SentinelOne Singularity Cloud Security Reviews

SentinelOne Singularity Cloud Security is our primary security monitoring tool used for identifying vulnerabilities and misconfiguration.

I would rate the ease of use of SentinelOne Singularity Cloud Security eight out of ten.

SentinelOne Singularity Cloud Security offers a variety of dashboards, but the issue dashboard is my favorite due to its clarity and simplicity.

The evidence-based reporting is great and I appreciate the details the reports provide.

The IAC scanning picks everything up and is effective. The IAC scanning is proactive.

The two biggest benefits of SentinelOne Singularity Cloud Security are the centralized reporting dashboard for all my accounts and providers and the ability to track remediation progress.

SentinelOne Singularity Cloud Security has helped reduce the number of false positives we receive.

SentinelOne Singularity Cloud Security helps us manage our risk posture.

SentinelOne Singularity Cloud Security has reduced our MTTD thanks to its comprehensive coverage and centralized reporting capabilities.

The most valuable feature of SentinelOne Singularity Cloud Security is its integration with most of our technology stack, specifically all of our cloud platforms and ticketing software.

I wish SentinelOne Singularity Cloud Security provided clearer solutions or remediation steps. The recommended actions aren't always specific, so it might suggest recommendations that don't apply to the particular infrastructure code I'm reviewing.

I would appreciate the ability to customize the severity levels in SentinelOne Singularity Cloud Security as the current defaults do not meet my needs.

I have been using SentinelOne Singularity Cloud Security for one year.

SentinelOne Singularity Cloud Security is stable. I have not encountered any downtime.

SentinelOne Singularity Cloud Security is highly scalable.

Technical support is usually great. While it can sometimes be a bit curt or dismissive, for the most part, getting help is easy and responses are quick.

Positive

The initial setup is easy. One person is required for the deployment.

The implementation was completed in-house.

I'm not familiar with SentinelOne Singularity Cloud Security's standard pricing. While it seemed like a good value, I'm on a partnership plan that offers a discount in exchange for feedback. Therefore, I can't speak to the typical pricing.

I would rate SentinelOne Singularity Cloud Security nine out of ten.

SentinelOne Singularity Cloud Security requires monthly updates.

Preparing for SentinelOne Singularity Cloud Security is fairly straightforward, especially if you're familiar with cloud security posture management tools. However, if this is your first time using such a tool, be prepared for a significant number of findings. SentinelOne Singularity Cloud Security will uncover security issues that manual efforts might miss.

The solution closes the gaps in cloud infrastructure. We can find any gaps that exist and what possible attack factors may be. Everything is gathered together and removed. So we primarily use it for cloud security assessment.  

The primary benefit for our company has been the reduction of false positives. It's saved us time and resources. 

I like that we get a map view of all the assets we have and how these assets are connected together. We can get a view of the entire structure and that gives us a good vantage point when assessing gaps. We can see which assets are public and which are private. It gives us good visibility.

It brings in good security.

It is fairly simple. Anybody can use it.

The evidence-based reporting capabilities are useful. It's good for everyday reporting. It makes it easy to identify actual false positives. Priority cases are assigned accordingly so we don't need to find a needle in a haystack. If something is critical, it's very easy to find and see it. 

The solution offers agentless vulnerability scanning, which helps us identify any open ports on the server or any vulnerable assets online in the cloud. 

While they do have an offensive security engine, we do not use that aspect. We use a different vendor for that. However, it's a very good initiative. It basically expands and searches and does more offensive security.

It's very easy to integrate.

The notifications are very good. We can get notified right on Slack. if we aren't checking out email regularly.

The benefits we witnessed were pretty immediate post-implementation. Once you've done your integrations, it starts showing you vulnerabilities that are being observed, and he lets us immediately identify and deal with infrastructure gaps. It even has allowed us to deal with several misconfigurations. 

It has helped us reduce false positives significantly. That's something I've been focused on. 

The solution has positively affected our risk posture. Thanks to the lower number of security vulnerabilities, it's helped us with several benchmarks and compliance-related issues. 

Our mean time to detection and mean time to remediation has been reduced. If there's an issues, it can be found and dealt with in a short amount of time. It also gives you remediation details as to where particular vulnerabilities exist. We're able to fix problems as soon as possible when we see issues pop up. The mean time to remediation depends on the severity of the issue and who is handling it. Remediation for an experienced user versus a new hire may vary.

