SentinelOne Singularity Complete Reviews

First and foremost, we use SentinelOne Singularity Complete for endpoint detection and response in our company. We do not have any antivirus anymore. We have SentinelOne for the endpoint detection, response, and defense mechanism. This is our primary use case. 

We also have other use cases. I work predominantly in vulnerability management. I sometimes work in the SOC. For vulnerability management, we use it in a number of different ways. We sometimes use it to see which applications and versions are running on systems. We use it for an inventory of applications. We do not use it for vulnerability detection. We have another tool for that, which I believe is more dedicated to technical vulnerabilities. I know there has been some investment in this area, but at the moment, we are not using it for that. 

We also use it for running scripts and automating tasks on systems. In fact, I have been doing a lot of that recently. They have developed their automation and remote ops part, which has been fantastic for us. I have been updating a lot of applications using the scripts that I have deployed with SentinelOne. I love that part of the tool. It makes life a lot easier. 

I sometimes also use it to determine where we may not have other pieces of software on systems. For example, we use a vulnerability tool that runs on an agent. I can use SentinelOne to see whether all of the systems on which we have SentinelOne also have our vulnerability tool agent. If a system does not have it, we can deploy a script from SentinelOne to add the agent. 

We also use Ranger, so we can identify other systems on our network that do not necessarily have SentinelOne agents. That can be quite useful sometimes. Because of Ranger, we have seen a lot of systems that we did not already know about. 

As a part of the endpoint detection response, we ingest logs through our central SIEM. We have a hybrid Security Operations Center. The first line is done by a third party. They have access to the SIEM, and all of the SentinelOne data is ingested into that. When there is an incident or when SentinelOne detects an incident, it gets flagged to the Security Operations Center, and then we start to investigate that incident. Most of the time, if it is a SentinelOne-related incident, we will log in to SentinelOne and use it to investigate the incident. We look at the logs on the endpoint and try to establish whether it is a genuine incident or a false positive, what happened on the system, and why we are getting these alerts.

We use the Ranger functionality. It provides network and asset visibility. It is quite important for us. If we did not have another tool that is doing similar, it would have been extremely important, but we do have a vulnerability management tool that is very similar. It is quite good that it does that automatically out of the box, whereas we have to configure our vulnerability scanning solution to do something like this. The ability to have visibility of the network where we do not necessarily have SentinelOne deployed is very important.

Ranger requires no new agents, hardware, or network changes. This is important for us. It has an advantage over our vulnerability management tool because we have to deploy scanners with our vulnerability management tool, whereas we do not have to deploy anything for SentinelOne Ranger, so in that way, it is a better solution in helping us.

Ranger is very effective in helping to prevent vulnerable devices from becoming compromised. For example, we used Ranger and identified some systems in our data center that we could just log on to. It was not very difficult to get on to those devices. Therefore, it would not have been difficult for anyone else to get on those devices. We did not necessarily have the permission to do so, but we found a way to do that. We managed to get those devices secured, and therefore, increase the security of our systems. That kicked off from Ranger, and that is a good use case.

Singularity Complete has helped free up our staff for other projects and tasks. For example, with automation, I have been able to patch some of our systems, which has freed up time for our help desk team. They do not have to patch some of the systems. It has also been helpful for deploying some of our agents for our other tools. If we deploy through SentinelOne using the script, that frees up our team's time.

Singularity Complete has helped reduce our organizational risk. The previous solution we had was signature-based, so for endpoint detection, it has to know a certain kind of attack before it can detect it or even block it. Because Singularity Complete is more looking at the behavior of running processes and how these processes interact with other processes on the system, it has helped to reduce the risk. We are not relying on static detection signatures. We have got real-time detection. Singularity Complete can detect things that may be the first-ever attack in the world, and we get notified about it. It does reduce the risk.

I work in vulnerability management, and for me, at the moment, its automation is most valuable. For the SOC team, incident visibility would be most valuable, but for me, it is automation.

In automation, if we could schedule when we run the task and on which systems we want to run the task, it would improve automation.

I have been using this solution for two and a half years. I have been using it since I joined this company. 

We have not had any issues with it. It has always worked for me.

It is quite scalable. I do not see anything holding it back in that regard.

My impression of SentinelOne as a strategic security partner is very positive.

In terms of support, for a lot of support requirements, I go through the engineering team. They are very knowledgeable about Singularity Complete, but I did contact SentinelOne's support team recently in July. There was a particular vulnerability that Microsoft had already caught. Microsoft Defender had a setting that would automatically block the vulnerability. I raised the question to SentinelOne support asking whether SentinelOne has the same ability to block the vulnerability. It took me a few times to get them to understand what I was asking, and they could not confirm 100% that it was blocked. They just said that their solution does block vulnerability attempts, but they did not specifically do this particular one. Unfortunately, that interaction was not entirely positive. Overall, I would rate them a seven out of ten.

Neutral

My company had an endpoint solution previously, but I was not with this company before they had Singularity Complete. They already had Singularity Complete when I got here. It was replacing the previous endpoint solution, so I cannot say whether Singularity Complete reduced our alerts or mean time to detect than the previous solution.

I was not involved in its initial deployment. I am with the engineering team. I have deployed SentinelOne on some systems, so I know the process, but I was not involved in deploying it or rolling it out company-wide.

