SentinelOne Singularity Cloud Security Reviews

SentinelOne Singularity Cloud is on our computers and servers, mainly for threat hunting. I use it to ensure our devices remain healthy and are virus-free, ransomware-free, and threat-free.

We've felt more comfortable having SentinelOne Singularity Cloud because we've had a safer environment. The benefits from the platform were immediate.

What is most valuable in SentinelOne Singularity Cloud is that it can detect any threat on a machine or is being installed on a machine, so it is a platform that helps keep the environment safe.

I also found the real-time detection and response capabilities of SentinelOne Singularity Cloud impressive because it is a platform that uses artificial intelligence to determine what is normal and what is abnormal and can lock down any virus it may encounter.

SentinelOne Singularity Cloud has good automated remediation capabilities. It can catch threats that other antiviruses do not.

The platform also has a very good deep visibility feature, enabling you to run scans and find what you need.

SentinelOne Singularity Cloud provides excellent historical data to find what you need.

The platform reduced my organization's mean time to detect and mean time to remediate anywhere from a week to sixty days.

SentinelOne Singularity Cloud also helped free up SOC staff, enabling staff to work on other projects or tasks. Through the platform, the team does not have to spend as much time trying to go through different objects on the machines manually.

SentinelOne Singularity Cloud hasn't had a direct, everyday impact on my organization's productivity. What it has an impact on is uptime whenever there is a threat on a computer because it blocks it.

The platform has good interoperability with third-party solutions and integrates smoothly.

SentinelOne Singularity Cloud is able to support my organization's ability to innovate. It is good in that aspect, though I have yet to work with that extensively.

SentinelOne Singularity Cloud sometimes has false positives, but the main area for improvement I want to see is for it to become less resource-intensive. Right now, it can slow down processes on the machine, and it would be a massive improvement if it were more lightweight than it currently is.

I've been working with SentinelOne Singularity Cloud for about three years.

I found SentinelOne Singularity Cloud stable.

SentinelOne Singularity Cloud is scalable, and it is pretty seamless in terms of autoscaling based on my organization's workload demands.

I have not contacted the SentinelOne Singularity Cloud technical support team.

My organization used Windows Defender but switched because SentinelOne Singularity Cloud was more robust.

Due to its notifications, you can also have the turnout time of obtaining telemetry data from SentinelOne Singularity Cloud automatically, so you do not have to watch it constantly to see the data. The platform automatically shuts down the computer, takes it off the network, and then reports to you versus Windows Defender, which requires you to do a little more research into the items, as it did not provide as much information.

I was involved in the initial setup of SentinelOne Singularity Cloud, which I found pretty straightforward.

We worked with a consultant in implementing SentinelOne Singularity Cloud.

Only two people were involved, and the process took about two weeks.

I believe there is ROI from SentinelOne Singularity Cloud because of its impact on productivity through its ability to remediate and self-resolve some of the items.

I have no information on how much SentinelOne Singularity Cloud costs.

We did not evaluate other options before choosing SentinelOne Singularity Cloud.

If someone were to tell me that they do not believe they need SentinelOne Singularity Cloud because they have a continuous security monitoring solution in place, I would disagree because, with the SentinelOne Singularity Cloud platform, you can allow or disallow items within the machine. It automatically disconnects the machine from the network, helping you determine what is happening.

My organization works with the cloud version of the platform. It is deployed in multiple departments, and about four hundred users work with the endpoints.

SentinelOne Singularity Cloud requires maintenance, but it's not difficult to maintain.

Only one person takes care of the maintenance of the platform.

My advice to other users who would like to start working with SentinelOne Singularity Cloud is that I would highly recommend it based on its abilities and what it can find and remediate for you. It is easy to deploy and maintain, so I would tell others it is a solid platform.

My rating for SentinelOne Singularity Cloud is eight out of ten.

SentinelOne Singularity Cloud Security was being used for cybersecurity and governance. The company where I used to work wanted to secure sensitive information or prevent any data leaks. It provided good protection.

