I have ever worked on with such capability. Instead of just a binary exclusion on or exclusion off, they provide different interoperability modes. There are five interoperability modes. Some are performance-focused, and some are visibility-focused. They allow you to select the mode that will give you the best balance of visibility and performance depending on the application. It is very handy. Most endpoint security platforms, antivirus, and EDRs are binary. You apply the exclusion and have zero visibility into what that particular application is doing in your environment. With SentinelOne, you can implicitly trust, or you have the ability to say that you trust it, but you want to have an eye on it if anything ever happens. For example, your third-party software is compromised, as happened with SolarWinds, and it starts doing funny things in your environment. That is what the interoperability exclusions give you with SentinelOne. This is an excellent feature.

In terms of its ability to ingest and correlate across our security solutions, they have recently added the Singularity marketplace in XDR. Not all of them but most of them are included in the license. We do leverage it. It gives us additional context. For example, we were able to add the VirusTotal API, which adds the context of what VirusTotal has in terms of information on a particular detection or binary that is detected in SentinelOne. They are starting to build those APIs out. We are able to add more context from other third-party applications. It is excellent. It is at no cost to us. We are using quite a few of them already for other platforms that are built out of the box. We are starting to leverage any out-of-the-box APIs for the platforms that we have.

It has helped us with a little bit of consolidation. We were able to consolidate the device control. We were using another platform for that. We had another completely separate vendor for USB control, and now, we have decided to not renew that license and move all the controls through SentinelOne.

It has not helped reduce alerts. The point is not to reduce alerts. It is to increase alerts. The point of Singularity is to reduce incidents, and, we for sure, have achieved that. The point of the Singularity platform is to block things that we do not want to occur in our environment or at least have visibility to them so that we can take action. If we were to strip it out completely, the organization would be in a much worse place.

It has helped free up our staff for other projects and tasks because the incident response has diminished. I do not have my analysts responding to threats. I have them just validating when something is detected to ensure that we are okay. For sure, it has freed them up. There are about 25% of time savings.

It has reduced our mean time to respond (MTTR). Without it, we would not have very much visibility into detections. It has improved our mean time to detect by 80% to 90%. If we did not have Singularity Complete, we would have very little visibility on the endpoints at least, and that is where most of our threats are occurring.

We have a service from SentinelOne called Vigilance. This service has reduced our mean time to react or respond. This 24/7 service has improved our mean time to respond significantly because it is the SentinelOne analysts who are responding. It has improved our mean time to respond by 80% because they are performing the analysis. They are the experts, and they are looking at the detection in our console. We do not have to go out and try to perform that same level of understanding of what we have just seen. Their experts take a look at that. Instead of spending hours and hours trying to figure out what we are seeing, it is literally down to just minutes by the Vigilance team. It is a separate license that we have incorporated with our Singularity license. It is a part of their MDR solution. It is a service they offer.

It has overall reduced our organizational risk.

The EDR functionality of the platform is what we use the most. That was the primary reason why we got SentinelOne. That is what we use the most in terms of functionality.

The ease of use can be better in Deep Visibility. It is not always the easiest. If I have not been in there in the Deep Visibility module for a long time, I do not always find it that easy to use. I tend to go and have to consult the help quite often if I have not been in there a long time. I am not a primary user of the application, so I do not always find it second nature to go in there and gather information. It could be a little easier. 

We have been using this solution for four years.

Its stability is next to nothing. It probably has an uptime of 99.99%. The only issue you would have is that the agent sometimes becomes unresponsive or corrupt, but there is not a single application in the world where you do not have some level of corruption or issues that may arise. If anything, it is much better than the others that we have.

It is very scalable. We have doubled the number of licenses or agents we have had in the last three years, and we have not had any issues.

They are excellent when it comes to interoperability and exclusions. For example, you may have somebody in your environment complaining about slowness, or you may have several situations where end-users may report that a certain application has been slow on their computer. SentinelOne gives you the ability to remotely pull the logs off a computer and send the logs to tech support for them to perform an analysis. They can perform their analysis from the logs and come back to you and say, "From what we are seeing, it looks like you have an application running application ABC that seems to require an exclusion. We recommend this interoperability type." All you have to do is say, "Oh, perfect. Thank you very much for that information. Add the exclusion." They have done all the analysis for you. You check back with your end-user to see if that has rectified the situation. In almost every circumstance that we have run into, it got rectified. I have never seen that type of analysis performed by an EDR or endpoint protection provider before. It is the first time I have seen that. This aspect of their support is excellent. However, some of the other things are not always detailed enough in terms of what we should be doing. They can be a bit vague, and if it does not help the situation, they may have to raise the issue to a different tier. So, they can be a little vague about exactly what you should do, but at least they set you on the right path. Overall, I would rate them an eight out of ten.

Positive

It was a product by Carbon Black called Carbon Black Response and Carbon Black Defense. We switched because Carbon Black was purchased by VMware at the time, and their customer service was diminishing substantially. Some of the older products that we still had by Carbon Black were not being supported as well as they were previously. Their technology roadmap was not fantastic. We started looking at other products. We found CrowdStrike and SentinelOne to be more up-to-date and more modern EDR solutions. We saw a noticeable improvement in terms of technology and detection. At the time, SentinelOne was priding itself on the level of number of detections it could detect. A lot of that came into the reviews of the product at the time and the type of tests that it was undergoing and its performance in those tests. That was a primary reason for deciding to go with SentinelOne and going away from Carbon Black. Pricing was another excellent aspect of the platform.

