SentinelOne Singularity Identity Reviews

We initially chose an EDR solution for its reporting capabilities, but quickly realized we needed a solution that prioritized remediation. Our previous vendor overwhelmed our team with alerts, while SentinelOne's Vigilance team provided 24/7 support and actively remediated threats. This allowed my team to focus on high-priority alerts and observe the Vigilance team neutralize threats in real time. The proactive remediation has been invaluable, providing peace of mind and a significantly safer operating environment. While the Vigilance team initially contacted us frequently to confirm unusual behavior, after three years our environment is clean and contact is minimal, demonstrating the effectiveness of the EDR tools in protecting our company's IT systems, data, and reputation.

The biggest change SentinelOne has brought to my team is a significant reduction in pressure. Previously, we were inundated with an overwhelming number of alerts, leading to demoralization and the risk of losing team members. As a leader, it's my responsibility to prevent this, and SentinelOne has been instrumental in helping me achieve that over the past three years. By automatically handling many threats, it gives my team the confidence and capacity to focus on higher-level security concerns, allowing us to move forward in important areas we were previously unable to address.

SentinelOne significantly enhances our risk management by providing comprehensive visibility into potential threats, including identifying vulnerabilities highlighted in previous penetration tests. We recently acquired their identity capability, which promises to elevate our security posture by detecting and blocking lateral movement and malicious activities often missed by traditional EDR solutions. This addresses a critical vulnerability: attackers gaining network access through stolen credentials. The identity solution not only alerts us to these threats but also automatically blocks them, significantly lowering our risk level. While the identity capability is still being deployed, our proof of concept demonstrated its potential to provide real-time insights into attacker behavior and enhance our overall security.

The acquisition of the SentinelOne Singularity data lake two years ago has significantly enhanced our remediation capabilities. This powerful tool allows for efficient alerting and threat hunting within our data lake, empowering our analysts with advanced capabilities. The data lake's robust query language, rapid and clear results, and user-friendly console have greatly improved our daily work efficiency.

SentinelOne significantly reduced the volume of security alerts we received. Previously, we were overwhelmed by a constant influx of alerts, many of which were irrelevant, but we lacked the expertise to distinguish between genuine threats and noise. SentinelOne's vigilance team, with their specialized knowledge, effectively filtered out the irrelevant alerts, escalating only those incidents that required our attention. This allowed us to focus on critical threats and eliminate the burden of manually sifting through numerous alerts, freeing us to concentrate on higher-level security concerns.

False positives in cybersecurity are a significant issue, especially for junior analysts who often spend hours chasing them, leading to demoralization, burnout, and high turnover rates. These false alarms offer little value and hinder professional development. However, with the implementation of advanced tools like SentinelOne, false positives can be significantly reduced, allowing analysts to focus on true threats and experience a more fulfilling and productive work environment. While some false positives are inevitable and even desirable for assurance, minimizing them is crucial for maintaining a motivated and effective cybersecurity workforce.

SentinelOne has significantly improved our incident response capabilities. We've become proficient with the console, working with the SentinelOne Vigilance team. Although we haven't experienced a significant incident requiring its use, we proactively purchased SentinelOne's digital forensics and incident response service for more resounding support. This service has provided peace of mind for the past two years, and our ability to handle incidents independently has prevented its necessity. When investigating security breaches, the Singularity Data Lake allows us to quickly analyze logs, identify forensic breadcrumbs, and determine the scope and root cause of the incident. This enables us to adjust our security environment and prevent future occurrences.

SentinelOne's Vigilance service has significantly reduced our mean time to detect threats. While I'm curious about their back-end tools and processes, the results speak for themselves: rapid and effective threat detection. The EDR agent also provides valuable alerts that we can quickly address, further minimizing our response time.

SentinelOne's Vigilance service has significantly reduced our mean time to respond. While response still requires some analysis of logs on our end, the SentinelOne Singularity Data Lake makes this process quick and easy, providing excellent actionable results. This allows us to promptly contact impacted users and advise them on necessary actions, such as powering off devices or sending in hard drives, resulting in significantly shorter response times.

