SentinelOne Singularity Cloud Security Reviews

We use SentinelOne Singularity Cloud Security to secure our IT infrastructure and fix vulnerabilities. For example, it tells us if our resources have been inappropriately made public. We provision our infrastructure on AWS and GitHub. SentinelOne Singularity Cloud Security finds vulnerabilities across our entire network and secrets in our GitHub repositories. It also helps us manage our cloud configurations and security groups. 

SentinelOne Singularity Cloud Security is integrated with Metabolic, Opsgenie, and Slack for notifications. It's also integrated with our security team. They are using a script to correlate the data from SysTrack. 

When I joined the organization, we didn't have this kind of security tool in our infrastructure. SentinelOne Singularity Cloud Security helps us secure any resources that were mistakenly made public and other vulnerabilities. Initially, we were primarily focused on projects, not on the security side, but we were dealing with some system vulnerabilities that hackers could exploit, like publicly accessible resources. The detection is highly granular. It gives you small vulnerabilities and very new types. 

The SentinelOne Singularity Cloud Security team will help you reduce false positives quickly. When we first used SentinelOne Singularity Cloud Security, false positives were high, so we contacted the team. They did some testing and modifications, and the problem was solved in one or two days. 

The mean detection time has drastically reduced. The detection time varies depending on what we're scanning. When we're scanning GitHub, it takes 7 to 10 minutes. On the cloud platforms, it depends on resource availability. It takes 10 minutes on the high end, but the mean is about 1 or 2. Overall, it has been reduced by about 10 percent. 

The remediation time is up to us. SentinelOne Singularity Cloud Security just detects it, but it gives us an assessment and recommendations, making it easier to resolve. When we fix a vulnerability for a particular resource, the issue will not occur again. 

SentinelOne Singularity Cloud Security can integrate all your cloud accounts and resources you create in the AWS account, We have set it up to scan the AWS transfer services, EC2, security groups, and GitHub. Using SentinelOne Singularity Cloud Security's evidence-based reporting, we can rank the severity of issues as critical, high, medium, etc. Having the ability to prioritize security issues is crucial for any organization. 

One good thing about SentinelOne Singularity Cloud Security is that it gives you a consolidated view of compliance and vulnerabilities. We can follow SentinelOne Singularity Cloud Security's guidance and comply with those use cases. When you get an alert, they explain how to resolve those issues. 

The user interface is excellent because we see everything in a single panel and can manage all the operations from one portal. It's integrated with Slack, so we can coordinate on the open tickets. We can also mute notifications. The interface is straightforward and easy to use. Anyone can use it.

The offensive security engine is a helpful feature in cases like when a developer leaves some API element exposed, and we can view the potential exploit path. It's helpful when we are deploying any AWS account or service because all our systems depend on AWS.  When the service is initially deployed, we can see what happens and get all the details about anything that depends on it. 

When you find a vulnerability and resolve it, the same issue will not occur again. I want SentinelOne Singularity Cloud Security to block the same vulnerability from appearing again. I want something like a playbook where the steps that we take to resolve an issue are repeated when that issue happens again. 

We have used SentinelOne Singularity Cloud Security for more than 2 years.

I rate SentinelOne Singularity Cloud Security 9 out of 10 for stability. We've never had any glitches. 

We've had no issues with scalability. We've onboarded about 6 or 7. There is no digital investment. You can integrate multiple accounts from various providers. 

The support team was valuable during the initial stages. SentinelOne Singularity Cloud Security contacted us every three weeks. They checked our infrastructure and reviewed all the issues that we were incorporating into the system. They took direct responsibility for the system and could solve queries quickly.

Previously, we were using the native tools of each cloud provider. For example, we used GuardDuty on the AWS.

Deploying SentinelOne Singularity Cloud Security is straightforward. You can onboard new AWS accounts in five to 10 minutes, and it will start scanning very quickly. They give you a script to run on AWS. You can enroll your accounts based on the template, and it starts collecting data. We onboarded six or seven accounts. It hardly took any time. It's a SaaS solution so we don't need to maintain it. We only need to do the onboarding. 

I rate SentinelOne Singularity Cloud Security 7 out of 10. SentinelOne Singularity Cloud Security isn't a unique solution. Other solutions have the same features, but I like SentinelOne Singularity Cloud Security because it's simpler to use. It doesn't require any maintenance and the scalability is good. However, I think other solutions can give the same level of detail and insight. 

As a financial institution, we rely on SentinelOne Singularity Cloud Security as our single source of truth for both CSVM and CWPP data. SentinelOne Singularity Cloud Security provides us with essential security benchmarks, including those for Kubernetes deployments and CSVMs. It also allows us to monitor our overall cloud security posture and identify vulnerabilities for remediation. SentinelOne Singularity Cloud Security serves as a centralized platform for all our cloud security metrics.

We rely on SentinelOne Singularity Cloud Security for all our reporting needs. It serves as a comprehensive tool for vulnerability management, ISC management, and reporting on hard-coded secrets. Additionally, it functions as a source for vulnerability identification.

The security engine provides a large vulnerability database. While it's not exhaustive, it's a valuable resource due to its significant size and well-organized data. This database allows for effective security management and vulnerability identification.

I would rate SentinelOne Singularity Cloud Security's meant time to remediation abilities a 10 out of 10.

SentinelOne Singularity Cloud Security helps the collaboration between our cloud security app developers and AppSec team.

The user interface is well-designed and easy to navigate. Our security team relies on it for several tasks. They can use it to retrieve Jira tickets and assign them to the appropriate teams for resolution. This functionality helps them identify and address vulnerabilities efficiently.

