SentinelOne Singularity Complete Reviews

The solution is agent-based, so it's on service, and it's a cloud solution.

We are using its API capabilities for our server for protecting us from cyber security threats and attacks.

Earlier, we used some internal protections. However, we moved to HD information for the cyber security portion. It's helped us to mitigate security attacks and provide solid defense.

We like the file-less monitoring and filtering are great in the context of security.

The setup is very straightforward. 

It is stable. 

The product can scale if the licensing is correct.

SentinelOne has some inputs, some traditional NPRs, or models like IPS and IDS. We can configure individual rules for particular machines. In a sense, control is not from the console.

There should be more integration models with different security operations tools or soft tools. It could provide a single pane for integration with the firewall, or a soft solution should be there.

I'd been using the solution for eight months.

It's a stable, reliable product. there are no bugs or glitches. It doesn't crash or freeze. 

The product can scale. However, it depends on the license. 

We have 500 users on the solution right now.

Right now, we don't have plans to increase usage as we already have some buffer limit there.

While I haven't directly contacted support, I have used their documentation surrounding KPIs and have found them helpful.

Positive

Earlier, we were using Symantec and the One Protection Suite.

The solution is easy to set up. It's not an overly complex process. We had no issues at all. 

One system engineer which has some knowledge of network security can handle the implementation.

We handled the deployment in-house. 

SentinelOne has a very good XDR product, and it can also integrate with different security components. It's a single pane of glass for cyber security posture management. The ROI is good.

The licensing is handled by another team. I can't speak to the exact cost of the product.

We also looked at CrowdStrike before choosing this product.

Someone interested in the product should first do POC, and depending upon their OIS environment, they should consider this first before going for any XD solution.

I'd rate the solution eight out of ten.

It is used in my customer's companies. It handles incident management, firewall implementation, and device control.

The most valuable feature is the rollback. 

Remediation is great. 

The ranger feature for work devices is most useful.

The reporting part is awesome.

It is easy to deploy the product. 

It should not limit itself to EDR. I need some other solutions to integrate into it. It should give us more visibility by integrating other solutions with it.

I want some other solutions like email security. Email security should also integrate with it to get more visibility on it.

Agent upgrades might cause some issues. Most of the time, an agent gets removed after it is not communicating with the server. After every three months, it will get automatically removed. That might cause an issue.

The solution is expensive. It is costlier than Trend Micro and Palo Alto XDR.

I've used the solution for around six months.

The solution is stable. We've found the performance to be good. It's light. There are no bugs or glitches. 

We have 1500 users on the solution right now. It is pretty scalable. 

With technical support, I've got an immediate response, and when I log a ticket, I get good assistance. 

I had worked on Palo Alto XDR as well. However, the remediation is not so good. There is no option with the rollback as well. That might cause data loss during a ransomware attack.

I'm also aware of the Trend Micro solution. 

It's easy to set up and has a very lightweight agent. It's very easy to deploy.

The time it takes to deploy all depends upon the number of uses, the number of clients, which machines are there, et cetera. In the Ranger, you have options. If you have advanced features for deployment, Ranger deployment, it is easy.

The solution is a bit pricey and they should look at the costs involved. You have to pay extra for certain features, such as the Ranger feature. Everything should be included in the subscription. 

We are partners. 

It's a good solution as compared to others. In terms of MML features, it is fine.

I'd rate it eight out of ten. 

We primarily use the solution at our endpoints. We use it for security.

It's catching a lot of malicious and suspicious threats. That's good for us. 

We are able to write some custom rules on SentinelOne.

The setup is simple. 

Right now, the solution meets our needs. We do not need anything added to it. 

Maybe they can develop some firewall aspects for it to better protect us. If they did that, we can write a lot of rules for the firewall and custom rules.

I've been using the solution for about two years. 

The solution is stable and reliable. It catches a lot of malicious and suspicious threats. There are no bugs or glitches and it doesn't crash or freeze. 

The solution scales well and can work across platforms. We can use it with MacOS, Linux, and Windows Servers. You can use it with everything.

