Try our new research platform with insights from 80,000+ expert users
Andrew W - PeerSpot reviewer
VP - Information Technology at a financial services firm with 201-500 employees
Real User
Top 5
Great console with a nice unified view and helpful support services
Pros and Cons
  • "The biggest value for us is getting a much better picture of what our risks are."
  • "A lot of those features came from an acquisition of a different company."

What is our primary use case?

Our biggest concerns were protecting our on-premise active directory environment and then our Azure AD environment. In terms of both, we wanted to understand what assets were in those environments and what security risks were associated with each and then how to most effectively remediate them.

How has it helped my organization?

I've been with the company only for four months. In the first two weeks of doing an assessment, I noticed a lot of very insecure and suboptimal configurations. We needed a tool that could help point out the weak spots and then remediate them as fast as possible.

What is most valuable?

The biggest value for us is getting a much better picture of what our risks are. They also have a really feature-rich way to automatically remediate a lot of those risks And if, let's say, the automatic remediation does not work correctly or maybe has internet sequences, then you can automate the rollback of that. For example, if you find ten accounts that have something wrong with them in Active Directory, you can deploy a script that'll fix the configuration of those accounts. However, if something breaks, you could roll it back to that configuration change and then do some more testing or do investigations and then redeploy the fix once you're happy with it. That's the biggest thing for us. We're not spending hours going through manually to find these configuration weaknesses and then have the manual administrator.

The Singularity console provides us with some sort of a unified view. You've got, when you first log in, a dashboard. It's got a default landing page that gives you a very good understanding of what sort of risks you have and where they're located. You can then drill down into various panels to investigate further.

The unified view is extremely important for our organization.

A lot of these things could be solved manually. However, the level of effort required to identify and resolve these things is high; this makes it much faster.

It is extremely easy to manage our environment using the console.

The product’s ability to protect identities from exploitation is good. We're very happy with it at this point. The dashboard gives me, for example, the number of detections. It's got a chart with time-based attacks and helps drill into the top five. It gives us a summary of the health of the environment in terms of high, medium, and low vulnerabilities. Then we can go through those. We can focus on the very high vulnerabilities and go from the highest down to the lowest.

What needs improvement?

A lot of those features came from an acquisition of a different company. Actual SentinelOne employees are making a lot of changes right now to fully integrate those components into one security solution portfolio. The recommendation would be to make deployment just a little bit easier. Of course, they talked about it on the road map, so it will settle out naturally. They're aware of the issue. They want to make it better; it's just not quite there yet.

Buyer's Guide
SentinelOne Singularity Identity
November 2024
Learn what your peers think about SentinelOne Singularity Identity. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,053 professionals have used our research since 2012.

For how long have I used the solution?

I've been using the solution for a few months. We're relatively new customers, although I have used SentinelOne itself before. 

What do I think about the stability of the solution?

We've had no issues with stability. I'd rate the stability as excellent, ten out of ten. 

What do I think about the scalability of the solution?

We're a small environment. We're two hundred employees, with less than 1,000 devices in our computing environment. For us, we have no scalability issues. I can't speak to how well it would run in a Fortune 500 company.

How are customer service and support?

We've opened a few cases with technical support. 

It was very good. They got back to us very quickly. Usually, after one to two interactions, we had the issue resolved. If we were able to explain it well when opening the ticket, then we would have a response back that resolved it the first time. In some cases, we did provide all the information and they had to come and ask some clarifying questions. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did not run anything prior to using this solution. We had default tools and Microsoft, including things like Microsoft Identity Protection. However, we did not have a third-party product. 

How was the initial setup?

There were only two of us involved in the deployment. 

It was relatively straightforward with the exception of just a few configurations. A lot of this technology came from an acquisition and since they're integrating it into the SentinelOne portfolio, some small things had to be adjusted that were not apparent to us as an end user. It would take a deployment engineer to really get it set up and working.

What about the implementation team?

We implemented the solution with the help of a professional services team. 

What was our ROI?

We haven't calculated a hard ROI or run some sort of quantitative evaluation. That said, from a qualitative standpoint, we're significantly better off. Even conservatively, looking at my time and our information security analyst's time, we're probably saving maybe 200 hours a year, if not more, in terms of investigating, remediating, et cetera. It gives us more time back.

What's my experience with pricing, setup cost, and licensing?

The pricing for us was very competitive. It was actually probably 30% cheaper than CrowdStrike.

Which other solutions did I evaluate?

We evaluated a lot of CrowdStrike Solutions. Those are slightly different. They do have some identity protection solutions available. However, we couldn't get all the components to even work on the CrowdStrike side as part of the POC. And then even when we did get it to work they didn't seem to have the same level to completely listen or cover. They had no auto-remediation capabilities. It was just more of a dashboard to show you areas where you had some security risk, and then they would provide some guidance in terms of how to remediate it, however, all that remediation was manual. That was it. 

What other advice do I have?

For someone who's researching Singularity, yet they're running Windows Defender still may need Singularity. Defender doesn’t have the level of capabilities that this does. Based on our testing, it's a great endpoint security solution, and we're actually running it in concert with this one. We have Defender for the endpoint and installed it as well. However, as a detection response solution, Defender is kind of a backup. The information we get on the Defender console is helpful, yet it doesn't give the same level of granularity or the other automated remediation capabilities. Defender is the baseline; I wouldn't throw it out. I would keep it and still put Identity in the environment. You'll get more value out of Identity than you will out of Defender.

I'd rate the solution ten out of ten. 

I'd advise others to not just sit through a demo; run a proof of concept and get it in your environment if you can. That will give you more information and a much better feel for how it is and how it can help you improve your security posture. 