I'm not convinced that SentinelOne Singularity Cloud Security's features offer significant value for our SecOps team. While it might be useful for stakeholders and management to have a tool that aligns with business goals and provides insights, we could potentially achieve this with open-source CSPM tools. In its current state, I don't see SentinelOne Singularity Cloud Security directly addressing our specific needs.

While agentless vulnerability scanning is a positive feature, SentinelOne Singularity Cloud Security lacks the ability to effectively group and customize the provided metrics. This creates a significant limitation, as we cannot easily create the specific metrics that are most useful for our needs. For example, if we want to group a specific set of metrics by a particular label or namespace, there is no straightforward way to do so within SentinelOne Singularity Cloud Security. The UI offers visualizations for the provided metrics, but it lacks the functionality to segregate and customize them. This inability to create user-defined metrics is a major drawback of SentinelOne Singularity Cloud Security.

SentinelOne Singularity Cloud Security helped reduce the number of false positives in the previous version of SentinelOne Singularity Cloud Security 1.0. Users reported a high volume of false positives with the newer version, and it wasn't clear how SentinelOne Singularity Cloud Security 2.0 would address this issue. Additionally, users have to manually mute many false positives in SentinelOne Singularity Cloud Security 2.0, which is a significant drawback.

I would rate SentinelOne Singularity Cloud Security's mean time to detect ability a 6 out of 10.

While Cloud Security Posture Management tools offer valuable functionality, selling a product solely based on open-source CSPM solutions can be challenging. To differentiate themselves, SentinelOne Singularity Cloud Security should focus on two key areas: security and workload protection within the CI/CD pipeline. Firstly, SentinelOne Singularity Cloud Security needs to provide robust security features beyond basic CSPM capabilities. This could involve advanced threat detection and mitigation functionalities. Secondly, workload protection within the CI/CD pipeline is crucial. Here, SentinelOne Singularity Cloud Security should offer insightful metrics that are well-organized and allow for user customization. This means providing granular control over metric segmentation. Users should be able to define their own metrics and choose how they want them aggregated. Ideally, SentinelOne Singularity Cloud Security should allow users to import custom metrics and create custom segregations based on their specific needs, such as namespaces or custom levels. For example, if SentinelOne Singularity Cloud Security gathers metrics from Kubernetes clusters, users should be able to define their own metrics alongside the pre-defined ones and organize them into relevant categories. This level of customization allows stakeholders to focus on the metrics that matter most to them, potentially reducing the overwhelming volume of data from thousands of records to a more manageable set of hundreds. In conclusion, SentinelOne Singularity Cloud Security should prioritize UI improvements and offer advanced data segregation capabilities to truly stand out in the marketplace. This will empower users to tailor their security posture management experience to their specific needs.

SentinelOne Singularity Cloud Security's current documentation could be improved to better assist customers during the cluster onboarding process. Providing comprehensive documentation with clear and abundant examples would greatly enhance the user experience for new customers. This would empower them to set up their clusters efficiently and effectively.  

I have been using SentinelOne Singularity Cloud Security for 1.5 years.

SentinelOne Singularity Cloud Security seems to be stable, with no reported crashes. However, there's also not a lot of traffic going through the service. It's unclear exactly what SentinelOne Singularity Cloud Security does internally.

There aren't many users who actively add technical details to run SentinelOne Singularity Cloud Security's tools. Additionally, it seems we don't actively incorporate new features. Ideally, clients should share proper answer keys so we can identify if their app crashes.

If we could onboard more users, we could potentially gain access to more resources. However, a recurring issue is missing data. Clients sometimes provide extensions, but clicking on them reveals no information. This lack of data is a significant drawback, even though the system itself seems stable.

SentinelOne Singularity Cloud Security is scalable and supports multiple tenancies with no drawbacks.

As a mature organization, we expect a higher level of service from our technical support providers. Unfortunately, we've found that the responses from SentinelOne Singularity Cloud Security's technical support team have been repetitive and not particularly helpful, especially considering the cost of their services. 

Neutral

The initial deployment is straightforward.

It doesn't take more than 30 minutes to deploy SentinelOne Singularity Cloud Security into an organization using any cloud platform.

One person can complete the deployment. 

SentinelOne Singularity Cloud Security's primary advantage is its ability to consolidate multiple tools into a single user interface, but, beyond this convenience, it may not offer significant additional benefits to justify its price.

I would rate SentinelOne Singularity Cloud Security 5 out of 10.

Our organization primarily relies on our internal scanning tool for IaC security. While many industry tools utilize open-source IaC scanning solutions under the hood, we haven't found significant value in adopting SentinelOne Singularity Cloud Security's specific IaC offering. This solution might be more beneficial for organizations lacking dedicated SecOps teams, but its additional cost is a factor to consider.

It should transition from an agent-based system to an agentless one. This is crucial because many industry tools are moving in this direction, and SentinelOne Singularity Cloud Security should follow suit. They should also introduce more features, improve security compliance, and place greater focus on Kubernetes, RBAC systems, and visualization. If they do choose to maintain an agent-based system, they should significantly improve their metric collection capabilities. This would be beneficial because currently, customer response times seem to be slow. By addressing these requirements, SentinelOne Singularity Cloud Security can ensure continued growth.