It is in the cloud, but we have SentinelOne agents deployed on our systems. These agents report the data back to the cloud, which gives us the ability to see all of that data.

In terms of maintenance, the team that maintains it performs agent updates. They can be pushed automatically, but our engineering team has decided to not push the updates automatically because they could potentially break something or may not be fully compatible with a current version of, for example, macOS. There is some maintenance in that regard. There is also maintenance in terms of relieving some aged SentinelOne nodes. We might remove those. I would not necessarily call it maintenance, but when we set up particular alerts, we may maintain those alerts based on our requirements at the time. It may be the vulnerability being escalated in the wild, or we might want to set up some sort of detection that can basically detect or indicate any compromise. We maintain all of those rules.

I do not know much about the pricing. What I do know is that the person who negotiates most of the pricing is quite a hard bargainer. In that regard, he often says that he managed to get a very good deal. When we first looked at replacing our old system with Singularity Complete, its price was definitely a big factor. Back then, Singularity Complete was fairly new to the marketplace. We got quite a good deal as an early adopter. They have honored that and respected that we were an early adopter, and I feel we are still getting a very good price.

It is definitely worth considering. It is definitely up there with the best of them now. A few years ago, it probably was not. It was in the early stages, but now, it gives us everything that we need today. They invest heavily in the platform. That is important as well. If you buy it today, in a year or two, you will get a lot more features for your money.

It is quite mature now. Over the two and a half years that I have been using it, there have been numerous feature enhancements. As a basic endpoint detection response, it is very mature, and it now has other features, such as the Ranger functionality and automation, on top of it. It is a very mature offering now.

When it comes to integrations, I do not know about any tools that I have used with Singularity Complete. We just bought Wiz.io for our company, and I understand that SentinelOne links to Wiz.io. I have not personally used it, but I will be using it soon. From what I understand, it is going to be quite useful because if we detect an incident or an alert on a cloud system that Wiz.io manages and has visibility of, we can then get more information about that cloud system. For example, it could say, "We detected that this vulnerability attempt has been made, or one of the exploit attempts has been made on your system." We then get all of this information from Wiz.io which says, "Actually, the system is not vulnerable to that vulnerability." At that point, we would think that we do not need to worry as much, but we are going to see the investigations. 

In terms of its ability to ingest and correlate across our security solution, we do not necessarily ingest into Singularity Complete, but we ingest Singularity Complete into our central SIEM. It is very difficult to ingest data into that SIEM.

Overall, I would rate SentinelOne Singularity Complete an eight out of ten.

We use SentinelOne Singularity Complete as our antivirus and malware detection solution.

Singularity Complete has helped reduce our alerts.

It gives me peace of mind knowing that it patches areas that need it and is always available to hunt for malware in our environment.

Singularity Complete has helped significantly reduce our MTTD. We are notified within the hour of an incident.

It has also helped reduce our MTTR. We are able to respond to an incident within the hour.

Singularity Complete has helped reduce our organizational risk.

Malware detection is valuable. We have had incidents where users have clicked on malicious links and we were able to patch the malware using SentinelOne Singularity Complete before it reached the SIEM. SentinelOne Singularity Complete has become one of my most trusted solutions for hunting malware in our environment.

I have been trying to synchronize SentinelOne Singularity Complete with our SIEM, but it has not been very successful.

SentinelOne's customer service has room for improvement. It is hard to reach them.

I have been using SentinelOne Singularity Complete for two years.

Singularity Complete is stable.

Singularity Complete is scalable.

The support team is hard to get a hold of.

Neutral

Based on a management decision, we switched from CrowdStrike to Singularity Complete.

The initial deployment was complex, but SentinelOne helped with the process and two of our employees were involved.

We used the help of SentinelOne for the implementation.

The license is per user.

I would rate SentinelOne Singularity Complete eight out of ten.

It is a mature and high-quality solution.

SentinelOne Singularity Complete as a tool is good but the support needs a lot of work.

We have it hooked up to our LogRhythm SIEM, which keeps track of all the events that are happening all around. That has been really helpful for us. We have SentinelOne Ranger that scans for devices on our network and finds the ones that do not have SentinelOne or the machines that we call rogues. The other function that we use is Deep Visibility. We pay for that, and it allows us to hunt for threats within our environment. It is also very important. We don't use Deep Visibility very often, but it is one of the more important things that we have in terms of the selection of products we pay for.

One of the big reasons we use it is for its ability to ingest and correlate across our security solutions. By virtue of going after an incident, we need to see step by step what happened. We have network solutions that show us where things came from network-wise. We have a vulnerability scanner for something that gets exploited, and then we have SentinelOne to see what is actually happening on machines. Maybe a process was launched. Maybe a file was clicked or an email was opened. That is a big part of how we use the tool.

Prior to having SentinelOne, we had CrowdStrike, which is a similar product. We decided to make the switch to SentinelOne because the biggest problem was that the previous endpoint detection response software we had did not support what we call legacy endpoints. Anything prior to Windows 7 was not supported by CrowdStrike. Being a manufacturing firm, we have quite a few old devices. That was one of the big things that sold us. SentinelOne also had significantly more competitive pricing than CrowdStrike, but the ability to protect older endpoints was the main motivating factor for us to make this switch.

