Learn what your peers think about SentinelOne Singularity Complete. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
SentinelOne is very simple to install and very simple to manage. It's very aggressive, so it does protection well, and it seems to be stopping attacks that other solutions cannot.
I like that SentinelOne doesn't use a lot of system resources or make the system slow. It also performs a full scan quickly—within two hours. It has an easy-to-use end-user GUI.
Chief Information Security Officer at Lone Star National Bank
Real User
2022-05-05T14:48:50Z
May 5, 2022
It is a good endpoint solution. That's the reason we chose it. We looked at other solutions, such as CrowdStrike, and based on the cost and the services it delivers, it was the better choice.
The detection rate for Sentinel One has been excellent and we have been able to resolve many potential threats with zero client impact. The ability to deploy via our RMM allows us to quickly secure new clients and provides peace of mind.
Deputy Chief Information Officer at a computer retailer with 201-500 employees
Real User
2021-10-22T04:24:00Z
Oct 22, 2021
The most valuable feature varies from client to client but having absolute clarity of what happened and the autonomous actions of SentinelOne are what most people find the most assuring.
Two things. 1. if the machine gets ransome ware it automatically gets taken off the network. 2. The ability to rollback an infected machine. Done it once and it works. Hope to never need to do it again.
Our clients have been able to survive a ransomware attack without even knowing that they had had files encrypted and automatically rolled back - even their Point of Sale (POS) system did not miss a beat and the business continued as normal without interruption.
Network & Cyber Security Manager at a energy/utilities company with 51-200 employees
Real User
2021-02-10T02:06:00Z
Feb 10, 2021
When there is an incident, the solution's Storyline feature gives you a timeline, the whole story, what it began with, what it opened, et cetera. You have the whole picture in one minute. You don't need someone to analyze the system, to go into the logs. You get the entire picture in the dashboard. The Storyline feature has made our response time very fast because we don't need to rely on outside help.
Head of IT at a transportation company with 501-1,000 employees
Real User
2020-12-31T07:26:00Z
Dec 31, 2020
In terms of the engines that SentinelOne uses, it has stopped various scripts from running and it's highlighted lateral movement that we weren't expecting.
Information Security & Privacy Manager at a retailer with 10,001+ employees
Real User
2020-12-02T06:24:00Z
Dec 2, 2020
The Deep Visibility feature is the most useful part of the EDR platform. It gives us good insights into what is actually happening on the endpoints, e.g., when we have malicious or suspicious activity. We came from a legacy type AV previously, so we didn't have that level of visibility or understanding. For simplifying threat-hunting, it is extremely useful, where traditional techniques in threat hunting are quite laborious. We can put in indicators of compromise and it will sweep the environment for them, then they would give us a breakdown of what assets have been seen and where they have been seen, which is more of a forensics overview.
Offensive Security Certified Professional at Schuler Group
Real User
2020-12-01T05:04:00Z
Dec 1, 2020
For me, the most valuable feature is the Deep Visibility. It gives you the ability to search all actions that were taken on a specific machine, like writing register keys, executing software, opening, reading, and writing files. All that stuff is available from the SentinelOne console. I'm able to see which software is permanent on a machine, and how that happened, whether by registry keys or writing it to a special folder on the machine.
Network and Security Engineer at a energy/utilities company with 1,001-5,000 employees
Real User
2020-11-05T06:53:00Z
Nov 5, 2020
It is easy to manage and install. It has a very nice graphical interface that is very intuitive when end users are using it. You don't have to follow or read a book about 600 pages to have knowledge on how to use it. When SentinelOne is up and running, you can easily find your way.
Enterprise Security Architect at a recruiting/HR firm with 10,001+ employees
Real User
2020-11-01T09:42:00Z
Nov 1, 2020
SentinelOne also provides equal protection across Windows, Linux, and macOS. I have all of them and every flavor of them you could possibly imagine. They've done a great job because I still have a lot of legacy infrastructure to support. It can support legacy environments as well as newer environments, including all the latest OS's... There are cost savings not only on licensing but because I don't have to have different people managing different consoles.