We use SentinelOne Singularity Cloud Security as a cloud security posture management tool. SentinelOne Singularity Cloud Security is integrated with our GCP, Azure, and AWS accounts. It will identify all the misconfigurations and security issues on all these cloud platforms and alert us. In addition to the CSPM capabilities, SentinelOne Singularity Cloud Security has several other features like vulnerability management, container security, Kubernetes security posture management, and secret scanning

All of these features are bundled inside SentinelOne Singularity Cloud Security. It combines all the telemetry from the cloud, containers, and the Kubernetes platform. The vulnerability scanners are connected to the registries and give us a holistic picture of what else is vulnerable versus all the dummy data others would give.

Before SentinelOne Singularity Cloud Security, we didn't have visibility into the security aspects of our cloud environment. SentinelOne Singularity Cloud Security allows us to see all the misconfigurations and security vulnerabilities. Certain native tools from AWS are quite expensive and not as reliable, but SentinelOne Singularity Cloud Security fixes that issue. Also, for highly regulated companies, having a cloud security posture management tool is a hard requirement.

Regarding risk posture, there are two kinds of risk: perceived and actual. SentinelOne Singularity Cloud Security has helped us reduce the actual risk. Our compliance score went up from 70 percent to more than 95 percent now.

We realized SentinelOne Singularity Cloud Security's benefits maybe 1 or 2 months after the deployment. We integrated the regional module, and the extra features were there. About 6 months in, we really scaled it up. 

SentinelOne Singularity Cloud Security has helped reduce the number of false positives we deal with. They've been highly proactive. We have a Slack channel with their support team. We tell them the false positive you're seeing, and they get on a call with you in 30 minutes to solve that issue. 

The detection time is immediate. It finds vulnerabilities almost instantly, so the detection time has decreased considerably. In terms of remediation, it depends on how we are doing it. The remediation time has gone down, but not to the extent that we need it to. 

SentinelOne Singularity Cloud Security has improved cooperation between the DevOps and security teams by helping identify critical issues that must be prioritized instead of just going through and fixing each one. 

SentinelOne Singularity Cloud Security released a new security graph tool that helps us identify the root issue. Other tools give you a pass/fail type of profile on all misconfigurations, and those will run into the thousands. SentinelOne Singularity Cloud Security's graphing algorithm connects various components together and tries to identify what is severe and what is not. It can correlate various vulnerabilities and datasets to test them on the back end to pinpoint the real issue.  

For example, let's say you have a vulnerability in a public instance of AWS EC2, and there's a relationship between that instance and the Kubernetes platform. From there, Kubernetes is connected to a container with a misconfiguration or vulnerability. That attack path is the root cause of the issue in your environment. It doesn't simply tell you whether something is public. That is a feature AWS provides natively. Native AWS tools provide us binary results about whether the instance is open, but SentinelOne Singularity Cloud Security can break down the data to identify the core issues. 

SentinelOne Singularity Cloud Security is one of the easiest platforms to use. It's super intuitive. I have used CSPM tools in the past like CrowdStrike. This is much easier. With one click, you can deploy it in an hour. It automatically picks up a lot of the telemetry on its own. You don't need extra configuration steps because the scripts are all there. We can launch the cloud automation templates, and SentinelOne Singularity Cloud Security just directly deploys.

Agentless scanning is convenient for us. It will automatically copy the registry details from AWS, Azure, or GCP without any additional configuration before. If you have registries saved outside of your cloud environment, you can input the client key and secret file, and SentinelOne Singularity Cloud Security will integrate and scan it automatically. You don't need to deploy the agent because it does it on the back end. The best part is that they take this element and bring the cloud security posture management along with it. It will integrate the vulnerability scan into the containers, Kubernetes platform, and the entire cloud platform.

The offensive security engine isn't SentinelOne Singularity Cloud Security's standout feature, but it's an add-on that gives you insight into vulnerabilities in your cloud environment and how attackers can exploit them. 

We have integrated SentinelOne Singularity Cloud Security's infrastructure-as-code features into our GitHub platform, enabling us to scan all the TerraForm and Kubernetes YAML code for vulnerabilities. That is a nice feature that allows you to detect issues in your code before it is deployed. It's inside the pipeline. It will scan the code and block the deployment if it doesn't meet preset criteria.

I want SentinelOne Singularity Cloud Security to integrate additional third-party resources. For example, SentinelOne Singularity Cloud Security is compatible with Azure and AWS, but Azure AD isn't integrated with AWS. If SentinelOne Singularity Cloud Security had that ability, it would enrich the data because how users interact with our AWS environment is crucial. All the identity-related features require improvement.

I have used SentinelOne Singularity Cloud Security for a year.

I have not experienced any instability, yet. SentinelOne Singularity Cloud Security is pretty solid. 

SentinelOne Singularity Cloud Security is scalable if you have the licenses. 

I rate SentinelOne Singularity Cloud Security support 8 out of 10. From the deployment until December of last year, SentinelOne Singularity Cloud Security's support was stellar and proactive. The support hasn't been as good since SentinelOne Singularity Cloud Security was acquired by another company. It's similar to what I've seen with other acquisitions. When it was a startup, you got more personalized support. You could even get the CTO to get on the call with you, which was nice. They have room to improve, but maybe they are undergoing a transition period after the acquisition. 

Positive

We used a different solution, but the correlation wasn't as good, and it was expensive. 

Deploying SentinelOne Singularity Cloud Security is effortless because it's a cloud-based platform. It's pretty intuitive, and we had lots of support from SentinelOne Singularity Cloud Security. If we had issues, we just got them on a call, and they fixed them. SentinelOne Singularity Cloud Security requires no maintenance on our end after deployment. 