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
reviewer2271825 - PeerSpot reviewer
Data Analyst at a legal firm with 1,001-5,000 employees
Real User
Provides good visibility, detection, and support
Pros and Cons
  • "One of the top things we're interested in is cloud protection."
  • "SentinelOne Singularity Identity could be more user-friendly."

What is our primary use case?

Cloud protection is very important to us. We have almost 400 applications and a lot of data, some on-premises and some in the cloud. We need to make sure that all of our data is protected, and SentinelOne Singularity Identity offers the data protection and identity protection that we need.

We are currently evaluating whether to continue with our current solution or switch to SentinelOne. We want to make sure that we are saving costs and resources, and that our data is 100 percent secure. SentinelOne seems to be able to offer us both of these things, so we are leaning towards switching to their solution.

Our top priority is to make sure that our data is safe. If something were to happen, we need to know that we have support from SentinelOne.

How has it helped my organization?

SentinelOne Singularity Identity provides a unified view of our security posture through its console. This unified view is important because it will make it easier for our security analysts to manage and own the product. As a result, we will need fewer resources to do a better job.

Managing our environment through the console has a learning curve. The more we use the solution, the more experience we gain. However, it is reassuring to know that SentinelOne is willing to provide support if needed. This is important to us because we want to be able to take over the management of our environment eventually without requiring too many resources. We believe that we are well-positioned to achieve this goal, but it will take time. We do not expect to be able to do it immediately, but we believe that it is possible within a few months to a year.

Although we are still evaluating the solution, we are hopeful that it will protect identities from exploitation. The reviews we have seen suggest that this is the case, and it is very important to us as a corporate law firm. We handle sensitive client data, and if an unauthorized user were to gain access to this data, we could be sued by our clients. We therefore need to protect our identities and our admin accounts, which have superuser access to the system. We are confident that Singularity Identity can do this, and we are currently evaluating its capabilities.

Singularity Identity provides good visibility into our attack surface, which helps us prevent unauthorized access. We do this by getting alerts or notifications about any suspicious activity and then investigating them. Even if we get a lot of false positives, it's worth it because the one time we uncover a real attack will make it all worthwhile. I think this is one of the key features of Singularity Identity, and I'm sure the developers would agree.

Singularity Identity's ability to detect and mitigate threats is one of its key features. I am not sure if it can prevent threats altogether. As a corporate billion-dollar law firm, we are always under attack, and there will always be threats. We receive phishing emails multiple times a month, a week, or even a day. Therefore, it is not about preventing threats, but rather detecting them and allowing us to respond and know how to handle them. I do not think we can prevent threats from happening, but Singularity Identity can give us the ability to prevent them from succeeding.

Although we are still evaluating Singularity Identity, I am confident that it will reduce the MTTD identity-based attacks.

What is most valuable?

SentinelOne Singularity Identity's support seems to be unmatched, at least according to what I was promised. This is very important to us. SentinelOne Singularity Identity has excellent reviews. We checked out the Gartner reviews of their offerings, and everything seems to be in order.

One of the top functions we're interested in is cloud protection. Whenever we talk about moving something from on-premises to the cloud, that's always the biggest concern of our executives. So, we're always very interested in offering them that kind of cloud security. So far, SentinelOne Singularity Identity seems to be a good option. However, we're still evaluating our options.

What needs improvement?

SentinelOne Singularity Identity could be more user-friendly. I had some questions that I had to go back to SentinelOne to try to understand. Therefore, for someone who is trying to get by with minimal experience, I believe it is very important to make it as simple as possible for consumers to have the best user experience.

SentinelOne Singularity Identity should be made more affordable so that organizations can better budget for it.

For how long have I used the solution?

I have been evaluating SentinelOne Singularity Identity for three months.

What do I think about the stability of the solution?

SentinelOne Singularity Identity has been stable so far.

What do I think about the scalability of the solution?

SentinelOne Singularity Identity is scalable and we have not encountered any issues as of yet.

How are customer service and support?

The technical support has been very helpful and responsive. I had no issues, and I am very happy with the outcome.

How would you rate customer service and support?

Positive

How was the initial setup?

We have not yet completed a full deployment into production, as we are still testing. However, the initial deployment for testing was simple.

What about the implementation team?

We use a consultant called Blue Margin. They helped us with all of our Microsoft deployments and licensing, as well as when we got Power BI. We always run things by them. In this case, I'm not sure yet how much help we'll need when we go to production. So far, we haven't needed much help because it's been straightforward. However, we can engage Blue Margin if needed. The decision of whether or not to engage them typically comes down to whether we have enough resources to handle it ourselves or if we need more help.

What's my experience with pricing, setup cost, and licensing?

The pricing for SentinelOne Singularity Identity is challenging. I understand that they put a lot of time and effort into developing this product, so it can't be too cheap. However, from our perspective, we need to get buy-in from our executives, and that means the price has to be within budget. The lower the price, the more likely it is that the software will be approved.

In a perfect world, the price would be within budget and it would be a great price. However, as long as SentinelOne's pricing is competitive with their top competitors, I think they have a great product that should be approved. I'm currently evaluating how their pricing compares to other products.

Ideally, I would like SentinelOne to lower their prices a little bit. This would make it easier to get buy-in from my executives and would allow us to afford the software. However, I understand that they can't give the software away for free.

What other advice do I have?

I would rate SentinelOne Singularity Identity a nine out of ten.