We have been able to consolidate our security solutions. We had a handful of different solutions. SentinelOne Ranger scans for things. We used to have a product that did that, and we got rid of that. For deep visibility, we used to have a piece of software on each machine for historical data and events and things of that nature. We were able to get rid of that. Having an antivirus is also not really necessary because it is a next-generation AI-based antivirus. It does antivirus tasks, and it reduces the need for our traditional antivirus such as Kaspersky, Symantec, McAfee, etc. We were able to get rid of those as well, which is a good thing.

We have turned on the Ranger functionality. It is used for asset discovery, but only within a certain range and only if there are a certain number of machines. The way our settings are, if we have a cluster of five machines around it, it will essentially send out a signal and try to find the one without it. If we have five machines in our organization, it will look to see which one does not have SentinelOne around it. It can be helpful to find machines that were not deployed properly. It can also be helpful to find machines that were deployed by malicious actors and things of that nature. It also helps us to identify machines that have SentinelOne but are not responding right now.

It is a pretty big deal that Ranger requires no new agents, hardware, or network changes. We have deployed SentinelOne completely. There is probably no machine in our network that does not have it unless it has a very specific use case. Ranger helps us find those if they do exist. If need be, there is a setting within Ranger for deploying SentinelOne through Ranger. We have it turned off, but it is still useful. It is something we could use one day.

We typically use Ranger for vulnerability and not necessarily for the prevention of vulnerabilities, but it does give us a good idea of what is out there. For example, there is someone who is trying to do something malicious. It will heartbeat that, and it will see what is happening around that. If it sees, for example, command and control or something like that, it will identify it. It might quarantine it or turn your machine off to stop things.

Singularity Complete has helped to reduce alerts. One of the things we struggle with over time is trying to identify what is and what is not a real threat. It did take some tuning, but we went from having to investigate every little thing to being able to say, "Okay. This is a false positive. We know this. We have had this in our environment. We can exclude that." That frees up time for other things, so we can spend time focusing on malicious or bad things happening in our environment. We can work on projects and do some of the actual engineering.

Singularity Complete has helped free up our staff for other projects and tasks. We do not have to sit there and constantly monitor, which means that we can go ahead and do other things. We have a vulnerability scanner that we can use to start patching and tackling some of those vulnerabilities. We have our SIEM that we need to monitor for events and activities as well. We have network logs that should be gone through more. Because we have something that takes care of our endpoints, we can look at the focus of our business and do things there instead of having to worry about each machine individually.

The biggest thing that SentinelOne does is that it is constantly looking at our environment and other environments as a baseline of what should be happening or what could be happening. If something does not match the specific idea of what should be happening, it detects that and blocks that. If it is not sure what to do exactly, it quarantines a file or a folder or something like that until we have a chance to look at it. That is better than something getting through and causing damage before we can do anything about it. As long as a machine is connected to the network, it is pretty instant, but depending on what it is doing, it might take a little bit. There are some functions within it that do take a little more time to work. For example, the remediate and rollback functions do take time to work, but if it sees something as malicious, it will kill and quarantine that within a fraction of a second.

Singularity Complete has helped reduce our organizational risk. There is the part where it kills and quarantines things that are happening on machines, but there is also an element of visibility. Being able to see what we have gives us a better idea of what risks we have. From an inventory standpoint, everything is synced the second we deploy the image machine. Through that, we are able to see what is running on them, what they have installed, and things of that nature. We get a more holistic idea of what we actually have so that we know what to protect.

The terminating or killing remediation process that they use is top-notch. Pretty much anything that is even remotely malicious gets blocked by it within seconds. That is important for us. We have thousands of endpoints with tens of thousands of users. It is hard to do good security for that many people without some kind of automated detection and response. That is what SentinelOne does for us. It helps us automate that process.

Some of the reports that are exported through SentinelOne can be complicated for people who are not IT professionals. For example, we have some people within our leadership who would like to know why we are spending so much money on their product, and one of the ways that we are able to do that is through reports. Some of those reports are pretty easy to understand, and some of them are very complicated. Because they are not IT or security professionals, they may not have the same grasp. I wish their reporting feature was a little better. If they were able to export and make it a little more presentable, it would be great because this is something that we end up doing on our end where we take some of that data and make it look better. It would definitely save us time if it was a little prettier, for lack of a better word, from the beginning.

We have been using it for two and a half to three years. 

As far as I know, and I am the only one out of our three time zones who uses the tool, I have never had an issue with it. The only time we ever had problems was when someone made a change to some of the roles, but it was not a SentinelOne issue. For the most part, as long as you have set up the tool correctly, it functions pretty much 100%. I cannot think of a time when it was down.

We started out by having it deployed on a handful of machines as a proof of concept. From there, we were able to replicate it over and over in our environment. We are currently licensed for around 7,000 devices, and they made it pretty clear to us that if we decide to improve that or increase that, it would be a seamless process. They will just bump our licenses up and then we pay a little bit more. There is no real pain associated with that where you have to go back to the table, talk, and do things like that. It is a flip of a switch.

They were very helpful. They were knowledgeable. They definitely used the tool before. The questions they asked were good. They knew what logs to ask for. They knew what question to ask. They were pretty good. I would rate them a ten out of ten. They were knowledgeable. They were helpful. The turnaround time is good. They want to resolve the issue, and they are there to help.