After introducing PingSafe, we were able to bridge the gap between developers. Since PingSafe had details about that particular vulnerability and how to remediate it, we could just pass that on to the application developers, who could fix it. That has also reduced the number of vulnerabilities that are being discovered by the application security testing team.

There is a bit of a learning curve. However, you only need 2 to 3 days to identify options and get accustomed. 

They could separate or differentiate between different kinds of frameworks.

I've used the solution since I started working with my company - for about one year and three months. 

I don't recall any stability issues. 

The solution is scalable. The scalability is highly flexible. 

We do have regular meetings with support. They catch us up every month and provide us regular updates and solicit feedback. Support is excellent.

Positive

I have not used any alternatives.

I was not initially involved in the deployment process. 

There isn't really any maintenance needed. The only thing would be if you find a false positive. You can mark it so it doesn't happen again. Beyond that, you don't have to maintain anything. 

I'm not sure how the pricing for the solution works. 

I'm an end-user. 

I'd rate the solution 9 out of 10. 

It's pretty easy to use. Integration with cloud infrastructure may require a bit of help in the initial stages. However, once you are up and running, finding vulnerabilities is simple and reporting is good. 

We use Singularity Cloud Workload Security to protect all our servers from malware, both present and future. We also use it to protect our user endpoints, such as workstations and employee laptops.

We recently switched from Windows Defender to SentinelOne endpoint protection after a few of our laptops were infected with malware. SentinelOne has been protecting our laptops, endpoints, and servers for two years now, and it has performed well in internal and external audits.

We currently have a hybrid Active Directory environment. SentinelOne itself is a SaaS-based product, so it is fully cloud-based. However, we need to install agents on all of our endpoints and cloud services.

Singularity Cloud Workload Security has real-time threat detection capabilities. We have tested it with multiple clients and ourselves, and it has detected malware every time we have been attacked. Compared to other major security vendors, Singularity Cloud Workload Security had the best detection rates for all the malware we threw at it during our proof of concept.

Automated remediation is policy-based, which makes it very useful. The SentinelOne platform gathers all information about how the threat played out and all the changes that were affected on our system. Using this information makes it very easy to remediate all the damage because we know what happened. Automated remediation is amazing and a key differentiator from other competitors.

For Linux kernels, the agent supports almost all platforms, including legacy Windows, macOS, and Linux. We have a few Linux servers, and the mitigation and all the other features work just as well as on the other operating systems.

Using the Deep Visibility Console, we can thoroughly investigate everything that was called or changed on a computer. This gives us visibility into virtually everything that happens on all of our endpoints at all times, in real-time. This has allowed us to find threats that other vendors would have missed. We can also use the Deep Visibility Console to perform threat hunting. For example, if a threat has been moving around our network, we can track it down to see exactly where it is moving to and how it is working.

The historical data record provided by Singularity Cloud Workload Security after an attack is good. For data retention in terms of threats, we have a one-year retention period. This is a long time, and it is very useful for our insurance policies, as we often need to comply with them. For compliance purposes, the one-year retention period is perfect for us. For visibility logs, for example, we are ingesting some logs, and I believe the retention rate is actually fourteen days.

Singularity Cloud Workload Security has reduced our MTTD. Previously, with Defender, it would sometimes fail to detect threats. Now, we detect and remediate many more threats automatically, almost instantaneously. For example, if we download a malware file, we usually cannot even open it because Singularity Cloud Workload Security detects it automatically with a super-fast response time.

Our MTTR is automatic. As soon as a threat is detected, remediation is performed automatically, according to our policy. We can even generate a report of the remediation and all affected files. This allows us to see everything and ensures that remediation is performed quickly.

Singularity Cloud Workload Security has freed up our SOC staff's time to work on other projects. Before, we were considering hiring a 24/7 SOC team, but with SentinelOne's vigilance package, they take care of almost everything for us. We no longer need an employee to monitor logs and threats 24/7.

Since we are freeing up some time from the operations side, our IT administrators and security personnel do not have to constantly monitor the console to see what is happening. Because we trust the product to take care of malware for us, our productivity has definitely increased. We only check the logs once a week.