We are a Microsoft shop. Most of our products are Microsoft, and we have the Microsoft licenses. I believe that SentinelOne Singularity Identity will eventually save us time, effort, cost, and resources. I am working to prove this with my research, and so far, I think the answer is yes. I wanted to share this feedback in case it helps someone else who is in a similar situation. So far, everything is positive. However, the next steps for me are to confirm this, compare SentinelOne Singularity Identity to other products, and then make a recommendation. Hopefully, I will get the buy-in and we can move forward.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
SentinelOne Singularity Identity
November 2024
Learn what your peers think about SentinelOne Singularity Identity. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,053 professionals have used our research since 2012.
reviewer2261766 - PeerSpot reviewer
IT Security Manager at a healthcare company with 1,001-5,000 employees
Real User
Uses behavior-based detection, with a simplified console, and helps safeguard identities from exploitation
Pros and Cons
  • "The most valuable feature of SentinelOne Singularity Identity is its ability to detect based on behavior rather than just static signatures."
  • "The primary reason for this discontent is that we frequently encounter performance issues with our servers."

What is our primary use case?

We utilize SentinelOne Singularity Identity to prevent malware and to monitor for any ongoing malicious activities. Another use case that we've recently adopted is the extraction of vulnerability data. We are beginning to incorporate this data into our vulnerability management program.

How has it helped my organization?

Our goal was to transition from using a signature-based antivirus to a next-generation antivirus that relies on behavioral analysis. This was the main motivating factor behind our decision. While we were inclined to make this change, our cyber insurance provider also exerted pressure on us to adopt the NexGen antivirus. They even offered a significant discount on our insurance premiums if we implemented it. This played another important role in our decision-making process. We were specifically seeking a solution that could effectively combat ransomware. Unlike other antivirus and signature-based solutions, which don't effectively tackle ransomware, SentinelOne provides warranty coverage for ransomware incidents, making it an appealing choice. To date, we have been fortunate enough not to have experienced any ransomware attacks. SentinelOne advertises that we won't receive ransomware, and indeed, we haven't received any. Last year, we acquired an automated penetration testing program separate from SentinelOne. This program collaborates with SentinelOne to simulate malicious activities within our environment. Essentially, it tests SentinelOne's capability to detect and prevent ransomware. The results from this tool confirm the effectiveness of SentinelOne.

We're quite satisfied with the layout of the console. I have a security analyst who works under me, and he mentioned that out of all the antiviruses he has ever used, SentinelOne is the most intuitive. I agree with him. It's quite simple to use. However, simplicity can be a bit challenging at times because if it's overly simple, it might lack features that are necessary for complex environments. Yet, I believe it strikes a good balance between simplicity and complexity. It certainly offers flexibility. One helpful feature is the ability to create different groups, assign custom names to these groups, and then place endpoints into these groups and apply distinct policies to them. This functionality works exceptionally well.

Managing the environment from the console is straightforward. However, we do need to periodically deploy updates to the agents. While I personally would prefer this process to be automated and not require manual intervention, the current process is relatively simple. Although it can be a bit time-consuming, it hasn't posed a significant burden. It would be preferable if this manual step could be eliminated. Overall, the management process is user-friendly. A particularly valuable feature is the audit section, which allows us to track all activities. This is especially useful due to the involvement of multiple groups within our IT department, each performing various tasks. Without the audit history, it's challenging to monitor these activities and understand what actions individuals are taking. Therefore, the ability to retrospectively review the audit history is essential.

SentinelOne Singularity Identity functions effectively in safeguarding identities from exploitation. We have not encountered any incidents where it seemed that malware had infiltrated the system and remained undetected. Another aspect that contributes to our validation is the penetration testing tool we acquired, which actively executes exploits on the machines. Often, we do not expect ongoing active attacks within our environment. Consequently, it becomes challenging to accurately assess their operational effectiveness due to the absence of such attacks. This penetration testing tool plays a crucial role in illuminating our tools' capability to withstand robust attacks that we may not currently be experiencing. Through this tool, we simulate these attack scenarios, which provides us with an understanding of how well we can endure an attack on a larger scale. Upon reviewing the penetration testing reports, they consistently indicate that the tool's activities are blocked at various stages. Based on this, I would rate it highly. In all honesty, I don't believe I could ask for more.

SentinelOne Singularity Identity demonstrates a high capability in detecting and preventing threats. The solution effectively identifies and thwarts threats across all areas; we have even tested it in real attack scenarios. Occasionally, there might be false positives, but their occurrence hasn't been significantly problematic. For instance, there was an issue with resumes where the system consistently flagged them as viruses for some reason. This was somewhat frustrating; however, it didn't persist. We raised a support ticket, and they promptly resolved the problem. False positives are common in any antivirus solution, but the rate of false positives with SentinelOne Singularity Identity is quite low, which is good.

What is most valuable?

The most valuable feature of SentinelOne Singularity Identity is its ability to detect based on behavior rather than just static signatures. It's dynamic. 

What needs improvement?

Our infrastructure team is dissatisfied with SentinelOne Singularity Identity. They would prefer to explore alternative solutions. The primary reason for this discontent is that we frequently encounter performance issues with our servers. These performance issues are quite challenging to trace and address, making it difficult to identify their root cause. Often, the culprit behind these problems is the SentinelOne agent on the server. However, pinpointing and resolving this issue takes a considerable amount of time, adding to the challenge. The team is not particularly satisfied with this situation. Nevertheless, the team eventually manages to identify instances where the solution is overly meticulous, leading to unnecessary scrutiny. To resolve this, they implement exclusions, which alleviates the problem. So, it's not that they lack a solution; rather, the process of reaching a solution through exclusion is laborious, especially considering the known impact on performance.