When I think of in-network adversaries, I consider insider threats or external actors who have compromised legitimate accounts. Without Endpoint Detection and Response alerts, we might only discover these threats after significant damage occurs. EDR, combined with identity monitoring, allows us to proactively detect malicious activity within our network, enabling us to quickly isolate, block, or deceive the adversary. We chose SentinelOne Identity to gain visibility into our network and address vulnerabilities we knew existed but couldn't previously identify. This solution represents a significant improvement in our ability to detect and respond to threats.

AI presents a dual-edged sword: it offers immense potential for both defenders and attackers in the cybersecurity realm. Bad actors are already leveraging AI, making it crucial for the defensive side to adopt it rapidly to maintain pace. Speed is paramount in cybersecurity, and solutions like SentinelOne's Purple AI are vital for evaluation and integration. Purple AI empowers junior analysts with natural language processing, enabling them to quickly perform complex queries without specialized coding. This ease of use and speed are essential to counter the evolving threat landscape. As attackers integrate AI into their operations, defenders must adapt, and the evolving capabilities of tools like Purple AI offer promising advancements in this ongoing arms race.

The primary use case involves partnering with a government entity to meet specific requirements as part of an executive order. This includes implementing an endpoint detection and response tool as a part of a managed service model to ensure cross-agency visibility and enhance cybersecurity.

SentinelOne helped our federal client meet their business goals. Their business goals are lofty. They are tied to Federal Executive Order 14028, which enhances the nation's cybersecurity. It was critical for the government to gain cross-agency visibility into servers running in an agency environment. SentinelOne partnered with us to understand the need and to work together to ensure that the government got what it needed and that we were able to continue partnering with them as the solution continues to be built and rolled out.

The biggest initial benefit is that the government gains real-time access into endpoint data from multiple agencies. That enables them to go from a posture of being reactive where they have to request and then wait for data to being able to be a lot closer to proactive, which is to hunt and retrieve that data whenever they need it.

SentinelOne enhances our customers' risk management. It takes data that used to come with a question mark in terms of how fresh and reliable it is. It's made it real-time data. It's made it so that those who need to get that information have it as soon as they ask for it, which is a game changer. We've heard from the client that typically getting this data, especially if they're responding to an incident, would take them a couple of weeks to go on-site, deploy tools, integrate with an environment, and pull that data. Now when the need arises, they can pivot, query, and retrieve that data in real time. 

The analysts that we look out for on the client side are not your typical analysts. The work that they do is typically focused on cross-agency work that has never been done before. The ability to do their job had never been implemented before. The capability that's there makes it possible for them to do their work period before that cross-agency visibility is just fantastic.

SentinelOne is the first line of defense for all our endpoints. We have approximately 700 endpoints, and each has a SentinelOne agent controlled by the cloud. We have a first layer of support at the network gateway, but most people aren't covered by our firewall. They are roaming users, so providing these people with protection is our first priority.  

Singularity is a cloud-based solution, so we don't need to spend anything on the infrastructure. We don't have to procure the hardware to host the server application. 

The management is effortless. Anybody can operate it, and it has the ability to delegate day-to-day tasks to the help desk team that they can manage on their own. Once the devices are integrated and Singularity is configured, we hardly have to do anything. The console is nice. I don't have any problem with it.

I have limited knowledge about Singularity's identity protection features because we only started using the solution this year. We plan to integrate a few products with the SentinelOne platform to get more out of it. When we were transitioning from an EDR to an XDR, we raised this question to SentinelOne. In the meeting, they explained how this integration works and what type of security they provide. We have the authority to revoke the integration and the other reporting parts, so everything is clear over there, but we need more time to mature in this particular aspect.