Positive

We had CrowdStrike. We switched because of two things. One was the price. CrowdStrike was expensive, and the other thing was that we needed to protect legacy devices. As a manufacturing company, we have a lot of old software and hardware in our environment, and CrowdStrike did not protect those devices. We either had to come up with a solution where we network quarantine those machines or have them segmented somewhere so that they do not talk to anything else, or we just get SentinelOne and they function the same and require no extra work. As long as it is on there, it is protecting them, and it is much cheaper.

We have it almost entirely hosted in the cloud. We do deploy it via the deployment software that we use to deploy to our endpoints. We do have it in the cloud as well that we run through the command line and then point it to our management console, but we do not have it hosted on-premises. We like the idea of having things in the cloud at least for the specific instance.

I was not involved in its deployment. I came here a little bit later, but I got to talk to some of the people afterward. I am part of the deployment now, but I missed the boat by a handful of months.

It is pretty straightforward. The way it works is that you get what is called the management console URL, which is essentially when you install it, it tells you who the device belongs to. You put in your URL, you run a command from it on an executable, and then from there, it is on your machine. It is pretty straightforward.

The number of people involved in the deployment varies. We are a multi-continent and multi-country organization, so we had somewhere between 15 and 20 people working on it. In terms of the people who actually use it, there are probably five or six. We have one person who constantly works to deploy within North America and one person who works to deploy in APAC. We personally work to deploy it within EMEA and then the rest of it is us just working on maintaining it and making sure it is doing what it is supposed to be doing.

We previously had a different EDR solution called CrowdStrike, which was very robust but also very expensive. It did not have the features we were looking for from a legacy standpoint. My understanding is that we did a pretty good deal on SentinelOne. A part of that is because we were their customers very early on, and we also use their products a lot. We are interested in the new products that come out. We go to their demos, and we go to their events. We do save a lot of money. It is not cheap, but it is worth it. We spend a lot of money on a lot of things, and most of them do not do as much as SentinelOne.

It has gotten more expensive over time, but we have also gotten more features and value out of it. They have added things to it. From a pricing standpoint, it is expensive. It is one of the more expensive tools we have, but it also does more than almost every other tool that we have in our environment, so it makes sense.

We reevaluated CrowdStrike and realized that it was just not going to work for our purposes. I believe we looked at Sophos and Carbon Black. Carbon Black is a VMware product, and Sophos is a similar EDR solution.

From a quality standpoint, if you are willing to take the time to implement it and implement it well, it is a fantastic product. It is a massive part of our security posture. If you are looking to switch, doing a proof of concept will probably be good enough to make you realize the value it has. Sometimes, in the demos from vendors, you see the kind of things happening that are supposed to happen. It is, of course, going to block them, but during our proof of concept, we threw in different scenarios at it, and it handled every single one pretty flawlessly. That is a big part of why we ended up choosing it.

If you were a company that has legacy devices, it is a no-brainer as far as EDR solutions are concerned. If you are looking forward to an EDR solution in general, and you do not have legacy devices, SentinelOne is incredibly competitive. It has a lot of great features. It is priced very competitively. Their support is great, and the tool works. It does take some fine-tuning, but the tool works very well.

As a strategic security partner, SentinelOne is always trying to get us to work with some of their partners as well. From an integration standpoint, it does give us some options going forward where if, for example, we wanted to use a mobile device solution, they do have some integration with them. If you are a part of their ecosystem and you have a tool that you are interested in, they will let you know whether they have a partner that they work with. They will let you know that they have this tool. It works so far, and if you have a question or something like that, they can get you acquainted, which I appreciate.

Overall, I would rate it a ten out of ten. It is probably my favorite security tool from the ones we have.

We utilize SentinelOne Singularity for endpoint malware protection and to gain visibility into threats across the network.

SentinelOne Singularity has the potential to ingest and correlate data across our security solutions.

Ranger provides network and asset visibility.

Ranger saves us time by not having to make changes to our hardware and systems.

Ranger helps prevent vulnerable devices from being compromised.

SentinelOne Singularity assisted our organization by saving deployment time and decreasing the volume of support calls.

Singularity helps reduce the number of alerts.

Singularity has helped our staff free up around 15 minutes of their time to focus on other projects.

It has reduced our MTTD.

It has helped our organization save costs through time savings.

The most valuable features include the agent installation and update processes.

The UI appears to be flat, and I wish to have the ability to customize it with features and buttons that are tailored to our needs.

I have been using SentinelOne Singularity Complete for seven months.

SentinelOne Singularity is stable. We have not experienced any crashes or downtime.

SentinelOne Singularity scaled easily in terms of deployment. We haven't experienced any performance issues, whether it's installed on a higher-end machine or a low-end machine. SentinelOne Singularity has been excellent.

We faced issues with our previous endpoint solution, Panda Adaptive Defense 360. SentinelOne Singularity seemed to be a more reliable and easier-to-manage alternative. Panda Adaptive Defense 360 caused significant downtime during deployments and updates.

The initial setup was straightforward. The deployment required three people.

The implementation was completed in-house.

We assessed McAfee, Trend Micro, and BlackBerry. We opted for SentinelOne Singularity due to its smaller footprint and more efficient software that uses fewer resources.

I rate SentinelOne Singularity a nine out of ten.

SentinelOne Singularity is a mature product.

Maintenance is necessary only when we are periodically carrying out updates.