We have 600 people on the solution right now. It is used throughout the company.

We may increase usage in our company. 

Technical support is great. They are very responsive. For example, today, if I open a ticket, they will likely give me an answer in 24 hours.

Positive

I used FireEye and Symantec. However, SentinelOne is better than them. It's more flexible and catches more threats. 

We found the initial setup to be very simple. You just click through, and you're up and running. 

I'd rate it five out of five in terms of ease of deployment.

We're deploying it every month. SentinelOne sends updates every month and we action them. 

Licensing is paid on a yearly basis. I can't speak to the exact pricing. 

I'm not sure which version number we are currently on. 

If a company has a lot of people and needs to protect its many endpoints, this is a great option.

I'd rate the solution eight out of ten. 

We use SentinelOne daily for endpoint protection and restriction on using USB devices. 

The protection and management provided by SentinelOne is good.

I would like to see the reports from SentinelOne more customizable, as there are very few options.

I have been using SentinelOne for four months. I work as a senior network security engineer.

The management of SentinelOne is easy, it does not put too much burden on the machine. We will be upgrading to Windows 11 in the upcoming months, we will be able to better comment on stability after that.

Our organization has close to 3,000 machines with approximately 2,000 users. It is easy to scale.

We were using McAfee prior to SentinelOne. McAfee has a wide range of reports and is more customizable than SentinelOne. We switched from McAfee because we were no longer satisfied with the support they provided. They were no longer providing prompt responses, tickets were taking too long to get resolved.

The other reason we switched was that McAfee was a traditional antivirus working on a definition basis. They have not moved on to the next generation of antivirus. McAfee needs to focus on the behavior of the program and machine files. If you want this, you need to choose a different McAfee product. They were not putting everything in one place, but rather offering a buffet of offerings, driving the cost up.

The initial setup of this solution was simple. We did the setup ourselves, but did require a little help from the vendor.

I would give SentinelOne a four out of five for ease of setup.

The deployment of SentinelOne is easy. If you calculate the installation of the product and make all the packages ready, it takes about a week. Implementation was another month to go through and replace the older systems and install the new ones.

The pricing of SentinelOne is less than McAfee.

I would advise anyone looking to implement SentinelOne to look before you set up. Know how many machines are working in your network and which type of communication they are doing, whether it is internal or on the internet. No matter what solution you pick if it is SentinelOne, Carbon Black, McAfee, or Symantec check the usage of your machines.

I would rate SentinelOne a nine out of ten overall.

We primarily use the solution for security. 

Cyber threats are growing. I have some other colleagues from other companies that have had some attacks. For us, SentinelOne or EDR solution was something appropriate.

It's pretty easy to implement. 

It gives you good visibility of any threats or vulnerabilities that you might have on your network. 

It's very simple to use, and user-friendly as well.

I don't know how complicated it would be, however, a patch solution should be included inside of this. If we find a vulnerability, we should also be capable of patching the PC right away.

Some reports could be better. Sometimes you need to search inside of SentinelOne to get some information. Only then could one be done. 

A daily report would be helpful.

I've been using the solution for six months. 

The software looks to be okay right now. It is very stable. I have no complaints regarding that.

It is very scalable. Most of the software that is on-demand is scalable.

We have about 350 licenses for the solution right now. If the company grows, we will increase usage. 

We use the SUP team that is provided by the provider of SentinelOne. However, I've never directly dealt with them. 

Previously we had an antivirus. That was Kaspersky. However, we didn't have an EDR solution. It can't be really compared. 

Of course, with Kaspersky, now, with what's happening in Ukraine, there has been a break in trust.

The implementation process is quite straightforward. It's not complex at all. 

The deployment process took a maximum of a month. That said, we were doing very slowly since there were some computers that we knew would not have any attacks on it. However, there were others that were using acquisition data. We needed to install it and maybe wait a week to ensure everything conformed, and after that, we patched the rest.

Maybe five or six people are maintaining. However, no one really has to worry about it full-time. Really, only one to two people would be required. 

