SentinelOne Singularity Cloud Security Reviews

SentinelOne Singularity Cloud Security was being used for cybersecurity and governance. The company where I used to work wanted to secure sensitive information or prevent any data leaks. It provided good protection.

I used it on a daily basis. If any alert came up, or any best practice needed to be followed, I used to look into the alerts and work on the issue so that it did not affect our systems.

SentinelOne Singularity Cloud Security includes proof of exploitability in its evidence-based reporting. It helps to secure sensitive information saved in the cloud. It provides alerts in the case of any vulnerability. I felt secure when I was using SentinelOne Singularity Cloud Security.

The alerts had severity levels, such as low, medium, and high. I used to give priority to the ones with a high severity level and then I used to handle the ones with medium or low severity.

Before SentinelOne Singularity Cloud Security, it was a bit difficult to know all the vulnerabilities. There were some services in AWS, but we had to configure them and check them on a daily basis for any alerts. SentinelOne Singularity Cloud Security was more reliable. Our InfoSec team used to inform us about any vulnerabilities and then we used to resolve them. SentinelOne Singularity Cloud Security was more beneficial for our organization for security purposes.

SentinelOne Singularity Cloud Security improved our security posture. I would rate it a nine out of ten for that.

SentinelOne Singularity Cloud Security improved our mean time to detect. Its dashboards were helpful, and there was continuous improvement.

It used to guide me about an alert. There is something called an alert guide. I used to click on the alert guide, and I could read everything. I could read about the alert and how to resolve it. I used to love that feature.

Its interface was pretty good. It was very easy to use.

It was also good for compliance, but I was not handling that part. I only used to view the alerts and solve the issues. The other aspects were handled by my seniors.

I used to work on AWS. At times, I would generate a normal bug in my system, and then I would check SentinelOne Singularity Cloud Security. The alert used to come after about three and a half hours. It used to take that long to generate the alert about the vulnerability in my system. If a hacker attacks a system and SentinelOne Singularity Cloud Security takes three to four hours to generate an alert, it will not be beneficial for the company. It would be helpful if we get the alert in five to ten minutes.

Another issue was that when there was a new alert, I did not get an email or notification on my personal email. I had to log in and refresh the screen to check if any new alerts came. It would be beneficial if an email or a notification could be sent to a personal email or mobile number.

We had a few false positives. For example, for Amazon EBS volumes, SentinelOne Singularity Cloud Security sometimes used to give an alert saying that an EBS volume was created in the East US region, whereas no EBS volume was created. It was a false alert. We discussed these false alerts with the SentinelOne Singularity Cloud Security team and gave them feedback. We muted those alerts, but such a thing should not happen. However, the number of false positives reduced over time. Initially, if we had 10 false positives, then later on, we had only one or two.

They can enhance the dashboard and make it more user-friendly. They can also provide more information in the alerts about remediation.

I used SentinelOne Singularity Cloud Security for almost 1.5 years.

It is stable. I would rate it a 9 out of 10 for stability.

It is scalable. I would rate it a 9 out of 10 for scalability.

We had approximately 15 to 20 users in our organization. We had multiple departments, but all the applications were deployed only on AWS.

I never used their support in 1.5 years. A different team interacted with them.

I have only used SentinelOne Singularity Cloud Security.

It was deployed on the cloud and on-premises. Its initial setup was not complex. It was easy to understand.

Its deployment took a few days.

2-3 people were involved in its deployment.

It saved resources. There were 20% to 30% savings.

It is cheap.

I would recommend SentinelOne Singularity Cloud Security to others. Overall, I would rate SentinelOne Singularity Cloud Security a 9 out of 10.

We use it in different ways. The number one use case is related to vulnerabilities, which includes cloud misconfiguration, the Offensive Security Engine, and the management screen itself. That is our primary use case. Then comes the graphical representation of interfaces, and the third use case is the inventory that it allows, which is very nice.

By implementing this solution, we wanted to watch the security vulnerabilities in our organization. We wanted to watch them in the code that gets checked in. We wanted the latest and refreshed list of vulnerabilities in, for example, Log4j or any other software to be highlighted. SentinelOne Singularity Cloud Security keeps updating its database and highlighting any issues.