They host the platform in the cloud. It is a SaaS application for us.

Its deployment was extremely straightforward. All you have to do is deploy their agents on your computers. The agent checks in with your cloud console, and you start retrieving information immediately. Carbon Black Defense has that capability as well, but we went with SentinelOne because it did have that cloud capability. When COVID hit, and everybody left the office to go home to work, it was seamless for us. We have full visibility into every single system and asset in the organization whether they are on-premises or off-premises. They could be traveling. They could be anywhere in the world. As long as they have Internet connectivity, we have full visibility into their computers.

In terms of maintenance, the only maintenance that is required is to maintain the health of the agents. Sometimes the agents can become corrupt or stop functioning, so you have to ensure that you are checking for assets in which you run into those situations. The other thing would be the agent versions. You have to maintain agent versions as new versions of the agents come out. You can either automate it so that your agents get updated automatically on whatever schedule that you want, or you can do it manually. You can also do it through some other software deployment platform. That is the only thing you have to do maintenance on. The backend is all maintained by SentinelOne. All the updates to the console environment are taken care of by SentinelOne. Because it is a SaaS application, the only thing that the customer is responsible for is the agent deployment and upgrades.

We worked directly with the SentinelOne team. From our side, there were two of us. From their side, there was probably just one engineer.

It has helped our organization save costs. In terms of metrics, I can only go by what other competitors were charging at the time, and we got it at a significantly better price than what some of the other competitors were charging.

The ROI is not just from the platform itself. It is also from the Vigilance service perspective that has freed up my guys to do many other things. It saves my analysts at least two to three hours per day in man-hours, so there is a huge return on investment there. For the price that the service costs, it is extremely good value.

Their pricing was extremely competitive. That is why we stayed with them so long. We are renewing at the end of next month. We have already put in the approval. It is all set to go. We are renewing for another year or so year over year. It has been a very effective product, and it has been priced very competitively.

To someone who is researching Singularity Complete, I would say that it is excellent in terms of quality and maturity.

I would advise performing an extensive proof of concept. If you have the ability to use a security tool validation platform to test out multiple platforms before choosing one, that would be a good idea. You should also understand various modules that are add-ons to the platform. It is extremely important.

I have used the Ranger functionality, and I am very familiar with it. It provides network and asset visibility. You can configure the agent to scan the subnet that it sits on and look for other assets that are missing the SentinelOne agent. You can create a policy saying that if a device sits on a specific subnet and has, for example, more than five systems, try to interrogate those systems to see if they are the systems that may be eligible for the SentinelOne agent but are missing one. We did not renew the license for that specific functionality of SentinelOne about a year ago. We decided to go with another vendor to give us that type of visibility.

Overall, I would rate SentinelOne Singularity Complete a nine out of ten.

One of the companies we conduct business with received ransomware. As a result, we sought to enhance our security posture, commencing with our employees. SentinelOne Singularity Complete was procured to gain visibility into our company's resources. We aimed to possess the capability to detect whether our users were encountering malware, viruses, or incidents.

We used to employ Norton antivirus on all our assigned desktops and laptops. Unfortunately, we had no visibility in this setup. Consequently, if a user were to acquire a virus or download malware or anything suspicious, we wouldn't be informed. While users do receive prompts indicating suspicious activities, they might not always report them. Hence, gaining visibility became our top priority. I required a solution that would allow me to monitor such activities. For example, if a user were to download something malicious or suspicious unrelated to their daily tasks, or even if they were to download malware, I needed immediate visibility. This would enable me to promptly quarantine the threat, resolve the issue on the affected device, and collaborate with the respective employee. The goal was to raise awareness about their downloads, educate them on safe practices, and enhance their overall understanding of their actions. SentinelOne Singularity Complete helps address our requirements.

The primary advantage of SentinelOne Singularity Complete for our organization is enhanced visibility. The secondary benefit is my belief in the product having a much stronger support system. This implies that no one in the company has the necessary resources to identify and address malware effectively, resulting in their product not being up to par in terms of providing comprehensive protection for end users. While our previous endpoint management, Norton, was good, it fell short of greatness. I strongly feel that no other product truly excels. I've gone through numerous reviews, made comparisons with alternative solutions, and utilized other options. This wasn't just a slight improvement in polish; it genuinely ensures the safeguarding of end users and the entire company.

I haven't received many alerts. Ironically, of the alerts that I have received, most were originating from my device. As I am the technology leader for the organization, there were certain tools on my laptop that were flagged almost immediately upon installing the agent. So, in an ironic twist, I was flagged. However, it's actually quite positive that my end users haven't engaged in any activities that could be deemed malicious or suspicious. I receive emails and reports promptly, so I'm genuinely surprised that the tool behaves this way. Interestingly, when it did flag certain processes and software on my devices, they were actually legitimate pieces of software that I regularly use. Nonetheless, I'm pleased that SentinelOne Singularity Complete was able to promptly detect these instances.

I am the sole technical person in the company, and the solution has enabled me to concentrate more on enhancing the organization's security posture. This foundation and framework have paved the way for me to pursue additional projects in the field of security for our organization.

The mean time to detect is nearly real-time. When I identified potential threats, the response was nearly instantaneous after installing the agent and running the initial scan. It promptly identified all issues. I received an immediate notification to quarantine those processes and applications. This allowed me to conduct a more in-depth investigation and confirm that these processes should not be present on the device.