We did a third-party integration. Another company is hosting SentinelOne. 

Since we are a French company in France, we partnered with a company called Arrange which is our vendor. We did some quotes and found they have a reasonable price for this kind of technology. SentinelOne offers one of the best software quotes and has excellent reviews and everything.

The licensing is done per device.

I'm not directly involved in the licensing process and can't speak to the exact costs. 

This is an on-demand product. We are always on the latest version. 

I'd rate the solution eight out of ten. It's a good product. We like working with it. 

Our primary use cases for SentinelOne are data endpoint management, document version tracking, and email security.

A concrete fact is that it allows us insight into our data and our security and helped us protect our intellectual property.

For us, the dashboard is the most valuable feature. The analytics that you can pull out of the actual tool are valuable.

Their CASB tool needs to mature. I think there are some CASB vendors out there that have a dashboard tool that's much more mature than SentinelOne. That would be the only constructive criticism that I have.

I have been using SentinelOne for more than five years now. 

I have total confidence in the stability of the solution. 

SentinelOne's scalability is very good. The solution is very flexible. 

I was extremely happy with their technical staff. The solution's tech support is top-notch. They have some really good engineers on their team.

We previously used McAfee ePO and we switched to SentinelOne just because of the customer service and the product.

The initial setup was complex, but their technical staff are professionals and were able to help us custom-tailor the package we needed. On a scale of one to five, in terms of the complexity, with one being impossible to do and five effortless, I would put SentinelOne at about a four.

Deployment was about a six-month project for us and it included a discovery period and learning about our environments. We worked with SentinelOne to learn the environments and figure out what we needed to be successful. Then, we focused on an implementation period and then just monitored it after that. It was about a month and a half for each phase of that six-month period.

We implemented it in-house but we worked directly with SentinelOne. Our experience with them was fantastic. I wouldn't want to do it without those folks again.

The ROI we saw was that for the first time we had actual dashboard data on our data usage for our cloud vendor that we chose and also for our on-premises. We purchased our servers from Dell and it allowed us to actually get a better grip on what we actually needed to buy versus what we were buying.

SentinelOne's licensing costs are reasonable. I can't provide hard numbers, but I can say that SentinelOne is a much better solution with better value and a lower cost than the McAfee ePO. 

We did not evaluate any other options before switching to SentinelOne. 

SentinelOne would be my go-to security provider. I would recommend that others go there first. They will get solicitations from McAfee and such because McAfee knows they're losing that business, but they just can't offer what SentinelOne offers.

Overall, I would give the product a nine out of ten rating. 

We are a solution provider and this is one of the products that we implement for our clients.

Sentinel One is being deployed as a replacement for any antivirus solution. In our case, we use it to primarily prevent ransomware and other malware from entering networks or computers, as they're deployed across the entire world now, in this new post-COVID environment.

We no longer have the luxury of the corporate firewall protecting everyone equally. This means that having SentinelOne on each box is providing a solution where we stop the badness before it can spread.

This is a cloud-based platform that we use in every capacity you can imagine. We use it on cloud components in both Azure and Amazon.

We have tested SentinelOne's static AI and behavioral AI technologies and it performs well. We actually put a laboratory together and we tested SentinelOne against CrowdStrike, Cylance, and Carbon Black side by side. We found that the only product that stopped every instance of ransomware we placed into the computers in the test lab, was SentinelOne. As part of the testing, we used a variety of actual ransomware applications that were occurring, live on people's systems at the time.

My analysts use SentinelOne's storyline feature, which observes all OS processes. They're able to utilize the storyline to determine exactly how the badness got into the network and touched the computer in the first place. That allows us to suggest improvements in network security for our clients as we protect them.

The storyline feature offers an incredible improvement in terms of response time. The deep visibility that is given to us through the storyline is incredibly helpful to get to the root cause of an infection and to create immediate countermeasures, in an IT solution manner, for the client. Instead of just telling them a security problem, we are able to use that data, analyze it, and give an IT solution to the problem.