Singularity offers deep and continuous visibility into our attack surface. We are notified via email, and there is always a link to a page that defines the specific threat. From that page, we investigate everything, including the affected files, root cause analysis, etc. The solution's detection and prevention capabilities are excellent, but we still must do more configuration, and there are plenty of false positives. Singularity has helped us reduce our mean time to detect. Compared to Kaspersky, we have 60 to 70 percent fewer attacks and investigations to do. 

SentinelOne identifies problems and fixes most of them without our involvement. 

SentinelOne helps us find issues that we would have never been aware of and resolve them with minimal effort on our part. It's generally easy to manage our environment from the SentinelOne console. The console can't show us the number of machines that do not have the SentinelOne agent installed, but it does a great job once the agent is deployed. Having a central console is nice because we can see the various makes and models of machines in the same place, but it isn't too critical.

SentinelOne protects identities against exploitation well. The solution provides visibility into attack surface risk. I typically use it to find things that have already happened, but the information is there. The threat detection is impressive. 

We use SentinelOne Singularity Identity for endpoint protection and leverage it within our MSP for management purposes. We aim to achieve a proactive security posture that prevents threats while enabling efficient data ingestion.

In the cybersecurity industry, an endpoint solution must not only stop malware but prevent it from executing, and SentinelOne leads in this area. Rigorous testing, including MITRE ATT&CK framework evaluations and zero-day malware simulations, consistently demonstrates its superior prevention capabilities. Unlike outdated endpoint clients, SentinelOne's code remains effective against new threats, even without updates, ensuring comprehensive protection against zero-day attacks.

The biggest benefit we get from SentinelOne is, it provides peace of mind by offering comprehensive endpoint protection that safeguards against accidental downloads and content filtering bypasses. Even with multiple security layers like ISP firewalls and content management, threats can still slip through. SentinelOne acts as the last line of defense, ensuring data safety with its malware prevention capabilities. This is the key benefit and value proposition that SentinelOne brings to the cybersecurity space.

SentinelOne significantly enhances our risk management posture by enabling users to perform their necessary tasks while minimizing security risks. Whether it's marketing teams accessing unique online resources or manufacturing personnel working with sensitive data, SentinelOne allows for business enablement without compromising security. As a critical component of our security stack, SentinelOne's endpoint protection capabilities provide the foundation for lowering risk and empowering business operations.

SentinelOne has significantly improved our efficiency. My team now focuses on more complex tasks because SentinelOne automatically handles the simpler ones, streamlining our day-to-day operations.

SentinelOne's platform utilizes advanced AI-driven algorithms to reduce false positives compared to traditional endpoint security tools effectively. This sophisticated approach allows SentinelOne to better understand and differentiate between legitimate and malicious activities, minimizing unnecessary alerts and manual intervention. Consequently, security teams can focus on real threats instead of constantly addressing false positives, improving overall efficiency and security posture. The platform's ability to accurately identify and block threats while allowing legitimate operations stems from its superior algorithms, designed to effectively recognize both normal and malicious patterns. This out-of-the-box capability sets SentinelOne apart from competitors by significantly reducing the need for manual whitelisting and constant monitoring, ultimately saving time and resources.

SentinelOne significantly improves our incident response. If we encounter a cyber-related issue, we know it's not due to SentinelOne missing a threat. It's usually related to legitimate user actions that bypass typical antivirus detection or threats that are undetectable by any AV platform. This allows our team to focus on incidents stemming from human error or intentional actions rather than automated processes or external hacking attempts. Essentially, SentinelOne enables us to prioritize our response efforts more effectively.

SentinelOne reduces our mean time to detect because its primary focus is prevention, utilizing AI to stop threats before they execute. Ransomware, or any malware, shouldn't run for a single second. Therefore, an effective AV endpoint tool must be AI-driven, continuously adapting and learning to stay ahead of evolving threats. Signature-based or even behaviour-based solutions are inadequate; AI is crucial because it encompasses both signatures and behaviours while dynamically adjusting its algorithms. This adaptability ensures that even a year-old client remains protected against zero-day threats.