I used it on a daily basis. If any alert came up, or any best practice needed to be followed, I used to look into the alerts and work on the issue so that it did not affect our systems.

SentinelOne Singularity Cloud Security includes proof of exploitability in its evidence-based reporting. It helps to secure sensitive information saved in the cloud. It provides alerts in the case of any vulnerability. I felt secure when I was using SentinelOne Singularity Cloud Security.

The alerts had severity levels, such as low, medium, and high. I used to give priority to the ones with a high severity level and then I used to handle the ones with medium or low severity.

Before SentinelOne Singularity Cloud Security, it was a bit difficult to know all the vulnerabilities. There were some services in AWS, but we had to configure them and check them on a daily basis for any alerts. SentinelOne Singularity Cloud Security was more reliable. Our InfoSec team used to inform us about any vulnerabilities and then we used to resolve them. SentinelOne Singularity Cloud Security was more beneficial for our organization for security purposes.

SentinelOne Singularity Cloud Security improved our security posture. I would rate it a nine out of ten for that.

SentinelOne Singularity Cloud Security improved our mean time to detect. Its dashboards were helpful, and there was continuous improvement.

It used to guide me about an alert. There is something called an alert guide. I used to click on the alert guide, and I could read everything. I could read about the alert and how to resolve it. I used to love that feature.

Its interface was pretty good. It was very easy to use.

It was also good for compliance, but I was not handling that part. I only used to view the alerts and solve the issues. The other aspects were handled by my seniors.

I used to work on AWS. At times, I would generate a normal bug in my system, and then I would check SentinelOne Singularity Cloud Security. The alert used to come after about three and a half hours. It used to take that long to generate the alert about the vulnerability in my system. If a hacker attacks a system and SentinelOne Singularity Cloud Security takes three to four hours to generate an alert, it will not be beneficial for the company. It would be helpful if we get the alert in five to ten minutes.

Another issue was that when there was a new alert, I did not get an email or notification on my personal email. I had to log in and refresh the screen to check if any new alerts came. It would be beneficial if an email or a notification could be sent to a personal email or mobile number.

We had a few false positives. For example, for Amazon EBS volumes, SentinelOne Singularity Cloud Security sometimes used to give an alert saying that an EBS volume was created in the East US region, whereas no EBS volume was created. It was a false alert. We discussed these false alerts with the SentinelOne Singularity Cloud Security team and gave them feedback. We muted those alerts, but such a thing should not happen. However, the number of false positives reduced over time. Initially, if we had 10 false positives, then later on, we had only one or two.

They can enhance the dashboard and make it more user-friendly. They can also provide more information in the alerts about remediation.

I used SentinelOne Singularity Cloud Security for almost 1.5 years.

It is stable. I would rate it a 9 out of 10 for stability.

It is scalable. I would rate it a 9 out of 10 for scalability.

We had approximately 15 to 20 users in our organization. We had multiple departments, but all the applications were deployed only on AWS.

I never used their support in 1.5 years. A different team interacted with them.

I have only used SentinelOne Singularity Cloud Security.

It was deployed on the cloud and on-premises. Its initial setup was not complex. It was easy to understand.

Its deployment took a few days.

2-3 people were involved in its deployment.

It saved resources. There were 20% to 30% savings.

It is cheap.

I would recommend SentinelOne Singularity Cloud Security to others. Overall, I would rate SentinelOne Singularity Cloud Security a 9 out of 10.

We use it in different ways. The number one use case is related to vulnerabilities, which includes cloud misconfiguration, the Offensive Security Engine, and the management screen itself. That is our primary use case. Then comes the graphical representation of interfaces, and the third use case is the inventory that it allows, which is very nice.

By implementing this solution, we wanted to watch the security vulnerabilities in our organization. We wanted to watch them in the code that gets checked in. We wanted the latest and refreshed list of vulnerabilities in, for example, Log4j or any other software to be highlighted. SentinelOne Singularity Cloud Security keeps updating its database and highlighting any issues.

We use agentless vulnerability scanning. It is cool. It operates on our cloud. All we need to do is authenticate and authorize our agents to read from our cloud infrastructure, which is cool.