Singularity Cloud Workload Security works well with other vendors, so we can even have two EDR solutions if we want to. The exclusions can be done through the console, which is very easy to use. It gives us a list of all the applications that we have installed on all our systems and makes it easy to create different types of exclusions. For example, we can create exclusions for performance reasons or to suppress alerts. There are a lot of options, and they are all very easy to use.

My favorite feature is Storyline. It creates a neat graph that shows us how any threat played out, in real time. We can see all the information about what was modified or changed on our system, such as files that were modified, created, or deleted, and register keys that were created or edited. For a SOC analyst, this information is super useful. We can deep dive into all the information and see exactly what happened on each computer individually.

The second feature is actually part of the SDR platform, and it provides native integrations with other security software vendors, such as Okta or Azure AD. This allows us to ingest all of our audit logs for security events and to take action on them. For example, we can set up an automation alert so that if a threat is detected on an endpoint, we can automatically take action on our Okta or AD environment, such as locking the account that was signed in or forcing a password reset.

I know that SentinelOne is working on additional integrations for their XDR platform, and I would definitely prefer more integrations. I understand that many more integrations are coming soon but by the end of the year. I would like additional integrations. Currently, we have integrations with Azure AD, Okta, Mimecast, and Netscope. Many of our clients and we also use firewalls from Cisco, Juniper, and so on. It would be helpful to be able to retrieve audit logs or actionable items from these firewalls.

I have been using Singularity Cloud Workload Security for two years.

Singularity Cloud Workload Security is stable, and we have not experienced any downtime. 

The stability of Singularity Cloud Workload Security is similar to that of Microsoft Defender.

Singularity Cloud Workload Security is infinitely scalable, with a multi-tenancy feature that allows us to have multiple sites, such as physical sites. For example, if we have two locations, we can easily create admins who have access to only one site or to all sites. It scales really well, regardless of our environment.

The auto-scaling feature is user-friendly. As we install more endpoints, they will simply show up in the console, allowing us to create our own physical sites with their own admins and different policies.

My interaction with technical support was pleasant. They gave me a few tips on how to integrate the new system. They also sent me some documentation, which was already available to me, but they saved me the time of searching for it. They even offered to schedule a team call to discuss the integration and have a team member help us directly. The only downside is that the entire interaction was text-based, so it could be difficult to get a definitive answer to some questions.

Positive

We previously used Microsoft Defender, but some of our laptops were infected with malware anyway. Because of this, we had to redeploy all of our laptops. We therefore concluded that the solution was not working as well as it should in terms of detection and response so we switched to Singularity Cloud Workload Security.

Deployment was straightforward. The agent is simple to deploy, and we only need to deploy it to all of our endpoints. It is a simple installation that requires our site token. We can deploy it through group policies, Intune, or any mass deployment software. I completed the deployment myself.

We evaluated CrowdStrike, Carbon Black, and Bitdefender, and found that Singularity Cloud Workload Security had a much better remediation process. This is because Singularity Cloud Workload Security uses AI-powered detection and remediation, instead of relying on human analysts. This means that threats can be detected and remediated much faster than with traditional security solutions. Another factor that influenced our decision was pricing. SentinelOne is not too expensive compared to other providers, and it offers a wide range of integrations with other security products.

I would rate Singularity Cloud Workload Security nine out of ten.

Maintenance is minimal, requiring only occasional updates. When a major update is available, we receive an email notification. We then accept and deploy the update to all eligible endpoints through the console.

Singularity Cloud Workload Security is very easy to deploy and has one of the best detection rates among vendors. It has a very user-friendly UI that provides a high-level overview of current threats and system status, as well as the ability to drill down into analytics and threat indicators using the visibility console. It is so user-friendly that anyone can use it, regardless of their expertise level. However, for more experienced users, there is also the option to dig deeper into the data.

Singularity Cloud Workload Security helps us spend less time on threats and more time on our core competency, which is consulting work. This definitely improves our productivity and innovation.

We use Singularity Cloud Workload Security primarily as an EDR for protecting our endpoints. We also use it for incident response. We can track down issues or weirdness in our network via Singularity Cloud Workload Security and other tools we have. 

