SentinelOne Singularity Cloud Security Reviews

We mainly use SentinelOne Singularity Cloud Security. 

We like that it is cloud-native security. It gives us an overview of all cloud structures. For example, if I'm integrating with AWS or Azure and I'm not sure of all of the instances, it will scan the whole cloud and show us issues related to instances. It can help us uncover vulnerabilities. 

Of all the features we use, the cloud configuration and the offensive security engine are the most used. There is a secret scanning feature that I really like. It scans the public repositories, private repositories, and developer repositories. That way, we can see if any secret is added to the search engine or anywhere over the Internet. It detects this and then lets us know to which repository it was added. We can get it removed if we need to from repositories like GitHub.

The solution is good for verifying actual exploit paths. It helps us detect whether all the instances that are publicly available can be made private. We can see if anything is suspicious or harmful to us in the future or if any technical exploit has a specific port or something like that. If there is any vulnerability, such as if our Microsoft version is publicly exposed or if it is an older version, we can disable it, or we can upgrade to get the latest version of iOS to avoid exploitation.

The solution is easy to use. The interface is nice. Anyone can spend a day or two with the solution and they'll be able to understand the whole structure of the application, its features, and how to use it. 

The integration with other solutions is very good. We integrate it with Jira and it runs smoothly. There are also default integrations for various clouds, like Google and Azure. We can also get alerts in various ways, like through Jira or email.

The evidence-based reporting is useful. It provides evidence according to the issue. We get a proper overview of the issue. I can check the evidence panel to see if the issue is genuine or a false positive by looking at the evidence. 

We noted immediate benefits from using the solution. Within about a month, we had it integrated with Jira, and connected to all accounts and were able to easily find issues. 

With SentinelOne Singularity Cloud Security, we are 96% to 97% compliant. It helps us judge and, as necessary, mitigate risks. 

We've noticed a drop in false positives. I haven't noticed any false positives in SentinelOne Singularity Cloud Security, to be frank. Unless it's a glitch in the system, everything coming in is a positive.

Our mean time to detect has been reduced. 

It's helped us collaborate effectively between cloud security application developers and AppSec teams. Having a vulnerability management module gives good visibility to vulnerabilities that are highly exploitable. We can see exactly what's vulnerable or affected in order to troubleshoot.

We'd like the integration with Jira to be stronger in some areas. For example, we'd like to be able to create multiple tickets for multiple instances. Right now, we can only create one ticket and cannot be specific enough. There's no way to create multiple tickets. It's very difficult to assign multiple teams the same Jira ticket.

Scanning capabilities should be added for the dark web.

I've used the solution for the last two years. 

The stability is good. There's no lagging or crashing. There may be a downtime once a quarter. 

We haven't had any issues with scaling. 

Technical support is very good. We do have a monthly call with SentinelOne Singularity Cloud Security whereby we run through and resolve any issues. They typically answer our queries within 24 hours. The team is good. They seem technical. 

Positive

This is the first cloud security tool we've used. 

The initial deployment was easy. The SentinelOne Singularity Cloud Security team was very helpful. If we needed any help they were there to guide us. There's even a step-by-step guide. 

We had a member of the DevOps team provide us with all of the credentials and give permissions and another security team member to communicate to the SentinelOne Singularity Cloud Security team in order to arrange all of the integrations. 

The tool is very efficient. There is no maintenance needed. 

We did not need any assistance from a reseller or consultant. 

While my understanding is there will be a price increase, so far, the pricing has been okay.

We evaluated Prisma Cloud and Crowd Strike. We used Crowd Strike for a while; however, now we are only using SentinelOne Singularity Cloud Security. SentinelOne Singularity Cloud Security is very good. It offers multiple modules, and no other tool provides vulnerability scanning, secret scanning, and container cloud security in one dashboard. 

We are a SentinelOne Singularity Cloud Security customer. 

I'd rate the solution 9 out of 10. Overall, the tool is good. 

New users should be ready for a lot of issues that will come onto their dashboard. They'll need a team of three to four at the outset to analyze the dashboard and work through reported vulnerabilities. 

I am working with AWS. I'm a junior cloud engineer and on the client side, we use this software for security. We use this just for scanning all across the AWS environment for any bug, vulnerability, or high risk security issues, and we have to resolve these issues. The solution offers us low to critical alerts and our work depends on these alerts. If it is a critical alert, we have to resolve things as soon as possible. 

The scanning is very good. We have an AWS environment and we can scan our whole account very quickly. Once the alerts get analyzed, we can automatically start removing issues. 

It's easy to use. It comes with preconfigured settings. I haven't had to really change anything for months. 

We have used evidence-based reporting. We're able to give reports on AWS, for example, how many data centers are used, et cetera. We can collect all of the information from SentinelOne Singularity Cloud Security and share all kinds of data which we can share with the database team for analysis. 

The IaC scanning has been good. It's very interesting. 

When I create a stack for any services in AWS, I can scan everything in a robust environment. This enables me to understand the level of protection.

SentinelOne Singularity Cloud Security can also scan code and provide alerts of there are vulnerabilities.

It's helped us reduce the number of false positives. I've been on the project for 6 months, and it was only until 3 or 4 months in that I received a false alert. Out of 20 alerts coming in, maybe only one or two are wrong. 