SentinelOne Singularity Identity promotes in their documentation that their agents operate within defined processing power limits. Despite this claim, we've observed instances where these limits are exceeded. As an area for improvement, we have previously requested a feature that would allow us to set a cap on CPU utilization percentages for servers. This way, we could establish that, based on our configuration, the CPU usage cannot surpass a specified threshold, such as ten or twenty percent. This feature would be highly valuable, along with potential enhancements in their administration console that reduce its impact on servers or endpoints and offer greater transparency in this regard. Although their support is helpful, as they assist us when we suspect issues and can interpret the logs we send them, these logs are often cryptic. It would be preferable if we could manage a significant portion of this analysis independently, without needing their assistance.

For how long have I used the solution?

I have been using SentinelOne Singularity Identity for almost three years.

What do I think about the stability of the solution?

SentinelOne Singularity Identity is stable. We have not had any stability issues.

What do I think about the scalability of the solution?

SentinelOne Singularity Identity is highly scalable.

How are customer service and support?

The technical support is responsive. We're grappling with an issue that is somewhat frustrating, but it's not really the fault of the support. It's a very specific problem where a crucial file on the server's machine is being closely examined by the antivirus, causing a slow login process for the users. Consequently, we had to exclude this file, even though it's an executable that SentinelOne doesn't recommend excluding. As a result, we're currently engaged in a somewhat controversial back-and-forth issue. However, they are providing us with feedback and suggestions that we can implement to try and address the issue. They're persistent and are trying various approaches. I find their response time reasonable. Overall, it has been a good experience.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Before SentinelOne Singularity Identity we were using Microsoft Defender but it was not as effective in detecting and preventing malware attacks.

How was the initial setup?

The initial setup is straightforward. In fact, we implemented it in phases. In the first phase, we deployed it only to our servers. In the following year, we expanded it in another phase to include all of our workstations, of which we have a larger number compared to servers. The first phase went really quickly. We even adopted a more aggressive approach, reducing the number of exclusions initially and adding exclusions as we encountered issues.

Subsequently, our cyber insurance provided us with a discount the following year to encourage us to deploy it to all workstations. This compressed our deployment timeline, and despite the time constraints, we succeeded. We managed to extend it to the rest of the workstations within approximately a month from the decision point. I would describe the deployment process as very smooth. There was even a point during the rollout when I was on vacation and slightly concerned about it. However, we encountered no issues.

What about the implementation team?

The implementation was completed in-house with some support from SentinelOne.

What's my experience with pricing, setup cost, and licensing?

SentinelOne seemed to offer more while being priced lower than its competitors. At times, they would distinguish what they refer to as an EDR functionality, providing us with more in-depth information about the activities on the machine. This was one aspect. Comparing this to Cybereason, obtaining this functionality incurred a slightly higher cost. However, SentinelOne included certain elements of this functionality as part of their base package. Although not as extensive as Cybereason, it was still enticing as we didn't have to pay extra for it, unlike Cybereason, which positioned SentinelOne at a more appealing price point. Therefore, our decision to go with SentinelOne was driven by the perception of receiving more features for a better value.

Which other solutions did I evaluate?

We assessed Microsoft ATP, Cybereason, and CrowdStrike. SentinelOne Singularity Identity had a rollback feature that was absent in Cybereason or ATP. The cost of SentinelOne was also reasonable; they offered a competitive price point better than any of the others. While CrowdStrike is the most popular option, their price compared to SentinelOne was significantly higher, making it feel overpriced.

What other advice do I have?

I would rate SentinelOne Singularity Identity a nine out of ten.

What we don't engage in is threat hunting, as this requires an additional module that we haven't acquired.

Before making the switch, we conducted a penetration test against Defender. Our penetration tester managed to bypass it around 50 percent of the time. However, since implementing SentinelOne, we no longer face this issue. Thus, moving away from Defender was a beneficial decision. We were aware that Defender couldn't effectively handle more advanced attacks. Although it did result in additional costs – as Defender is included with our Microsoft license – the investment was justified. This is especially true considering we have insurance that provides a discount, given that having a next-generation antivirus in place is generally viewed positively by insurance providers. Overall, this move has provided us with greater peace of mind, knowing that we are better protected against the increasingly sophisticated malware landscape. I'm aware that Microsoft offers a more comprehensive package. They have their own version of a behavioral-based antivirus, which we can opt for at a higher cost. However, Defender doesn't provide that functionality. So, when comparing the two, it was quite obvious to us that we needed a more advanced solution.

SentinelOne Singularity Identity is a commendable product. In my opinion, individuals should evaluate it and form their own judgments. Conducting testing with actual simulations, particularly utilizing a penetration testing tool that runs malware simulations against the software, appears to be a prudent approach. This method allows for a well-informed assessment of the solution's efficacy. The challenge with antivirus software often lies in its opaqueness. We lack genuine insights into its actual performance. We tend to rely on marketing claims and trust that the software can effectively thwart necessary attacks. However, such claims are prevalent across the industry. Thus, the most reliable course of action is to ensure our chosen tool provides a sense of security by rigorously testing it with malware attempts and attempting to circumvent its defenses.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Brent Ferris - PeerSpot reviewer
Senior Network Administrator at a logistics company with 51-200 employees
Real User
Top 10
Provides many mitigation options, prevents ransomware attacks, and has great surface visibility
Pros and Cons
  • "The AI-based detection, scanning, prevention and mitigation features are the most valuable features."
  • "The UI can be more user-friendly."

What is our primary use case?

We use SentinelOne Singularity Identity for monitoring and mitigating threats within our network. Controlling our surface visibility, and monitoring all of our endpoints for software and even hardware vulnerabilities.

Initially, we implemented SentinelOne Singularity Identity to prevent a ransomware attack reinfection, but it has been transformed into our most important, critical, cyberthreat identification, prevention and mitigation solution. 

How has it helped my organization?