We use agentless vulnerability scanning. It is cool. It operates on our cloud. All we need to do is authenticate and authorize our agents to read from our cloud infrastructure, which is cool.

SentinelOne Singularity Cloud Security includes proof of exploitability in its evidence-based reporting. This is very important because it gives the entry point to the entire process.

We use SentinelOne Singularity Cloud Security's Infrastructure as Code (IaC) scanning. All of our Terraform code and Git repositories are checked in, identified, and scanned. It helps us identify any issues way before production.

SentinelOne Singularity Cloud Security has not reduced the number of false positives. We have very few false positives in our organization. We have a very specific structure.

SentinelOne Singularity Cloud Security has reduced our mean time to detect. It has helped us a lot. It is quite quick, and that is why we put it in our sprint at every agile site. In terms of its effect on the mean time to remediate, we have not crossed the remediation phase. Remediation is okay. I would want it to go a little bit more specific on remediation, but I understand that it is just an engine that can scan.

We were able to realize the benefits of SentinelOne Singularity Cloud Security in about a month.

SentinelOne Singularity Cloud Security has not affected the collaboration among our cloud security, application developers, and app sec teams. The access to SentinelOne Singularity Cloud Security is less. The number of roles that SentinelOne Singularity Cloud Security provides is very low. I cannot segregate a particular account or a particular user. It is difficult for a lot of people to get. It is just the development, operations, and infrastructure teams that are currently working with it.

It is pretty simple. It is very straightforward. It is not complicated. For the information that it provides, it does a pretty good job.

Its reporting is bad. I export CSV. I cannot export graphs. Restricting it to the CSV format has its own disadvantages. These are all machine IP addresses and information. I cannot change it to the JSON format. The export functionality can be improved.

The graphical representation of different resources is super cool, but the problem is that you cannot do anything with it. For example, if you just take the subnets and VPN and put them in a diagram, it becomes so big. I pretty much cannot use it. There is no point. If I am drawing a graph or bringing up a graph, but I am not able to show it to a person, what is the use of that? It is pointless.

Its scalability can be improved.

In this organization, I have been using SentinelOne Singularity Cloud Security for 6  months. Overall, I have about 4.5 years of experience.

I have not had any issues. I have been lucky enough to not notice any issues.

We have a parent organization, and then we have child accounts, but they have to be configured separately in SentinelOne Singularity Cloud Security, which makes it difficult to add accounts. You have different pages, so a comparative study about account usage is not possible. I am not a fan of its scalability. Its scalability can be better. 

I have interacted with them a couple of times. They have been very helpful. Their speed is pretty good. They are faster than AWS support. They are quick. The support quality is good. I did not see any lack of quality. I do not have anything bad to say about them.

Positive

We have CloudFront, which is a security measure by AWS for a very specific purpose. I have used SonarQube. It is pretty decent. It is code-specific, whereas SentinelOne Singularity Cloud Security falls under code and IaC. I have used the Trivy scanning mechanism. Semgrep is an open-source tool. GitLab has its own set of static code analysis and static infrastructure analysis tools. These are some of the tools that I have used before.

SentinelOne Singularity Cloud Security is very specific to the cloud-native environment. It lets you plug in more than one cloud. My organization has a multi-cloud strategy. With SentinelOne Singularity Cloud Security, we can have Google Cloud and AWS under the same umbrella, which is cool. It has its own unique place, and I like it.

It was very easy. The only problem was getting the RBAC roles. After we had the roles, it was straightforward. It was very simple.

We have a 47-cluster environment. It took about 1.5 hours. It is quick enough. It is as good as CloudFormation.

It does not require any maintenance from our side. Because it is fully managed on the cloud SA, we do not have to do anything.

It was implemented in-house. We have a development and operations team with 5 people.

Its pricing is constant. It has been constant over the previous year, so I am happy with it. However, price distribution can be better explained. That is the only area I am worried about. Otherwise, the pricing is very reasonable. As the cloud vendors change their pricing, SentinelOne Singularity Cloud Security also has to change its pricing. I understand that. I am happy with it, but the split up can be better explained.

To those evaluating SentinelOne Singularity Cloud Security, I would advise understanding SentinelOne Singularity Cloud Security's licensing metrics. You should understand how SentinelOne Singularity Cloud Security calculates. That is very important because it is not straightforward. You should understand that, and you can talk to the support people. They are very good. They clearly explain it. The person who is dealing with it should have a technical background. He cannot be a business analyst.