The mean time to detect has been reduced. We check SentinelOne Singularity Cloud Security every day for a project happening 24/7. We check it frequently to ensure issues are being addressed quickly. We try to be consistent, however, the alerts don't come in at a certain time. They come in at varying times; we just work to keep on top of them.

We've had a glitch in SentinelOne Singularity Cloud Security where it has fed us false positives in the past.

Sometimes, it takes a few hours to detect a misconfiguration. It would be ideal if that happened faster. Detections should happen in minutes, not hours. 

I've been using the solution for 6 months.

I have not noticed any lagging or crashing. The stability seems to be good. 

We have dealt with support in the past. They were helpful.

Neutral

We did not previously use a different product.

We had senior members of the team manage the installation since they had expertise. I'm not sure how long the process itself took. 

I don't have any visibility on the pricing. 

I'd rate the solution 8 out of 10. 

There are a lot of options. It's a good idea to have a team member arrange on at least a quarterly basis, a review so that new team members can get up to speed on the product and everyone stays on the same page. This will help new team members understand the product. 

Our company relies on Cloud Native Security to fortify the security of our cloud accounts spanning various environments, such as AWS, AZURE and Google Cloud. Cloud Native Security provides timely alerts upon identifying vulnerabilities within our cloud infrastructure services, such as security groups and data encryption, empowering us to prioritize and address them promptly.

Cloud Native Security helps us discover vulnerabilities in a cloud environment like open ports that allow people to attack our environment. If someone unintentionally opens a port, we are exposed. Cloud Native Security alerts us so we can remediate the problem. We can also automate it so that Cloud Native Security will fix it. 

Since implementing Cloud Native Security, our security team has engaged in robust discussions on enhancing compliance with key regulatory standards such as SOC, ISO, and other pertinent IT infrastructure-related guidelines. As a result of these proactive measures, our security posture has seen a remarkable improvement, reflecting our commitment to maintaining a secure and compliant environment.

Cloud Native Security plays a major role in compliance. IT companies must maintain our company's security level to achieve ISO-based certifications. We are so proud of the changes we have made using Cloud Native Security. We've implemented many of the controls Cloud Native Security recommended, helping us maintain a high security standard. Fintech companies must maintain security best practices overall in our infrastructure. 

Cloud Native Security offers suggestions about best practices for security, and we've implemented them all. It's helpful for companies hosting their applications in the cloud configuration. This tool enables us to record unauthorized actors or security failures. Everything is reported in Cloud Native Security, allowing us to rectify mistakes and misconfigurations.

When security threats occur, Cloud Native Security immediately alerts us through various communication channels. It has several modules, including cloud misconfigurations, container security, Kubernetes, vulnerability management, infrastructure code scanning, and cloud detection and response. It also tells us when unauthorized API calls are occurring. Everything is recorded in Cloud Native Security, and it alerts us about what is happening in the account. The detection time for critical alerts is almost instant. We'll see it in under two minutes. 

The solution saves the company a lot of time. Responding to alerts can take up a lot of our team's bandwidth. But there is a feature of their remediate that helps the bandwidth of our engineering team to fix the issues when we used Cloud Native Security as a team member. They helped us fix the issues and saved a lot of bandwidth for our team.

My top preferences revolve around infrastructure-as-code scanning and Kubernetes security. With infrastructure-as-code scanning, we catch errors or inadvertent inclusion of sensitive data in our code prior to deploying infrastructure via Terraform. As we continue to leverage Terraform for infrastructure deployment, alongside embracing new technologies to stay aligned with industry advancements, these features play a pivotal role in maintaining our security standards and workflow efficiency.

Cloud Native Security helps us detect vulnerabilities when deploying infrastructure.  We use Cloud Native Security to monitor all our cloud infrastructure and accounts. It continuously scans whether or not we have the agent installed. It's something like a role. You can configure an IAM role that provides access to Cloud Native Security to scan. It enables seamless connectivity with any cloud environment.

The Offensive Security Engine has helped us to discover some breaches.
You can see across the cloud domain in Cloud Native Security. For example, the dot com map can cover multiple servers internally. Cloud Native Security flags all URLs exposed to the public and other vulnerabilities. When we get alerts from the Offensive Security Engine, it has some internal debugging tools the developers can use. 

The Kubernetes scanning on the Oracle Cloud needs to be improved. It's on the roadmap. AWS has this capability, but it's unavailable for Oracle Cloud. 

I have used Cloud Native Security for three years.

Cloud Native Security is highly stable. 

Cloud Native Security is scalable. 

I rate Cloud Native Security support nine out of ten. They solve issues within the agreed-upon period. They're impressive. 

Positive

We previously used the native AWS tools like Inspector. Cloud Native Security is impressive compared to those. 

It's easy to integrate Cloud Native Security and onboard all our cloud accounts. Before implementing, we tried to have all the security best practices in place. If you do that, it's easier to fix the vulnerabilities when Cloud Native Security detects them. Deployment took about five or six minutes. 

We opted for Business Plan at an affordable rate, providing excellent value for your investment. While I'm not entirely certain, I believe the monthly cost is around 180,000 rupees.

We looked at Trend Micro and some other options.

I rate Cloud Native Security nine out of ten. Use this tool if you want to keep your cloud applications secure.

We are using it for endpoint detection on all of our EC2 instances and hosts in the cloud. Along with it, we are also going to be using it for AV.

