Global Chief Information Security Officer at Barry-Wehmiller
Real User
Top 20
2024-10-16T23:31:00Z
Oct 16, 2024
To improve SentinelOne, I would suggest adding a network detection and response capability. While many of my CISO peers utilize NDR, SentinelOne doesn't currently offer this feature, and I haven't seen it on their roadmap. This capability would be invaluable to my team, and I believe other SentinelOne users would agree. Therefore, I recommend that company leaders consider incorporating NDR functionality into their platform.
To enhance our already strong partnership with SentinelOne, we should focus on improving collaboration. Specifically, we can become more flexible in adopting their forward-thinking technology. By embracing and quickly implementing their solutions, we can better assist customers and achieve mutual success.
Global Senior Manager, Information Security at a manufacturing company with 5,001-10,000 employees
Real User
Top 10
2024-10-16T22:19:00Z
Oct 16, 2024
SentinelOne has been around for a number of years, consistently enhancing its platform with new features like its recently launched SIEM. By actively listening to customer feedback, SentinelOne has steadily improved its product suite, particularly the vulnerability management module. This commitment to customer satisfaction is why we partnered with them; we can directly influence their development process with our feedback. While every platform has room for improvement, SentinelOne is quick to address customer concerns and provide effective solutions. For example, we've brought three critical items to their attention regarding vulnerability management, two of which have been addressed, with the third in progress. This responsiveness and dedication to improvement position SentinelOne as a strong competitor in the vulnerability management market.
Business Information Security Officer at McKensson
Real User
Top 20
2024-10-16T21:00:00Z
Oct 16, 2024
One area for improvement would be the self-healing nature of the agent. Ensuring the agents proactively check into the console and resolve issues that may cause them to fall off is crucial.
It has a lot of features in place. From my end, it isn't missing anything. They could always add a few more modules. Pricing could always be lower. Support could be faster. They need a faster response time.
The alerts take four hours to generate in our AWS console. The lack of break-glass account features hinders our ability to implement SSO. To achieve full functionality, SentinelOne should prioritize adding this capability.
Learn what your peers think about SentinelOne Singularity Identity. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
Chief ARCHITECT at a manufacturing company with 11-50 employees
Real User
Top 20
2023-11-15T14:12:00Z
Nov 15, 2023
The root cause of automation could be better. If you have a complex ecosystem, you need an automated threat response mechanism. We'd like an automated correlation of threats. The SOC efficiency could be better. It would help improve the MTTR.
VP - Information Technology at a financial services firm with 201-500 employees
Real User
Top 5
2023-10-05T15:49:00Z
Oct 5, 2023
A lot of those features came from an acquisition of a different company. Actual SentinelOne employees are making a lot of changes right now to fully integrate those components into one security solution portfolio. The recommendation would be to make deployment just a little bit easier. Of course, they talked about it on the road map, so it will settle out naturally. They're aware of the issue. They want to make it better; it's just not quite there yet.
Sr. Network Admin at Continental Carbon Company, Inc.
Real User
Top 10
2023-09-14T14:52:00Z
Sep 14, 2023
I would like to have the option to deploy or push an update on all my endpoints at the same time. I am not aware of such a feature being there. I have not seen it, but it would be good to be able to deploy or push an update on all my endpoints at the same time. Our company has different locations, such as Sunbury, Oklahoma, and Alabama. I have my devices by location, and I have not found a way to choose all the endpoints and then push the update automatically. I have been doing it one by one. We probably have to create a policy so that I can push it. That is the only thing that I do not like. I would like to have a button to update all the endpoints with a simple click. I have not yet seen that in this product.
Director of IT & Data Security at a university with 1,001-5,000 employees
Real User
Top 10
2023-09-13T16:39:00Z
Sep 13, 2023
I don't like SentinelOne's reporting tools. Their reports seem fine theoretically, but the issue is the sample size. For example, it will report that there were four incidents, and that equals 25 percent fewer incidents compared to the previous months. It would be a great improvement if I could expand the range to see reports for the last six months, but it's always one month. That would be an easy thing for them to resolve. It's also challenging to know how many licenses we have. That number changes every day. We'll remove a bunch of machines, and they'll automatically give up their license after three months. I can easily report today's number, but I can't report over time. For example, we have 500 licenses, and when I checked one day, I found out we were using 509. I thought that would be a problem. Now, we've dropped down below that, so I think they're giving us a little leeway, which is great. It's kind of a mystery to me how close we are to using 100 percent of our licenses.