SentinelOne Singularity Cloud Security is cost-effective for the amount of infrastructure we have. It's reasonable for what they offer compared to our previous solution. It's at least 25 percent to 30 percent less. 

I rate SentinelOne Singularity Cloud Security 9 out of 10. I recommend that new users onboard as many features as possible. Don't just stick to the cloud security part. Integrate the cloud security with your containers and GitHub or Bitbucket repositories. Perform all the integrations whether you need them or not, and it will take care of everything on the back end for you.

We use Singularity Cloud Workload Security primarily as an EDR for protecting our endpoints. We also use it for incident response. We can track down issues or weirdness in our network via Singularity Cloud Workload Security and other tools we have. 

We use it as an additional set of storage for our Splunk SIEM. It collects some of the less important events, and we keep them in Singularity Cloud Workload Security. We save money on storage space and the number of events that we have to search through.

The most valuable feature of the solution is its storyline, which helps trace an event back to its source, like an email or someone clicking on a link. This feature has helped our incident response team and SOC team to track stuff down and ensure that it hasn't spread further into the network than we're aware of. It also helps us see where it started and take appropriate steps.

While it is good, I think the solution's console could be improved. I'm the SME for Singularity Cloud Workload Security, and the amount of time I have to spend resetting passwords or accounts seems particularly high. We don't use SSO for the time being. It's fairly common for me to go in weekly and reset a password or reissue credentials to get people to log in. This process is very antiquated and could definitely be improved upon.

We have been using Singularity Cloud Workload Security for about two years now.

I have not experienced any issues with the solution's stability. Occasionally, we'll have an issue with an install where it may not install correctly, and we have to pull it out and reinstall it. Other than that, we have not had any serious issues with the solution's stability. Singularity Cloud Workload Security is significantly more stable than our previous solution.

We have not had any issues with the solution's scalability. As we grow and shrink and our offices open and close, we've never had an issue scaling the product according to our needs.

Singularity Cloud Workload Security's technical support team gets to your issue relatively quickly. I've never had an issue where I've had to call in to follow up on a ticket. Other than a complex issue that needed resolving, I've never had any serious issues with them.

Positive

Before Singularity Cloud Workload Security, we used a product called Endpoint Security. With Endpoint, it was almost as if the company that had created the solution had forgotten about it. Its updates were coming slowly, and it wasn't making any effort to improve itself. That was a big push. We saw that SentinelOne was a very new and good product that took many innovative steps. Hence, we decided to use Singularity Cloud Workload Security.

I feel Singularity Cloud Workload Security's initial setup was fairly straightforward. Deploying the product was not terribly difficult. It was more about scheduling and timing on the various teams' parts. Once we had that under control, the deployment of the product itself was very simple.

We deployed the solution by ourselves. We did have SentinelOne support available. A team was available for us, but we did roll it out on our own. Around five people were involved in the solution's deployment.

The solution has provided improvement in productivity and the time spent on issues. With the implementation of Singularity Cloud Workload Security, our teams have been able to more efficiently use their time to fight other fires, as it were.

Singularity Cloud Workload Security's pricing is good. It's pretty similar to a lot of newer products' pricing. A lot of legacy products don't really use it. This newer pricing model seems to be a better fit for our company, and I like that.

Before choosing Singularity Cloud Workload Security, we evaluated CrowdStrike and Symantec. I feel like CrowdStrike is probably an equal to Singularity Cloud Workload Security. However, we decided not to go for CrowdStrike because it was more expensive.

Singularity Cloud Workload Security is a SaaS product, so no equipment or installations are needed other than agents on the endpoints. The ability to be available if we were to have some type of DR incident was a huge plus. That way, we could still keep the tool working if there was some issue with one location or multiple locations. As always, cost was definitely an issue here as well. The features and the efficiency that was offered were also a big draw.

Other than the manual upgrades we do, Singularity Cloud Workload Security doesn't require any maintenance.

I would ask users to put the solution through the spaces, do what they normally do in response to an incident, and see how Singularity Cloud Workload Security acts. If you have a certain set of steps that you take for an incident, follow those in Singularity Cloud Workload Security. Whatever you do with your current product, do it in Singularity Cloud Workload Security, and make sure that every step you've taken in the old one works in the new one.

Singularity Cloud Workload Security's real-time detection and response capabilities seem to be pretty good. They're very on point. We don't have to deal with anything like signatures. It updates itself automatically. It works very quickly and efficiently so that we can track down issues and events without wasting a lot of time.

We don't use the solution's automated remediation too much because taking something out of the hands of the engineers doesn't make everyone very comfortable. So, we use it sparingly, but what it does, it does well.

Cloud Workload Security's forensic visibility is fantastic. We have a smaller Linux footprint than a Windows footprint, but the footprint we do have is very exposed to the internet and other nasty places that are out there.

Being able to look into those and make sure that things aren't open or open things are being remediated quickly is very important to us. We like the solution's forensic visibility feature quite a bit.

The historical data record provided by Singularity Cloud Workload Security after an attack is fantastic. We want to fix the problem initially, but when we do the rehash of the event, we'd like to go back and see where it all started. We'd like to see what happened in the meantime and ensure that everything that was infected, attacked, or damaged is listed and taken care of so that no things out there can reinfect us or cause more problems. So, we really enjoy that feature.

The solution has helped reduce our organization's mean time to detect. It's much quicker than our old solution. It's reduced the response time from 24 hours down to 12 hours for the most part. That's nearly a 50% increase in the response time.

The solution has helped reduce our organization's mean time to remediate. It's good, and it works really well. We haven't had to use it too frequently, but the times we've tested it or the times we have had to enable it have been very quick and successful without too many issues behind it.