Make sure that you put in all the configurations on day one. You will find it difficult to compare if you keep building on top of it.

Overall, I would rate SentinelOne Singularity Cloud Security a 7 out of 10.

We are using SentinelOne for CSPM Cloud, specifically for cloud misconfiguration monitoring and related tasks on SentinelOne.

The reporting feature is noteworthy. We have scheduled reports for all accounts. We have seven to eight accounts in our AWS setup, so we have scheduled reports for production and similar tasks. We have separate reports for misconfiguration issues. For other accounts, we have created summary reports. We share these summary reports separately and can bifurcate them based on our requirements. Furthermore, we have added a feature where we can see the total hierarchy of an event, viewing the account details and the changes that occurred. When I joined, there were more than one hundred open findings on SentinelOne where our team was not fully aware of the misconfigurations. We had calls with SentinelOne to gain more solutions and proper descriptions, as many issues were not properly described. They have changed many scripts to improve alerting and reduce false alerts. In one instance, there was a twenty-four-hour delay in an issue appearing on the portal. They have since resolved these issues.

In the Analytics section, there is a tab for showing the severity of open issues by day. There are three options: by week, by month, and for more than thirty days. However, despite being aware of many issues open for more than thirty days, it shows no data available. We contacted the team, and they are working to resolve this, as it gives our management a false impression of there being no open incidents over that period.

I have worked with this product for the last one and a half years.

It is stable. Based on my observation, it appears stable.

There are no issues. It is working properly. I do not see any changes needed currently. We need to discuss with our team about adding something new, like resolving the Analytics part not showing data for more than thirty days. We have a call scheduled next week for this, and it will likely be resolved.

The customer service is good. When we raise a ticket, we receive a proper response, and it does not take much time.

Neutral

I have mainly worked with 'being safe'. Previously, I was involved in networking. Upon joining this organization, I became part of the InfoSec team, and we monitor networks and security. Initially, 'being safe' worked well, but after the migration, I have had more clarity on the issues.

During migration, we have not faced any issues. The migration from 'being safe' to SentinelOne was smooth. When I joined, eight accounts were already integrated with 'being safe'. We have not added new accounts yet, only migrated the existing eight.

We had a call with our team, and they resolved certain issues. They have changed many scripts to improve alerting.

The AWS team considered shifting from SentinelOne to another tool offered by AWS; however, during the migration and agreement signing, our CISO and InfoSec team advocated for keeping this tool. We have suggested enhancements, which SentinelOne has implemented without hesitation. The cooperation from SentinelOne has prevented us from wanting to shift.

Surely, it is a good tool to have. During the migration period and agreement signing, our CISO and InfoSec team required this tool, and SentinelOne made changes for us without hesitation. Their cooperative nature has influenced our decision not to shift. We are using CSPM; the rating is eight and a half to nine out of ten. I am an Information Security Manager. I would rate the overall solution as 8.5 to 9 out of 10.

We use SentinelOne Singularity Cloud Security to maintain security best practices. The platform alerts us to security issues, ranging from low to critical severity, based on our infrastructure. 

We chose SentinelOne Singularity Cloud Security for its targeted vulnerability recommendations and best practice guidance, which allow us to address alerts effectively and maintain a secure infrastructure.

SentinelOne Singularity Cloud Security is user-friendly and easy to understand.

SentinelOne Singularity Cloud Security's evidence-based reporting for helping prioritize and solve the most important cloud security issues is excellent.

The exploitability proof in reports is crucial, enabling me to pinpoint issues and solutions. Without it, identifying vulnerabilities and applying fixes would be impossible. The system alerts me to security events, pinpointing the problem's location with resource and account IDs. This detailed information allows for rapid resolution, saving valuable time.

Upon joining the company, the user interface was not very user-friendly. However, over time, upgrades were introduced, such as more issue resolution documentation and best practices, which enhanced the security of our infrastructure. I realized the benefits of SentinelOne Singularity Cloud Security within five months.

SentinelOne Singularity Cloud Security has significantly strengthened our security posture. Previously, we relied on AWS-managed security alarms, which provided a limited and reactive approach to threat detection. Singularity Cloud Security offers a more proactive and comprehensive solution, enhancing our ability to identify and respond to potential threats.