We do not have any EDR protection on our host. We would like to utilize it for AV to put some protection on our host. The pricing for the tool that we are using for AV has gone up, and they are not giving us a lot of things we need. Also, to use their EDR tool, we have to install a secondary agent, whereas, with SentinelOne, everything is included in the same agent.

Singularity Cloud Workload Security helps with forensics and extra protection on our host. We have not had any incidents where we had to fully use it or fully go into action with it, but we are hoping that it will provide the extra protection that we need to help resolve some blind spots that we have specifically on our hosts.

Singularity Cloud Workload Security has forensic visibility or deep visibility into the Linux kernel, but we have not used it. It is something that we will work on and use with our SOC team and the implementation team if an incident were to ever happen.

The historical data record provided by Singularity Cloud Workload Security after an attack will be useful if an incident happens. It will help us build a timeline of historical reference. It is easy to have it all in one place to build a timeline. We can see from start to finish where the incident started and where it occurred versus having to go in and do things manually by sifting through logs. The fact that SentinelOne is able to have that information or data and a single pane of glass is something that we like about the tool.

Singularity Cloud Workload Security helps to cut down the mean time to detect by having the historical reference and by being able to stop the incident with the hit of a switch. We can see from where it started, which is helpful. When you are an organization managing hundreds of accounts, it is hard to sieve through logs and get that information together, which increases our mean time to detect, whereas with SentinelOne, from the things we have seen and tested out, it seems simple and easy, and we are hoping that it will help us cut down on that time.

We are also hoping that it will reduce our mean time to remediate. We have not come across any actual incident to be able to fully know, but based on what we have seen so far in the tool, it seems it would.

Singularity Cloud Workload Security has not necessarily freed up staff to work on other projects, but it does reduce some time. It helps cut down on things. It does provide an easier capability. We have come from the old-school way of looking at logs. It seems that this tool will provide something much sleeker and easier for our SOC team to use.

Singularity Cloud Workload Security has not yet had much effect on our productivity. We have only had it for two months, but we like what we are seeing. We like implementing it. We like that it has a single agent and we can use it as AV. It seems to make things easy. It seems to be a more productive tool for us, but until we have an incident, I would not be able to say for sure. As of now, it looks like it has the capability.

Its interoperability with third-party solutions, such as Kubernetes, seems top-notch. We have integrated it with a couple of our solutions here, such as Kubernetes and containers, and we have not had any incidents or any problems to follow up or dig deep into. So far, the ability to look at our containers and to see into those clusters is something that puts Singularity above all others. With CrowdStrike or Trend Micro, we were not able to do that. We were not able to have the same visibility. SentinelOne Singularity made that easier for us.

Singularity Cloud Workload Security supports our ability to innovate from a standpoint where we know that our application teams and developers will be protected. When new applications are created, we will have some sense of security and some sense of safeguard for our teams. We did not have the visibility and the tools to protect us in the manner we would like, but with Singularity Cloud Workload Security, it looks like we can just put it on our endpoints and tell the teams to go and do as they wish because we know at least on this end, they will be protected.

From our tests and the things that we have done, we find Singularity Cloud Workload Security’s real-time threat detection and response capabilities attractive. We like the platform and its response time. We also like that its console is user-friendly as well as modern and sleek. Those are the things that are attractive to us.

We like the automated remediation feature. It is not something that we are going to use for automated remediation, but we do like the fact that it is there and can be utilized.

If I had to pick a complaint, it would be the way the hosts are listed in the tool. You have different columns separated by endpoint name, Cloud Account, and Cloud Instances ID. I wish there was something where we could change the endpoint name and not use just the IP address. We would like to have custom names or our own names for the instances. If I had a complaint, that would be it, but so far, it meets all the needs that we have.

We have been using it for two or three months. We went through a test trial, and we are finalizing the official purchase request to purchase it and start using it fully.

We have not experienced any issues so far.

We have not interacted with their support. We have only contacted our customer manager and our onboarding specialist. We have not had to submit any tickets.

We have not used any other similar solution previously.

It is a cloud deployment. I was involved in its initial setup. Its deployment was straightforward. There were a couple of questions that we had. Some of the documentation was not written in the best way. There were some hurdles when moving to the tool and understanding it, but for the most part, it was straightforward. We got all the instructions on how to deploy or install it. We were presented with a customer service rep who was an onboarding specialist. This customer service rep specialized in deployment for us, so everything was a simple setup.

We mainly did it ourselves, but we also had an integrator consultant from SentinelOne who was on the site. They answered all of our questions for anything that came up. For anything we needed, they were there to help us. We had three individuals full-time, and then we had a contractor.

In terms of maintenance, there is nothing required from the SentinelOne side. Once we onboard a lot of our hosts, we just need to organize it in a way that is easy for us, but from the SentinelOne or Singularity folks, nothing is required.

The pricing is fair. It is not inexpensive, and it is also not expensive. When managing a large organization, it is going to be costly, but it meets the business needs. In terms of what is out there on the market, it is fair and comparable to what I have seen, so I do not have any complaints about the cost.

We did evaluate other options. We tried Trend Micro Vision One. We also looked at CrowdStrike.

We went for Singularity Cloud Workload Security because it was built and made for the cloud. That was a big thing. The second big thing was that they utilize all of these different features with one agent.