SentinelOne Singularity Cloud Security includes proof of exploitability in its evidence-based reporting. This is very important because it gives the entry point to the entire process.

We use SentinelOne Singularity Cloud Security's Infrastructure as Code (IaC) scanning. All of our Terraform code and Git repositories are checked in, identified, and scanned. It helps us identify any issues way before production.

SentinelOne Singularity Cloud Security has not reduced the number of false positives. We have very few false positives in our organization. We have a very specific structure.

SentinelOne Singularity Cloud Security has reduced our mean time to detect. It has helped us a lot. It is quite quick, and that is why we put it in our sprint at every agile site. In terms of its effect on the mean time to remediate, we have not crossed the remediation phase. Remediation is okay. I would want it to go a little bit more specific on remediation, but I understand that it is just an engine that can scan.

We were able to realize the benefits of SentinelOne Singularity Cloud Security in about a month.

SentinelOne Singularity Cloud Security has not affected the collaboration among our cloud security, application developers, and app sec teams. The access to SentinelOne Singularity Cloud Security is less. The number of roles that SentinelOne Singularity Cloud Security provides is very low. I cannot segregate a particular account or a particular user. It is difficult for a lot of people to get. It is just the development, operations, and infrastructure teams that are currently working with it.

It is pretty simple. It is very straightforward. It is not complicated. For the information that it provides, it does a pretty good job.

Its reporting is bad. I export CSV. I cannot export graphs. Restricting it to the CSV format has its own disadvantages. These are all machine IP addresses and information. I cannot change it to the JSON format. The export functionality can be improved.

The graphical representation of different resources is super cool, but the problem is that you cannot do anything with it. For example, if you just take the subnets and VPN and put them in a diagram, it becomes so big. I pretty much cannot use it. There is no point. If I am drawing a graph or bringing up a graph, but I am not able to show it to a person, what is the use of that? It is pointless.

Its scalability can be improved.

In this organization, I have been using SentinelOne Singularity Cloud Security for 6  months. Overall, I have about 4.5 years of experience.

I have not had any issues. I have been lucky enough to not notice any issues.

We have a parent organization, and then we have child accounts, but they have to be configured separately in SentinelOne Singularity Cloud Security, which makes it difficult to add accounts. You have different pages, so a comparative study about account usage is not possible. I am not a fan of its scalability. Its scalability can be better. 

I have interacted with them a couple of times. They have been very helpful. Their speed is pretty good. They are faster than AWS support. They are quick. The support quality is good. I did not see any lack of quality. I do not have anything bad to say about them.

Positive

We have CloudFront, which is a security measure by AWS for a very specific purpose. I have used SonarQube. It is pretty decent. It is code-specific, whereas SentinelOne Singularity Cloud Security falls under code and IaC. I have used the Trivy scanning mechanism. Semgrep is an open-source tool. GitLab has its own set of static code analysis and static infrastructure analysis tools. These are some of the tools that I have used before.

SentinelOne Singularity Cloud Security is very specific to the cloud-native environment. It lets you plug in more than one cloud. My organization has a multi-cloud strategy. With SentinelOne Singularity Cloud Security, we can have Google Cloud and AWS under the same umbrella, which is cool. It has its own unique place, and I like it.

It was very easy. The only problem was getting the RBAC roles. After we had the roles, it was straightforward. It was very simple.

We have a 47-cluster environment. It took about 1.5 hours. It is quick enough. It is as good as CloudFormation.

It does not require any maintenance from our side. Because it is fully managed on the cloud SA, we do not have to do anything.

It was implemented in-house. We have a development and operations team with 5 people.

Its pricing is constant. It has been constant over the previous year, so I am happy with it. However, price distribution can be better explained. That is the only area I am worried about. Otherwise, the pricing is very reasonable. As the cloud vendors change their pricing, SentinelOne Singularity Cloud Security also has to change its pricing. I understand that. I am happy with it, but the split up can be better explained.

