SentinelOne Software and Solutions

We use it for a couple of use cases. The biggest one we use it for is to protect our AWS environment, and it does a couple of functions for us and our whole development. It scans all the code in our GitLab or our code repository and looks for any hard-coded passwords or keys or any insecurities. It checks if we have any old deprecated components within our software and points that out.

There are a couple of gates that we can set up. When we are pushing the code out of the repos into AWS, it finds any high-severity vulnerability. This is configurable, but we have critical, high, and medium severities. If it finds any, it blocks the push and puts some notes in for the developers to go in to remediate the issue before they can push the code into AWS. Let us assume the code is good in GitLab and gets over to AWS. It then does a couple of things on the AWS side. It looks at the overall infrastructure and how things are configured. There may be things in AWS that are misconfigured or old components that were manually built or deployed without going to GitLab. It points them out.

I have been very happy with the evidence-based reporting. It is not just theoretical. It scans the code or looks at the AWS environment and pulls back the details that tell us that this is a vulnerability. We have a good understanding of why it is a highly-rated vulnerability. It makes it much easier to prioritize and then go through and remediate the issue.

Agentless vulnerability scanning has been very good. It pulls back quite a bit of information that is actionable by our team.

Singularity Cloud Security includes proof of exploitability in its evidence-based reporting. That is critically important because especially in large environments, when you run scans or use the vulnerability scanning tool, you might be inundated with results. It takes a long time for analysts to go back through and validate whether it is a true positive or a false positive. Singularity Cloud Security can eliminate a lot of false positives or almost all of them, and we can focus on something that is a true issue, as opposed to wasting our time and resources.

The Offensive Security Engine is doing the attack path management. That is one of the most critical features to us because it tells us that we have this misconfiguration here, or we may have a secret or some vulnerability here. It tells us about the impact and how an attacker could exploit that to gain persistence in our environment and install data. We have a true impact of why this is important and why we need to fix it. With scanners like Rapid, Qualys, and others, we get the credentials and we get a scan, but then we spend an inordinate amount of time looking through reports and trying to figure out:

• Where do we spend our time?
• What do we prioritize?
• What is remediated?
• What is it that we can remediate?
• What is it that we can take action on and make an improvement in the environment?

It is very frustrating when you are spending hours only to run down something and realize it is a false positive, and there is nothing you can do to make a positive impact. Eliminating all those false positives really helps us.

We have had very good luck with the IaC. For us, it is hugely valuable because we can catch things very early in the process before they get promoted into production. In case something flips through or escapes, it still helps you to find it.

We started seeing its benefits literally the day after deployment. The only reason I say the day after is because we ended up working on it kind of late in the afternoon. We got things set up, and it took a few hours for results to start populating, but its benefits were very apparent when we started looking through the reports and dashboards.

Singularity Cloud Security significantly helped reduce the number of false positives we deal with. The biggest aspect for us is allowing the security and development teams and DevOps to be much more efficient. As opposed to spending 80 hours going through some big reports, we are able to cut that down to a fraction of the time and make a positive impact on the environment. We are not chasing a bunch of dead ends.

It has made a great impact on the risk posture. We are also able to look at the trends over time in terms of where we started and what we remediated. You can see the environment getting more secure as we keep knocking down vulnerabilities.

Our mean time to detect is much faster. It is a much lower number there. There has been a significant change in the number of vulnerabilities remediated or per hour of investment from the engineering and security teams. By implementing this tool, we are able to do a lot more with the same team size and remediate things much faster than before.

It has made it much easier for these disparate teams to have the conversation in terms of what needs to be prioritized and fixed, and then it has given a lot more information. It eliminates some of the he said, she said, or some of the frustration that can happen between different teams because one team is looking at a tool they are familiar with and the other team has a different tool. Historically, there were some disagreements in terms of what issues exist in the environment and where we should spend our time in terms of trying to make improvements and remediate.

Our favorite feature is attack path management. If you have an S3 bucket that is configured to be publicly accessible, it will look and inform you that it is publicly accessible. If someone gets in this bucket, they could ultimately traverse, get into this RDS, and do something negative or detrimental to the environment there. You not only get to know about vulnerabilities and misconfigurations but also some of the actual impacts of having these vulnerabilities. It is not just a raw data dump.

So far, it has been very easy to use. It gives very rich information or a lot of details about the findings. It has a lot of links to go back into GitLab or into AWS to validate the CDF configuration, and then it gives a lot of guidance for remediation.

Standing it up was pretty straightforward. We did get assistance from SentinelOne SE at the time of the trial to ensure that everything was configured and working correctly.

Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us.

Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.

I have been using this solution for six months.

We have not had any issues with stability. It has been solid on that front.

We are not huge, so we have not run into any sort of scalability problems at all. We are running only six or seven subscriptions in AWS. Our bill in AWS is less than 20K a month, so it is not huge.

I have talked to SentinelOne support multiple times, but not on the cloud-native security front. I cannot add anything on that side.

I have not used any other tool at this company. In the past, I have used some different tools.

It was very easy for us with one exception. We had a mono repo, and we worked it out with the SentinelOne security engineering team. We got some direction for them in terms of how to do some of the code-blocking configuration, but it was a pretty straightforward and quick setup.

It took us three weeks maybe, but it was not like we spent three weeks heavily. We did it slowly. We did most of the deployment in a couple of hours, and then we had some check-in meetings over the next few weeks to go through and just check on it, become familiarized with the system, and then ask questions. The initial deployment took less than a day and then learning, discovering, and getting familiar with it took us a few weeks.

It does not require any maintenance from our side. We may have some sort of maintenance to do. For example, we are planning to acquire assets from another institution. They are on-prem, so we will have to build up their AWS environment. Once we build out that environment, we may need to make some changes in SentinelOne so that it picks up those new environments. That is a guess. We have not done it yet.

We literally did it with SentinelOne SE. They provided all the setup work for us. We did not pull in a third party.

We found it to be fine for us. Its price was competitive. It was something we were happy with. We are not a Fortune 500 company, so I do not know how pricing scales at the top end, but for our cloud environment, it works very well.

We did look at Wiz, Orca Security, and Palo Alto's Prisma. We also looked at Lacework and ultimately settled on SentinelOne for a couple of reasons.

We did like the functionality provided by Palo Alto, but the way their licensing worked was frustrating, to say the least, and the cost was fairly high. We found it unaffordable. 

Lacework was still at an early stage. We did not feel that they provided all the functionality we needed, so we did not feel the confidence there. 

Wiz is a dominant player in the market. I have a lot of respect for them, but it did not provide all the reporting and data we needed. Especially for the price point, it was affordable for us. 

In the case of Orca Security, in the previous organization, we saw some pretty glaring false positives, which turned us off on that platform.

To new users, I would say that like any tool, you need to sit down and learn what the tool can do. Understand your objectives and then work through to make sure the tool meets your needs. It is straightforward and easy to use.

I would rate Singularity Cloud Security a ten out of ten at this point.