SentinelOne's AI capabilities have significantly improved our response time by proactively preventing threats and eliminating the need for reactive measures. Any incidents that do require a response are typically unrelated to SentinelOne's performance but rather stem from external factors.

SentinelOne provides comprehensive protection against internal and external threats by blocking malware from all directions. Its AI-powered engine proactively prevents attacks, regardless of the traffic's origin, significantly reducing user risk.

SentinelOne's AI-driven platform is revolutionizing cybersecurity strategy by automating tasks and empowering analysts. Its AI capabilities eliminate the need for complex query writing, allowing users to leverage natural language for faster and more efficient threat detection. This accessibility enables quicker onboarding and increased effectiveness for security teams. The platform's comprehensive AI integration not only enhances productivity but also improves the accuracy and efficacy of security operations.

I can rely on it. It does its job. I do not have to be on top of this. With the other product that we were using, I was constantly checking the application to see if everything was fine. It was more like I was doing the job. With the type of support that we have signed up with SentinelOne, I do not have to worry about that. I can rely on SentinelOne checking my endpoints, and if there is something, I know they are going to be on it. Previously, I had to call technical support to see what was going on. If they noticed something, I had to do the job. With SentinelOne, they are the ones who are checking the device and logs. If they notice something, they block it or do something about it, and then they let me know. I also receive notifications of the process they are following. I get various notifications saying:

• We identified this on this computer. This computer is disconnected. We are doing the next process.
• We have disabled this account.
• We have mitigated the problem, or the problem has not been mitigated. 
• We have identified this as being something that you do not have to be concerned about.
• You need to be concerned about this.

With the level of support that we are getting, I do not have to do it myself. Previously, I had to do it or somebody else in the team had to constantly check our endpoints. With SentinelOne, we do not have to do that.

The Singularity console provides a unified view. It is very important because we can see all our devices. We can see what is going on. It is very good. I like it.

It is not at all difficult to manage our environment using the Singularity console. Once you get familiar with the different tabs of the web console, it is easy to manage. It is very organized and descriptive. You do not get lost. What they have in the titles is what you see, so it is not at all difficult. It is very easy to use.

It does a great job of providing visibility. Management asks us for a lot of reports to know how well the systems are protected. It is easy to manage and get reports so that we can give them better visibility into what is going on. We can get reports on the fly to show what is going on. In terms of visibility, it is doing a great job.

It has done a great job when it comes to detection because there have been a couple of instances where users installed applications or tried to install applications and the system detected them immediately. It triggers an alert for us within seconds of a user trying to download or install an application. They also immediately try to remediate the problem at the same time. In terms of detection and protection, it is doing a great job.

They have different levels of support. We have the highest level where they are constantly checking all the endpoints. If at any certain point, they identify that a computer has been triggered by a virus, a link, or something else, they would automatically tell us that within 15 seconds. If they notice something, they automatically send us an email saying that they noticed something in the computer, and they are going to block it. If they identify that there is something wrong with the computer, they automatically block it. This constant checking of anything that may be happening on our endpoints is the most valuable feature of SentinelOne.

We primarily used SentinelOne Singularity Identity to replace outdated antivirus software throughout the company and implement a standardized enterprise security solution.

Our engagement with SentinelOne has yielded multiple benefits, primarily their exceptional customer engagement and partnership. They act as a true extension of our team, listening to our needs and tailoring their products to meet our specific demands. Ultimately, their AI-powered technology has enabled us to effectively detect and defend against modern threats.

SentinelOne has significantly improved our risk management due to its effectiveness and seamless integration. It hasn't disrupted our business flow or applications because it supports all our operating systems and addresses several critical use cases, including Airgap Solutions, that other vendors couldn't. This comprehensive coverage allows SentinelOne to effectively identify, prevent, and mitigate numerous potential threats and risks to our organization.

SentinelOne has helped us improve analyst efficiency in several ways. Its single pane of glass console allows analysts to view and correlate data across multiple solutions, streamlining their workflow. The integration of APIs and various tools further enriches this data, facilitating more effective analysis. Additionally, SentinelOne's partnership has provided valuable resources like SentinelOne University and educational offerings, enabling our analysts to quickly become proficient with the tool.