Security Expert at a healthcare company with 5,001-10,000 employees
Real User
2020-11-01T09:42:00Z
Nov 1, 2020
The solution is powerful because we just have to update the agent by using the console, which is simple to do. I just select the endpoints and click "Update" on the console. That is it, because it is very easy to use.
Network Support at a university with 1,001-5,000 employees
Real User
2020-10-29T10:12:00Z
Oct 29, 2020
The best thing SentinelOne has done for us is that it gives us insight into the endpoints. We never had insight into lateral movement threats before. Once a threat known as Qbot gets on the network, it actually spreads throughout sub-networks quickly. SentinelOne has detected that and saved our bacon. We were able to get in there and stop the threat, lock it down, and prevent it from actually spreading through. It would have been 50 or 60 computers. It had spread through in a few minutes. We have a lot of HIPAA data and FERPA data that we need to keep protected.
Software Engineer at a healthcare company with 51-200 employees
Real User
2020-10-27T06:41:00Z
Oct 27, 2020
It delivers the type of security which we were hoping for, since we have a lot of different endpoint users utilizing different types of software. We have people who only use Office software, like email, Word, and PDFs. Then, we have people who use some applications that other people wrote. We also write applications in-house using people who develop software. Therefore, we have some machines using very high-end developer software for mechanical development, electronic development, and software development. Those users are used to managing their PC on their own. The centralize platform allows us to differentiate between those three groups of people. We have overall control and can oversee the security levels at all the endpoints. They have not yet been blocked in any way when performing the functions
The best part of the agent is that users can't remove or disable it, so endpoints will be safe. I can control it from the portal. I can see when it's updated and I can push updates from the portal. The greatness of SentinelOne is that our end-users don't see anything to do with the agents. Some of them don't even know it's on their laptops. And that's a good thing.
It has a one-click button that we can use to reverse all those dodgy changes made by the virus program and bring the system quickly back to what it was. That's one of the most important features.
CIO at a manufacturing company with 1,001-5,000 employees
Real User
2020-10-07T07:04:00Z
Oct 7, 2020
One of the features that convinced us to adopt SentinelOne was that the solution can recognize and respond to attacks with or without a network connection. That is very important.
Previously, we had some processes related to incident response which required more steps. We needed to upload to VirusTotal, Sandbox, et cetera. Now, this process is shortened because all of the information we need is already in SentinelOne. We can briefly analyze and even respond from one management console. If someone has SOC, using the API, they can control everything. It's very cool. I think this is the future.
Director - Global Information Security at a manufacturing company with 10,001+ employees
Real User
2020-01-29T11:22:00Z
Jan 29, 2020
The strength of SentinelOne is that it has an automated, active EDR. It does that first level of what a SOC analyst would do, automatically, using artificial intelligence, so we can focus on other things. Active EDR not only notifies you, but it actually fixes that first level. That is unheard of. Very few, if any, companies do that.
Engineer II, Enterprise Client Support at a media company with 10,001+ employees
Real User
2020-01-07T15:40:00Z
Jan 7, 2020
We love the API. We use it to generate robust reporting, and we also developed tools to perform agent actions remotely without needing to provide all IT staff with console access.
IT Operations Manager at a retailer with 1,001-5,000 employees
Real User
2019-08-20T05:12:00Z
Aug 20, 2019
All of the features are valuable. The way that it integrates into management with fault correction capabilities over is especially valuable. Any of the full gamut of the features that it provides are useful to us.
SentinelOne Singularity Complete provides AI-driven threat detection and response with features like ransomware protection and rollback, offering endpoint protection with minimal system impact and deep forensic analysis.SentinelOne Singularity Complete combines machine learning and artificial intelligence to offer robust endpoint protection. It delivers real-time insights and advanced threat detection through seamless integration with third-party tools, allowing for efficient endpoint...