We use it as an additional set of storage for our Splunk SIEM. It collects some of the less important events, and we keep them in Singularity Cloud Workload Security. We save money on storage space and the number of events that we have to search through.

The most valuable feature of the solution is its storyline, which helps trace an event back to its source, like an email or someone clicking on a link. This feature has helped our incident response team and SOC team to track stuff down and ensure that it hasn't spread further into the network than we're aware of. It also helps us see where it started and take appropriate steps.

While it is good, I think the solution's console could be improved. I'm the SME for Singularity Cloud Workload Security, and the amount of time I have to spend resetting passwords or accounts seems particularly high. We don't use SSO for the time being. It's fairly common for me to go in weekly and reset a password or reissue credentials to get people to log in. This process is very antiquated and could definitely be improved upon.

We have been using Singularity Cloud Workload Security for about two years now.

I have not experienced any issues with the solution's stability. Occasionally, we'll have an issue with an install where it may not install correctly, and we have to pull it out and reinstall it. Other than that, we have not had any serious issues with the solution's stability. Singularity Cloud Workload Security is significantly more stable than our previous solution.

We have not had any issues with the solution's scalability. As we grow and shrink and our offices open and close, we've never had an issue scaling the product according to our needs.

Singularity Cloud Workload Security's technical support team gets to your issue relatively quickly. I've never had an issue where I've had to call in to follow up on a ticket. Other than a complex issue that needed resolving, I've never had any serious issues with them.

Positive

Before Singularity Cloud Workload Security, we used a product called Endpoint Security. With Endpoint, it was almost as if the company that had created the solution had forgotten about it. Its updates were coming slowly, and it wasn't making any effort to improve itself. That was a big push. We saw that SentinelOne was a very new and good product that took many innovative steps. Hence, we decided to use Singularity Cloud Workload Security.

I feel Singularity Cloud Workload Security's initial setup was fairly straightforward. Deploying the product was not terribly difficult. It was more about scheduling and timing on the various teams' parts. Once we had that under control, the deployment of the product itself was very simple.

We deployed the solution by ourselves. We did have SentinelOne support available. A team was available for us, but we did roll it out on our own. Around five people were involved in the solution's deployment.

The solution has provided improvement in productivity and the time spent on issues. With the implementation of Singularity Cloud Workload Security, our teams have been able to more efficiently use their time to fight other fires, as it were.

Singularity Cloud Workload Security's pricing is good. It's pretty similar to a lot of newer products' pricing. A lot of legacy products don't really use it. This newer pricing model seems to be a better fit for our company, and I like that.

Before choosing Singularity Cloud Workload Security, we evaluated CrowdStrike and Symantec. I feel like CrowdStrike is probably an equal to Singularity Cloud Workload Security. However, we decided not to go for CrowdStrike because it was more expensive.

Singularity Cloud Workload Security is a SaaS product, so no equipment or installations are needed other than agents on the endpoints. The ability to be available if we were to have some type of DR incident was a huge plus. That way, we could still keep the tool working if there was some issue with one location or multiple locations. As always, cost was definitely an issue here as well. The features and the efficiency that was offered were also a big draw.

Other than the manual upgrades we do, Singularity Cloud Workload Security doesn't require any maintenance.

I would ask users to put the solution through the spaces, do what they normally do in response to an incident, and see how Singularity Cloud Workload Security acts. If you have a certain set of steps that you take for an incident, follow those in Singularity Cloud Workload Security. Whatever you do with your current product, do it in Singularity Cloud Workload Security, and make sure that every step you've taken in the old one works in the new one.

Singularity Cloud Workload Security's real-time detection and response capabilities seem to be pretty good. They're very on point. We don't have to deal with anything like signatures. It updates itself automatically. It works very quickly and efficiently so that we can track down issues and events without wasting a lot of time.

We don't use the solution's automated remediation too much because taking something out of the hands of the engineers doesn't make everyone very comfortable. So, we use it sparingly, but what it does, it does well.

Cloud Workload Security's forensic visibility is fantastic. We have a smaller Linux footprint than a Windows footprint, but the footprint we do have is very exposed to the internet and other nasty places that are out there.

Being able to look into those and make sure that things aren't open or open things are being remediated quickly is very important to us. We like the solution's forensic visibility feature quite a bit.