SentinelOne Singularity Identity has helped make our organization more secure with enhanced built-in monitoring. Not only by AI, trained and developed by SentinelOne, but also by a 24/7 cybersecurity team that are always monitoring for incidents and are available for support when it is needed the most

SentinelOne Singularity Identity provides a unified view which is important to our organization, particular when there's an incident and time is of the essence. 

Managing our environment from the SentinelOne Singularity Identity console is easy from an IT professional standpoint. I would easily rate it a nine out of ten.

I fully researched several companies including SentinelOne before we invested our money into a cybersecurity solution. I discovered that there were many top, well-known companies using SentinelOne to safeguard their identities and assets from exploitation and compromise. 

The visibility of Singularity Identity is great. A full spectrum of information about each endpoint, threat or incident is available usually only one or two clicks away, which helps to quickly and more accurately determine everything needed to identify, mitigate and prevent or eliminate a threat. Singularity Identity also provides all the tools and functionality necessary to override if something is deemed a false positive.  

Perhaps the most valuable resource that SentinelOne Singularity Identity has to offer is the AI-based automated mitigation. let's be honest, even the best team of cybersecurity experts are no match for some of the automated ransomware bots that can spread through an entire network in mere minutes, and that is where the AI assisted mitigation is key to stopping threats dead in their tracks. Situations where a human could potentially take hours to identify the source and take mitigating actions, SentinelOne's Artificial Intelligence handles the identification and mitigation on your behalf in mere seconds, until a human can assess the situation, and make appropriate adjustments as needed, significantly reducing our MTTD. 

I have confidence in Singularity Identity's ability to identify and mitigate threats. This solution, in my opinion, ranks among the finest, most capable products currently available on the market today. 

What is most valuable?

The AI-based detection, scanning, prevention and mitigation features are the most valuable features. 

What needs improvement?

The UI could stand to be more user-friendly, specifically for users that are not in IT, or for smaller mom and pop sized companies that may not have a dedicated IT department or budget for a fully managed solution. 

For how long have I used the solution?

I have been using SentinelOne Singularity Identity for two years. Most of that time was fully managed by a 3rd party SOC/MSP, and now more recently, we have migrated to a self-managed cloud solution. 

What do I think about the stability of the solution?

I haven't experienced any stability issues, whether through the server, the console, or the clients. I am impressed with the stability of SentinelOne Singularity Identity.

What do I think about the scalability of the solution?


Which solution did I use previously and why did I switch?

We are currently still utilizing all of our other solutions simultaneously, until their licenses run out which include, Webroot EPP, and Microsoft Defender and Defender for Cloud. SentinelOne works perfectly side-by-side with these others, however, we will soon be removing Webroot as it is a tertiary and an unnecessary redundancy and offers no real advantages or capabilities over what SentinelOne already provides. 

How was the initial setup?

For the deployment, I uploaded the package to our Intune portal and distributed it to all of our endpoints and devices. For devices that were not accessible, we used a flash drive to install it manually. 

What about the implementation team?

Initially, we utilized an MSP. Then, there were two distinct deployments. The first deployment took place two years ago when we experienced a cyber/ransomware attack on our network. Throughout that incident, a third-party company assisted us in restoring and wiping every one of our computers and installing SentinelOne client on them, among other tasks. So at this phase, were were using SentinelOne as a fully managed solution. 

Now, within the last month, we have transitioned to managing our system internally. The subsequent deployment was executed through Intune and manual solutions. The encryption keys were migrated from the previous MSP with the help of the SentinalOne migrations team. 

What was our ROI?

The return on investment is evident through the value provided by SentinelOne Singularity Identity and its protective features. While the cost is in the higher tier of solutions of similar products, ask yourself, can you really put a price on your ability to sleep at night? 

What's my experience with pricing, setup cost, and licensing?

The price of SentinelOne Singularity Identity is relatively high, but it offers numerous features and capabilities that make it well worth the investment. Not to mention peace of mind. 

Which other solutions did I evaluate?

We absolutely evaluated other solutions. This is an important decision for the security of our network and IT infrastructure. 

What other advice do I have?

I would rate SentinelOne Singularity Identity a 9 /10.

SentinelOne Singularity Identity can easily work alongside other security products, in my experience, including Microsoft Defender.

for anyne considering this as a solution, I would suggest conducting your own further research on alternative products to firmly establish whether or not SentinelOne Singularity Identity is indeed the appropriate product. In my view, the licensing model is geared more towards medium operations like ours, which have around two hundred endpoints, on up to large scale enterprise-sized companies. The licensing structured minimum of 200 endpoints may be a bit much for a small company with just a few endpoints. But, I in summary, I am happy with the choice to buy this product, and as our company grows SentinelOne will allow for that growth. 

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Nick Simmons - PeerSpot reviewer
Vice President, Sales at LevelBlue
Video Review
Vendor
Top 10
Enhances risk management and incident response while embracing innovative tech
Pros and Cons
  • "The response is a valuable aspect of SentinelOne."
  • "To enhance our already strong partnership with SentinelOne, we should focus on improving collaboration."

What is our primary use case?

Our primary use case involves working with customers to manage endpoints and cloud for our customers. We partner with SentinelOne specifically, as they are a leader in the industry.

How has it helped my organization?

SentinelOne, in partnership with LevelBlue, has helped our customers achieve their business goals by providing technology combined with our management resources. This partnership assists in mitigating risks, providing immediate action for incident response, and reducing mean time to detect.

Our customers experience multiple benefits with SentinelOne and LevelBlue. Primarily, they gain the ability to identify and mitigate risks effectively. Through our partnership, customers can implement SentinelOne and leverage its capabilities to take swift action against security challenges. More importantly, this aligns with their overall business risk strategies and desired outcomes, helping them achieve those objectives.