The AI solution makes it easy for customers to detect and manage policies, as well as documents that help customers manage their platform.
The setup is very straightforward.
The solution offers excellent detection and integration capabilities.
The XDR capability is quite good.
The ability to:
1. Tune to the agents to prevent application performance without impacting the effectiveness of the engines and protection of the endpoints.
2. Ability to "hunt" and/or search for specific suspicious/malicious activities on an end-point or across all end-points.
3. Very low false positives.
4. Fanatic Managed SOC services (Vigilance). The team escalates 100% true positives only.
Simple - It's never been breached!
The most valuable feature of SentinelOne is the EDR functionality. We are protected against threats, such as ransomware.
SentinelOne has helped us to improve our security by fine-tuning our current use cases and creating new ones.
SentinelOne's auto-rollback feature is the most valuable.
The best thing is it has a secure shell command that you can use to get into any endpoint and do some jobs.
The solution is both stable and scalable.
Offers good protection against ransomware.
It's quite scalable.
SentinelOne is preferred because of its great features and nominal cost.
The process visualization, automated response, and snapshotting are valuable. The integration and automation possibilities are also valuable.
It has saved us from a couple of ransomware attacks already.
It is easy to collect and retain logs with SentinelOne.
The protection and management provided by SentinelOne is good.
SentinelOne is very simple to install and very simple to manage. It's very aggressive, so it does protection well, and it seems to be stopping attacks that other solutions cannot.
The ability to get queries by pressing the "tab" button is a plus for SentinelOne.
I have found the most valuable feature to be the rapid threat detection.
I like that SentinelOne doesn't use a lot of system resources or make the system slow. It also performs a full scan quickly—within two hours. It has an easy-to-use end-user GUI.
It is a good endpoint solution. That's the reason we chose it. We looked at other solutions, such as CrowdStrike, and based on the cost and the services it delivers, it was the better choice.
The customer support for this solution is good.
Scalable endpoint protection solution that takes seconds to set up per device. It has a rollback feature and offers good technical support.
Most of the features are valuable. As a system integrator, agent deployment is valuable. It also fits the requirements of most of the clients.
The detection rate for Sentinel One has been excellent and we have been able to resolve many potential threats with zero client impact. The ability to deploy via our RMM allows us to quickly secure new clients and provides peace of mind.
The most valuable feature varies from client to client but having absolute clarity of what happened and the autonomous actions of SentinelOne are what most people find the most assuring.
Never had the experience of testing or working with SentinelOne but from what I've heard from others it is pretty slick on rolling back infected PCs.
Two things. 1. if the machine gets ransome ware it automatically gets taken off the network. 2. The ability to rollback an infected machine. Done it once and it works. Hope to never need to do it again.
Our clients have been able to survive a ransomware attack without even knowing that they had had files encrypted and automatically rolled back - even their Point of Sale (POS) system did not miss a beat and the business continued as normal without interruption.
The Storyline feature has significantly affected our incident response time. Originally, what would take us hours, now it takes us several minutes.
When there is an incident, the solution's Storyline feature gives you a timeline, the whole story, what it began with, what it opened, et cetera. You have the whole picture in one minute. You don't need someone to analyze the system, to go into the logs. You get the entire picture in the dashboard. The Storyline feature has made our response time very fast because we don't need to rely on outside help.
In terms of the engines that SentinelOne uses, it has stopped various scripts from running and it's highlighted lateral movement that we weren't expecting.
The Deep Visibility feature is the most useful part of the EDR platform. It gives us good insights into what is actually happening on the endpoints, e.g., when we have malicious or suspicious activity. We came from a legacy type AV previously, so we didn't have that level of visibility or understanding. For simplifying threat-hunting, it is extremely useful, where traditional techniques in threat hunting are quite laborious. We can put in indicators of compromise and it will sweep the environment for them, then they would give us a breakdown of what assets have been seen and where they have been seen, which is more of a forensics overview.