I would say Singularity Cloud Workload Security has helped free up SOC staff to work on other projects. I don't think we have any true measurements of it. However, I feel like they have more freedom to explore or work on projects as a whole versus having to chase down incidents like they did in the past.

Singularity Cloud Workload Security has improved our organization’s productivity by at least 50%.

If someone is comfortable with another solution, they can stay with it. However, the threat landscape changes so frequently and so fast that not having an up-to-date feature-packed product could be a detriment. Singularity Cloud Workload Security is a good product that provides such an environment for big and small customers.

We don't have a large Kubernetes environment. From what I have seen via Windows and Linux, we have not had any serious issues with Singularity Cloud Workload Security's interoperability with any of those solutions.

We haven't really used autoscaling as we don't want to scale it mostly for over-licensing our products. It has never been an issue. We just don't want it to grab onto something that it doesn't need to grab onto or implement itself in an environment that doesn't need it. We don't really use that, but we have tested it on a smaller scale, and it has scaled easily without too much issue.

I think the solution can help us when we need a significant innovation, a new product, or a new system being implemented. For the most part, it hasn't hindered anything currently in the works, so I see it as a plus to innovate in the future as needed.

Overall, I rate Singularity Cloud Workload Security a nine out of ten.

We use the solution basically for AD protection. We get to see at a deeper level the different processes that are being run on computers.

We've been able to stop any potential malicious actions that are being taken on various computers.

Their detection of potentially malicious stuff is probably the most beneficial feature and their new Singularity XDR is an awesome platform.

The solution's real-time detection and response capabilities are very good. Pretty much anytime that there is something that we might see as potentially malicious is caught. Depending on the type of computer it is, it does a great job of blocking those actions that are being taken. 

It's really easy to configure enterprise-wide, which actions we want to stop. It's very easy to stop malicious stuff.

The solution's automated remediation is really good. We're doing the rollback also now. That way, if something does happen, it's able to roll back to the state before the process happens.

The solution's forensic visibility into our Linux kernel in regards to deep visibility is really good. It is very granular. It's able to show everything that it did. 

The historical data record provided by the solution after an attack is great. You're able to search by different computers. You can get a whole scope of computers - as much as you want. You're able to get as granular as you want as well and can identify different cross processes than indicators and different files that were launched during a period of time.

It helped reduce our organization's mean time to detect very significantly. We had Endgame before this. It did not stop the processes in a manner of time that you would like it to. This definitely improved our response time to anything that we saw. It's very fast. It's improved the response time by 50% to 75% from just detection time to our response. 

The solution reduced the organization's mean time to remediate. It is as fast as the potentially malicious process that's launched. It'll stop it right then and there. It'll remediate the action immediately. 

It helped free other staff to work on other projects or other tasks. We basically just had to do a bunch of upfront configuring. With it, we do not have to spend as much time in the console.

The solution's impact on your organization's productivity has been impressive. We just had to put a bunch of time upfront. However, ever since then, we haven't had to really do much there besides analyzing threats.

There's the singularity marketplace, which they've expanded a bunch. However, there are some other APIs that I'd like to see. We'd like to be able to connect to them from a SIM perspective.

The Automation tab is an add-on that doesn’t work properly. They provide a list of scripts that don’t work and I have asked support to assist but they won’t help. When running on various endpoints the script doesn’t work and if it does, it’s only a couple. There are a lot of useful scripts that would be beneficial to run forensics, event logs, and process lists running on the endpoint.

I've used the solution for about a year and a half.

The stability is very good. I'd rate stability ten out of ten. I've never had issues. It's never been down. 

We have four different properties on which agents are one and 1,700  workstations as well as 250 servers. 

The product is scalable. We have about 2,000 endpoints. If we had 4,000 or 10,000 it really wouldn't be an issue. It's just a matter of configuring your groups. It's good at autoscaling based on workload demands. 

Technical support is really good. Whenever a threat comes into our environment, they will comment and give analysis. That's been very helpful in covering items we're not totally sure of. 

Positive

I previously used a different solution called Endgame. We did a POC with Crowdstrike and SentinelOne and SentinelOne was a much cleaner, easier-to-use console.

The initial setup did take some understanding on our part of how we wanted to split and group. We needed to figure out how to split our servers and workstations. That was the hardest part. After that, we had to get our policies in order. 

We were able to get everything up within a week to where we were comfortable with how everything was running. We're still tweaking little things. 

We had three people on our team and two people from professional services. 

Maintenance is minimal, such as adding exclusions to threats or alerts. 

We did initiate the setup with professional services. 

We have noted a good ROI and haven't had a single incident since implementing the solution. 

The solution is fairly priced for what they're offering especially compared to other platforms. It gives you great visibility into the different processes that are running on different computers. It's fairly priced, especially for a cloud platform.

We are customers and end-users.

If someone doesn't think they need a singularity cloud workflow protection platform because they have a continuous security monitoring solution, I'd say it depends on whether you're able to block potentially malicious stuff or not. This solution gives you just about the fastest understanding from a machine-learning perspective. 

This is much better than our previous solution. They've innovated a lot in terms of their deep visibility and singularity XDR (which is more granular).

I'd advise potential users to do a POC no matter what. That said, this is a great product. I rave about it to everybody. It's likely my favorite product for our environment.

I'd rate the solution ten out of ten. 