SentinelOne has significantly improved our alert management by reducing noise in the console. Their Vigilance service leverages their extensive customer base and experience to filter and manage alerts, triaging them to our Security Operations Center. This allows our SOC team to focus on critical threats and in-depth investigations, optimizing their time and resources.

SentinelOne has significantly reduced false positives for us. By tuning and testing agents through its discovery and AI features, we ensure that detections are true positives requiring action. We rarely encounter false positives or unnecessary actions.

SentinelOne has significantly improved our incident response by enhancing threat hunting through the use of STAR rules. This functionality allows our teams to thoroughly investigate incidents using the storyline feature, identify lateral movement, and gain a comprehensive understanding of the situation. The deep visibility tooling has been invaluable in providing in-depth insights into malicious activities across our attack surface. Consequently, we have reduced dwell time, improved mean time to resolution, and enabled our analysts to detect and triage threats more efficiently.

SentinelOne provides excellent visibility into potential insider threats by identifying concerning attitudes, behaviors, and activities. Its agent effectively analyzes user posture and behavior, allowing for early detection and defense against potential attacks.

SentinelOne has been an early adopter of AI, integrating it into their agent from the inception of their products. This benefits SentinelOne in several ways, especially as attackers increasingly leverage AI to enhance their own capabilities. AI helps automate tasks, reducing the workload for analysts and allowing junior analysts to benefit from the knowledge of more senior team members. This frees up time for investigating complex threats and enables faster, more efficient responses to a larger volume of events and activities.

SentinelOne's AI and behavioral analysis enable highly effective detection of modern and emerging threats. By recognizing malicious behaviors common to both known and unknown threats, it proactively mitigates zero-day attacks and other new threats. Additionally, SentinelOne enhances the detection capabilities of its agent, further strengthening its security product.

We use SentinelOne Singularity Identity for monitoring and mitigating threats within our network. Controlling our surface visibility, and monitoring all of our endpoints for software and even hardware vulnerabilities.

Initially, we implemented SentinelOne Singularity Identity to prevent a ransomware attack reinfection, but it has been transformed into our most important, critical, cyberthreat identification, prevention and mitigation solution. 

SentinelOne Singularity Identity has helped make our organization more secure with enhanced built-in monitoring. Not only by AI, trained and developed by SentinelOne, but also by a 24/7 cybersecurity team that are always monitoring for incidents and are available for support when it is needed the most

SentinelOne Singularity Identity provides a unified view which is important to our organization, particular when there's an incident and time is of the essence. 

Managing our environment from the SentinelOne Singularity Identity console is easy from an IT professional standpoint. I would easily rate it a nine out of ten.

I fully researched several companies including SentinelOne before we invested our money into a cybersecurity solution. I discovered that there were many top, well-known companies using SentinelOne to safeguard their identities and assets from exploitation and compromise. 

The visibility of Singularity Identity is great. A full spectrum of information about each endpoint, threat or incident is available usually only one or two clicks away, which helps to quickly and more accurately determine everything needed to identify, mitigate and prevent or eliminate a threat. Singularity Identity also provides all the tools and functionality necessary to override if something is deemed a false positive.  

Perhaps the most valuable resource that SentinelOne Singularity Identity has to offer is the AI-based automated mitigation. let's be honest, even the best team of cybersecurity experts are no match for some of the automated ransomware bots that can spread through an entire network in mere minutes, and that is where the AI assisted mitigation is key to stopping threats dead in their tracks. Situations where a human could potentially take hours to identify the source and take mitigating actions, SentinelOne's Artificial Intelligence handles the identification and mitigation on your behalf in mere seconds, until a human can assess the situation, and make appropriate adjustments as needed, significantly reducing our MTTD. 

I have confidence in Singularity Identity's ability to identify and mitigate threats. This solution, in my opinion, ranks among the finest, most capable products currently available on the market today.