SentinelOne enhances our customers' risk management by collaborating with them to identify risks and implement appropriate controls, such as SentinelOne to mitigate those risks. Our 24/7 management, combined with SentinelOne's technology, provides customers with the responsiveness, time, and visibility necessary to maintain business operations.

SentinelOne has improved our incident response by enabling immediate action, a key differentiator for us when combined with our resources and personnel. Integrating people and technology enhances our market responsiveness and allows us to act quickly.

SentinelOne's cutting-edge technology helps our customers reduce their mean time to detection. Its continuous updates and advancements are recognized by our customers, who also appreciate the resources we provide to manage the technology on their behalf.  We utilize SentinelOne ourselves to improve our mean time-to-response capabilities and gain a deeper understanding of our customers' needs and desired outcomes, ultimately helping them achieve their security goals.

As AI evolves, our customers, in partnership with SentinelOne's technology, face increased risk when deploying AI to enhance business processes. While some customers recognize this risk, others do not. However, SentinelOne's advanced technology and forward-thinking vision provide confidence and trust, enabling customers to implement new technologies for increased efficiency, knowing they have a reliable partner to ensure their protection.

What is most valuable?

The response is a valuable aspect of SentinelOne.

What needs improvement?

To enhance our already strong partnership with SentinelOne, we should focus on improving collaboration. Specifically, we can become more flexible in adopting their forward-thinking technology. By embracing and quickly implementing their solutions, we can better assist customers and achieve mutual success.

For how long have I used the solution?

I am currently using SentinelOne as an MSSP.

How are customer service and support?

SentinelOne's support is outstanding, which reflects the strength of our partnership. Their support was a key factor in our decision to do business with them. We value the assistance we receive from their sales organization, sales engineers, and marketing teams. It's reassuring to enter the market with a partner fully committed to our shared success.

How would you rate customer service and support?

Positive

What's my experience with pricing, setup cost, and licensing?

As a SentinelOne partner, we offer competitive pricing on comprehensive packages that include the SentinelOne license, our management services, and a proof-of-concept to ensure the technology meets your needs. We also provide opportunities to meet the resources assisting in managing your security.

Which other solutions did I evaluate?

When working with customers evaluating endpoint cloud technology, we often find they are considering SentinelOne, a company we proudly partner with. We chose SentinelOne because they align with the missions and focus on trust that are important to us, particularly in the cybersecurity landscape. As in any critical partnership, trust is essential, especially when facing evolving challenges and adopting new technologies. Our partnership with SentinelOne allows us to embrace those advancements, provide them to our customers, and ultimately offer a strong differentiator in the market.

We evaluated several options when selecting a cybersecurity provider to manage endpoint and cloud security for our customers. SentinelOne emerged as the leader in the industry, offering not only a superior product but also a strong partnership approach. Their commitment to innovation, particularly in AI, aligns with our vision for the future of cybersecurity. We are confident in our decision to partner with SentinelOne and leverage their expertise to enhance our customers' security posture.

What other advice do I have?

I would rate SentinelOne Singularity Identity ten out of ten. We highly value our partnership with SentinelOne, ranking them among the best of our 20 partners. As a managed security services provider, we leverage various technologies to address diverse customer needs, and SentinelOne consistently excels in responsiveness and communication—essential pillars for successful business collaboration.

To convince a hesitant customer about SentinelOne, we suggest a proof of concept. This allows the product to demonstrate its value and effectiveness firsthand, building customer confidence in the technology. Combining SentinelOne's capabilities with our management expertise creates a strong solution, leading to positive outcomes in these situations.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner, MSSP
Flag as inappropriate
PeerSpot user
Quality Engineer at a manufacturing company with 1,001-5,000 employees
Real User
Can assist us with legacy servers, and helps protect our assets, but the support needs improvement
Pros and Cons
  • "The protection provided by SentinelOne Singularity Identity is the most valuable feature."
  • "We haven't received the expected support whenever we've had questions."

What is our primary use case?

We use SentinelOne Singularity Identity to gain visibility around our server.

How has it helped my organization?

What I appreciate about SentinelOne Singularity Identity is its capability to assist us with legacy servers, enhance visibility, and provide protection for them. We also utilize CrowdStrike for endpoint detection, and Rapid7 for incident response, protection, and Security Information and Management. However, SentinelOne stands out among these products because it effectively supports preexisting or older servers such as Microsoft Server 2005 and 2010. So far, our experience with SentinelOne has been entirely satisfactory, making it one of the top solutions.

SentinelOne Singularity Identity helps us protect our assets.

SentinelOne Singularity Identity offers a unified console. Managing our system through the console is straightforward. Interns can use it proficiently without any concerns or complaints. Generally, they become adept after undergoing onboarding training for approximately two to three weeks. When they have inquiries, we can guide them appropriately. I would describe it as relatively easy. The situation is progressively enhancing. It hasn't always been like this. There's a definite improvement, and I must acknowledge that. The user experience of the application is indeed getting better.

Singularity Identity does its job of protecting identities from exploitation. 

Singularity Identity provides visibility into our attack surface risk and we use them because they support legacy services.

Singularity Identity's ability to detect and prevent threats is good.

Singularity Identity has helped reduce our MTTD identity-based attacks.

What is most valuable?

The protection provided by SentinelOne Singularity Identity is the most valuable feature.

What needs improvement?