SentinelOne Singularity Cloud Security is deployed on all our servers except for user machines. When Singularity identifies a downloaded application as malicious, it triggers an alert sent to our SIEM console. We can then investigate the alert details, including associated logs, to determine if the malware is static or actively malicious. We can also investigate suspicious IP addresses or domains. Additionally, Singularity monitors process creation and can provide forensic data on security incidents, including information about backdoor connections and the applications involved, like Chrome or other browsers.

SentinelOne Singularity Cloud Security stands out for its user-friendliness compared to competitors like CrowdStrike, FireEye HX, and Microsoft Defender. Unlike these tools, which can be cumbersome for tasks like running queries or searching for logs, Singularity offers intuitive interfaces and delivers results in seconds, even for complex searches across various hash formats, like MD5, SHA256, etc., without needing conversion.

Our existing SIEM console allows us to analyze alerts triggered by the SOC team. We can investigate potential false positives or conduct tests directly within the console. Additionally, the console facilitates quick searches for IOCs to identify malicious communications. Furthermore, Singularity Cloud Security offers a central management console for automated machine reboots, containment, and even self-maintenance in response to high-severity security alerts. This eliminates the need for manual intervention.

We saw the benefits of SentinelOne Singularity Cloud Security within the first two months of transitioning from FireEye HX. Singularity was easy to manage, and we were able to identify vulnerabilities.

SentinelOne Singularity Cloud Security has helped reduce the false positives we receive by 15 percent compared to FireEye HX.

Singularity has helped reduce our mean time to detect. The automatic containment of the infected machine is done within the first ten seconds of detection.

Singularity has helped reduce our mean time to remediate. 

The user-friendliness is the most valuable feature.

SentinelOne Singularity Cloud Security offers a custom search function with a default 14-day limit. Extending this period to 30 days requires an additional license. A two-month grace period for extended searches would be a valuable improvement. Additionally, enhancements to the threat-hunting capabilities of the hunter module are recommended.

I have been using SentinelOne Singularity Cloud Security for two years.

We had an incident in which they pushed a patch without notifying us and without testing, damaging all of our security controls. 

Neutral

We previously used FireEye HX but shifted to Singularity because we saw the potential while the POC was going on. The top three endpoint security solutions are SentinelOne Singularity, Microsoft Defender, and CrowdStrike. FireEye HX is not one of them.

The initial deployment's complexity was moderate. The entire deployment took six months to complete.

The implementation was completed with the help of the vendor.

I would rate SentinelOne Singularity Cloud Security seven out of ten. The lack of a 60-day search option for the log source lowers the overall score.

The endpoint security team does the maintenance.

SentinelOne Singularity Cloud Security is a good product that is easy to use. 

My company is trying to get an ISO certification by the second quarter of 2024, so we have been resolving certain security issues for the past year.

I use the solution in my company, where we have alerts coming from SentinelOne Singularity Cloud Security, especially if any security threats are there. Our company's primary concern in using the tool is to get the ISO certification. My company wants to get our infrastructure to meet ISO standards so that there won't be any issues while getting ISO certification.

With the product in my organization, I feel that we are more secure now, and our services have become better. My company gets to know if we are doing something right or wrong based on the scans that SentinelOne Singularity Cloud Security deploys. My company doesn't have to care much about security because SentinelOne Singularity Cloud Security takes care of it for us. My company also knows what all the best practices are there for each resource, which gives us a boundary of what we can do.

Most of the time, I have looked at the tool's dashboard to keep an eye on how much of my company is compliant regarding certain areas since we are eyeing ISO 22000 and ISO 22001. I just love the tool's dashboard, though I have not used it in depth. I like the dashboard mainly, and I know that all sections of ISO certification have been completed. I have not used the tool that much, but under that dashboard itself if I just click on the certification part, which states that 93 percent has been completed, it will show me the subcategories of what all things are still pending or how much percentage of it is still pending, and how many areas are yet to be resolved in relation to some of the resources. The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best features.

When I joined my organization, I saw that SentinelOne Singularity Cloud Security was already implemented. I started to use the tool's alerting features and dashboard functionalities. Considering how much I used the product, I don't see any areas in it where improvements are required since everything seems fine.

Sometimes, there are alerts that don't have proper messaging attached. The tool can improve the alerting notifications. In SentinelOne Singularity Cloud Security, the alerts also show the affected resource that has a particular issue, but sometimes, the account shows as not applicable, and it isn't very helpful since you need to know the account the tool aims to point out.

The alerting system of the product is an area that I look at and sometimes get confused about. I feel the alerting feature needs improvement.

I have been using SentinelOne Singularity Cloud Security for more than a year. My company is a customer of the solution.

My company has not experienced bugs, downtime, or any other issues in the product.

Stability-wise, I rate the solution an 8 out of 10.

It is a scalable solution. Scalability-wise, I rate the solution a 7 out of 10.

My company's tech team consists of twelve people and around ten to twelve people use the product.

I rate the technical support an 8-9 out of 10.

Positive

The solution is deployed using the cloud services offered by AWS.

SentinelOne Singularity Cloud Security regularly sends us messages on Slack for cloud security monitoring if it finds a certain security threat. If the area revolving around the security threat is something my company wants to look into, we just quickly check the product to see if there is a quick fix, and if there are no solutions, then we find a way to deal with it. A person from our company's team regularly tries to fix all the issues raised by SentinelOne Singularity Cloud Security so that it is ISO compatible, and right now, my company is close to achieving it.

Speaking about the issues my company was trying to resolve by implementing SentinelOne Singularity Cloud Security in our environment, I would say that whatever issues the tool has raised till now are related to certain policies that we might not have implemented in our IAM. There should only be certain roles that can access certain resources. The aforementioned area consists of the types of issues my company is currently trying to resolve so that we stay up to the mark. In my company, we don't have any regular threats that come up, but they are mainly used in regard to policies.