SentinelOne Singularity Cloud Security has reduced our mean time to detect by five to ten minutes.

SentinelOne Singularity Cloud Security allows us to complete remediation in five minutes.

The most valuable feature is the easy-to-understand user interface, which allows even non-technical users to comprehend and resolve issues. Additionally, the solution provides highly useful recommendations.

To enhance the notification system's efficiency, resolved issues should be promptly removed from the portal. Currently, these issues take two to three hours to be removed, creating unnecessary clutter and potentially delaying the identification of new issues.

I have been using SentinelOne Singularity Cloud Security for almost two years.

I would rate the stability of SentinelOne Singularity Cloud Security nine out of ten.

I would rate the scalability of SentinelOne Singularity Cloud Security ten out of ten.

Customer service and support are excellent. They respond promptly, and the technical support is knowledgeable and helpful with any issues we face.

Positive

The initial setup took approximately one week due to the testing phase. It went smoothly with the team's collaboration.

I was present with my team during the deployment process, but I did not personally deploy it.

I would rate SentinelOne Singularity Cloud Security ten out of ten.

Our organization has multiple departments, but only five individuals have access to Singularity Cloud Security.

Singularity Cloud Security's maintenance is handled by SentinelOne.

From a security standpoint, SentinelOne Singularity Cloud Security is excellent, and I highly recommend it.

Cloud Native Security helps us identify security issues related to cloud configuration and containers. We leverage cloud synchronization for real-time incident notification.

Cloud Native Security is easy to use. Its user-friendly features make integrating new tools a breeze. Everything can be connected through a simple API. The intuitive dashboard and effortless ticket submission further enhance the user experience.

One of Cloud Native Security's most valuable features is its offensive security engine. This engine excels at identifying vulnerabilities caused by misconfigurations, which could potentially be exploited by external attackers. In these cases, Cloud Native Security's offensive security engine findings are highly accurate, with a proven positive detection rate.

Cloud Native Security has helped reduce the false positive rate. The reduction in false positives has improved our operations.

As a small startup, implementing all security best practices across the organization can be challenging. Additionally, security awareness may not be widespread. However, Cloud Native Security, a cloud-based security tool, helps us address these limitations. Cloud Native Security acts as a vigilant watchdog, continuously monitoring our infrastructure for misconfigurations. This includes detecting unauthorized access attempts, such as someone opening a specific port or granting historical access from an external AWS account. By integrating Cloud Native Security with our Slack channel, we receive immediate alerts whenever such suspicious activity occurs. The notification will highlight the potential risk and provide details, allowing us to investigate and take prompt action. Previously, we unknowingly stored sensitive information, known as hard-coded secrets, in our public GitHub repository. Since integrating Cloud Native Security with GitHub, these secrets are identified immediately and flagged through Slack alerts. This enables us to address the issue swiftly and reduce our overall security exposure.

It is far more effective at reducing our meantime to detection compared to the open-source solution we used previously.

Cloud Native Security's findings have led to increased collaboration with our infrastructure team. While our application is a separate product and doesn't reside in the cloud, Cloud Native Security has still proven valuable in this way.

Cloud Native Security's best feature is its ability to identify hard-coded secrets during pull request reviews. This helped my organization identify nearly 10,000 secrets added across our repositories, many of which had a significant security impact. Integrating Cloud Native Security with GitHub alone allowed us to identify all these secrets. This is a key feature that has been instrumental in improving our security posture through testing.

Secondly, Cloud Native Security's cloud SIEM feature has been essential in preventing our most critical security incidents.

We are experiencing problems with Cloud Native Security reporting. Our organization primarily uses Jira for issue tracking. While Cloud Native Security offers input options for reporting vulnerabilities, the "connect action" it provides to link issues isn't replicating information to Jira. This is happening for approximately half of the company and is causing difficulties for developers and stakeholders in fully understanding the reported issues.

Cloud Native Security's proof of exploitability is not that useful when it relates to container images. More detail should be included in the reporting.

Cloud Native Security can identify hard-coded secrets within our code and tell us if they're valid or not. However, in some cases, Cloud Native Security may flag a valid secret as hard-coded without specifying its exact location within the codebase. This lack of detail makes it difficult for developers to identify where the secret is used. Ideally, Cloud Native Security should provide the specific location of valid hard-coded secrets. This would significantly improve the developer experience by allowing them to easily locate and manage these secrets.