To those evaluating SentinelOne Singularity Cloud Security, I would advise understanding SentinelOne Singularity Cloud Security's licensing metrics. You should understand how SentinelOne Singularity Cloud Security calculates. That is very important because it is not straightforward. You should understand that, and you can talk to the support people. They are very good. They clearly explain it. The person who is dealing with it should have a technical background. He cannot be a business analyst.

Make sure that you put in all the configurations on day one. You will find it difficult to compare if you keep building on top of it.

Overall, I would rate SentinelOne Singularity Cloud Security a 7 out of 10.

Cloud Native Security helps us identify security issues related to cloud configuration and containers. We leverage cloud synchronization for real-time incident notification.

Cloud Native Security is easy to use. Its user-friendly features make integrating new tools a breeze. Everything can be connected through a simple API. The intuitive dashboard and effortless ticket submission further enhance the user experience.

One of Cloud Native Security's most valuable features is its offensive security engine. This engine excels at identifying vulnerabilities caused by misconfigurations, which could potentially be exploited by external attackers. In these cases, Cloud Native Security's offensive security engine findings are highly accurate, with a proven positive detection rate.

Cloud Native Security has helped reduce the false positive rate. The reduction in false positives has improved our operations.

As a small startup, implementing all security best practices across the organization can be challenging. Additionally, security awareness may not be widespread. However, Cloud Native Security, a cloud-based security tool, helps us address these limitations. Cloud Native Security acts as a vigilant watchdog, continuously monitoring our infrastructure for misconfigurations. This includes detecting unauthorized access attempts, such as someone opening a specific port or granting historical access from an external AWS account. By integrating Cloud Native Security with our Slack channel, we receive immediate alerts whenever such suspicious activity occurs. The notification will highlight the potential risk and provide details, allowing us to investigate and take prompt action. Previously, we unknowingly stored sensitive information, known as hard-coded secrets, in our public GitHub repository. Since integrating Cloud Native Security with GitHub, these secrets are identified immediately and flagged through Slack alerts. This enables us to address the issue swiftly and reduce our overall security exposure.

It is far more effective at reducing our meantime to detection compared to the open-source solution we used previously.

Cloud Native Security's findings have led to increased collaboration with our infrastructure team. While our application is a separate product and doesn't reside in the cloud, Cloud Native Security has still proven valuable in this way.

Cloud Native Security's best feature is its ability to identify hard-coded secrets during pull request reviews. This helped my organization identify nearly 10,000 secrets added across our repositories, many of which had a significant security impact. Integrating Cloud Native Security with GitHub alone allowed us to identify all these secrets. This is a key feature that has been instrumental in improving our security posture through testing.

Secondly, Cloud Native Security's cloud SIEM feature has been essential in preventing our most critical security incidents.

We are experiencing problems with Cloud Native Security reporting. Our organization primarily uses Jira for issue tracking. While Cloud Native Security offers input options for reporting vulnerabilities, the "connect action" it provides to link issues isn't replicating information to Jira. This is happening for approximately half of the company and is causing difficulties for developers and stakeholders in fully understanding the reported issues.

Cloud Native Security's proof of exploitability is not that useful when it relates to container images. More detail should be included in the reporting.

Cloud Native Security can identify hard-coded secrets within our code and tell us if they're valid or not. However, in some cases, Cloud Native Security may flag a valid secret as hard-coded without specifying its exact location within the codebase. This lack of detail makes it difficult for developers to identify where the secret is used. Ideally, Cloud Native Security should provide the specific location of valid hard-coded secrets. This would significantly improve the developer experience by allowing them to easily locate and manage these secrets.

Cloud Native Security integrates with Jira and Slack through APIs, which is great. However, I would also like to see Cloud Native Security offer APIs that allow us to directly build dashboards within the platform. This would be incredibly helpful for visualizing vulnerabilities, security settings, and Cloud Native Security usage reports. Imagine if Cloud Native Security provided these APIs. We could create custom dashboards for specific purposes, like offensive security, cloud misconfiguration monitoring, or even integrating ISS scans. Essentially, any customer could easily build dashboards tailored to their needs. Unfortunately, Cloud Native Security doesn't currently offer this functionality. Other security products provide this level of customization. Adding this feature to Cloud Native Security would significantly improve its overall solution. 