Considering how much I have used it to date, I can say that it is an easy-to-use product. However, I have not used the product in-depth, so I can't comment much about it.

If I assess the evidence-based reporting for helping prioritize and solve important cloud security issues, I would say that the concerns raised by the product are valid ones, and it is important to deal with them. Though I am not sure what the question entails, I feel that the issues raised by the product are proper, and they should be resolved before actually implementing its features.

I think it is very important for the solution to include proof of exploitability in evidence-based reporting. You have to know what things might go wrong if an issue is not resolved, and it makes it easier for us to assess key issues and to decide which areas should be taken into priority, considering what potential issues might crop up in the long run or short term. In general, SentinelOne Singularity Cloud Security is a quite helpful tool.

The most valuable feature of the tool in terms of real-time threat detection stems from the alerts my company receives via Slack. I think the alert feature is something I have majorly looked into, but I haven't explored many of SentinelOne Singularity Cloud Security'd features.

Whether the compliance monitoring capabilities of the tool have benefited our organization or not is something that we will get to know soon via its results in the next two or three months. My company is very close to getting ISO certification with SentinelOne Singularity Cloud Security's help. I think if it gave our company a demo compliance feature, it could be helpful.

The product's UI is good if I speak about the impact of its ease of use on security operations. The UI is very easy to navigate. Basically, I was able to navigate through the tool's dashboard. Overall, the tool's UI structure looks good.

My company has rarely had to deal with an incident involving a false positive with SentinelOne Singularity Cloud Security in place, and I believe that it happened at the end of the previous year. After that, my company didn't need to deal with any false positives. With SentinelOne Singularity Cloud Security, the chances of seeing a false positive are rare.

In terms of risk posture, after going through the recommendations provided by SentinelOne Singularity Cloud Security during the implementation phase, I feel that my solution has helped my company get better and more secure because now we are less vulnerable to attacks. Overall, I think that the product is good for improving an organization's risk posture. In my company, we don't have any doubts about using the product since everything feels right with it.

The tool has reduced the mean time to detect risks since, with the use of the tool, it has become faster as it is now done automatically. In my company, I operate in a very small team where we don't have a specific person or department giving us insights about a particular tool. The tool has reduced the mean time to detect risks by more than 50 percent. My company never scanned our own infrastructure until SentinelOne Singularity Cloud Security did. Until my company had it in mind that we wanted to get an ISO certification, we never scanned our infrastructure.

The mean time required to remediate is an area that has improved a lot. My company has never tried to resolve any issues since we have never detected any problems. The mean time to remediate has improved by more than 50 percent.

The product can make the collaboration between cloud security application developers and AppSec teams better. In my company, we only have one team, and we don't have a few departments.

The product has helped my company save a lot of engineering time because we don't have to put up physical resources to do many things, as they are managed automatically. In my company, we just have to employ one engineer to resolve everything. My company doesn't actually have to spend time detecting issues and then solving them as the tool solves them for us.

I have not integrated the tool with the existing solutions in my company's infrastructure or workflows. I use it as a standalone product in my company.

The product is used in just one location.

I don't think that the product requires any maintenance. I don't think that my company does any maintenance for SentinelOne Singularity Cloud Security.

I recommend the product to those who plan to use it. I think the tool has a very good alerting system. The tool also gives a proper description of resources and alerts. I think that the tool is very good for meeting the certification compliance requirements.

I rate the overall tool a 9 out of 10.

We are a security-based company. We use SentinelOne Singularity Cloud Security to put our data planes on it. We have a cloud setup, and we have integrated SentinelOne Singularity Cloud Security into our environment. It checks for any audit or security-related issues.

By implementing SentinelOne Singularity Cloud Security, we wanted a centralized solution. We have many AWS accounts to manage, so we wanted a single dashboard with analytics. We wanted to be able to view and monitor everything at once. We also wanted to customize the rules on which we wanted the alerts to be set up. SentinelOne Singularity Cloud Security was a better option for our use case.

We have multiple rules set up on SentinelOne Singularity Cloud Security for things that we want to monitor. We have set up something for restricted access for SSH, and then we have access to the EC2 instances. If any of the rules are broken or if there is a bad actor, we get notified quickly. It also helps with the audit and keeping the infrastructure clean.

SentinelOne Singularity Cloud Security includes proof of exploitability in its evidence-based reporting. This is quite important for us because we are a security-based company. We want to tag each and every alert correctly. We also need to provide RCA to the customers. SentinelOne Singularity Cloud Security forms a very good basic layer for things that are happening in the infrastructure. The reports that it gives are also nice. It gives us information about the impact and other things. It helps us.

Its setup is good. It also depends on how finely you want to set it up. It depends on the rules you set, the thresholds you set, and how quickly you act on things. We did not want SentinelOne Singularity Cloud Security to act on things, so we went for a basic setup without any auto-remediation. We act on the issues. It provides us with a basic layer of security.

Previously, we used to find issues from the AWS console and the AWS logs, but because we had multiple AWS accounts, finding out the issues was a bit of a pain point for us. We had to go inside 30 to 40 AWS accounts to find out the capabilities. We had to write our own automation scripts to find the full logs. We wanted a solution that gave us a centralized place to put all the issues that we were facing based on security concerns. With SentinelOne Singularity Cloud Security, we found a centralized solution. It was easy for us to get the data of 30 to 40 clusters in a single dashboard. It was pretty nice to have that. The UI seems a bit confusing initially, but once you start using it, it becomes more intuitive.