Cloud Native Security integrates with Jira and Slack through APIs, which is great. However, I would also like to see Cloud Native Security offer APIs that allow us to directly build dashboards within the platform. This would be incredibly helpful for visualizing vulnerabilities, security settings, and Cloud Native Security usage reports. Imagine if Cloud Native Security provided these APIs. We could create custom dashboards for specific purposes, like offensive security, cloud misconfiguration monitoring, or even integrating ISS scans. Essentially, any customer could easily build dashboards tailored to their needs. Unfortunately, Cloud Native Security doesn't currently offer this functionality. Other security products provide this level of customization. Adding this feature to Cloud Native Security would significantly improve its overall solution. 

I have been using Cloud Native Security for two years.

Cloud Native Security is extremely stable and we have not encountered any issues.

Cloud Native Security is scalable.

We contact technical support weekly. They are helpful and respond quickly. Additionally, there is a built-in chatbot that allows us to submit support tickets.

Positive

We also rely on AWS built-in features that alert us if there are any misconfigurations along with Cloud Native Security.

Regarding the license model, I believe their approach is appropriate based on the customer workload data we're tracking. It seems like an ideal way to proceed.

For pricing, it currently seems to be in line with market rates. However, I recall Cloud Native Security charging a slightly higher premium previously.

I would rate Cloud Native Security nine out of ten.

We receive notifications from Cloud Native Security whenever maintenance is required, and they provide instructions to complete the process.

New users should be prepared to have a dedicated staff member manage Cloud Native Security. This person will handle alerts, configurations, and integrations. You should continuously evaluate all the findings that Cloud Native Security provides, as it performs daily scans. However, it's possible to miss vulnerabilities that have already been fixed. Therefore, careful attention is needed when raising issues with developers. To optimize your use of Cloud Native Security and potentially reduce workload, consider providing feedback to improve the product. Additionally, try to utilize as many features as possible, as they can all have a positive impact on your organization's infrastructure.

My company uses Cloud Native Security as our CSPM solution to discover vulnerabilities in cloud-based configurations. We take alerts from Cloud Native Security and forward them to the DevOps team to remediate them manually. 

Cloud Native Security helps reduce the number of false positives we receive. We receive notifications and alerts from various channels, such as AWS CloudTrail and Microsoft Defender. These products generate alerts based on their policies. I can feel confident that Cloud Native Security isn't giving any false positives. We get a few, but they are rare, and I can immediately alert the team to redefine their policies. 

Cloud Native Security's most valuable feature is its offensive security engine. I have worked with many CSPM solutions. What sets Cloud Native Security apart is the security engine's ability to provide evidence about the potential for vulnerabilities to be exploited or endpoints exposed with credentials.  

The evidence-based reporting is helpful. It shows us all these details that help us do more research. We are working with various stakeholders to remediate those misconfigurations immediately. No other solutions provide this feature. We can research other resources affected by the same kind of vulnerabilities or misconfigurations. We can prioritize fixing them and work on them immediately. That's beneficial to everyone on the team, and they are learning a lot with this feature from Cloud Native Security itself.

While Cloud Native Security is mostly easy to use, the interface has a few trouble areas. We have faced some challenges with filtering. The Cloud Native Security team is working on that, and they're fixing it immediately. They take feedback seriously. There is no break-glass account feature. They should implement this as soon as possible because we can't implement SSO without a break-glass feature. 

We have been using Cloud Native Security for one year.

Cloud Native Security is stable. 

I rate Cloud Native Security 9 out of 10 for scalability. There is no lag, and the application doesn't break down. 

I rate Cloud Native Security support 8 out of 10. We contacted them about adding some policies and creating plugins based on our requirements. 

Positive

We previously used Prisma Cloud. Each has its own feature set. Prisma is on a higher level, and Cloud Native Security is a startup that's building its feature set and taking feedback from all the customers. That's one advantage Cloud Native Security has. They're responsive to feature requests. If I suggest a feature for Prisma, I will need to wait until the next release on their roadmap. Cloud Native Security will add it right away.