I have been using Cloud Native Security for two years.

Cloud Native Security is extremely stable and we have not encountered any issues.

Cloud Native Security is scalable.

We contact technical support weekly. They are helpful and respond quickly. Additionally, there is a built-in chatbot that allows us to submit support tickets.

Positive

We also rely on AWS built-in features that alert us if there are any misconfigurations along with Cloud Native Security.

Regarding the license model, I believe their approach is appropriate based on the customer workload data we're tracking. It seems like an ideal way to proceed.

For pricing, it currently seems to be in line with market rates. However, I recall Cloud Native Security charging a slightly higher premium previously.

I would rate Cloud Native Security nine out of ten.

We receive notifications from Cloud Native Security whenever maintenance is required, and they provide instructions to complete the process.

New users should be prepared to have a dedicated staff member manage Cloud Native Security. This person will handle alerts, configurations, and integrations. You should continuously evaluate all the findings that Cloud Native Security provides, as it performs daily scans. However, it's possible to miss vulnerabilities that have already been fixed. Therefore, careful attention is needed when raising issues with developers. To optimize your use of Cloud Native Security and potentially reduce workload, consider providing feedback to improve the product. Additionally, try to utilize as many features as possible, as they can all have a positive impact on your organization's infrastructure.

My company uses Cloud Native Security as our CSPM solution to discover vulnerabilities in cloud-based configurations. We take alerts from Cloud Native Security and forward them to the DevOps team to remediate them manually. 

Cloud Native Security helps reduce the number of false positives we receive. We receive notifications and alerts from various channels, such as AWS CloudTrail and Microsoft Defender. These products generate alerts based on their policies. I can feel confident that Cloud Native Security isn't giving any false positives. We get a few, but they are rare, and I can immediately alert the team to redefine their policies. 

Cloud Native Security's most valuable feature is its offensive security engine. I have worked with many CSPM solutions. What sets Cloud Native Security apart is the security engine's ability to provide evidence about the potential for vulnerabilities to be exploited or endpoints exposed with credentials.  

The evidence-based reporting is helpful. It shows us all these details that help us do more research. We are working with various stakeholders to remediate those misconfigurations immediately. No other solutions provide this feature. We can research other resources affected by the same kind of vulnerabilities or misconfigurations. We can prioritize fixing them and work on them immediately. That's beneficial to everyone on the team, and they are learning a lot with this feature from Cloud Native Security itself.

While Cloud Native Security is mostly easy to use, the interface has a few trouble areas. We have faced some challenges with filtering. The Cloud Native Security team is working on that, and they're fixing it immediately. They take feedback seriously. There is no break-glass account feature. They should implement this as soon as possible because we can't implement SSO without a break-glass feature. 

We have been using Cloud Native Security for one year.

Cloud Native Security is stable. 

I rate Cloud Native Security 9 out of 10 for scalability. There is no lag, and the application doesn't break down. 

I rate Cloud Native Security support 8 out of 10. We contacted them about adding some policies and creating plugins based on our requirements. 

Positive

We previously used Prisma Cloud. Each has its own feature set. Prisma is on a higher level, and Cloud Native Security is a startup that's building its feature set and taking feedback from all the customers. That's one advantage Cloud Native Security has. They're responsive to feature requests. If I suggest a feature for Prisma, I will need to wait until the next release on their roadmap. Cloud Native Security will add it right away.

Deploying Cloud Native Security wasn't too easy or difficult. It was manageable. I did the deployment by myself. I'm the Cloud Native Security admin for my organization responsible for onboarding all the cloud accounts for AWS, GCP, and Azure. 

We also looked at Orca Security. Like Prisma, Orca is one of the top solutions on the market. Most of the CSPM solutions have the same features. Cloud Native Security stood out for two reasons: One is the offensive security engine. That is the main thing. The second thing Cloud Native Security offers is evidence-based reporting. That helps us a lot. These two features are unique, which is why we chose Cloud Native Security. 