We haven't received the expected support whenever we've had questions. There are still gaps in our ability to obtain information from them, and some of their responses are unsatisfactory. Do they expect us to engage high-level consultants each time we have these questions about reporting? SentinelOne needs to thoroughly examine its competitors' actions. Companies like Trend Micro, McAfee, and CrowdStrike are their competitors. They should also take a look at Palo Alto and Symantec to understand their strategies and how they can attract more people. We are currently paying for CrowdStrike and Rapid7. Personally, I'm not very fond of Rapid7. I'm more accustomed to using Splunk. In my previous job, I used Splunk Enterprise for six years. This is the direction SentinelOne should take: enhancing user-friendliness and providing better support. For instance, if I need to generate a report and encounter clarity issues or gaps, how can they assist me in resolving these problems? Can they involve consultants or product managers? Because, in most cases, the feedback we receive after raising a ticket isn't what we hoped for. This lack of satisfaction also raises more questions for my leadership team. They are genuinely interested in understanding the situation better. This is the aspect that I believe needs attention. However, I think the responsibility lies primarily with SentinelOne to analyze their competition's practices. Perhaps they could consider organizing a pilot program or a webinar, where they can inquire about participants' preferences. This way, they could effectively engage with users, understand their needs, and tailor SentinelOne accordingly. Based on my experience with Apple over the years, I can attest that support plays a critical role. That level of engagement, human interaction – it's of paramount importance. SentinelOne needs to raise the bar when it comes to customer support and engagement.

SentinelOne Singularity Identity has the potential for improvement. It could offer a broader range of visibility and more accurate coverage, as the underlying functions of these tools are essentially the same, just applied in different use cases. Another tool to consider is SecurityScorecard. Questions arise about what they scan, how they conduct scans, and how reliable their results are, particularly in relation to bypassing firewalls. Trustworthiness of the provided information and its accuracy are concerns that require more customer engagement. This necessitates webinars and workshops to delve into their brand and product specifics. It's important to highlight what sets SentinelOne apart and why it's a favorable choice. While I do appreciate SentinelOne, I'm seeking reasons to fully commit and present these to my Chief Executive and the rest of the leadership team. Since they aren't well-versed in technical jargon but rather in business language, it's crucial to bridge the gap between technological details and business benefits. This alignment is vital for securing their buy-in, especially with the upcoming budget discussions. From my perspective, Customer Success Managers should play a significant role. I'm unsure whether the model followed is a Customer Success Leader or a Customer Account Manager. However, it's important for them to actively engage with all customers, arranging meetings and offering support. Comparatively, I hold great respect for Rapid7 and Splunk. During my interactions, while I worked with Rapid7's CSM I consistently engaged with my team and me, usually bi-weekly if not weekly. Their inquiries are insightful, although we might not always have immediate answers. Their proactive approach in assisting us to maximize the tool's utility, even accommodating missed training sessions by arranging new ones, greatly enhances user comfort. The analogy here lies in how tools like Microsoft Suite are used by everyone and Google came along with Sheets providing a user-friendly experience, effectively challenging Microsoft's dominance. A similar strategy should be pursued by SentinelOne - to compete while prioritizing user experience over just the interface. The tool should enable users to seamlessly accomplish tasks and yield outcomes. This is essential not just for experienced individuals like me, but also for less technically inclined individuals who may lack IT expertise and the patience for intricate inquiries.

For how long have I used the solution?

I have been using SentinelOne Singularity Identity for one year.

What do I think about the stability of the solution?

SentinelOne Singularity Identity is stable.

What do I think about the scalability of the solution?

SentinelOne Singularity Identity scales well and is load balanced.

How was the initial setup?

The initial is straightforward. The deployment includes myself, another team member, server team members, networking members, and vendors. Our security architecture is fairly stable. We've invested time in constructing and establishing the architecture to bring it to its current state. This approach ensures that when the time comes to scale or onboard a new product or platform, the process is usually uncomplicated. We possess the network diagram.

What about the implementation team?

We worked with a vendor for the implementation.

What other advice do I have?

I would rate SentinelOne Singularity Identity as a seven out of ten, considering all the effort that SentinelOne invests in endpoint cloud and identity management. I'm also allowing room for growth. There's always potential for growth. It should never be perceived as a negative, but rather as an opportunity for growth, as we can continuously evolve and make improvements.

We are engaged in the manufacturing business. Consequently, we will inevitably have some outdated services due to the nature of our business. The application we employ is integral to our operations; it's an essential part of the adoption process and security measures. Implementing this specific application is costly, amounting to millions of dollars for companies. Therefore, we don't simply suggest discarding the application. Instead, we strive to find ways to safeguard these valuable assets. This is where SentinelOne comes into play. However, I would encourage SentinelOne to consider the available market. Why should we rely on two different tools when we could solely utilize their services? Why should we incur expenses with other providers when we could integrate SentinelOne across all our servers, workstations, and endpoints?

I'm curious about the quality of SentinelOne's vulnerability database. How far back does it provide coverage? What is the extent of its support for users? Can it be used on a Windows 2000 server? Is real-time coverage available?

It's a good idea to layer technology. Someone who already has a Microsoft license and is using Defender can still use Singularity Identity. I would recommend engaging with the Customer Success Managers at SentinelOne. Request a demo and a live presentation. Ask someone to guide them through the process and provide them with value propositions that will assist them in making well-informed decisions. Also, inquire about the security architecture, level of maturity, and existing environment. All of these aspects will help them find the best solution, even if it involves connecting with a consultant. Engagement is always crucial. Each organization's situation is unique, and its architecture varies. Architecture style, design, and communication practices differ among organizations. Consider how the organization would like the setup to be. What's their network configuration? How will different components communicate? Which parts are accessible, and which are restricted? Collecting all this information tailored to each organization will greatly enhance that organization's understanding.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Security Analyst at a construction company with 5,001-10,000 employees
Real User
Provides a unified view, helps reduce our MTTD, and protects identities from exploitation
Pros and Cons
  • "All the features within the XDR are valuable as a whole for our organization."
  • "The first-level support has room for improvement."

What is our primary use case?