Having a vendor like SentinelOne is crucial for a solid security strategy, as we aim for a product that seamlessly caters to both the IT department and end users. We intend to avoid exacerbating issues more than resolving them. Therefore, I believe SentinelOne is a suitable solution for us – easy to deploy and maintain on a daily basis.

I suggest trying out SentinelOne Singularity and comparing it to more traditional security vendors. SentinelOne Singularity offers a slightly distinct approach, but it's an effective method.

SentinelOne Singularity Complete serves as our everyday Endpoint Defense solution. We oversee daily detections and manage Sentinels, workstations, and servers. We strive to safeguard our assets and environment, while also defending against malicious processes and files.

We utilize Visions and its services. Visions and SentinelOne Singularity Complete are closely linked because we are now monitoring not only our products, endpoints, and environment, but we have also engaged Visions as a form of Managed Security Services Provider. Another aspect I find particularly valuable is their API. As a result, we've seamlessly integrated this solution with our SIEM system, which is functioning effectively. This is undoubtedly a tool that we employ, both in conjunction with Visions and our SIEM products.

It's capability to ingest and correlate data across our security solutions is impressive. I utilize tools such as Visions and Sentinel whenever I need to access or retrieve any telemetry. These tools, along with the enhanced visibility they provide, enable me to proactively conduct threat intelligence, explore my environment, and query assets generating alerts.

SentinelOne Singularity Complete has assisted us in streamlining our security solutions. We now possess the capability to identify malicious threats, and the system will automatically safeguard the relevant information, quarantine the threats, and revert any alterations made by the threat. 

It has effectively defended our environment against numerous malicious actors. With a membership of over ten thousand, the solutions help safeguard their data effectively.

Singularity Complete has helped us reduce the number of alerts we receive by approximately 30 percent. The false positive issue has been addressed by working with Visions. We remediate these issues and then classify them as false positives, rather than repeatedly receiving alerts as in other solutions. As a result, we now experience fewer alerts than initially expected from day one. 

It has assisted in releasing our staff to focus on other projects and tasks. Visions reviews all alerts, forwarding only the true positives to my team for investigation and response.

The agents are live, so our Mean Time To Detect is in real-time.

Our mean time to respond is in real-time. If an issue is escalated by Visions, we receive it instantly. Once it's recorded on the disk, it promptly gets escalated to them. They detect it, review the matter, and subsequently escalate it to us. Then, we review it together, all in real time. There is no downtime during which we have to wait.

SentinelOne Singularity Complete certainly reduces costs for our organization, as we need fewer personnel and don't have to involve numerous analysts due to the presence of Visions. It has also decreased our organization's risk by approximately 30 percent.

I appreciate the network control as well as the device control. These two features are truly excellent. I occasionally utilize the custom rules as well.

I would love to see improvement in the integration of SentinelOne Singularity Complete and Visions to better utilize the information we receive.

The browser extension for SentinelOne Hunter is a product designed for monitoring and detecting at a browser level. This library is widely recognized. It should not only detect incidents but also proactively block them within the browser environment. Therefore, I would appreciate seeing the browser extension react more effectively to events, going beyond mere detection.

I have been using SentinelOne Singularity Complete for one year.

I rate the stability of Singularity Complete nine out of ten.

I rate the scalability of Singularity Complete nine out of ten.

We have used technical support a few times, and they were excellent and very competent.

Positive

We have seen a return on investment.

The organization assessed Carbon Black but found greater value in SentinelOne Singularity Complete.

I rate SentinelOne Singularity Complete nine out of ten.

SentinelOne Singularity Complete is a mature solution that offers a multitude of features and the potential to enhance security within an organization. This presents significant value for security professionals.

We have deployed SentinelOne Singularity Complete across multiple divisions, various business units, and numerous locations spanning Europe, the US, and Japan. As a global organization, Singularity Complete seamlessly integrates with any internet-enabled entity, providing robust agent support upon connection.

Two individuals are responsible for the maintenance tasks, which include updating agents, upgrading policies, and deploying packages.

Having SentinelOne as a strategic security partner is a positive development.

Before assessing Singularity Complete, we need to dedicate a substantial six-month period to thoroughly engage with the product. This entails working with it on a daily basis, comprehending its intricacies, and obtaining full administrative rights to explore and interact with all its features and functionalities.

We replaced McAfee's endpoint security with SentinelOne. The vendors we deal with recommended this product, and we had some issues with McAfee, so we decided to switch. It is used for detection, however, detection is very rare. 

The solution is easy to configure. How it detects threats is modern.

It's been pretty good. I have no complaints. It's been working very well.

I like the way that this product works. It doesn't rely on the data file. It checks the behavior of the process to prevent virus or phishing attempts from there.

I like the way it detects threats. It's based on the heavy behavior, not just based on the signatures, and it downloads from a central repository. 

I really like how you manage the endpoints. Their web portal is really nice. I can do everything through the web portal. I can see all the endpoints. I can upgrade them from there. And gives me a nice list of what software is installed on the endpoint as well. The solution will give me recommendations if there are any security vulnerabilities, for example, if the software is missing a patch or something like that. The deep visibility feature is great. If there's an incident, I can deep dive into the incident to see where it's coming from and how it affects the endpoints.

The interoperability with other SentinelOne solutions or third-party applications and tools has been pretty good. We haven't had major issues. 