SentinelOne has improved everybody's productivity because the design of the screens is such that it takes an analyst immediately to what they need next, to make the proper decision on the next steps needed for the client.

The most valuable feature varies from client to client but having absolute clarity of what happened and the autonomous actions of SentinelOne are what most people find the most assuring. The fact that it stops everything and lets you analyze it with great detail, including how it occurred, to improve your overall security infrastructure to prevent such an attack from occurring in the future, is really important to clients because it's almost like a security advisor or a security operation center in the tool itself.

When an event occurs, it gets stopped, and then they have a way to look into that data to find ways to improve the security of their network or what risk factors they need to tend to within the company through education or other means. For example, they may be constantly clicking on the wrong links or the wrong attachments in phishing emails.

Our people constantly use the Ranger functionality. The first thing we do is look for unprotected endpoints in the environment. This is critical because SentinelOne should be placed on everything in the environment for maximum protection. The second way we use it is if a printer or a camera or a thermostat is being used as a relay for an attack, through a weakness in that product, we are able to let them know exactly what product it is. The other advantage of Ranger is that it lets us put a block into the firewall of SentinelOne that's on every Windows computer, and we can stop the communications from the offending internet of things product to every system on the network with just a few clicks.

It's incredibly important to us that Ranger requires no new agents, hardware, or network changes. If you think about it, we're in the middle of an incident response every day. We have between 60 and 80 incident responses ongoing at any time, and having the ability to deploy just one agent to do everything we need to advise clients on how to improve their security and prevent a second attack, is incredibly important. It was a game-changer when Ranger came to fruition.

Various clients, depending on their business practices, are heavily in the IoT. Some are actually the creators of IoT and as they put new products on the air for testing, we're able to help protect them from external attacks.

As a cloud-based product, there is a minimum number of licenses that need to be purchased, which is unfortunate.

I have been using SentinelOne personally, on and off, for approximately three years.

SentinelOne is very stable and the agent rarely fails. The only time I've seen an agent fail is normally on a compromised system. The fact that it even works to protect a compromised system in the first place is amazing, but that's the only time that we actually see the failure of an agent. Specifically, it can happen when there's a compromise to the box prior to loading SentinelOne.

On a pristine new load of a workstation or server where it has no compromises and no malfeasance exists, the SentinelOne agent is incredibly stable and we rarely have any issues with the agent stopping in function. I will add that in this respect, the fact that the agent cannot be uninstalled without a specific code gives us higher stability than others because even a threat actor can't remove or disable the agent in order to conduct an attack against the network. It's a unique feature.

Right now, we have 54 analysts managing approximately 300,000 endpoints at any one time, globally. We operate 24/7 using SentinelOne.

The technical support team is probably the fastest in the industry at responding, and they do care when we have to call them or send them an email due to a new issue that we've discovered. Most of the time, the problem is the operating system that we're dealing with is not regular, but they're still very helpful to us when it comes to protecting that endpoint.

I would rate their customer server a nine out of ten. I could not give anybody a ten. They are a continuous process improvement company and I'm sure that they are constantly trying to improve every aspect of customer service. That is the attitude that I perceive from that company.

Primarily in the last year, the number one solution clients had, in cases where we replaced it, was probably Sophos. Next, it was CrowdStrike, and then Malwarebytes. The primary reason that these solutions are being replaced is ransomware protection.

Almost every client that I get involved with has been involved in a ransomware case. They've all been successfully hacked and we can place it onto their boxes, clean them up, along with all of the other malware that everyone else missed, no matter who it was. SentinelOne cleans up those systems, brings them to a healthy state, and protects them while we are helping them get over their ransomware event. This gives them the peace of mind that another ransomware event will not occur.

Personally, of the EDR tools, I have worked with Cylance, Carbon Black, and CrowdStrike. I've also worked with legacy antivirus solutions, such as McAfee and Symantec. However, this tool outshines all of them. It has ease of use, provides valuable information, and protects against attack. The autonomous nature of SentinelOne combined with artificial intelligence gives us the protection we cannot experience with any other EDR tool today.