SentinelOne Singularity Complete has unquestionably aided in diminishing our organizational risk. The solution significantly reduces overall risk, just as it claims. I have examined numerous white papers and engaged in discussions with numerous individuals within the organization to establish a sense of confidence in recognizing SentinelOne as a market leader. Their enduring presence is apparent, coupled with their commitment to thorough research, which is consistently integrated into their products to ensure their relevance and continued usefulness for consumers.

The visibility component is the most valuable feature. Having the capability to delve into the specific resources that the devices are actively using provides us with the breadth and visibility that we seek. Additionally, being able to accurately track our users' activities, such as identifying when they are downloading PDF attachments, enables us to promptly detect any potential issues.

I would have liked the dashboard to be more user-friendly. I often have to navigate through several menus to locate exactly what I'm searching for. I had difficulty finding the site token required for device installation or agent installation on devices. It actually took me quite a while to locate these menus. Instead of having them at the top after selecting from the left-hand side, they list the sub-menus at the top. This forces me to scroll through my screen to access all the different sub-menus. If they were placed underneath the main menu or bookmarked on the left-hand side, it would make navigation significantly easier. 

I would appreciate having more comprehensive reporting. While I believe the current reporting is accurate, I find it slightly simplistic in my view. However, I want to note that I've been using the product for only about a month, so it might take more time to fully process the information and generate detailed reports.

I have been using SentinelOne Singularity Complete for one month.

SentinelOne Singularity Complete is stable. I haven't encountered any crashes or errors during installation. There have been no unusual glitches on the management console. It's only been a month, but I'm extremely satisfied with the solution.

I don't have any issues with the console scaling. When I logged in earlier today, SentinelOne performed a complete site upgrade in the background, and I didn't even notice it. Scalability is also not a problem with agent inflation in my company. I have been able to deploy agents without any trouble. Initially, there was a minimum purchase requirement, which was slightly higher than our install base's cost. However, I was comfortable with purchasing the additional licenses. Therefore, if we do experience growth, licensing won't be an issue. I want to ensure that we remain within the appropriate range for that.

I have been informed that even if we experience a sudden surge in growth among our customers and we continue scaling and deploying agents, we will catch up with the licensing costs beyond our initial purchase price within the year. So, I am confident that they can scale effectively. Although my installation is relatively small in comparison to some larger organizations I've worked with in the past, I am aware that these products can scale to accommodate thousands of devices. I have full confidence that if we were to experience explosive growth within our company, I would be able to manage it without any issues.

I only had to use technical support once because my email address had not been added to various websites they have, such as their tech support and community website. For that issue, I had to contact my account manager because the tech support site hadn't recognized it yet. However, that single email was corrected almost immediately. Within five minutes, a community manager contacted me, informing me that I had been added, and I could proceed to log in to all the different sub-websites of SentinelOne to access the various resources they provide. The matter was resolved extremely quickly.

Positive

The initial setup is extremely easy. I collaborated with my team to grant trial access, allowing me to configure a single device and assess its functionality. Furthermore, the website's cloud segment was established automatically by SentinelOne. Upon downloading the package, it was promptly recognized, and the device was seamlessly incorporated into the cloud-based management console. This enabled me to effectively oversee, configure, and comprehend its settings. The overall process struck me as remarkably straightforward, even when I noticed that there was an error in the naming of my management console. A quick email to my account manager rectified the issue, with their prompt resolution at their end.

I completed the deployment on my own.

I would rate SentinelOne Singularity Complete as a ten out of ten. The reason is that I found the visibility I was looking for. It identifies suspicious software immediately; I experienced this firsthand when it detected such software on my device while I was using certain tools. This assures me of the solution's effectiveness. The management dashboard is largely user-friendly and provides all the information I require. It allows me to search deep within the processes of the running instances. Therefore, I consider it a strong offering, especially since many competitors provide similar services. In terms of knowledge, SentinelOne Singularity Complete competes well with these other vendors. I am highly satisfied with my purchase.

SentinelOne Singularity Complete's ability to save us costs is currently unknown. The purchase of SentinelOne Singularity Complete was significantly more expensive than the Norton software we had previously been using on our other devices. However, there is a balance, and I have visibility into this. I have the agent and the support of a much larger organization that is specifically focused on this. Therefore, the increased cost is justified for what we are aiming to achieve. While it might potentially save us a significant amount of money if one of those devices becomes infected with serious malware that leads to ransomware or similar issues, its primary purpose is also to prevent such situations. In conclusion, whether it will ultimately save us costs is a complex question with both positive and negative aspects.

I downloaded the package from the cloud and had to search extensively to find the site token for proceeding with the installation. It would probably be easier if the package were downloaded directly from the cloud. The solution would recognize that it has been downloaded from my account on the cloud and wouldn't require applying that token. I think that might be simpler from an administrator's point of view. I appreciate the ability to create automation for updating the agents. I found that feature very useful, as it eliminates the need to update each device individually to a newer version or to manually check the cloud for a newer version. Once I approve the update, the automation tool handles the update process automatically. I really like that aspect.

Maintenance is straightforward. I accomplish this by creating automation for the agent upgrades whenever new versions are released. Once I receive the email notifying me of a new version, I access the console. In a matter of five minutes, I can generate automation that will proceed to update all the agents within our console automatically. Therefore, performing this task doesn't require much effort from my end.