The historical data record provided by Singularity Cloud Workload Security after an attack is fantastic. We want to fix the problem initially, but when we do the rehash of the event, we'd like to go back and see where it all started. We'd like to see what happened in the meantime and ensure that everything that was infected, attacked, or damaged is listed and taken care of so that no things out there can reinfect us or cause more problems. So, we really enjoy that feature.

The solution has helped reduce our organization's mean time to detect. It's much quicker than our old solution. It's reduced the response time from 24 hours down to 12 hours for the most part. That's nearly a 50% increase in the response time.

The solution has helped reduce our organization's mean time to remediate. It's good, and it works really well. We haven't had to use it too frequently, but the times we've tested it or the times we have had to enable it have been very quick and successful without too many issues behind it.

I would say Singularity Cloud Workload Security has helped free up SOC staff to work on other projects. I don't think we have any true measurements of it. However, I feel like they have more freedom to explore or work on projects as a whole versus having to chase down incidents like they did in the past.

Singularity Cloud Workload Security has improved our organization’s productivity by at least 50%.

If someone is comfortable with another solution, they can stay with it. However, the threat landscape changes so frequently and so fast that not having an up-to-date feature-packed product could be a detriment. Singularity Cloud Workload Security is a good product that provides such an environment for big and small customers.

We don't have a large Kubernetes environment. From what I have seen via Windows and Linux, we have not had any serious issues with Singularity Cloud Workload Security's interoperability with any of those solutions.

We haven't really used autoscaling as we don't want to scale it mostly for over-licensing our products. It has never been an issue. We just don't want it to grab onto something that it doesn't need to grab onto or implement itself in an environment that doesn't need it. We don't really use that, but we have tested it on a smaller scale, and it has scaled easily without too much issue.

I think the solution can help us when we need a significant innovation, a new product, or a new system being implemented. For the most part, it hasn't hindered anything currently in the works, so I see it as a plus to innovate in the future as needed.

Overall, I rate Singularity Cloud Workload Security a nine out of ten.

We use the solution basically for AD protection. We get to see at a deeper level the different processes that are being run on computers.

We've been able to stop any potential malicious actions that are being taken on various computers.

Their detection of potentially malicious stuff is probably the most beneficial feature and their new Singularity XDR is an awesome platform.

The solution's real-time detection and response capabilities are very good. Pretty much anytime that there is something that we might see as potentially malicious is caught. Depending on the type of computer it is, it does a great job of blocking those actions that are being taken. 

It's really easy to configure enterprise-wide, which actions we want to stop. It's very easy to stop malicious stuff.

The solution's automated remediation is really good. We're doing the rollback also now. That way, if something does happen, it's able to roll back to the state before the process happens.

The solution's forensic visibility into our Linux kernel in regards to deep visibility is really good. It is very granular. It's able to show everything that it did. 

The historical data record provided by the solution after an attack is great. You're able to search by different computers. You can get a whole scope of computers - as much as you want. You're able to get as granular as you want as well and can identify different cross processes than indicators and different files that were launched during a period of time.

It helped reduce our organization's mean time to detect very significantly. We had Endgame before this. It did not stop the processes in a manner of time that you would like it to. This definitely improved our response time to anything that we saw. It's very fast. It's improved the response time by 50% to 75% from just detection time to our response. 

The solution reduced the organization's mean time to remediate. It is as fast as the potentially malicious process that's launched. It'll stop it right then and there. It'll remediate the action immediately. 

It helped free other staff to work on other projects or other tasks. We basically just had to do a bunch of upfront configuring. With it, we do not have to spend as much time in the console.

The solution's impact on your organization's productivity has been impressive. We just had to put a bunch of time upfront. However, ever since then, we haven't had to really do much there besides analyzing threats.

There's the singularity marketplace, which they've expanded a bunch. However, there are some other APIs that I'd like to see. We'd like to be able to connect to them from a SIM perspective.

The Automation tab is an add-on that doesn’t work properly. They provide a list of scripts that don’t work and I have asked support to assist but they won’t help. When running on various endpoints the script doesn’t work and if it does, it’s only a couple. There are a lot of useful scripts that would be beneficial to run forensics, event logs, and process lists running on the endpoint.

I've used the solution for about a year and a half.

The stability is very good. I'd rate stability ten out of ten. I've never had issues. It's never been down. 