The CrowdStrike solution is not built for the cloud. They have a cloud add-on, so it did not translate for us. The Trend Micro solution is somewhat built for the cloud. It is more of an on-prem tool that is moved to the cloud, but we have to utilize at least two agents to get all of the coverage, meaning AV and endpoint detection. With Singularity Cloud Workload Security, it is all covered in one agent. There is no need to put multiple agents on our host and go through that with our customers. It also allows us to place that agent using AWS Systems Manager, so the implementation in the cloud and launching of the agent is intuitive and easy. It was a no-brainer once we started looking at the tools in terms of how to implement them and what we would like in our organization. Singularity Cloud Workload Security took the top place.

It has a single agent to cover all aspects. You can save money and costs with data ingestion by using the Security DataLake from Singularity. There is also the ease of use of its console. There is also the ease of deployment by it being cloud-based. If you are looking for a tool that is perfect for cloud solutions and protects your cloud host, Singularity Cloud Workload Security would be at the top of my list.

To someone who does not think that they need a Singularity Cloud Workload Protection Platform (CWPP) because they have a continuous security monitoring (CSM) solution in place, I would recommend looking again at Singularity because there is one agent and the ease of transitioning and deploying into the cloud. Another big thing about Singularity is the holding of the data. We utilize Splunk. However, with Singularity, we do not need to ingest all the data because we can also utilize their data lake. The query or the information that we can look up at Splunk can also be looked up in Singularity, so there is no need to take all that data from Singularity and ingest it into our Splunk and increase our license. We can utilize our license and capabilities. We can just use the data lake that comes with Singularity and utilize logs in that manner. In the end, it is saving us costs when it comes to our SIEM tool ingestion, so I would recommend looking at these top aspects. It is easy in the cloud. It helps save data on your SIEM tool. It saves the ingestion costs. There is also a single agent.

I would rate Singularity Cloud Workload Security a nine out of ten.

We have one client, and we need a portal to manage security. We use Singularity to provide security information and identify vulnerabilities or malicious scripts that need to be fixed. It also provides recommendations about each of the vulnerabilities that are helpful.

We provide cloud services on our site using AWS. Singularity detects flaws that we must close for security reasons. We use Singularity to observe those findings and fix things based on the customer's requirements. Previously, we used to segregate issues and look after them. Singularity helped us secure our infrastructure. We've significantly reduced our potential security breaches to a minimum. 

It has improved how we operate on a larger scale. We set up the platform, onboarded the info, and then gradually moved further. Over time, it helped us slowly resolve those issues. We were using the cloud platforms' native security tools, but those were unhelpful. Now, we rely on this more than those services. 

Singularity reduced our false positive rate by about 60 percent. We've had even better results in terms of our risk posture. We can rely on this tool to improve our security conditions on a broader scale. If I gave our security posture a percent rating, I would give it 89 percent.

The solution saves time by giving us everything in one place. You don't need to manually check every account. It tells us a lot. Singularity reduces our detection time by about 60 percent. 

Singularity has improved collaboration among cloud security, application developers, and AppSec teams. Previously, it would take around a week for engineers to address issues. Now that we use this tool, we resolve issues in one or two days.

We're monitoring several cloud accounts with Singularity. It is convenient to identify issues or security failures in any account. It's nice to have all the details we need to solve these issues. Singularity is easy and convenient to use. It is extremely easy for a novice to understand what the dashboard is trying to say and the terminology's meanings.

Evidence-based reporting is excellent for auditing. It shows all the findings and severity: low, high, medium, or critical. We solve the low-level and medium issues. Next, we resolve high-level and critical problems. It's easy to fix the security breaches.

We repeatedly get alerts on the tool dashboard that we've already solved on our end, but they still appear. That is somewhat irritating. 

We have used Singularity Cloud Security for about six months.

I rate Singularity nine out of 10 for stability. 

I rate Singularity eight out of 10 for scalability. 

I rate SentinelOne support nine out of 10. 

Positive

Singularity took about a week to deploy. A team of 40 to 50 people was involved. 

I rate SentinelOne Singularity Cloud Security nine out of 10. I would recommend the tool to others. It's a convenient and cost-effective tool for identifying security breaches. You get everything in one place, saving you time and costs.

We use SentinelOne Singularity Cloud Security as our Cloud Security Posture Management tool.

SentinelOne Singularity Cloud Security is easy to use. While some features, like advanced graphics and custom drag-and-drop filters, might have a learning curve, most functionalities are intuitive. Clicking on "Asset Inventory" provides a clear list of all our assets. The filters are logically organized by resource type, account ID, and other relevant categories. In short, most of the platform is straightforward, allowing users to become comfortable within 15 minutes. However, advanced capabilities like custom visualizations and automated filtering through drag-and-drop may require additional time to master.

SentinelOne Singularity Cloud Security creates a comprehensive inventory of all resources within our cloud infrastructure. It automatically identifies any misconfigurations for each of these resources. The easy-to-track capabilities are further enhanced by automatic integration with Jira. Additionally, SentinelOne Singularity Cloud Security serves as the primary source of evidence for audits and compliance purposes. It documents the resources we identified with misconfigurations and demonstrates that we have rectified them. This functionality simplifies the process of providing evidence to auditors.