I rate Cloud Native Security 7 out of 10. 

Our infrastructure utilizes a combination of cloud solutions and Kubernetes for container orchestration. To ensure the security of these environments, we leverage SentinelOne Singularity Cloud Security. This platform proactively identifies and remediates vulnerabilities within our cloud deployments.

We use SentinelOne Singularity Cloud Security, which is integrated with our cloud environment. This allows us to receive notifications from SentinelOne Singularity Cloud Security directly in our Slack channels, according to the notification settings we have configured. We prioritize these alerts and take appropriate actions based on their urgency.

To improve our cloud security posture and achieve best practices, we implemented SentinelOne Singularity Cloud Security. This security tool helps us identify and address vulnerabilities within our cloud environment.

SentinelOne Singularity Cloud Security is easy to use.

SentinelOne Singularity Cloud Security's evidence-based reporting helps prioritize and solve the most important cloud security issue.

SentinelOne Singularity Cloud Security's proof of exploitability is valuable because it goes beyond simply identifying vulnerabilities. It assesses how severe these vulnerabilities are by determining if they can be actively exploited by attackers. This information allows us to prioritize our actions and focus on fixing the most critical risks first.

SentinelOne Singularity Cloud Security's compliance monitoring capabilities helped us achieve certifications like PCI and DSS.

SentinelOne Singularity Cloud Security's UI is easy to use even for beginners.

SentinelOne Singularity Cloud Security improved our security posture, made us more compliant, and improved our confidence when we spoke to our clients.

Before implementing SentinelOne Singularity Cloud Security, we lacked any detection capabilities. Consequently, our mean time to detection saw a significant improvement of up to 70 percent after SentinelOne Singularity Cloud Security's introduction.

SentinelOne Singularity Cloud Security improved our mean time to remediation by 50 to 70 percent.

SentinelOne Singularity Cloud Security has significantly improved collaboration between our cloud security, application developers, and AppSec teams. This enhanced collaboration is due to the dashboard that provides a centralized view of all security-related information within SentinelOne Singularity Cloud Security.

In the past, our infrastructure setup process involved building the infrastructure first and then implementing security best practices at the end. This new approach is different. Now, when we create new infrastructure, we integrate SentinelOne Singularity Cloud Security right from the start. This integration allows us to receive security alerts immediately. With these real-time insights, we can proactively address any security issues or potential vulnerabilities as we build, rather than waiting until the infrastructure is complete.

We integrated SentinelOne Singularity Cloud Security with a few alerting systems and our Slack channels.

SentinelOne Singularity Cloud Security's most valuable feature is its unified console. This console brings together all of our cloud-based and non-cloud-based solutions into a single, centralized location.

I find the visualization graphs particularly helpful. They identify which objects are affected by the issue, allowing us to prioritize our efforts and focus on the areas that need the most attention.

We deployed SentinelOne Singularity Cloud Security for AWS and Oracle Cloud but we encountered issues with Oracle Cloud. The integration with Oracle has room for improvement.

I have been using SentinelOne Singularity Cloud Security for a year.

I would rate the stability of SentinelOne Singularity Cloud Security 9 out of 10.

I would rate the scalability of SentinelOne Singularity Cloud Security 8 out of 10.

The technical support is responsive and knowledgeable.

Positive

The deployment was straightforward and took half a day for AWS. Two people from our DevOps team were involved in the deployment.

SentinelOne Singularity Cloud Security improved the security of our infrastructure and helped reduce the costs.

SentinelOne Singularity Cloud Security is affordable.

In addition to SentinelOne Singularity Cloud Security, we also considered Palo Alto and AccuKnox for our needs. However, the positive customer service experience we had with a SentinelOne Singularity Cloud Security representative played a role in our final decision.

I would rate SentinelOne Singularity Cloud Security 9 out of 10.

We have around five people in our organization who utilize SentinelOne Singularity Cloud Security. We are all in the same location except for our consultant.

SentinelOne Singularity Cloud Security does not require maintenance from our end.