I value SentinelOne as a strategic security partner. I have experience with other security products within much larger enterprises, some of which are significantly more expensive. Certain products require an entire team to initiate and run, demanding a substantial amount of time and effort to set up the infrastructure, create the necessary site, and proceed with deploying project management, involving multiple meetings. My engagement with SentinelOne was quite streamlined. I had only two meetings with them: one to familiarize myself with the product and a second one to make the purchase and understand the procurement process. Everything was handled by their team from the backend. If I remember correctly, these interactions took place on the same day. I had a meeting around ten o'clock, and by approximately three o'clock, the management console was prepared for my access. This allowed me to start deploying the agent for testing purposes. In my view, SentinelOne exhibits a customer-centric approach. They not only focus on the security aspects of their consumable product but also prioritize their customers. The professionals I collaborated with demonstrated a clear understanding that their clients come first. Overall, I am deeply impressed with SentinelOne. While I have experience with other vendors and larger corporations that hold more industry recognition, my comprehensive impression of SentinelOne over the month and a half of evaluating the product, and the subsequent month of using it, is exceptionally positive. They indeed offer a highly effective product that aids consumers in maintaining the security of their devices.

I recommend that organizations conduct their own thorough research and due diligence. Don't solely rely on marketing speeches. The security field has numerous players, many of whom offer similar services. Personally, I have experience with some of these other solutions that function very similarly to SentinelOne Singularity Complete, including their management platforms and agent-based solutions. What stood out to me was the depth of SentinelOne's research. They delve into the core aspects of security, beyond just product user-friendliness, easy installation, or a visually pleasing dashboard. Their commitment involves meticulous research into prevalent malware and viruses. They ensure that the solutions they provide can rapidly detect zero-day attacks and malware, offering immediate protection to their customers. In my view, SentinelOne stands out because they genuinely prioritize their customers' interests. They demonstrate their commitment through their dedicated research and development, and by offering applications that effectively safeguard customers. 

We provide SOC services for mostly UK clients and use SentinelOne to monitor our clients' endpoints and remedy threats. Some threats are remedied automatically, but others require investigation. We analyze the file and log any new vulnerabilities in our threat intel account. 

Singularity Complete is a one-stop solution that encompasses all the endpoint protection solutions from SentinelOne. We've eliminated about 99 percent of our other solutions by switching to Singularity. It's easy to integrate SentinelOne logs, and we don't need any other tools for threat hunting or SIEM. Everything is on one platform. You can fully realize Singularity's benefits after about 3 months of deployment and training.

The solution is supported by Vigilance, SentinelOne's MDR service. They monitor 24/7 since we have other things to do. We have an SLA that threats will be mitigated within 45 minutes to an hour after detection. Singularity has virtually eliminated our organizational risk from threats. 

Singularity's threat-hunting platform is user-friendly, and I like the built-in remote access feature. External parties can log in securely via the S1 agent. It's easy to integrate S1 logs with our SIS. That's one good thing. We don't need to use any other tools, like a SIEM. 

I would like SentinelOne to add a threat-hunting report and more UEBA features. They could add more SIEM functionality. It would be nice to have the ability to easily drag all the logs from the agents, so there's no need for multiple agents installed on the endpoint. 

I have used Singularity Complete for a year and a half. 

We haven't seen any downtime outside of normal maintenance windows every few months. 

Singularity's scalability is good. 

I used CrowdStrike before, but SentinelOne is easier because I can do more stuff on that. For example, let's say I want to fetch some files from an end user's machine or install something, but I do not manage the machine as a security person. If we need to do something inside, I can do a full scan and use remote access to see everything. 

The SentinelOne suite is appropriate for our use case. If the scope and tasks were different, another EDR might be better. CrowdStrike has built-in UEBA, but it's not as user-friendly as SentinelOne. 

I'm not involved with purchasing decisions, but I believe Singularity must be cost-effective because the management selected it. 

I rate SentinelOne Singularity Complete 9 out of 10. It's an excellent solution for monitoring and managing endpoints. I recommend doing SentinelOne's training to familiarize yourself with how to leverage the entire product. 

We have deployed SentinelOne Singularity Complete on all of our internal employee workstations. It is our endpoint solution for extended detection and response and all of the components within that scope.

We implemented SentinelOne Singularity Complete to help us address our cybersecurity challenges, mitigate threats to our machines and organization, and protect our data.

SentinelOne Singularity Complete integrates well with other third-party solutions, such as Palo Alto Networks, which we use for VPNs, and Zscaler, which we use for content filtering. The fact that it is not an invasive program is great. Therefore, staying in alignment with what SentinelOne is currently doing with the platform is something I would definitely recommend. Something to avoid when choosing an endpoint protection solution is resource consumption. People develop a bad reputation for a product when they detect it impeding their workflow. So, as long as SentinelOne can avoid this, they are on the right track.

It ingests and correlates data across all of our security solutions. It is a modern solution that I am extremely satisfied with.

SentinelOne Singularity Complete has helped us consolidate our security solutions. It is an extended detection and response solution that provides us with detection and response capabilities, as well as heuristic-based protection. It is a very modern endpoint protection solution. I think it is very competitive with other software such as Trend Micro.

SentinelOne Singularity Complete is a modern endpoint protection solution that addresses the cybersecurity needs of the organization realistically and from a compliance perspective. Since I joined the team a year ago, I have seen the benefits.