While I'm not sure if the solution helps us with consolidation, their product does improve our overall security posture. We basically just use it as endpoint security. We're not using other products from them altogether. However, this is doing a great job of protecting us.

It has helped to reduce any of our alerts. Ever since we had this product implemented we've had fewer alerts. We had less user involvement as well. Where McAfee used to interfere with the user's daily productivity, SentinelOne does not. That's another thing I'm pretty happy about.

With this product, we can free up our staff for other projects, assignments, and tasks. It's reduced disruption for our users. Therefore, our help desk doesn't have to do as many tickets as when we were with McAfee.

Our mean time to respond to threats is definitely better. If there's anything happening, we get alerts right away via email. McAfee was not instant. We know about threats sooner and we have more time to respond to them.

Singularity helped our organization to save on costs. There's less maintenance compared to McAfee. The price is similar; there's not a big difference. However, we do save time and that translates to money. 

Our organizational risk has been reduced. It's a much better product compared with what we had. If there are any security vulnerabilities, if there's any patch needed, or if there's any known security threat that I should be aware of, I get notified fast.

The quality and maturity of the product are very good. Customers seem happy with them. I'm also happy with the product and its capabilities. 

In the beginning, we had some issues with their product on some of the Windows 32-bit operating systems. However, that was only on a special group of computers as we have our own special software. Other than that, for other computers and servers, we had no issue at all.

The web portal needs improvement. Sometimes when I go on their web portal and put in the username and password, and then all of a sudden, it says that the web interface has been refreshed. You have to put in the username and password again. It's very minor. Other than that, there isn't anything else I can see.

I've used the solution for proabably over a year. 

Stability-wise, it's very good. I've had no issues at all and I never get complaints from users.

Scaling should be pretty easy. You just push out the agent. That's it. There's a group policy on the web portal and there's not much to manage. 

When I ran into the Windows 32-bit issues, I contacted support. I've also contacted them here or there for a few issues. They are responsive and knowledgeable. I have no complaints. 

Positive

We used McAfee and found how it looked at threats was old school. We wanted to explore new solutions and technologies. A vendor recommended this solution and when we looked at it we found all users are pretty happy with them. 

The deployment was good. We have agents installed on all endpoints. The management portal has a nice interface. We can do everything we need to do from there, which is nice. 

I was involved in the deployment. It was pretty straightforward. You just install the agents and make sure the policy is correct based on the servers or the usage of the endpoint. We only ran into an issue around a 32-bit Windows software system, however, it wasn't anything major. I mostly handled the implementation myself. 

There isn't much maintenance needed. You just need to do version updates. 

I worked with the company that got us the license. We worked together to get the implementation done. 

The price is pretty good. It is reasonable. It's one of the reasons we went with them. Palo Alto, in comparison, was pretty expensive. The price of Cylance was reasonable and somewhere in the middle, however, SentinelOne feature-wise gave us everything we needed for a good price. 

We did look at other options. We looked at CrowdStrike, for example. We also looked at Palo Alto. They had something similar in terms of endpoint security, In the end, we chose SentinelOne. 

I'm a customer and end-user.

We do not use the Ranger functionality. I know it is available, however, it is an extra cost.

In terms of the solution's ability to be innovative, I've only used McAfee and SentinelOne. I can't really say how it compares with Cloudstrike or Proofpoint. That said, compared to McAfee, it can detect threats based on user behavior and not just definitions. It helps monitor software for potential security issues. It's really nice and works very well.

I would recommend the solution to others. 

They make a good strategic partner in terms of security. Their product is the last line of defense for security breaches, and having a good, reliable product on all endpoints is very important to our organization. 

I'd rate the solution nine out of ten overall. The ability to detect threats and the deep visibility on the endpoints is great. I like that it alerts you to patching requirements. It's great that, if a threat appears, we can drill down and see exactly what's going on.

We use SentinelOne Singularity Complete for antivirus and EDR capabilities on both our hosted and internal platforms.

We implemented SentinelOne Singularity Complete to harden the security of our environment.

Initially, we focused on our client-facing platform. We definitely wanted to ensure adequate antivirus and malware protection, and I believe we have achieved that with SentinelOne Singularity Complete. Our environment is fairly large so it took us a few months to realize the benefits.

SentinelOne Singularity Complete helped save our staff time to focus on other projects. Our security operations team has a little bit more bandwidth now.

SentinelOne has helped us reduce our MTTD. The Storyline feature has definitely cut down on research time when investigating incidents, making the process much faster. What used to take several hours to review logs can now be completed in ten minutes.

It has helped us reduce our MTTR.

Our organization had a costly incident before we implemented SentinelOne Singularity Complete. Since the implementation, we have not had any incidents, which correlate to cost savings.

Singularity Complete has helped reduce our organizational risk.

I really like the storyline feature. It makes it easier to tie together the processes and how they are related when investigating potential incidents. I also like the dashboard and the customization options.

The only integration that we are having a challenge with is our Rapid7 SIM solution. We have created exclusions for it, but sometimes there are still some false positives that the team works through.

The false positive rate has room for improvement.

We can build exclusions in a few ways, but one challenge is that many third-party applications spawn files with random names. This can make it difficult to write rules to account for these files. If there are better ways to deal with this, it would help to reduce conflicts between our Rapid7 solution and some of our other solutions that generate PowerShell scripts.