We use SentinelOne Singularity Identity as our Extended Detection and Response solution. I engage with it daily since it's essentially one of my routine tasks. I access the platform to monitor our environment, check for any incidents, and address any related matters.

We began utilizing the solution primarily to manage response to detections, mainly for threat detection.

How has it helped my organization?

SentinelOne Singularity Identity has assisted our organization in reducing manual workload and providing alerts when issues arise in our environment.

It Identity provides a unified view.

Managing our environment using SentinelOne Singularity Identity console is easy. It is extremely easy to push agent updates using the console.

It does a great job protecting identities from exploitation.

Singularity Identity does a good job of providing us with visibility into our attack surface risk and where we should be looking.

SentinelOne does a good job of detecting and preventing threats.

SentinelOne Singularity Identity has helped reduce our MTTD by hours because we have moved from manual identification to automated.

What is most valuable?

All the features within the XDR are valuable as a whole for our organization.

What needs improvement?

The first-level support has room for improvement. We are consistently having to request escalations, particularly when we need to add exclusions for false positive readings. Their typical response is that we can create exclusions, but we disagree. For instance, if a manufacturer installs rpc.net or a similar locating device on our external laptop, that should be an exclusion handled on the SentinelOne side. It shouldn't be our responsibility. This is just one example. Additionally, SentinelOne often claims that their first-level support provides a dedicated exclusion, but we usually disagree with this assessment and push back.

For how long have I used the solution?

I have been using SentinelOne Singularity Identity for three and a half years.

What do I think about the stability of the solution?

I give the stability of SentinelOne Singularity Identity a ten out of ten.

What do I think about the scalability of the solution?

I give the scalability of SentinelOne Singularity Identity a ten out of ten.

How are customer service and support?

The first-level support needs improvement but the other levels are great.

How would you rate customer service and support?

Positive

What was our ROI?

We have seen a return on investment.

What's my experience with pricing, setup cost, and licensing?

The cost of SentinelOne Singularity Identity is better than CrowdStrike.

Which other solutions did I evaluate?

We also evaluated CrowdStrike but  SentinelOne Singularity Identity was a better fit for our environment.

What other advice do I have?

I would rate SentinelOne Singularity Identity a nine out of ten. I recommend using SentinelOne Singularity Identity as an additional layer of security, which also aids in reducing manual workload.

I also recommend that those who are evaluating the solution ensure they complete their work on the front end so that the rest of the deployment proceeds smoothly.

We have deployed SentinelOne Singularity Identity across 3,000 endpoints spanning multiple clouds, departments, and users. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Nityanand Chauracia - PeerSpot reviewer
Junior Cloud Engineer at ACC Limited
Real User
Top 5
Offers a unified view, a user-friendly console, and reduces our MTTD
Pros and Cons
  • "While I've experience with many CSPM solutions, SentinelOne Singularity Identity stands out."
  • "The alerts take four hours to generate in our AWS console."

What is our primary use case?

We utilize SentinelOne Singularity Identity, a CSPM solution, to identify vulnerabilities in our cloud configurations. Security alerts are generated for cloud-native threats and forwarded to the task force, who then manually address the vulnerabilities with a comprehensive maintenance plan.

How has it helped my organization?

Unlike Prisma, where feature requests are added to their roadmap and implemented in future releases, SentinelOne Singularity Identity's process prioritizes immediate attention to our requests, ensuring a faster turnaround time.

SentinelOne Singularity Identity offers a unified view of our cloud-native security landscape, which is valuable despite some minor filtering issues. The cloud-native security team is actively addressing these challenges, demonstrating their commitment to user feedback.

Managing our environment using the Singularity console is easy and that helps with troubleshooting.

We are happy with SentinelOne Singularity Identity's ability to identify and prevent threats.

SentinelOne Singularity Identity has reduced our mean time to detect identity-based attacks. It saves two hours per detection.

What is most valuable?

Cloud-native architecture offers significant advantages, but security is paramount. While I've experience with many CSPM solutions, SentinelOne Singularity Identity stands out. Its security engine excels at providing evidence of potential vulnerabilities. This includes detailed explanations of exposed endpoints with credentials, enabling evidence-based reporting that empowers further investigation. We're collaborating with stakeholders to identify and address cloud misconfigurations based on this valuable information.

What needs improvement?

The alerts take four hours to generate in our AWS console.

The lack of break-glass account features hinders our ability to implement SSO. To achieve full functionality, SentinelOne should prioritize adding this capability.

For how long have I used the solution?

I have been using SentinelOne Singularity Identity for one year.

What do I think about the stability of the solution?

I would rate the stability of SentinelOne Singularity Identity nine out of ten.

What do I think about the scalability of the solution?

I would rate the scalability of SentinelOne Singularity Identity nine out of ten.

How are customer service and support?

We contacted technical support about adding some policies, creating plug-ins based on our requirements, and enabling the comments for the user for any false positive alerts.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Our team previously used PingSafe, but management directed a migration to SentinelOne Singularity Identity for a more comprehensive security solution.

How was the initial setup?

The initial deployment was manageable. I did the deployment with the help of a senior team member. I was responsible for onboarding all our cloud accounts for AWS, GCP, and Azure.

What other advice do I have?

I would rate SentinelOne Singularity Identity eight out of ten.

While you may already have a Microsoft Defender license, SentinelOne Singularity Identity offers superior vulnerability detection capabilities, making it a strong recommendation to consider for a more comprehensive security posture.

We have 12 users of SentinelOne Singularity Identity in our organization.

SentinelOne Singularity Identity is easy to use and I recommend it to others.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free SentinelOne Singularity Identity Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free SentinelOne Singularity Identity Report and get advice and tips from experienced pros sharing their opinions.