SentinelOne Singularity Complete reduces the number of alerts because it is an easy-to-manage solution without thousands of data sources. When we do receive alerts, Singularity Complete provides concise and actionable information.

SentinelOne Singularity Complete is a manageable solution that scales and does not require a dedicated person to handle it.

I am satisfied with SentinelOne Singularity Completes MTTD.

SentinelOne Singularity Complete helps reduce the MTTR because it provides actionable steps when something is detected. It also helped us reduce our organizational risk. It uses modern techniques to identify threat actors and helps us maintain compliance. As a large international company involved in governance, it is important to us that Singularity Complete reduces our organizational risk. 

SentinelOne Singularity Complete does not consume many resources compared to the competition, like McAfee. The external drive scanning is great.

I am not a fan of the UI and feel it has room for improvement.

Heuristic analysis can always be improved. Many companies need to work on this. So, I think the sooner SentinelOne, for example, can get ahead of the curve on that, the sooner we can count on it as a realistic enterprise solution.

I have been using SentinelOne Singularity Complete for over one year.

SentinelOne Singularity Complete is one of the most stable solutions we have in our stack.

SentinelOne Singularity Complete is scalable.

The few times I have used the technical support it has been a good experience.

Positive

I would rate SentinelOne Singularity Complete eight out of ten.

Although we can use a multifaceted approach with different products, this has both advantages and disadvantages. For example, if one product fails, the entire system does not. However, it would be an advantage if SentinelOne offered other tools, such as VPN and encryption. SentinelOne Singularity Complete is a cutting-edge, modern solution that offers a multifaceted approach to XDR. It is not outdated like many other programs. As long as SentinelOne continues to innovate and evolve in the cybersecurity landscape, it will remain a leading solution.

One of the things that really impressed me about SentinelOne Singularity Complete compared to other solutions was their commitment to taking cybersecurity practitioners seriously. This is anecdotal, as I met some of the most technical professionals working at their booth at Black Hat, while many other booths were staffed by sales representatives. As a practitioner, the fact that I can't ask many sales representatives very technical questions is not a good reflection on the company. SentinelOne was different. I was able to have very technical discussions with their staff, which shows that they take their approach very seriously.

SentinelOne Singularity Complete is at the forefront of cybersecurity protection. I consider it a great solution option, and I strongly recommend comparing it to other offerings. I believe it will stand up well against the competition.

We are a Fortune 500 company, and SentinelOne Singularity Complete is deployed on tens of thousands of endpoints.

SentinelOne Singularity Complete is a set-and-forget solution when it comes to maintenance.

I have good impressions of SentinelOne as a strategic security partner.

Organizations should research any solution before implementing it. The price of one product may make sense for some organizations but not others. Apply the same due diligence to any solution that will affect the organization's overall security posture.

We use it for endpoint protection. It is our antivirus and EDR solution. 

We are also using it for device control, such as blocking USBs, and we also use it for network control. We are blocking port access on machines.

Singularity Complete has saved us time. I recently did the agent upgrade. I used their upgrade policy and just specified the maintenance window and things like that. The first two times I updated the agents, I used to sit there and highlight the endpoints and run agent updates, but this time, I used auto-upgrade. With auto-upgrade, it ran between 6 PM to 8 AM, and then it ran all day on the weekend, and it was up in there. In one day, it updated 1,000 endpoints. That was pretty cool. I did not have to sit there and do the manual work. I just watched the system to make sure that the endpoints got updated. That was pretty cool. It is nice to know that I do not have to sit there, and I can just create a policy and let it go. It definitely saves time.

Singularity Complete has reduced our mean time to detect (MTTD). I get an email pretty much right off the bat. When an alert pops up, I get an email from my ticketing system, so it is pretty quick. If I am on my desk. I take care of it pretty quickly. Currently, I am the main person running this, and other people back me up when I am not around. I am hoping I can get somebody else trained on this. 

Singularity Complete has helped reduce our organizational risk. It is somewhere in the middle when it comes to contributing to our security posture.

SentinelOne has been a good partner. We mostly use Mac and Windows systems, and we were able to do device control and network control out of SentinelOne rather than through MDM. We are doing it all through SentinelOne. We did not have any conflict in the apps.

In terms of interoperability, we have plugged it into our Alert Logic MDR. It flags to our MDR. For example, if a threat cannot be mitigated or it is hard to mitigate a threat, then the MDR will notify us. Some of the things related to applications could use some work, but they are in the process of fixing this. We will then be able to update and disable applications through SentinelOne.

Device control and network control are valuable. 

They updated the console, and on the incidents page, we can break down the incidents and see all attack attempts. It is pretty cool and in-depth. 

The application management needs improvements, but I understand that they are working on it. We talked to them a few months ago, and it is something they are trying to get up to speed and fix. This way, we will be able to disable critical apps or vulnerable apps through SentinelOne. We will be able to patch applications or disable applications through the Application Management tab.

Singularity Complete has not helped reduce alerts. In fact, it produces a lot of false positives. It does its job, but I have spent the last week fine-tuning the system and trying to suppress false positives. I am getting a hang of it.

I have been using SentinelOne Singularity Complete for about a year and a half.

Its stability is very good. Recently, one person had an issue, and I had to reinstall the agent. They had lost their Internet connectivity. We put in some strategy work, and we had to go in there and figure out which ports are open, but other than that, it has been very good.

Its scalability is pretty good. 