We experienced the benefits of SentinelOne Singularity Cloud Security immediately after onboarding our entire Cisco setup. However, there was likely a waiting period of up to six hours for the platform to fully populate with information about our infrastructure, resources, and so on. Despite this wait, some immediate benefits were gained. SentinelOne Singularity Cloud Security likely identified a list of potential misconfigurations across our accounts. This provided a starting point for further investigation and remediation. Of course, to fully leverage SentinelOne Singularity Cloud Security's capabilities, we might need to integrate it with our existing external tools. However, the initial onboarding process itself yielded some valuable insights.

SentinelOne Singularity Cloud Security reduces the number of false positives we encounter. Initially, we relied heavily on custom engineering, which created a lot of noise. The code might not have been scalable, or it might have only triggered under specific conditions. We struggled to manage this custom tooling as our environment grew. When we considered scaling our operations, we realized this approach wouldn't be sustainable. SentinelOne Singularity Cloud Security provided a well-designed system that addressed these challenges. Even during configuration, SentinelOne Singularity Cloud Security can determine if something is misconfigured or not. However, SentinelOne Singularity Cloud Security also allows us to suppress findings that might be flagged as security vulnerabilities in a traditional sense, but are expected behavior in our specific context. For example, we might have developed a custom way to handle a specific situation like a three-bucket container for a site. SentinelOne Singularity Cloud Security allows us to suppress these findings, resulting in a significant reduction in false positives. Integration with SentinelOne Singularity Cloud Security was very straightforward. Furthermore, suppression occurs at the source where misconfigurations are generated. This eliminates the need for an additional filtering layer. Imagine having 100 issues to address, and needing to manually filter out the ones that are not genuine issues. SentinelOne Singularity Cloud Security takes care of this filtering within the platform itself.

SentinelOne Singularity Cloud Security has improved our risk posture by giving us greater visibility into our infrastructure. This includes niche resources and misconfigurations that we weren't previously tracking or aware of. Unlike traditional tools that focus on specific resources or make assumptions, SentinelOne Singularity Cloud Security performs a holistic scan of our entire account. This has given us a much better understanding of our current attack surface. Once these vulnerabilities were identified, we were able to prioritize and remediate them, leading to a long-term improvement in our overall security posture.

SentinelOne Singularity Cloud Security has reduced our mean time to remediation. It's slightly better than our previous approach because we were also scanning daily. However, SentinelOne Singularity Cloud Security also includes scanning for many more resources than we were managing ourselves. So, while the time to fix individual problems might be similar, perhaps slightly less, the reports generated by SentinelOne Singularity Cloud Security are more comprehensive and complete than what we had before. Additionally, SentinelOne Singularity Cloud Security helped us identify a number of additional resources that need fixing, which we weren't adequately tracking in the first place. Once a problem is identified and confirmed as a true positive, it takes no more than 15 minutes to fix it.

SentinelOne Singularity Cloud Security facilitates collaboration between our teams. We have three main groups: application security, infrastructure security, and compliance. The infrastructure team handles the entire SentinelOne Singularity Cloud Security process, from generating reports and onboarding resources to acting on them. This has streamlined our workflow by consolidating everything into a single view. I now have all the information I need in one place. However, it's important to note that our application security team doesn't currently interact with SentinelOne Singularity Cloud Security.

The most valuable features of SentinelOne Singularity Cloud Security are the asset inventory and issue indexing. Once I've onboarded all the cloud accounts I want to manage with SentinelOne Singularity Cloud Security, it can automatically create an inventory of all resource types across AWS. Additionally, it can identify misconfigurations for those specific resources.

Another key feature we appreciate is the ability to create custom rules for up to ten users. This functionality is useful because SentinelOne Singularity Cloud Security also collects generic information and metadata about each resource. This allows for granular filtering. For example, we can easily query to find only servers with a specific tag. This filtering capability is valuable for investigations, ad-hoc queries, and data gathering.

Finally, the integration module deserves mention as well. We use Jira internally to track all our tools, security reviews, and bugs. SentinelOne Singularity Cloud Security can directly push issues to Jira, making it very easy for us to track them. This eliminates the need to constantly return to the SentinelOne Singularity Cloud Security platform to see which issues were generated.

SentinelOne Singularity Cloud Security can be improved by developing a comprehensive set of features that allow for automated workflows. While the current dashboard is functional, it could be made more actionable by incorporating additional functionalities. For instance, drag-and-drop functionality would simplify the creation of integrations. Additionally, valuable data can be retrieved from the platform using APIs and displayed on the dashboard, potentially using tools like Tableau for visualization. This is just one example, but it highlights the potential for expanding SentinelOne Singularity Cloud Security's capabilities by enabling greater integration with other tools, even those not currently supported.

I have been using SentinelOne Singularity Cloud Security for six months.

There was a phase where we built a proof of concept using the SentinelOne Singularity Cloud Security platform to understand if it could directly address the problems we're currently facing. After finalizing the POC, we conducted testing and identified a baseline for future comparisons. Then, we moved into the implementation phase, and now the system is fully operational.

SentinelOne Singularity Cloud Security is stable.

SentinelOne Singularity Cloud Security is scalable. We have not encountered any issues with the number of accounts and services we are using.

Previously, we managed our cloud security posture with in-house solutions built using open-source tools and custom code. However, as the number of accounts grew, this approach became difficult to scale and maintain. Additionally, the reporting capabilities of our custom tools didn't meet the increasingly stringent compliance requirements. To address these challenges, we sought an external, vendor-managed Cloud Security Posture Management tool.