We have four different properties on which agents are one and 1,700  workstations as well as 250 servers. 

The product is scalable. We have about 2,000 endpoints. If we had 4,000 or 10,000 it really wouldn't be an issue. It's just a matter of configuring your groups. It's good at autoscaling based on workload demands. 

Technical support is really good. Whenever a threat comes into our environment, they will comment and give analysis. That's been very helpful in covering items we're not totally sure of. 

Positive

I previously used a different solution called Endgame. We did a POC with Crowdstrike and SentinelOne and SentinelOne was a much cleaner, easier-to-use console.

The initial setup did take some understanding on our part of how we wanted to split and group. We needed to figure out how to split our servers and workstations. That was the hardest part. After that, we had to get our policies in order. 

We were able to get everything up within a week to where we were comfortable with how everything was running. We're still tweaking little things. 

We had three people on our team and two people from professional services. 

Maintenance is minimal, such as adding exclusions to threats or alerts. 

We did initiate the setup with professional services. 

We have noted a good ROI and haven't had a single incident since implementing the solution. 

The solution is fairly priced for what they're offering especially compared to other platforms. It gives you great visibility into the different processes that are running on different computers. It's fairly priced, especially for a cloud platform.

We are customers and end-users.

If someone doesn't think they need a singularity cloud workflow protection platform because they have a continuous security monitoring solution, I'd say it depends on whether you're able to block potentially malicious stuff or not. This solution gives you just about the fastest understanding from a machine-learning perspective. 

This is much better than our previous solution. They've innovated a lot in terms of their deep visibility and singularity XDR (which is more granular).

I'd advise potential users to do a POC no matter what. That said, this is a great product. I rave about it to everybody. It's likely my favorite product for our environment.

I'd rate the solution ten out of ten. 

SentinelOne Singularity Cloud Security is deployed on all our servers except for user machines. When Singularity identifies a downloaded application as malicious, it triggers an alert sent to our SIEM console. We can then investigate the alert details, including associated logs, to determine if the malware is static or actively malicious. We can also investigate suspicious IP addresses or domains. Additionally, Singularity monitors process creation and can provide forensic data on security incidents, including information about backdoor connections and the applications involved, like Chrome or other browsers.

SentinelOne Singularity Cloud Security stands out for its user-friendliness compared to competitors like CrowdStrike, FireEye HX, and Microsoft Defender. Unlike these tools, which can be cumbersome for tasks like running queries or searching for logs, Singularity offers intuitive interfaces and delivers results in seconds, even for complex searches across various hash formats, like MD5, SHA256, etc., without needing conversion.

Our existing SIEM console allows us to analyze alerts triggered by the SOC team. We can investigate potential false positives or conduct tests directly within the console. Additionally, the console facilitates quick searches for IOCs to identify malicious communications. Furthermore, Singularity Cloud Security offers a central management console for automated machine reboots, containment, and even self-maintenance in response to high-severity security alerts. This eliminates the need for manual intervention.

We saw the benefits of SentinelOne Singularity Cloud Security within the first two months of transitioning from FireEye HX. Singularity was easy to manage, and we were able to identify vulnerabilities.

SentinelOne Singularity Cloud Security has helped reduce the false positives we receive by 15 percent compared to FireEye HX.

Singularity has helped reduce our mean time to detect. The automatic containment of the infected machine is done within the first ten seconds of detection.

Singularity has helped reduce our mean time to remediate. 

The user-friendliness is the most valuable feature.

SentinelOne Singularity Cloud Security offers a custom search function with a default 14-day limit. Extending this period to 30 days requires an additional license. A two-month grace period for extended searches would be a valuable improvement. Additionally, enhancements to the threat-hunting capabilities of the hunter module are recommended.

I have been using SentinelOne Singularity Cloud Security for two years.

We had an incident in which they pushed a patch without notifying us and without testing, damaging all of our security controls. 

Neutral

We previously used FireEye HX but shifted to Singularity because we saw the potential while the POC was going on. The top three endpoint security solutions are SentinelOne Singularity, Microsoft Defender, and CrowdStrike. FireEye HX is not one of them.

The initial deployment's complexity was moderate. The entire deployment took six months to complete.

The implementation was completed with the help of the vendor.