I have interacted with their support. They are always pretty easy to get a hold of. I never have to wait. They are helpful. They have resolved any issue that I have ever brought up with them in a timely manner. I would rate them a 10 out of 10.

Positive

It is a cloud solution. I inherited it, so I was not there when they implemented it. It was implemented about six months before I got hired. It was probably deployed in late 2021, and I started in February 2022.

It requires a little bit of maintenance in terms of fine-tuning the false positives and things like that. For example, because people use Logitech devices, I had to suppress the alerts because they kept popping up because the hash was always different. I have noticed that when a new agent comes, it can be a little aggressive in the beginning. I have to fine-tune the alerts a little bit, but that is a part of the process. I update the agents twice a year. I will try to do it more because now I know how the upgrade policy works. The only thing I am not yet good at is reviewing the Mac logs. Windows logs are easy because of the years of Windows experience and the use of Windows Event Viewer. I just got to be better with the Mac logs.

In terms of cost savings, I am starting to get into the budget, but we have not got any malware or serious incidents. There are money savings when you do not have serious incidents.

We have not had any downtime. We have not had anybody's machines compromised. It has been protecting the endpoints pretty well. It has been pretty quiet. We have not had anything that we would consider a major incident, so it is doing pretty well.

I do not know much about it. From what I understand, it is pricey, but it works. It is a very good product. 

I also used SentinelOne five years ago at another company, and I find it to be way better now. It is a much more refined product. It does not actively scan the system the way it used to. It has come a long way in terms of performance on the machines. It does not hinder the performance of developers' machines. I hear no complaints about SentinelOne blocking or grinding machines to a halt with scans when developers are doing builds and things like that. It has improved greatly. Five years ago, I used to hear complaints about SentinelOne slowing down the systems, but I have not heard that once here.

We tested the Ranger functionality a bit. We were demoing it. Ranger was pretty cool for the visibility of devices, but we did not find a use for it.

Overall, I would rate SentinelOne Singularity Complete a 9 out of 10.

SentinelOne Singularity Complete is the best antivirus available, and it also provides a vigilant service, so I don't need to keep an eye on the portal. Someone else monitors my antiviruses and all the threats out there for me.

SentinelOne Singularity Complete helped us address the missed viruses and potential ransomware attacks from a single location for our security needs.

The interoperability with other SentinelOne solutions and third-party tools is good. We have integrated it with Mimecast.

SentinelOne Singularity Complete ingested all the data from Mimecast and displayed it in a single location.

It has helped consolidate our security solutions in one place.

It has helped our organization improve its visibility by allowing us to see which users are risky, which machines are at risk, and which machines are outdated.

SentinelOne Singularity Complete has helped reduce the number of alerts. In addition, we use Vigilance to hide all alerts, so we don't see any of them.

We have freed up 30 percent of our staff time. As the only person in the IT department, I can now focus on other tasks. SentinelOne Singularity Complete is like having an extra pair of hands.

It has reduced our MTTD by up to 80 percent depending on the time of day.

SentinelOne Singularity Complete has reduced our MTTR. We have an SLA with Vigilance, and they respond quickly to alerts.

SentinelOne Singularity Complete has reduced our organizational risk by 40 percent.

The portal is the most valuable feature because it provides us with a single pane of glass view and is highly intuitive.

The adware and pop-up blockers have room for improvement.

I have been using SentinelOne Singularity Complete for six years.

SentinelOne Singularity Complete is stable. The portal has never been down. We occasionally have an agent fall off the network, but this is usually due to the latest version of Windows being installed on an old agent, which causes it to stop working. However, this is very rare.

As a growing company, I'm glad that the SentinelOne Singularity Complete portal will show more and more devices, but I'm not particularly concerned about that because I've paid for Vigilance service. I'm confident that we're covered no matter how many threats or issues arise.

Technical support is quick and provides great documentation to explain issues and remove agents.

Positive

I previously used McAfee and it often caused our machines to blue screen and crash. SentinelOne, on the other hand, is a stable agent. If we install the latest agent on our machines, it will not affect their performance or speed. Many other agents can have adverse effects on our machines, but SentinelOne will not.

SentinelOne Singularity Complete is a next-generation antivirus that is far more innovative than McAfee. One of its selling points is that it constantly improves and looks for new threats, while McAfee has not changed significantly in years.

The initial deployment was straightforward. SentinelOne provides easy-to-follow well-documented instructions. I completed the deployment myself within half an hour.                                   

SentinelOne Singularity Complete has protected us against infected machines, resulting in a 20 percent return on investment.

SentinelOne Singularity Complete is fairly priced. After discussing the per-user cost, we found it to be acceptable for the functionality it offers, and we are happy with the protection it provides.

I would rate SentinelOne Singularity Complete a nine out of ten.

SentinelOne Singularity Complete is deployed across all departments and devices, and everything is in Intune. When anything is deployed to Intune, antivirus is applied first. It is mandatory on all devices. We have 270 endpoints.

No maintenance is required on our end.

SentinelOne, as a strategic security partner, meets all the requirements for being the solution to our cyber risk on devices, which is essential for us to know that we are safe.

I chose SentinelOne Singularity Complete at a previous company and sold it to the company I am with now. It is very easy to do a proof of concept and see everything that is missing from other solutions. I recommend SentinelOne Singularity Complete.

The primary use case for us is to use the lightweight SentinelOne agent on our endpoints. Our previous vendor's agent was heavier, which caused performance issues when scanning our systems. We were impressed with how lightweight the SentinelOne agent is and how few resources it consumes. We also use it for some of our infrastructure, which includes machines with limited resources. We wanted to find a solution that would not impact the performance of these machines.