The initial deployment of SentinelOne Singularity Cloud Security was easy because their implementation team collaborated closely with one of our cloud security engineers. Since there were no agents or software to install, onboarding accounts simply involved creating a role for them. This role grants the platform read-only access to our infrastructure. The process is very streamlined; our team can onboard an entire account within minutes. However, the first time an account is onboarded, it takes some time to ingest all of its resources and information.

The entire deployment took less than a week. This included not only onboarding accounts but also gaining a holistic understanding of the platform and its capabilities. SentinelOne Singularity Cloud Security also came to our office to showcase the modules we could leverage and how we could use them effectively. Since this was our first time working with SentinelOne Singularity Cloud Security, our team actively collaborated with them to resolve any issues we encountered.

One engineer from our organization worked with a team from SentinelOne Singularity Cloud Security to implement the solution.

Pricing is based on modules, which was ideal for us. We weren't interested in the platform's full capability at first. Our priority was to establish foundational practices like maintaining an asset inventory and identifying misconfigurations. We then aimed to streamline these processes. Thankfully, SentinelOne Singularity Cloud Security's modular pricing allowed us to pay for only the features we needed, unlike Wiz. With Wiz, we would have paid for the entire platform upfront, potentially leaving us with unused features. This would have been a poor return on investment, especially considering Wiz's high cost. In essence, their pricing model wouldn't have suited our needs. Even if we had eventually used all of SentinelOne Singularity Cloud Security's features, the initial cost would still have been lower than Wiz in the long run.

After evaluating several options, including SentinelOne Singularity Cloud Security and Wiz, we determined that SentinelOne Singularity Cloud Security was the best fit for our needs, particularly in terms of cost. SentinelOne Singularity Cloud Security provides a comprehensive view of potential security issues in our cloud infrastructure, allowing us to map them to relevant compliance frameworks, custom security requirements, or internal engineering standards. This enables us to effectively track and remediate these issues, ensuring a more secure cloud environment.

The Wiz platform offered a wide range of features that weren't essential for our current needs. For instance, they provided data security and AI-powered security posture management. However, our current security maturity level wouldn't allow us to fully utilize these capabilities. Additionally, Wiz is a comprehensive platform, and individual modules aren't available separately. In contrast, SentinelOne Singularity Cloud Security allowed for closer collaboration. They could customize the platform's functionalities to meet our specific requirements. Moreover, SentinelOne Singularity Cloud Security was significantly more cost-effective. While I can't recall the exact price difference, it was a substantial saving. Furthermore, SentinelOne Singularity Cloud Security's support team was incredibly responsive. They were receptive to our suggestions for features that might be beneficial in the future. This flexibility, along with the platform's affordability, ultimately led us to choose SentinelOne Singularity Cloud Security.

I would rate SentinelOne Singularity Cloud Security eight out of ten.

We initially considered the agentless vulnerability scanning as a cloud security management tool, not a host-based security solution. Therefore, we opted against installing agents. Instead, we simply connected our AWS accounts through IAM, allowing the scanner to comprehensively scan all necessary resources and gather the required information.

The maintenance is taken care of by SentinelOne Singularity Cloud Security directly.

Before deploying SentinelOne Singularity Cloud Security, it's important to fully understand all its capabilities. While we're currently using one specific feature, SentinelOne Singularity Cloud Security offers a wide range of functionalities. Gaining a clear internal understanding of your specific needs for SentinelOne Singularity Cloud Security will help you determine the optimal model. Focusing solely on features without a defined purpose can lead to unnecessary costs. It's more efficient to obtain a quote for the model that aligns with your current needs. As your requirements evolve, you can then expand functionality by integrating additional modules.

We are using Cloud Native Security for cloud posture management and cloud workload protection. Apart from this, it also provides alerts from infrastructure as code. If the tool finds any misconfiguration, it triggers that as an alert, and that gets collected in Jira.

Previously, we were using AWS services, but we were not getting the alerts in Jira. When Cloud Native Security was introduced to us, we wanted it to automatically create Jira tickets, and we wanted custom alerts. These were the two areas that we shared with them, and they stood out in these aspects. We decided to take it ahead, and we have been using it for the last two years. I feel a lot of difference in the security posture development. When we share the tickets with the developers, they work on that, and we have tracking of them in Jira. We wanted to track alerts in Jira. We no longer have situations where we flag an issue and it does not get resolved on time. 

We use agentless vulnerability scanning. The process that Cloud Native Security follows is that you have to deploy the cloud permission template in your account, and then it creates a role that tracks or scans all the resources and finds if there is any misconfiguration. We have integrated Cloud Native Security with Jira. It triggers alerts on Jira. A person is assigned to an alert, and the concerned person is notified. As a security team, we collect those tickets and forward them to the respective team.

Previously, we were not able to track those tickets, whereas now, we are getting automated Jira tickets. It has solved our biggest problem. We are expecting the same from Cloud Native Security in the future. We expect that it will capture the triggers or alerts. If any new security vulnerability is found, it will also flag that to us.