When agent updates require a reboot, this can be challenging for our large customer environments.

I have been using SentinelOne Singularity Complete for four years.

SentinelOne Singularity Complete is stable. We have not had many stability issues.

We have a large environment and find SentinelOne Singularity Complete to be scalable to meet our requirements.

The technical support ticket for the issue we had with getting the agent installed in our PBS image took almost a year to resolve, and we ended up finding the solution on our own. We had several tickets open, but unfortunately, they didn't lead anywhere.

Neutral

We previously used Cylance, which our hosting provider provided along with Endpoint Detection and Response. However, we experienced several challenges with Cylance, so we purchased SentinelOne Singularity Complete for our corporate network. SentinelOne functions and deploys significantly better than Cylance, so we asked our hosting provider to switch us to SentinelOne instead.

The initial deployment was straightforward for SentinelOne Singularity Complete. We had a bigger challenge installing Cylance. 

I would rate SentinelOne Singularity Complete eight out of ten.

SentinelOne Singularity Complete has a lot more functionality right out of the gate.

I recommend considering SentinelOne Singularity Complete for anyone researching security solutions.

SentinelOne Singularity Complete is deployed on our corporate and hosted endpoints. We have between 5,000 and 9,000 endpoints.

We have six people that monitor SentinelOne Singularity Complete. 

Our agent updates require maintenance and close monitoring. We sometimes have to manually enable policies that are disabled due to the disruption caused by unexpected reboots. We must carefully plan these updates.

SentinelOne Singularity Complete is a good strategic security partner.

I would definitely recommend doing a POC to see if SentinelOne Singularity Complete is a good fit for the environment.

We use it for protection and endpoint detection across our entire customer base because we are a managed service provider. It is also for endpoint protection of our internal machines. 

We have Linux, Mac, and Windows. It has essentially replaced our antivirus solutions. It is our full endpoint detection. We then work in and partner with our outside XDR and our SOC. We interface SentinelOne identifications and alerts into the SOC so that they can manage those for us.

It is very strong in terms of the ability to ingest and correlate across our security solutions. They have added cloud capabilities. Some of that is through acquisitions, but a lot of it is native. It allows us to bring in data from everywhere, analyze what we need to analyze, and make sure that we are as secure as we can possibly be. When we have SentinelOne running in an environment, it always makes us feel more comfortable. We require it for every one of our customers. They may have a license elsewhere, but regardless of that, we essentially say that if they are coming on and going to be a customer of ours, we are going to remove whatever they have, and they are going to SentinelOne just because it is a far superior product that we have tested and evaluated.

With SentinelOne, we have not consolidated security solutions, but we have reduced our TCO because we do not have to support customers utilizing other endpoint protection solutions. We simply would not work with other solutions. We enforce SentinelOne to be the only endpoint protection solution that is monitored or managed by us. That obviously has helped our TCO in terms of the knowledge base and being able to support and protect our clients, but we have not reduced any applications or vendors that we work with because we stuck with SentinelOne from day one.

We have used the Ranger functionality a little bit. It provides network and asset visibility. It lets us see everything else that may be on the network that we may not already have an idea of. Just by having an agent in the environment, it lets us see additional switches that may have vulnerabilities or new machines that may pop up on the network that we are unaware of. There is a large benefit to that, for sure.

The fact that Ranger requires no new agents, hardware, or network changes is crucial to it being effective because a lot of different solutions out there require you to have something else running on the network to be able to perform the functions of Ranger. However, the way they designed SentinelOne, we can essentially have the regular SentinelOne singularity agent installed on a machine out there and enable the Ranger functionality on the agent. It will then do the work for us. Rather than having an additional appliance or an additional software service running in the environment to capture the information that we are looking for, we get it from Ranger. Ranger can help to prevent vulnerable devices from becoming compromised, but we have not used it this way.

SentinelOne Singularity Complete without a doubt has helped reduce alerts. With the policies that we enable across the board for our customers through SentinelOne Singularity Complete, we can onboard new clients, and as we onboard them, we are able to quickly and easily protect their environment without filtering through a ton of random alerts that are typically false positives when you are onboarding a new customer. That, to me, has been a huge benefit to having SentinelOne and reducing our overhead to manage the new customers that we are bringing on.

SentinelOne Singularity Complete has helped free up our staff for other projects and tasks by reducing the false positives that we get for our existing customers and when we onboard new ones. It obviously allows us some engineering time to be focused elsewhere. We have been able to do more automation and tie in other protection solutions into SentinelOne, such as our XDR with our SOC.

SentinelOne Singularity Complete has reduced our mean time to detect (MTTD) without a doubt. We get alerts regularly from the console that get notified to our SOC and also internally. We are able to respond to those very quickly. In fact, on average, about 90% to 95% of the time, SentinelOne Singularity Complete automatically remediates the solution based on how it is set up with our policies. Therefore, we do not have to do anything other than verify that it was a legitimate threat that was blocked.

Our mean time to respond (MTTR) is a lot faster than what we experienced with other solutions in the near past. It is almost immediate. It sees the process kick off. It remediates it 90% to 95% of the time, and even when it does not remediate it, it alerts us immediately. We are not waiting for a weekly scan or a daily scan that the other solutions typically use because it is all in real-time with the Singularity agent.