For me, the most valuable feature is the Deep Visibility. It gives you the ability to search all actions that were taken on a specific machine, like writing register keys, executing software, opening, reading, and writing files. All that stuff is available from the SentinelOne console. I'm able to see which software is permanent on a machine, and how that happened, whether by registry keys or writing it to a special folder on the machine.
It is easy to manage and install. It has a very nice graphical interface that is very intuitive when end users are using it. You don't have to follow or read a book about 600 pages to have knowledge on how to use it. When SentinelOne is up and running, you can easily find your way.
SentinelOne also provides equal protection across Windows, Linux, and macOS. I have all of them and every flavor of them you could possibly imagine. They've done a great job because I still have a lot of legacy infrastructure to support. It can support legacy environments as well as newer environments, including all the latest OS's... There are cost savings not only on licensing but because I don't have to have different people managing different consoles.
The solution is powerful because we just have to update the agent by using the console, which is simple to do. I just select the endpoints and click "Update" on the console. That is it, because it is very easy to use.
The best thing SentinelOne has done for us is that it gives us insight into the endpoints. We never had insight into lateral movement threats before. Once a threat known as Qbot gets on the network, it actually spreads throughout sub-networks quickly. SentinelOne has detected that and saved our bacon. We were able to get in there and stop the threat, lock it down, and prevent it from actually spreading through. It would have been 50 or 60 computers. It had spread through in a few minutes. We have a lot of HIPAA data and FERPA data that we need to keep protected.
It delivers the type of security which we were hoping for, since we have a lot of different endpoint users utilizing different types of software. We have people who only use Office software, like email, Word, and PDFs. Then, we have people who use some applications that other people wrote. We also write applications in-house using people who develop software. Therefore, we have some machines using very high-end developer software for mechanical development, electronic development, and software development. Those users are used to managing their PC on their own. The centralize platform allows us to differentiate between those three groups of people. We have overall control and can oversee the security levels at all the endpoints. They have not yet been blocked in any way when performing the functions
The best part of the agent is that users can't remove or disable it, so endpoints will be safe. I can control it from the portal. I can see when it's updated and I can push updates from the portal. The greatness of SentinelOne is that our end-users don't see anything to do with the agents. Some of them don't even know it's on their laptops. And that's a good thing.
It has a one-click button that we can use to reverse all those dodgy changes made by the virus program and bring the system quickly back to what it was. That's one of the most important features.
One of the features that convinced us to adopt SentinelOne was that the solution can recognize and respond to attacks with or without a network connection. That is very important.
Previously, we had some processes related to incident response which required more steps. We needed to upload to VirusTotal, Sandbox, et cetera. Now, this process is shortened because all of the information we need is already in SentinelOne. We can briefly analyze and even respond from one management console. If someone has SOC, using the API, they can control everything. It's very cool. I think this is the future.
Prevents ransomware getting through.
The most valuable feature is that it just unintrusively works in the background to carry out the protection.
The strength of SentinelOne is that it has an automated, active EDR. It does that first level of what a SOC analyst would do, automatically, using artificial intelligence, so we can focus on other things. Active EDR not only notifies you, but it actually fixes that first level. That is unheard of. Very few, if any, companies do that.
We love the API. We use it to generate robust reporting, and we also developed tools to perform agent actions remotely without needing to provide all IT staff with console access.
It has the ability to rollback a ransomware infection instantly and with minimal disruption to the user & provides robust reporting.
The solution offers very rich details surrounding threats or attacks.
We have a preference for their receptor. It's good at finding many EFC files. EFC files could have a virus.
The most valuable feature of this solution is the user-friendly interface.
All of the features are valuable. The way that it integrates into management with fault correction capabilities over is especially valuable. Any of the full gamut of the features that it provides are useful to us.
I have found the activity timeline and threat analysis to be particularly useful.
In the past, we were not able to identify a few viruses, but now we are able to identify them because of the machine learning feature.
It has good visibility features and it's straightforward.