It provides an overview of our security posture. If a metrics endpoint is public for any domain, that gets triggered. We get reports for different domains, such as Kubernetes security and vulnerabilities management, IaC scanning, or cloud detection and response. Cloud Native Security covers all of these. There is also a graphics tool where we can get all the details in a graph. All the Kubernetes microservices get scanned in the workload protection. The Cloud Workload Protection module detects all the cluster misconfigurations and other things. It also gives you alerts on the containers. We were looking for such a tool with all the cloud security modules.

We can also create our own custom policy. For example, if we do not want to enable the recommended Cloud Native Security policies for our company, we can create our own policies. This feature is very helpful.

We use Infrastructure as Code (IaC) scanning. It follows all the features for shift-left. We get all the alerts for IaC scanning. For example, if TerraForm is not performing any security checks in the template, that gets triggered. We also get information about any vulnerabilities related to IaC.

We have not got any false positives with Cloud Native Security so far.

Cloud Native Security has affected our risk posture. It shows us our risk areas. As an organization, we look for cloud security tools that can manage all the areas, and Cloud Native Security is doing a good job in managing all the things.

Cloud Native Security has reduced our mean time to detect. The detection time of Cloud Native Security is quite good. It takes half an hour for critical alerts and one hour for high alerts. These are the SLAs that we have. The detection time is quite good.

Cloud Native Security has also reduced our mean time to remediate. We have defined our SLAs as well. In our organization, we define the SLAs and share them with the developers or the DevOps team so that they can follow them. They work on the assigned issue, and if there is any issue, they come back to us.

I like CSPM the most. It captures a lot of alerts within a short period of time. When an alert gets triggered on the cloud, it throws an alert within half an hour, which is very reasonable. It is a plus point for us.

Apart from the posture management, I like the UI. It gives a holistic view of all the alerts and the accounts from where they are triggered.

Cloud Native Security is quite easy to use. It is user-friendly. As compared to other tools, it is more user-friendly, and its cost is also less than the other tools. It provides the same visibility that the other tools are providing in the market.

They can add additional modules to see scanning alerts. Adding additional modules will give us a better view. 

They can work on policies based on different compliance standards.

They can add more modules to the current subscription that we have. If they can merge some of the two modules, it would be great. For example, if they can merge Kubernetes Security with other modules related to Kubernetes, that would help us to get more modules in the current subscription.

It has been around two years since we have been using this product.

It is a stable product. I would rate it a 10 out of 10 for stability.

It is scalable. I would rate it a 10 out of 10 for scalability.

Our security team uses this solution. We have five to six people on the security team. Overall, we have 600 people. 

Previously, we were using AWS services, but there was no dashboard. That was where we had an issue. We wanted a cloud security tool that matches our requirements and provides the same thing in a holistic view and a better manner. That is why we went for Cloud Native Security. It has now been acquired by SentinelOne. We are getting the same product even after the acquisition.

It is deployed on the cloud. It took us about a week to implement all the features. It was very easy. They were very user-friendly.

In terms of maintenance, they do inform us when the maintenance will be going on.

We had two people involved in its deployment. 

It is not that expensive. There are some tools that are double the cost of Cloud Native Security. It is good on the pricing side.

We started doing POC with Cloud Native Security, and we liked it. We did not think of any other product. It also had better pricing than any other product.

I would recommend Cloud Native Security as a cloud security solution. They are doing an excellent job of providing the features that we require for cloud security posture management.

I would rate Cloud Native Security a 10 out of 10.

When we receive a ticket about a SentinelOne detection on a specific host, we will first go to the SentinelOne console and look up the endpoint and the case. If there are any threats related to the host, we will then review the activities that have taken place within a specific time frame. We can look at the processes that have run, and how they have propagated from one process to another. We can also look at the timeline of events, from the top down, to see what happened when each process was run. This will help us to determine if any malicious activity has taken place.

We use the cloud-based management console to install SentinelOne on each employee's or host's device. SentinelOne can be installed through the cloud.

Singularity Cloud Workload Security provides us with better security detection and more visibility. It is another resource that we can use to detect vulnerabilities in our company's systems. For example, it can help us detect new file processes that we are not familiar with, which could be used by attackers to exploit our systems. Singularity Cloud Workload Security can also help us diagnose and analyze data to determine whether it is malicious or not. Singularity Cloud Workload Security is like another pair of eyes that can help us protect our systems from cyberattacks.

The real-time detection and response capabilities of Singularity Cloud Workload Security are very helpful. When we receive alerts in real-time, we can take action immediately. Within Vigilance, they look at things for us in real-time and let us know if they detect something malicious. This allows us to investigate the incident and see what is happening. If it is a zero-day attack, we can take action immediately to try to mitigate the damage. Having real-time alerts helps us take action more quickly than waiting for a few days for something to happen.

The automated remediation feature works from a database. We upload anything that we have detected before or anything that we can filter into this database. For example, we would upload the known IP addresses of analysts who do penetration testing for us within the company. If one of these IP addresses comes in and is malicious to the company, the solution will detect it. Singularity Cloud Workload Security will check the IP address and automatically classify it as benign. This saves us time because we don't have to manually review the IP address or contact our colleagues. This frees up our time so that we can focus on other things, such as investigating more malicious threats. IP addresses are just one type of data that can be filtered. File processes can also be filtered. Any type of automated filtering helps us reduce the time it takes to investigate a ticket so that we can focus on the most malicious threats.