The initial setup is very straightforward. SentinelOne has incredibly helpful information on their help pages. They are probably the fastest company that I know of in the entire EDR space for responding to a client's email or phone call when you need to do something new or complex.

We have covered everything from Citrix networks to more complicated systems that work by utilizing the Amazon and Azure cloud to spin up additional resources and spin down resources. We were able to protect every one of those assets with it. The agent is easy to load and configure and the library allows us to quickly pivot on a new client and get their exclusions in fast enough to not impede business as we're protecting them.

When we were at a point of 50 clients, which is an average of 10,000 endpoints, we needed four analysts using Cylance. When we switched to SentinelOne for that same protection, the 50 clients could be covered by two analysts. We dropped our need for analysts in half.

The average cost of a security incident involving ransomware is a minimum of $50,000 USD, and this is something that SentinelOne can prevent.

The product has a rollback feature, where you can take a machine that's been attacked and partially damaged, and you can roll it back to a previously healthy state. That saves endless hours of system administrators' time rebuilding systems. That alone can reduce the cost of an incident from $50,000 down to $20,000. There is a cost because you still have to determine exposure and other factors with an incident response to determine if the threat actor has taken any data, things like that, but on the damage to the equipment, with the rollback feature and the restoration features built in the SentinelOne, and the fact that it stops everything but the most sinister lateral movements today, just means that an incident never has to occur.

This means that there is a great return on investment for a lot of companies. Another important thing to mention is that they don't lose people. Approximately 60% of businesses that are hit with a ransom attack go out of business within six months. If SentinelOne is preventing those incidents from occurring, that return on investment is worth almost the value of the entire company in some cases.

It is difficult to put an exact number on something like that, but the lack of pain and suffering of the employees of the company, because they didn't have to go through an incident response, and the lack of expense for the company to hire lawyers and professional companies to come in and help them during an incident, as well as their increased insurance costs of having an incident is also another factor.

Overall, it's difficult to judge but it's a true factor in the return on investment of owning SentinelOne and utilizing it to protect your environment.

The pricing is very reasonable. Unfortunately, because it's a cloud-based product, it has a minimum count for licensing, but other than that, I've found their pricing to be incredibly reasonable and competitive with tools that are very similar.

Considering the invaluable nature of SentinelOne's autonomous behavior, I don't believe anyone else can measure up to that. That makes it an incredible bargain when compared to the cost of an incident for any company.

There are organizations such as MITRE and ESET Labs that have been doing testing that is similar to what we did three years ago. We just look at those results for the same truth that we discovered in the beginning, and the product continues to improve its performance.

I have been a proponent of SentinelOne for many years. When I learn about somebody who has been hacked and wants to have protection against problems such as ransomware occurring, this is the one solution that I recommend.

The SentinelOne team is open to suggestions. They listen to the analysts and managers that are using their product and they innovate constantly. The improvements to the SentinelOne agent have enhanced its ability to catch everything and anything that comes in, including the detection of lateral movement attacks, which are the worst-case scenario.

When an unprotected agent penetrates the firewall and attacks a network, that unprotected asset has no protection on it so that the hacker can do whatever they want from that box with no impedance. But, the detection of it attacking from a lateral basis has been improved immensely over the last three years.

The improvement in the exclusions library has been phenomenal to help us get the new systems on the air with the new software. It allows the end-user to almost seamlessly get SentinelOne loaded and operational without impacting their business, which is incredibly helpful.

SentinelOne is working on something right now in the Ranger space that is going to allow us to remotely load endpoints that need the SentinelOne protection through the Ranger portion of the application. This is going to significantly improve the security of all of our clients, whether they be in long-term care or short-term incident response, it will help us protect them better. It's a significant improvement to our ability to protect the client.

Of all the products on the market today, I can say that they are the ones that I trust the absolute most to protect my clients.

I would rate this solution a ten out of ten.

Our main use cases are endpoint protection, EDR, and automated threat response for users and servers. We also use it for ransomware protection, threat hunting, and incident investigations. One thing that helped us a lot is the single-agent approach, because we don’t need multiple tools or agents installed on every machine.