IT Manager at a healthcare company with 501-1,000 employees
Real User
Top 5
2023-09-06T18:55:00Z
Sep 6, 2023
The last time I called to receive support, it wasn't as fast as I wanted. The resolution turnaround from SentinelOne Singularity Identity's support should be improved.
Senior Network Administrator at a logistics company with 51-200 employees
Real User
Top 10
2023-08-17T20:27:00Z
Aug 17, 2023
The UI could stand to be more user-friendly, specifically for users that are not in IT, or for smaller mom and pop sized companies that may not have a dedicated IT department or budget for a fully managed solution.
Singularity Identity, a component of the Singularity platform, provides threat detection & response (ITDR) capabilities to defend Active Directory and domain-joined endpoints in real-time from adversaries aiming to gain persistent, elevated privilege and move covertly. Singularity Identity provides actionable, high-fidelity insight as attacks emerge from managed and unmanaged devices. It detects identity misuse and reconnaissance activity happening within endpoint processes targeting...
To improve SentinelOne, I would suggest adding a network detection and response capability. While many of my CISO peers utilize NDR, SentinelOne doesn't currently offer this feature, and I haven't seen it on their roadmap. This capability would be invaluable to my team, and I believe other SentinelOne users would agree. Therefore, I recommend that company leaders consider incorporating NDR functionality into their platform.
To enhance our already strong partnership with SentinelOne, we should focus on improving collaboration. Specifically, we can become more flexible in adopting their forward-thinking technology. By embracing and quickly implementing their solutions, we can better assist customers and achieve mutual success.
SentinelOne has been around for a number of years, consistently enhancing its platform with new features like its recently launched SIEM. By actively listening to customer feedback, SentinelOne has steadily improved its product suite, particularly the vulnerability management module. This commitment to customer satisfaction is why we partnered with them; we can directly influence their development process with our feedback. While every platform has room for improvement, SentinelOne is quick to address customer concerns and provide effective solutions. For example, we've brought three critical items to their attention regarding vulnerability management, two of which have been addressed, with the third in progress. This responsiveness and dedication to improvement position SentinelOne as a strong competitor in the vulnerability management market.
One area for improvement would be the self-healing nature of the agent. Ensuring the agents proactively check into the console and resolve issues that may cause them to fall off is crucial.
It has a lot of features in place. From my end, it isn't missing anything. They could always add a few more modules. Pricing could always be lower. Support could be faster. They need a faster response time.
The alerts take four hours to generate in our AWS console. The lack of break-glass account features hinders our ability to implement SSO. To achieve full functionality, SentinelOne should prioritize adding this capability.
The root cause of automation could be better. If you have a complex ecosystem, you need an automated threat response mechanism. We'd like an automated correlation of threats. The SOC efficiency could be better. It would help improve the MTTR.
A lot of those features came from an acquisition of a different company. Actual SentinelOne employees are making a lot of changes right now to fully integrate those components into one security solution portfolio. The recommendation would be to make deployment just a little bit easier. Of course, they talked about it on the road map, so it will settle out naturally. They're aware of the issue. They want to make it better; it's just not quite there yet.
I would like to have the option to deploy or push an update on all my endpoints at the same time. I am not aware of such a feature being there. I have not seen it, but it would be good to be able to deploy or push an update on all my endpoints at the same time. Our company has different locations, such as Sunbury, Oklahoma, and Alabama. I have my devices by location, and I have not found a way to choose all the endpoints and then push the update automatically. I have been doing it one by one. We probably have to create a policy so that I can push it. That is the only thing that I do not like. I would like to have a button to update all the endpoints with a simple click. I have not yet seen that in this product.
I don't like SentinelOne's reporting tools. Their reports seem fine theoretically, but the issue is the sample size. For example, it will report that there were four incidents, and that equals 25 percent fewer incidents compared to the previous months. It would be a great improvement if I could expand the range to see reports for the last six months, but it's always one month. That would be an easy thing for them to resolve. It's also challenging to know how many licenses we have. That number changes every day. We'll remove a bunch of machines, and they'll automatically give up their license after three months. I can easily report today's number, but I can't report over time. For example, we have 500 licenses, and when I checked one day, I found out we were using 509. I thought that would be a problem. Now, we've dropped down below that, so I think they're giving us a little leeway, which is great. It's kind of a mystery to me how close we are to using 100 percent of our licenses.
The last time I called to receive support, it wasn't as fast as I wanted. The resolution turnaround from SentinelOne Singularity Identity's support should be improved.
Our engineers are dealing with issues to add exclusions to the antivirus for custom applications.
The UI could stand to be more user-friendly, specifically for users that are not in IT, or for smaller mom and pop sized companies that may not have a dedicated IT department or budget for a fully managed solution.