The historical data record provided by SentinelOne after an attack is helpful in identifying what we can do to protect ourselves from future attacks. We can use this data to understand the cause of the attack and put in place preventive measures, such as educating employees about security best practices. SentinelOne allows us to access up to three or four months of historical data without a request. For data that goes back six months to one year, we need to submit a request. This data can be specific to a particular host, if necessary.

Singularity Cloud Workload Security is a great product. It is very robust and versatile. There are many things we can do with it, even things I have explored in the past two years. We can use different types of queries to narrow down our searches. It is a very powerful tool that has been very helpful to our SOC in analyzing specific incidents.

The solution has decreased our mean time to detect through the automated response process and visuals that give us time to focus on other important things. It definitely gives us the actual time to look at other things instead of focusing on one ticket that may take us 30 minutes to an hour to resolve. This could definitely decrease the coverage time.

The solution has decreased our mean time to remediate. We have many detection systems in our organization, and it takes a lot of manpower to focus on all of them. Integrating SentinelOne into our organization has given us more time to focus on other things, rather than having to look at minor incidents, such as low-severity incidents. SentinelOne detects and remediates these incidents for us, so we don't have to worry about them. This has been a great help, and we no longer need to dedicate as much manpower to these incidents.

The solution helps to free up our SOC staff time to work on other projects and tasks. Thousands of false positive tickets no longer have to be looked at by our SOC team, saving them a lot of time.

The solution has helped our organization become more productive by allowing us to focus on more severe issues instead of wasting time on minor ones.

The management console is the most valuable feature. It offers a variety of options for us to view. If a threat is detected, there is a specific area where we can view the different incidents that have occurred. This is the threat that is associated with that host.

We can also have deep visibility into the activities within the host within a specific time frame. This is very useful, especially when we can view the process tree. This allows us to see how one process propagates to another process, and so on. We can then look back to the beginning of the process to see where it came from. How was it downloaded? Which URL did it come from? Was it internal or external? This information has been very helpful when we are diagnosing a specific incident.

The File Fence feature is also useful. When we view a file within Singularity Cloud Workload Security, we can put it into our sandbox to see what type of file it is and whether it is malicious or not. There is also the scan feature, which is very helpful. When we scan a host remotely, it can return to us with information about the detections that were made on that host. This can help us to identify and alert others about any potential threats.

Whenever I view the processes and the process aspect, it takes a long time to load. I think this is because the dashboard or management console is slow, especially during downtime or when updates are being applied. Even when I search for a specific query, it takes a while to load. I believe that increasing the bandwidth for query processing would help.

I have been using SentinelOne Singularity Cloud for three years.

I think the stability is decent. However, if they fixed the bandwidth issue, it would be a top contender. Sometimes, when I need to look at the process timeline, it is very difficult to load and takes a long time. We don't always have the time to wait for it to load. I think the stability is okay, but it could be improved.

We used Carbon Black. Carbon Black's stability is pretty good. Its downtime is not as high as SentinelOne's. Carbon Black is a little bit easier to use than SentinelOne. Its user interface is a little bit easier than SentinelOne's. In terms of stability, I think SentinelOne is just a little bit behind Carbon Black. Not by much, but just a little bit.

The scalability is fine.

The technical support is very responsive, and courteous, and provides great customer service. If we need something right away, they will definitely put us on the priority list. We have a special chat channel or a specific team dedicated to our company. We can also email them, and they will usually respond quickly.

Positive

I previously used Carbon Black and Tanium for a short time. When I first started at my current organization, they were using both Carbon Black and SentinelOne. However, SentinelOne provides the same level of security as Carbon Black at a lower cost, so the organization stopped using Carbon Black.

If I were to compare SentinelOne to Carbon Black, I would say that they have the same functionality, but Carbon Black has a faster response time. If SentinelOne could improve its bandwidth in this area, it would be a more competitive product.

I would rate Singularity Cloud Workload Security a seven out of ten. I noticed some lagging, especially when loading a specific storyline. I also experienced some lag when I had too many windows open.

Based on the company's size and infrastructure, SentinelOne offers different tiers of service for small, medium, and large businesses. For a really small company that doesn't generate a lot of logs, a robust system like SentinelOne may not be necessary. However, for a medium-sized company, SentinelOne can be a valuable asset. It has helped us to reduce our response time, gain more visibility into our security posture, and receive alerts if any devices are lost or stolen. SentinelOne is also more versatile than other solutions in terms of the resources it uses to detect malicious activity. I would recommend that any company considering SentinelOne do their research and talk to other users to see if it is the right fit for their needs.

Singularity Cloud Workload Security is a cloud-based solution that does not require much maintenance. The only maintenance required is to keep the filtering list up to date. This can be done with the help of the SentinelOne team.

The interoperability of the solution is fine. I don't have any issue with it.

In my line of work, we innovate by detecting and analyzing specific incidents. Singularity Cloud Workload Security definitely helps us out a lot in terms of detection, creating new queries, and creating new filters.

I suggest they research the solution and test it out. I believe SentinelOne offers a trial version, so they can try it before they buy it. See how they like it. We love it and don't think we can live without it. It gives us so much free time to focus on other things. It's like a home security system. If we miss something, they contact us. If the doors unlock, they let us know. If the battery is dying, they let us know. It has helped us out a lot. It gave us the visibility we didn't have before and continues to give us the visibility we need. I don't know what we would do without it.