It reduces complexity and makes deployment and updates much easier across different entities. The automated isolation of compromised endpoints has also saved a lot of manual effort. Overall, we use it to improve detection, response, and visibility on all endpoints with minimum overhead.

SentinelOne has had a very positive impact on our security posture. We see threats being stopped in real time without waiting for manual action. This has reduced the stress on our team and lowered the number of incidents we need to handle directly.

The automatic isolation and remediation really helped us shorten response time. The ransomware rollback feature also gives peace of mind, especially in critical environments.

We now have much better visibility into what actually happened during an attack, which helps with investigations and closing gaps. Overall, it has saved us time and improved our confidence against modern threats.

The best feature for us is the autonomous response. We don’t have to wait for a security analyst—SentinelOne isolates the device, kills the malicious process, and stops lateral movement automatically. The ransomware rollback capability is also something we really value because it gives confidence that even if something slips through, we can undo the damage.

The visibility and forensic details are excellent; it actually tells a story of what happened instead of just showing alerts. This helps our investigations and audits a lot.

Performance-wise, the agent is lightweight, and deployment was very smooth across different entities. Overall, the combination of prevention + response + forensics in one platform has been the biggest advantage for us.

SentinelOne works very well overall, but there are a few areas that could improve. The reporting and dashboards could be more customizable, especially for audit and compliance needs. Sometimes the UI feels a bit complex when you’re trying to drill down quickly.

More built-in analytics and ready-made reports would help a lot. Also, alert tuning could be simpler, because in some cases we still get false positives that require manual review.

It would also be great to see more visibility into identity-related attacks in future releases. Overall, nothing critical, but these improvements would make the platform even stronger.

We have been using SentinelOne Singularity Complete for roughly four years in our production environment.

It is a very stable solution.

It is a scalable solution. Everyone is using this solution in our organization, with almost 2000 users. It's mandatory for us to install this EDR solution on all the inputs.

Customer support has been generally good for us, and most questions are handled properly. The platform is stable, so we don’t need support very often. For normal issues, the response time is fine.

However, for complex cases—especially agent-related problems—we sometimes need remote assistance, and that level of support is not included in the basic subscription. In those situations, the resolution can take longer. Overall, support is helpful but could improve in advanced troubleshooting.

Positive

Yes, we previously used Trend Micro. We switched to SentinelOne because we wanted stronger detection capabilities, faster automated response, and better visibility into advanced threats. SentinelOne’s AI-based approach and single-agent design were important factors for us, along with the ability to automatically isolate and remediate incidents without relying completely on manual action.

The initial setup was straightforward. We use the SaaS model, cloud-based solution, and console on cloud, so it's very straightforward. I rate the setup a 4.8 out of five, and I would give it a five if they added application control.

Yes, we have seen clear ROI after moving to SentinelOne. The biggest saving has been the reduction in manual investigation and remediation time. Since most incidents are handled automatically, our team spends less time reacting and more time on proactive work.

We also avoided several potential ransomware impacts, which in itself protects us from large financial and operational losses. The single agent and tool consolidation also reduced the need for multiple products and maintenance efforts.

Overall, the time saved, lower incident impact, and improved security confidence clearly justified the investment.

Pricing is okay and costs almost the same as Trend Micro. We have a partnership with SentinelOne, and it costs about $30 to $35 per user per year.

We also evaluated Malwarebytes and CrowdStrike before choosing SentinelOne. Malwarebytes was simple to use but it didn’t provide the same level of autonomous response or forensic depth that we needed. CrowdStrike was strong in detection, but overall SentinelOne offered better rollback, a single-agent approach, and more automation.

In the end, SentinelOne gave us a more complete platform for prevention, response, and investigation rather than just detection. The balance of features, automation, and usability was the main reason we selected it.

I rate this solution a ten out of ten. SentinelOne is the next-generation EDR solution. Once it is installed, no action is required from the end user. It's machine learning and AI integrated, and 95% of threats are blocked. It's a great product.