Deploying Cloud Native Security wasn't too easy or difficult. It was manageable. I did the deployment by myself. I'm the Cloud Native Security admin for my organization responsible for onboarding all the cloud accounts for AWS, GCP, and Azure. 

We also looked at Orca Security. Like Prisma, Orca is one of the top solutions on the market. Most of the CSPM solutions have the same features. Cloud Native Security stood out for two reasons: One is the offensive security engine. That is the main thing. The second thing Cloud Native Security offers is evidence-based reporting. That helps us a lot. These two features are unique, which is why we chose Cloud Native Security. 

I rate Cloud Native Security 7 out of 10. 

As an application developer focused on AWS and cloud components, I rely on SentinelOne Singularity Cloud Security to stay informed about vulnerabilities and maintain best security practices.

I would rate the ease of use of Singularity Cloud Security a nine out of ten. It is very helpful for beginners due to its simplicity and straightforward integration with various cloud platforms like AWS, GCP, and Azure. Its user-friendly interface and familiarity across different cloud environments make it easy to understand and implement, regardless of prior experience.

Singularity Cloud Security prioritizes and resolves critical cloud security issues. When a problem arises in my infrastructure, SentinelOne alerts me, such as an open port in our AWS environment or a deviation from best practices. It provides alerts, suggests solutions, and offers documentation with best practices, which is helpful for those new to cloud platforms. This has reduced my response time by approximately 45 minutes. 

The Offensive Security Engine, powered by impressive AI/ML capabilities, seamlessly integrates with cloud infrastructure to analyze data and provide optimal security solutions. Its AI/ML-driven backend engine effectively identifies and resolves threats, making it a powerful tool for comprehensive security monitoring and protection.

We saw the benefits of SentinelOne Singularity Cloud Security immediately.

SentinelOne Singularity Cloud Security categorizes risk into four levels: low, medium, high, and critical. Teams handle low and medium alerts, which are based on best practices that we must follow. High and critical alerts are very important and require immediate attention. When these critical alerts occur, we contact PingSafe or the SentinelOne data team for support. They help us resolve the issue, identify affected resources, and provide comprehensive information. Occasionally, we receive direct support from SentinelOne, collaborating with them using their tools. The system is reliable and accurate, with no false positives.

It significantly reduced our mean time to detect threats. Previously, we didn't use security tools, so I had to identify and address vulnerabilities independently. To ensure best practices were followed, I had to manually investigate issues within our AWS environment and troubleshoot them alone. SentinelOne has been instrumental in guiding us toward securing our infrastructure by providing insights into best practices and automating threat detection.

SentinelOne Singularity Cloud Security has helped reduce our mean time to remediate.

The most valuable feature is the notification system, providing real-time alerts and comparisons crucial for maintaining security. Additionally, the dashboard's user interface and user experience are intuitive and easy to understand, even for new users.

One potential drawback is the cost of SentinelOne Singularity Cloud Security, which may be prohibitive for smaller businesses or startups, particularly those in regions with lower average incomes, such as India.

I have been using Singularity for around one year.

The customer service and support team is knowledgeable and helpful. Throughout the migration, they remained available for several hours without complaint, providing assistance at every step.

Positive

The initial deployment was not difficult. It was smooth, with support from experienced team members and customer support during the two to three-day migration process.

During migration, more than two people were involved, though only two were necessary.

The pricing is somewhat high compared to other market tools. This cost can be particularly prohibitive for small businesses and startups.

I would rate SentinelOne Singularity Cloud Security nine out of ten.

My responsibility within our infrastructure is limited to the infrastructure itself, excluding the application and database layers. As such, I can only offer guidance on the infrastructure aspects of our implementation. When we deployed SentinelOne Singularity Cloud Security in our hybrid infrastructure, both cloud and data center-based, the migration was smooth, taking approximately two to three days of testing to complete successfully.

Working in a highly regulated space with stringent security requirements for money movement necessitates robust security measures. SentinelOne Cloud Security effectively secures our workloads, providing peace of mind and significantly reducing stress by addressing both security and regulatory needs.

The primary challenge we faced was achieving comprehensive visibility and observability across our extensive cloud environment, which comprises over 50 AWS accounts. It was difficult to determine the specific account and business entity associated with each workload. SentinelOne provided a centralized view of all workloads, enabling us to identify misconfigurations, pinpoint their location, and assess their potential impact. This clarity allowed us to prioritize responses based on the criticality of the affected account, such as production or highly regulated environments, thereby optimizing our response time.