I recommend SentinelOne Singularity Cloud Security to others. It is compatible with most major cloud platforms. However, we did encounter some issues when using it with lesser-known cloud providers, such as Oracle.

We did a PoC, but we did not go ahead with SentinelOne Singularity Cloud Security. It is currently on a test cluster. It is not in production.

We were looking for a CSPM tool to monitor all of our AWS resources. We also wanted it to give us an alert in the case of a vulnerability. If, for example, a zero-day vulnerability is there, it should scan all of our tools.

We used agentless vulnerability scanning. It helped us to see all the vulnerabilities without deploying any third-party component in our system.

We used SentinelOne Singularity Cloud Security's Offensive Security Engine. It helped us to identify all the CVEs. We could see what kind of CVEs were there and what severity level they had, such as normal or critical. It helped visualize all the severities.

SentinelOne Singularity Cloud Security changed our security posture a lot. In one dashboard, we were able to see all the information. We could see which resources are vulnerable and which ones have critical bugs. It helped us with that.

SentinelOne Singularity Cloud Security did not reduce our mean time to detect and mean time to remediate.

SentinelOne Singularity Cloud Security helped with collaboration, but in my organization, developers are not directly involved with SentinelOne Singularity Cloud Security. There was mainly the infrastructure component where we deployed agents and based on our particular role or access, they were able to send all the data to the SentinelOne Singularity Cloud Security server. We were able to see all the reports and all the details in the UI.

We liked the search bar in SentinelOne Singularity Cloud Security. It is a global search. We were able to get some insights from there.

The reporting feature is good. It is able to generate reports.

Its UI is very good, and it is easy to adapt. Any new person will be able to navigate, and within a week, he or she will be able to understand SentinelOne Singularity Cloud Security.

We wanted it to provide us with something like Claroty Hub in AWS for lateral movement. For example, if an EC2 instance or a virtual machine is compromised in a public subnet based on a particular vulnerability, such as Log4j, we want it to not be able to reach some of our databases. This kind of feature is not supported in SentinelOne Singularity Cloud Security.

If there is any virtual machine running on your public subnet, it is accessible outside your network. It is accessible via the Internet. If it has any Log4j or remote accessibility vulnerability, the attacker would be able to access the machine. From the private machine, the attacker can do NS Lookup and reach our DBs. It creates a channel for vulnerabilities. Such a feature is not present in SentinelOne Singularity Cloud Security.

It is stable. We have not had any issues.

It is scalable.

They were helpful. They helped us with the configuration. They were available through the Zoom call. Initially, they also provided us with a demo of all the features. They showed us all the features that we could use.

The speed of their support was good. I would rate their support a 9 out of 10.

Positive

We are using Orca. We did a PoC with SentinelOne Singularity Cloud Security, and there were some cost benefits. 

SentinelOne Singularity Cloud Security is a SaaS solution. I was involved in its initial deployment. It took around three months.

We used their support. Its implementation requires at least two people.

Its pricing was a little less than other providers.

I would advise doing a PoC with all the similar tools and then making a decision based on the capabilities, features, and price. 

Overall, I would rate SentinelOne Singularity Cloud Security a 9 out of 10.

We have an environment in the cloud where we have a bunch of EC2 instances and S3 buckets. We have the SentinelOne agent installed on all of our EC2 instances, to monitor our environment, so we use it quite frequently.

We needed cloud-based endpoint protection that we could install to get a single pane of glass into our security environment. Specifically, we needed to see the version usage of the applications to ensure we didn't have any outdated applications.

It has definitely helped reduce our mean time to detect. It's much quicker than with our last platform. Singularity has also helped free up our staff to work on other projects. We don't usually come into the console unless we get an alert. In that sense, we have been working on many other projects in the last year. Now that everything is set up and running smoothly, we haven't had to spend as much time in the console as before.

And when I consider the solution's impact on overall productivity, features such as the reporting have helped. When we need to run a report on how many endpoints we have in our environment for regulatory requirements, we use the reporting feature of Singularity because we know it's installed on every endpoint, giving us full visibility. From a reporting standpoint, it has certainly helped us.