There is a team that is working on setting it up on ISE. So far, with just a vanilla setup, it is doing its job, and we are happy with it.

There are a few false positives, but we want them to be there. We do not want to miss out on something. We want everything to be monitored. It does not matter to us if it is a false positive. At the end of the day, the cost that we would pay by ignoring a true positive thinking it is a false positive would be much higher than going through false positives and marking them as false positives.

For every module and everything that we do on our AWS clusters, we evaluate the risk individually, and then SentinelOne Singularity Cloud Security forms an extra layer of security on top of the personal checks that we do. It is like a shield for us. It helps us a lot.

SentinelOne Singularity Cloud Security has reduced the mean time to detect issues by a lot. Earlier, it was a very manual process to detect errors. There was not a single place where we could look into all the alerts. They were all scattered. SentinelOne Singularity Cloud Security unified that. With SentinelOne Singularity Cloud Security, once the alert is detected, we can just look into it directly. We can go into a specific cluster, resolve the issues, and mark it as resolved. There is a 45% to 50% reduction in the mean time to detect.

Our mean time to remediate remains the same because we have manual remediation. There is no change in that. The main issue for us was to be able to detect issues, and SentinelOne Singularity Cloud Security solved that for us, but because remediation is taken care of by us manually, the mean time to remediate remains the same.

SentinelOne Singularity Cloud Security is continuously monitored by the customer success engineering team and the security team. These people contact the infrastructure team. The application team is not involved because we mostly monitor the infrastructure side. That is the AWS side. It helps us with better collaboration. When the time zones change, we do not have to give a lot of context or change information across different time zones to different people. They can go into the console, see the issue, and continue to work on it.

Earlier, if there was a security issue, it had to be handed over to people in different time zones. Because we are a global company, we have on-calls and other things. Earlier, it used to be a big process. We had to write down the whole documentation of what happened, where we were seeing the issue, and whether it was resolved or not. We had to provide the complete information on that single issue. Things are simpler now because people can just log into it and see what is in the pending state and which security vulnerabilities we are still facing. A person in a different time zone can just log into the SentinelOne Singularity Cloud Security console and start remediating the issue.

The multi-cloud support is valuable. They are expanding to different clouds. It is not restricted to only AWS. It allows us to have different clouds on one platform. The integration is quite easy. It took around 15 minutes for the whole stack to set up. It was very easy to set up. That was one of the best things.

The custom rules are also valuable. We can set up our own thresholds on the rules. We can have a granular setup for the rules. We can also scan for specific ports and specific AWS modules. The granularity of rules is good. 

In terms of ease of use, initially, it is a bit confusing to navigate around, but once you get used to it, it becomes easier. Initially, I had problems finding a few things and creating the policies. It was a bit difficult for me, but after going through the documentation, it got easier.

I was checking the IaC checks that they have, and they can add something for auto-remediating IaC. They can integrate something that will help auto-remediate on IaC and make needed changes to the code. They can also integrate something like CoPilot.

Other than that, I do not have any input. They have covered quite a bit. They are doing a good job. The features are good for what we are using it for right now.

I have been using SentinelOne Singularity Cloud Security for 3 to 4 months.

Its stability is good. We do not have a high volume. It is doing well for the scale that we have. I would rate it a 9 out of 10 for stability.

Its scalability is good. I would rate it an 8 out of 10 for scalability. It meets our requirements. SentinelOne Singularity Cloud Security does the very basic job of collecting the CloudWatch logs, keeping them in a centralized place, and looking for errors. We have scaled it across all of our AWS accounts, and it is doing well. I do not see any issues coming in the future as well.

SentinelOne Singularity Cloud Security is being used by our infrastructure team. There are 15 to 20 people who keep a check.

Their support was good. I would rate them an 8 out of 10.

Positive

We did not have anything like SentinelOne Singularity Cloud Security before.

The initial setup was straightforward. It only took about 15 minutes.

We initially had issues handling the setup. We were doing it slightly wrong. We ran it multiple times which messed up the setup. We got SentinelOne Singularity Cloud Security folks on the call. SentinelOne Singularity Cloud Security people assisted us with it, and it was very quick once they were on the call.

We are on the cloud. We have different AWS clusters, and we have onboarded AWS clusters to it. There is a single dashboard for us. We have not integrated it with anything else. SentinelOne Singularity Cloud Security is a separate system running, and we have not integrated it with anything. Being a security company, we are directly adding third-party solutions to our stack. 

SentinelOne Singularity Cloud Security does not require any maintenance from our side. It was a one-time installation, and since then, we have not had any issues with it.

Based on the things that we have tested, it does a pretty good job of alerting and reporting. If you have a highly scaled environment with 50 to 60 AWS clusters and you are looking for a tool that simplifies getting security logs, SentinelOne Singularity Cloud Security is the perfect solution. It does the job. I would recommend SentinelOne Singularity Cloud Security to others.

SentinelOne Singularity Cloud Security has an auto-remediation feature, but we are not using that because we have to give a lot of access to SentinelOne Singularity Cloud Security for that. We are not willing to do so. That is why we do not use the auto-remediation offered by SentinelOne Singularity Cloud Security. We just get the alerts, and then we act on them. We also do not use agentless vulnerability scanning, IaC scanning, and SentinelOne Singularity Cloud Security's Offensive Security Engine.

Overall, I would rate SentinelOne Singularity Cloud Security an 8 out of 10.