To reduce noise and improve security monitoring, we implemented two key strategies. First, we leveraged the SentinelOne platform to identify internet-exposed assets and prioritize them for enhanced monitoring. SentinelOne's cloud-based capabilities significantly reduced false positives and helped establish a baseline for normal network activity. Second, we integrated the Infrastructure as Code module to automatically detect any deviations from the baseline or new misconfigurations. This proactive approach enabled us to efficiently address vulnerabilities and maintain a secure environment. After an initial cleanup, ongoing maintenance became much easier due to the continuous monitoring and automated alerts provided by SentinelOne and the IAC module.

Cloud security has helped reduce false positives by prioritizing vulnerabilities based on two factors: the criticality of the exposed asset and the environment it operates within. This prioritization metric helps eliminate false positives and allows teams to focus on fixing actual security issues.

Cloud security has improved incident response, primarily by enhancing observability. This allows for immediate identification of an IP address's host account and connected resources, which speeds up response time. Understanding the potential damage is also crucial, and this is achieved by knowing all resources accessible to the compromised asset. This comprehensive approach, combining identification and impact assessment, significantly strengthens security response capabilities.

SentinelOne Cloud Security reduces response times by providing context for assets, such as location, access details, and component interactions. This allows for quick identification of the responsible team and facilitates efficient damage assessment and remediation. Automated responses, like automatically fixing public S3 buckets, can be implemented, although caution is needed as some public access may be intentional.

SentinelOne Cloud Security has significantly improved team collaboration by simplifying the process of identifying the owner of a vulnerable or problematic component. Previously, this was a time-consuming task, but now the platform allows for quick identification of the responsible business entity and developer, enabling direct contact with the appropriate DevOps personnel. This streamlined process accelerates both detection and response times, ultimately enhancing overall security.

SentinelOne has released Purple AI, a tool with immense potential. It can analyze sentences and identify specific IP addresses or vulnerable machines, significantly aiding threat detection. This capability allows for rapid computation and complex query execution, delivering crucial answers in minutes and enhancing data analysis for security purposes.

Cloud Security has provided a single view to observe all workloads, prioritization for handling cloud assets, and reduced noise by distinguishing false positives effectively.

Once all components, including the cloud piece and container runtime piece, integrate further and incorporate an AI layer for better comprehension, it will greatly enhance the utility of Singularity Cloud Security.

I have been using SentinelOne's cloud piece for about three to four months.

SentinelOne has provided excellent support, enabling us to implement a robust solution customized to effectively meet our security and compliance needs.

Positive

Prior to implementing SentinelOne, we faced excessive false positives and an overwhelming number of findings, hindering prioritization. However, SentinelOne Cloud's offensive engine provides reassurance by automatically checking exposed assets for new threats, such as zero-day attacks, ensuring immediate awareness of any issues.

SentinelOne allows for customized prioritization, enabling changes based on specific accounts and the addition of further actions to misconfiguration adjustments. The graphing ability of SentinelOne CNAP facilitates comprehensive chaining for in-depth analysis. The demos on misconfigurations and the prioritization matrix were particularly informative.

SentinelOne provided competitive pricing compared to other vendors, and we are satisfied with the deal.

When evaluating CNAP vendors, several key considerations emerged. First, it was essential to assess the regulatory frameworks and ensure compliance. Second, the issue of false positives needed to be addressed to maintain efficiency. Finally, the prioritization capabilities, particularly the use of graphs to identify critical assets, were crucial factors in the selection process.

I would rate SentinelOne Cloud Security a nine out of ten. They are bringing all the pieces together, and once the Purple AI can interact with all the different components and correlate across them, I think that's where its real power will come from.

SentinelOne CNAP was extremely helpful and chosen for three primary reasons: their responsive and efficient team facilitated a rapid deployment; the technology itself proved to be very robust and effective; and the platform's configurability allowed for seamless integration with our specific business needs.

For those evaluating SentinelOne CNAP, it is advised to engage with their team for potential configuration changes. The tool offers comprehensive insights, providing productive usage from day one for penetration testers and security engineers.