SentinelOne Singularity Complete has streamlined the mitigation process and the time it takes to analyze and understand whether I have a true positive or a false positive. This has definitely saved me some time. The rollback feature is also a nice addition. Previously, our old solution would link out to services like VirusTotal, but it was difficult to follow these links to determine if an alert was a true positive or a false positive. For example, an alert might be labeled as a potentially unwanted application, which might not be as critical as a true positive. SentinelOne has made it easier to determine the severity of an alert. I have also noticed that SentinelOne has cut down on the number of false alerts. Our old solution would alert us to things like Chrome browser updates, which would download and make registry changes. With SentinelOne I have only encountered one alert that I didn't need to worry about.

We have definitely saved a lot of time. We had to spend some time setting up the environment correctly, scaling up the protections, and setting any exemptions. After that, the most I need to do is troubleshoot issues that are not related to SentinelOne, such as removing the SentinelOne agent if I need to troubleshoot another issue on an end-user device. Application updates, such as when a new installer is released, are the only other times I need to access SentinelOne, besides when I need to review an incident.

It has helped us reduce our MTTD. We are notified of threats quickly, and being able to see the threat on our dashboard has simplified the process. Once a threat is identified and I am on the screen, I can click once to view the visibility and see if the threat is anywhere else on our network. This is fantastic.

SentinelOne Singularity Complete has helped us reduce our MTTR.

Although it is difficult to quantify the direct financial savings of SentinelOne Singularity Complete, we have saved money indirectly through time saved.

Visibility is one of the most valuable features of SentinelOne Singularity Complete. It does not directly replace a dedicated SIM solution, but it works well for our environment and gives us the visibility into our systems that we need.

I appreciate that it is easy to review incidents that have been detected by the behavioral AI or the SentinelOne Cloud. From the notification we can click into the incident to start reviewing, it is just a few clicks. I have all the data in a single pane, and I can pivot to other sources of information, such as VirusTotal, with a single click. I can also hunt for the incident on the network with a single click. This makes things much easier and saves me time from having to review logs.

One way to improve and get additional benefits would be for SentinelOne to host the updated installer files for us, rather than us having to download and host them ourselves. This could be done in cloud storage or through our mobile device management platform. When they release a new package, whether it's an early release or a general release, I believe they could provide more value by hosting those packages directly. Currently, when they release a new package, I get notified, which is great. However, I then have to go to the portal, download the package, and replace the package that we have posted on our own cloud storage. This is time-consuming. If they could simply provide me with a link to the latest general release installer, that would be fantastic. Even if the link changes, I would only need to change the URL in our cloud storage. This would save me a lot of time.

I have been using SentinelOne Singularity Complete for five months.

I keep the central tab open in my browser. If I click Sign in instead of being signed in, the page refreshes, and I have to sign in again. I think this was just a session token expiring. I have not experienced any stability issues with SentinelOne Singularity Complete, such as crashing or downtime.

SentinelOne Singularity Complete is scalable to our infrastructure and endpoints. Once we figured out the deployment hurdle for Windows and Mac, we were able to push it out to all of our endpoints without any problems. I can break out devices into different sites and groups, and some of those groups can be dynamic. For example, if I'm looking for a Mac computer versus a Windows computer, I can just click on the group and see all of them there. I can also add tags for anything, such as the OS version or if the person might be a specific risk. These are non-relational attributes and values that we can set, so we can define whatever schema we want. It's fantastic.

The technical support team was quick to answer my question and their answer was precise. I didn't have to go back and forth with them or explain things multiple times. They gave me exactly what I needed.

Positive

We previously used BitDefender and Malwarebytes. SentinelOne Singularity Complete was priced similarly, and we felt that it had better support. When we had a support issue, it was answered and resolved quickly. Additionally, the visibility and ability to traverse the logs of all the other devices in our network were invaluable. This allowed us to see if a threat might be present elsewhere in our network. This is what ultimately led us to choose the complete solution over the other SKUs that they offer.

SentinelOne Singularity Complete has a lightweight agent. Additionally, some of our servers are running older operating systems. The agents from our previous vendor did not work well with these older systems. I specifically looked for a new solution that would not be a watered-down solution and would function across our legacy architectures as well as our current modern setup.

Another benefit of the Singularity Complete solution is the increased visibility it provides. We are able to collect data on endpoints that are connecting to specific IP addresses or installing specific files with similar hashes. This allows us to see how far a threat has propagated through the network or if anyone else has it installed. This is something that we could not do with our previous solution.

We use Windows and Mac computers. Deploying SentinelOne on Windows was fairly easy. We were able to do it through our remote management solution. The installation was straightforward and simple. The most difficult part of the process was that the device had to reboot in order for SentinelOne to connect to the visibility service and bring everything online.

Deploying SentinelOne on Mac was a bit different. This is primarily due to the way the macOS operating system works. We need to grant specific privacy permissions to applications in order for them to have full disk access or screen recording capabilities. We found that if we installed SentinelOne on the user profile of a Mac computer, the user's administrator could remove it. This is not ideal, so we had to go back to the drawing board and deploy SentinelOne through our MDM solution.