SentinelOne Singularity Complete has helped reduce our organizational risk. It is one of those solutions that lets us sleep easier at night when we have it on a machine. Security, in general, is not set-it-and-forget-it. It is not a single layer. You have to have multiple layers. We have other solutions that we partner with SentinelOne to try and make the environment as secure as possible, but SentinelOne is definitely the starting point. It gets us protected, and it makes our lives easier with the device. We feel more confident that the device is secure from everyday end users who do not necessarily know the difference between a fake or a phishing email that has a fake Adobe or Word Document attached to it that they are going to download and try to run. It definitely makes our life easier, and in my role, it helps me sleep a little better at night knowing that all of our machines are protected by that, both internally and across the board of our customers.

The ability to quickly and easily identify threats on our machines is valuable. The fact that it protects the environment as a whole is also valuable. They have the ability to identify network nodes, and they have Ranger as a component of the solution that allows us to see the whole picture. We can see on what we have SentinelOne and on what we do not. There is always that concern that you protect what you know, but items can be brought into the network that you are unaware of because you are not sitting at every customer location every day or every office every day, so the ability to quickly identify anything new on the network has been a huge benefit to the application. It is something that they have added over time. It has been huge for us.

Interoperability with other SentinelOne solutions and other third-party tools is an area where you can run into some issues. Because of the way the agent works, there are sometimes things that are blocked or prevented from happening that are not identified as a threat, and therefore, not alerted in the console. Sometimes, we do have to dig through the logs, run tests, and adjust the whitelisting or exclusions to make sure that other applications will run properly. It is very effective, and it protects our environment like no other solution that we have ever worked with or tested. It is very strong, but you have to get in and look at the visibility reports and the information in the system, in the console, and on the dashboard to really identify if something is being blocked and causing a performance issue for a customer or on a machine. They have the flexibility there, but it can be a little frustrating at times to find the needle in the haystack until you get used to the console and understand how it works. So, there are times when it can impede the ability of an application. The way I typically look at that is that the application developer or whoever developed the app is probably using some functionality that is not standard, and that is why SentinelOne is effectively not allowing it. The only issue there is that we do not always know that SentinelOne is not allowing it. It could be impeding the traffic for an application or a database connection, but we do not know that initially. It does not flag that as a threat or block anything, so there is no alert.

They have device and network control that they have added over time. It allows you to take over control of the firewall through the network control, and you can block and manage CD-ROMs and USB devices. One thing that I always thought would be beneficial for device control is the ability to enforce encryption on USB and external hard drives. You do not have to have a separate agent to handle any of that even if it is just tying into BitLocker on Windows devices or BitLocker To Go capabilities. To me, that would be a huge benefit to the product so that there is no other application, and you do not have to privately manage BitLocker settings for USB devices or external hard drives.

Between my current organization and prior organization, I have been using SentinelOne for close to nine or ten years.

We have not had any incidents where we have had to contact them for an emergency. There were no ransomware outbreaks and no major attacks or threats running through our environment, so I have not had to deal with that level of support. Typically, we reached out to their support when we had a question on interoperability or we were seeing some weird effects or an agent upgrade not wanting to push from the dashboard properly. For the most part, their support is pretty strong. The turnaround time is usually pretty good. We had only one ticket that had to be escalated above the initial tier 1 support. They get prioritized based on criticality, and even that ticket was closed within eight calendar days. To me, it was not a critical issue. I did not think it was an issue, but it took eight days. That was well within the expected time frames. I would rate their support a nine out of ten.

Positive

In the past, I have used Trend Micro. This was prior to endpoint detection times. It was more than nine years ago. I used Trend Micro, Kaspersky, Norton, and McAfee. I have also used ESET and Malwarebytes. Typically, we were using those in layered approaches. We put ESET and Malwarebytes on the same machine because they served different purposes, but I have not used those in nine or ten years.

By implementing SentinelOne Singularity Complete, we were not necessarily trying to solve a problem. We wanted to try and find a best-of-breed solution that was more effective than legacy AV because legacy AV is based on somebody getting hit by the virus, and then it allows the fingerprint to be used to block hashes, etc. Somebody has to get hit, and then everybody else can benefit from that. That was the old model, and we wanted to go next-gen. We wanted to make sure that we were using something that could be as protective as possible on zero-day outbreaks. After reviewing many of the solutions out there, we felt like SentinelOne was the best of the breed. That is justified year over year, and that is why we have continued to stay with them both in my last organization and this one. When you review different reports that are out there every year, SentinelOne is the leader year after year.

It has helped us save a lot of soft dollar costs. I do not know if they offer it to everybody, but we have the ransomware insurance policy from SentinelOne that provides us a certain amount of reimbursements per endpoint should there actually be a ransomware outbreak. In all our time, we never had to use it because there simply has not been a ransomware outbreak on a single one of the machines that has SentinelOne properly installed on it.

We buy the licensing in bulk. From a pricing standpoint, because we buy in bulk, we get very good pricing. Based on its functionality and capabilities, it is well worth the price. I do not think it is at all expensive based on what you get in the solution. We use the complete up to the core. Our pricing is probably a little bit more than somebody who is on the core. In general, it is well worth what you get for the price you pay.

Overall, I would rate SentinelOne Singularity Complete a nine out of ten.