I would rate SentinelOne Singularity Cloud Security seven out of ten. The lack of a 60-day search option for the log source lowers the overall score.

The endpoint security team does the maintenance.

SentinelOne Singularity Cloud Security is a good product that is easy to use. 

We have onboarded multiple accounts from our organization. We have onboarded Azure accounts, and we have also onboarded GCP accounts. 

We are using the vulnerability management feature, and we are also using the offensive security feature. We are planning to use IaC in a couple of months.

We are a services company. We are working for multiple clients from the banking sector or the finance sector. They have to follow the rules and regulations of their country. Each country has multiple compliance requirements, and SentinelOne Singularity Cloud Security helps with the compliance standards that need to be followed. We get reports on the basis of that. We get to know our compliance level. It helps organizations to achieve a high level of compliance.

Its reporting is very good. We do not have to go to the portal and see things again and again. All the required reports go to the respective teams. We have created multiple reports on the basis of applications and cloud accounts. The reports directly go to the application team or the cloud team. They are working on the security posture.

Offensive security is my favorite feature. It gives a lot of things with evidence. It also provides the severity levels, such as critical, high, and medium.

SentinelOne Singularity Cloud Security has reduced false alerts. We are using SentinelOne Singularity Cloud Security every day, and we are able to see every configuration. If we find anything different, we work with SentinelOne Singularity Cloud Security's support team. We create a support ticket as a bug or as a false positive. We are able to close an issue on the basis of priority.

SentinelOne Singularity Cloud Security is protecting our overall infrastructure. It protects our configuration, network, and IM configuration-related things. We trust SentinelOne Singularity Cloud Security. We are getting good results, and we hope to keep getting good results in the future as well.

SentinelOne Singularity Cloud Security has reduced the mean time to detect. If needed, we can also run a scan, and the results are reflected in the SentinelOne Singularity Cloud Security portal.

SentinelOne Singularity Cloud Security has reduced our mean time to remediate. It also has auto-remediation capability, but we are not using that. As of now, we are following the information given for closing an alert. This information makes it quite easy. It is very helpful. We do not have to search on the web to find a way to fix the issue. The description it provides is good enough.

SentinelOne Singularity Cloud Security has affected the collaboration among our cloud security, application developers, and app sec teams. All the teams are on the same platform. They are able to communicate with each other.  

The offensive security feature is valuable because it publicly detects the offensive and vulnerable things present in our domain or applications. It checks any applications with public access. Some of the applications give public access to certain files or are present over a particular domain. It detects and lets us know with evidence. That is quite good. It is protecting our infrastructure quite well.

Its UI is quite easy. The recommendation part is also quite easy to understand. Users can read the description, and they get to know which action to perform. It is quite easy to use it and onboard things. I would rate it a 9 out of 10 for the ease of use.

For vulnerabilities, they are showing CVE ID. The naming convention should be better so that it indicates the container where a vulnerability is present. Currently, they are only showing CVE ID, but the same CVE ID might be present in multiple containers. We would like to have the container name so that we can easily fix the issue. This is a feature request that we have. We are trying to get that done as soon as possible.

We have been using SentinelOne Singularity Cloud Security for the last year. We are implementing it for customers. We are also trying to be a partner of SentinelOne Singularity Cloud Security or SentinelOne.

It is stable. I would rate it a 10 out of 10 for stability. We have not faced any downtime. The platform is working well.

Its scalability is very good. We can onboard multiple accounts, Kubernetes clusters, or ECS services on a single platform.

I have contacted them. We also have a Customer Success Manager whom we can contact via email. Whenever required, we raise a support ticket with them. We get a call from them, and it gets resolved every time.

We also have biweekly calls with the SentinelOne Singularity Cloud Security team. We discuss any issue that we have with them. They let us know about the things they can do. They provide us with updates. This is how we are working with the SentinelOne team or the SentinelOne Singularity Cloud Security team.

Positive

SentinelOne Singularity Cloud Security is a SaaS solution. It is easy to deploy it for a customer. If we have all the permissions on the infrastructure, we can onboard any cloud within an hour. However, in an organization, some approvals might be required. In such a case, it can take a week.