We really appreciate the Slack integration. When we have an incident, we get an instant notification. We also use Joe Sandbox, which Singularity can integrate with, so we can verify if a threat is legitimate. The third feature we use most often is the VirusTotal integration. That allows us to take the hash of a threat or virus and open it up in VirusTotal.

Also, it's amazing how quickly its real-time detection and response capabilities come through. There have been multiple times where either my coworker or I will be working on something—even in our elevated environment, and even just running a script. We wouldn't expect a pop-up, but it's good to know that it's checking for those anomalies, detecting them, and notifying us of them instantly. We love that feature.

In terms of the historical data record provided by Singularity after an attack, we like to use the Storyline feature for deep dives and threat hunting if needed. It has been very useful in our operations. We can see different event types on each endpoint, which comes in handy. Using the Storyline feature, we can dig in much quicker, connect the dots, and see what caused the alert. So it has quickened remediation.

And the SentinelOne Cloud engine detection types are useful when trying to determine whether a threat could be legitimate or a false positive.

One of our use cases was setting up a firewall for our endpoints, specifically for our remote users. We have a firewall on-premises that comes into play when someone is at our main campus. But we needed something more for our remote users. We were hoping to utilize SentinelOne's firewall capabilities, but there were limitations on how many URLs we could implement. Because of those limitations on the number of URLs, we weren't able to utilize that feature in the way we had hoped to.

I have been using SentinelOne Singularity Cloud for about two years.

Singularity has been very stable. It has never lagged or crashed that I've noticed. In my experience, there has been 100 percent uptime.

The interoperability with AWS has been very straightforward and streamlined, without any major bugs or issues that I've come across.

Its scalability is one of the main reasons we chose SentinelOne. Because it's hosted in the cloud, we can install as many agents as we're licensed for. We've never gone over that limit. As new servers and endpoints come online, it's easy to deploy. It's built into the image.

We do have a unique use case regarding scalability. We use a VDI environment in Azure, and it works. We haven't had any issues. But when we need to run updates on those machines, we have to rebuild the image. We can't have the agent built into the image because of our rebuild process. That makes it a manual process for us every month when we redeploy those desktops. We have it scripted out with a PowerShell script that helps, but it's a manual step for us. That's one area we're trying to address from a scalability standpoint.

As for auto-scaling, we're more of a static environment for most of our endpoints. The VDI is our only more fluid environment, since our VDI endpoints go up and down based on usage. Once the agent has been deployed to those images, the auto-scaling works flawlessly, and we haven't had any issues there.

We used ESET, but the decision to go with Singularity was made before my time with the company.

We have a couple different deployments: our end-user endpoints and our server fleet. I was involved with the server deployment. It was very straightforward, and we didn't run into any issues during that deployment.

The only maintenance involved is when we need to whitelist an application. For example, if a new user installs an application, we might get a false-positive pop-up. That's really the only maintenance we have to do.

We did it ourselves, and there were four people involved.

It's a fair price for what you get. We are happy with the price as it stands.

My advice is that if you want an easy-to-deploy solution where you can have a single pane of glass to get visibility into all of your endpoints and applications, and run reports on those application versions, Singularity makes it a very easy-to-use, straightforward, and streamlined process that has helped us over and over again.

If someone thinks they don't need Singularity because they already have a continuous security monitoring solution in place, using SentinelOne gives us an overarching view from the single console, giving us the entire picture of the timeline of events that happened. Going through the timeline and connecting those dots really helps when threat hunting. It helps to get the full picture instead of just a specific point in time, which is the way some of the legacy antivirus programs work.

The solution has an automated remediation feature, but we don't currently use it because we are a smaller team. We like to remediate manually. For the time being, we haven't had a reason to use the automation feature yet.

One area we're trying to innovate more in is the AWS Security Hub. Singularity, in their marketplace, has a couple of apps related to that. We're trying to build more automations within AWS Security Hub to get better overall visibility, not only of our EC2 endpoints but of our applications as well.