The biggest headache was that, in order to deploy SentinelOne through MDM so that users did not have to grant privileges to the application, we needed to create a Privacy Preferences Policy Control profile with the specific permissions granted for the SentinelOne bundle ID. We then pushed this profile out to all users. Once we did this, the installation was seamless.

A few colleagues and I completed the implementation in-house.

We have seen a return on investment in the form of time savings. We used to spend more time on incidents, but now we can quickly triage them and move on to other things. This has freed up our time so that we can focus on more important tasks.

We did receive a competitive price for SentinelOne Singularity Complete. However, I believe the retail pricing, or MSRP, is a bit high. I hope we can get the same competitive pricing through our reseller when it comes time to renew. I still believe there are benefits to the solution, even if we had to pay the list price. However, I think they could be more competitive with their upfront pricing.

I would rate SentinelOne Singularity Complete eight out of ten. The room for improvement is to add some additional features, such as Ranger, which they sell separately. I see a lot of value in Ranger, and I wish it was included with the complete purchase.

We do not have any direct plugins for SentinelOne Singularity Complete, such as Ranger. Ranger is an add-on that I believe can be purchased through SentinelOne to expand our visibility. We do not have that, and I wish it was included because there are quite a few nice features that I would hope to see eventually included or trickled down to the complete solution. I feel like those are just a few other cherries on top that would really put this package over the top. One of the struggles I have in a Mac environment is creating a custom application creating the Privacy Preferences Policy Control profile and setting everything correctly so that users do not need to interact with the application when it is pushed to them. SentinelOne has clear documentation and works with a few MDM vendors that have documentation already published. So when we were running a POC for a few of these vendors, it was very easy to get that set up, which is not something I can say for other applications.

SentinelOne Singularity Complete is an intuitive product. I found the getting started guide and active preparation checklist to be very helpful. The checklist is well-documented and comprehensive, and it covers everything from the initial purchase to GoLive. The support team was also able to answer any questions I had about navigating the application. The interface is mature and user-friendly. I have not encountered any major issues so far. Overall, I am very happy with SentinelOne Singularity Complete.

SentinelOne Singularity Complete is definitely valuable as a strategic security partner. SentinelOne Singularity Complete was our top choice, and we are happy with it. I would definitely recommend it to my colleagues if they were looking for a solution for their company.

Maintenance is only required when the vendor releases a new general access version of the installer. I need to download the new version, upload it to our servers, and make sure it deploys successfully to our machines. This is the extent of my maintenance responsibilities. I do not need to directly interact with the application itself.

I would recommend that people evaluating SentinelOne Singularity Complete try it out to see if it is right for their environment. SentinelOne offers a trial that can be set up for their environment. When an organization purchases the product, they will flip a switch and there is no need to set anything else up. This was beneficial for us because we did not have to waste time setting up and deploying the product to a few devices in our environment only to have to do it again after we purchased it. I would also recommend engaging with the resources that SentinelOne provides to get a good understanding of the product. We can tweak the settings and see how it responds to different threats. If organizations have any specific needs, they can talk to an engineer during the trial. This was helpful for us because the engineer was able to make changes to the settings to meet our needs. Overall, I would recommend taking a look at SentinelOne Singularity Complete. I was initially overwhelmed by the different SKU offerings, but I was able to work with sales to find the best package for our needs. The SentinelOne team has been very helpful.

We primarily use it the same way we would use Bitdefender. It's for security.

When it comes to security, the telemetry, the information that you get from the EDR part of it, and the ability to be able to parse it and use it is great. I really like their platform. You're able to go in and do some of the research and study. If there's an incident response needed, you can handle it with SentinelOne. That's what I really like about it.

It's just as good, if not better, than Bitdefender. The one thing I do like more about SentinelOne is working with their tech support. It's really easy to get to them and easy to work with them. 

Their platform is really easy to work with. It's easy to navigate and use. 

I really haven't done enough to really see any improvements. It really has all the telemetry markers that I look for. 

I just started using the solution. I've used it for five or six months. 

The scalability is very good. I'd rate it nine out of ten. It can expand well. 

We have about ten people, admins, who are on the solution. 

Technical support has been great. They are helpful and responsive. I've only used them for onboarding assistance. I've never had an issue I needed help troubleshooting with.

I've also used Bitdefender. I didn't stop liking Bitdefender. I love Bitdefender. I have nothing against Bitdefender. The only reason I did move to this product is due to the SOC that I work with. Bitdefender doesn't work with the stock that I use as well as SentinelOne does. SentinelOne also offers better support. Bitdefender's platform can be a bit more cumbersome to try to get through in terms of getting your agents to install, for example. SentinelOne is very simple. 

The initial setup is very easy. I'd rate the ease of implementation ten out of ten. 

There is one person that handles maintenance on the solution. That would be me.

There are a couple of different solutions that they offer. The one I use is $6 a month per device. Some are $4 and there are some that are more than that, and those offer an MDR part, which is the managed detection and response. 

I'm a partner.

To anyone using any of these MDR-type scenarios, one of the things they need to recognize with SentinelOne is that, only looking at SentinelOne telemetry, when it comes to the stock solution that they offer, it's not a true SOC. It is an internal SOC solution. That's why it's an MDR. So they're only looking at what their solution finds. If their solution finds ransomware and stops it, then you're only looking at that telemetry. That's why I offer an outside external stock since the external stock is looking at everything. If you have one device that has something on it or something with nothing on it, it's going to see it all. That's the big difference between an internal SOC as opposed to an external SOC.

I'd rate the solution ten out of ten.