It does not require any maintenance. Whatever they are doing is quite good, and the application is working fine. They let us know about their maintenance plans via email. We get to know that downtime is at a specific time. So far, we have not had any issues. It has been pretty good.

We have not used SentinelOne Singularity Cloud Security's agentless vulnerability scanning. We are trying to onboard all the features and enable them in our tenant. Currently, there are a few features that we have not enabled because we have onboarded some of the accounts as a single account. We are trying to onboard all the accounts at the org level, but we are facing some issues. We are communicating with the SentinelOne team. We are trying to get it done as soon as possible.

We have done a PoC of IaC for some of the projects. In a couple of months, we will start with this feature. It is quite a good feature because we get to the issues in our code before deploying it. It is very good for developers and the Infra team. They do not have to worry after the deployment of the application.

Overall, I would rate SentinelOne Singularity Cloud Security a 10 out of 10. It is helpful. It is easy to use and easy to understand. It makes it easy to explain things to the customers.

Our Cloud Native Security use cases depend on the type of SQL server we use. Currently, we need to check all cloud-based configurations directly. Cloud Native Security helps us identify SQL configurations on our local PCs.

Cloud Native Security has improved our cloud security monitoring processes. We can now capture all issues and misconfigurations in real-time, allowing us to respond quickly.

It streamlined compliance management for our organization. They schedule a meeting with us every month to discuss any requirements on our end, such as updating the Cloud Native Security version. For example, one time they informed us that we needed to update to Cloud Native Security version four. We inquired with their customer support team, who were very approachable and requested them to implement the cloud version of Cloud Native Security version four into our Cloud Native Security dashboard. They implemented it within five to six days. We were happy to adopt the enhanced security controls of Cloud Native Security version four. The customer success team and the customer-facing teams were very helpful and provided us with the best solution. This is why we chose Cloud Native Security. They are a well-established CSPM company in India with a proven track record of assisting businesses with compliance requirements. By onboarding Cloud Native Security, we gained a cloud-based configuration management system for our workloads.

It's easy to use.

Our cloud security issues are already automated using a common subscription ticketing tool to capture them. Reports are then sent to both the internal DevOps team to identify potential false positives and the business team to assess if resolving the issue aligns with business requirements.

Cloud Native Security's event-based evidence reporting should include proof of exploitability. This would allow users to easily identify misconfigured areas in the graph and click on a provided link to conveniently be redirected to the cloud service provider management console page for more details.

Cloud Native Security's offensive security engine proved valuable recently. When an endpoint was mistakenly exposed, it automatically captured the unauthorized request in the cloud and sent an alert to our email address. This notification allowed us to take swift action and restrict access to the URL on our network.

The AI helps us handle the hundreds of audits each year helping to enhance our security posture.

Cloud Native Security's access to the IIM role in the cloud formation template significantly reduces false positives, thereby maximizing the number of true positives.

Cloud Native Security helps us improve our risk posture, failover capabilities, and compliance levels.

Cloud Native Security reduces our MTTD. We are alerted within seconds on the dashboard and email of the detection.

To assess our MTTR, we need to consult with the DevOps team and conduct an impact analysis. If the impact analysis reveals no disruption to the production application within the AWS network architecture, we can proceed with remediation immediately. However, if the analysis identifies a potential impact, obtaining management approval will add to the resolution timeframe.

Cloud Native Security improves collaboration between our cloud security application developers and AppSec teams. It's particularly helpful for AppSec because we can leverage cloud security controls directly from Cloud Native Security. This also allows us to mitigate cloud misconfigurations.

Cloud Native Security's most valuable features include cloud misconfiguration detection and remediation, compliance monitoring, a robust authentication security engine, and cloud threat detection and response capabilities.

In addition to our telecom and Slack channels, it would be helpful to receive Cloud Native Security security notifications in Microsoft Teams. 

I have been using Cloud Native Security for six months.

Cloud Native Security is stable.

The scalability of Cloud Native Security is good.

The technical support is the best. They can integrate our suggestions for security control into Cloud Native Security within three days.

Positive

The deployment took one week. The deployment was completed by one person from our team along with a tech team from Cloud Native Security.

Cloud Native Security is priced reasonably for our workload.

I would rate Cloud Native Security ten out of ten.

We have a large number of users of Cloud Native Security in our organization.

I recommend Cloud Native Security to others.