SentinelOne Singularity Complete Reviews

Our main use cases are endpoint protection, EDR, and automated threat response for users and servers. We also use it for ransomware protection, threat hunting, and incident investigations. One thing that helped us a lot is the single-agent approach, because we don’t need multiple tools or agents installed on every machine.

It reduces complexity and makes deployment and updates much easier across different entities. The automated isolation of compromised endpoints has also saved a lot of manual effort. Overall, we use it to improve detection, response, and visibility on all endpoints with minimum overhead.

SentinelOne has had a very positive impact on our security posture. We see threats being stopped in real time without waiting for manual action. This has reduced the stress on our team and lowered the number of incidents we need to handle directly.

The automatic isolation and remediation really helped us shorten response time. The ransomware rollback feature also gives peace of mind, especially in critical environments.

We now have much better visibility into what actually happened during an attack, which helps with investigations and closing gaps. Overall, it has saved us time and improved our confidence against modern threats.

The best feature for us is the autonomous response. We don’t have to wait for a security analyst—SentinelOne isolates the device, kills the malicious process, and stops lateral movement automatically. The ransomware rollback capability is also something we really value because it gives confidence that even if something slips through, we can undo the damage.

The visibility and forensic details are excellent; it actually tells a story of what happened instead of just showing alerts. This helps our investigations and audits a lot.

Performance-wise, the agent is lightweight, and deployment was very smooth across different entities. Overall, the combination of prevention + response + forensics in one platform has been the biggest advantage for us.

SentinelOne works very well overall, but there are a few areas that could improve. The reporting and dashboards could be more customizable, especially for audit and compliance needs. Sometimes the UI feels a bit complex when you’re trying to drill down quickly.

More built-in analytics and ready-made reports would help a lot. Also, alert tuning could be simpler, because in some cases we still get false positives that require manual review.

It would also be great to see more visibility into identity-related attacks in future releases. Overall, nothing critical, but these improvements would make the platform even stronger.

We have been using SentinelOne Singularity Complete for roughly four years in our production environment.

It is a very stable solution.

It is a scalable solution. Everyone is using this solution in our organization, with almost 2000 users. It's mandatory for us to install this EDR solution on all the inputs.

Customer support has been generally good for us, and most questions are handled properly. The platform is stable, so we don’t need support very often. For normal issues, the response time is fine.

However, for complex cases—especially agent-related problems—we sometimes need remote assistance, and that level of support is not included in the basic subscription. In those situations, the resolution can take longer. Overall, support is helpful but could improve in advanced troubleshooting.

Yes, we previously used Trend Micro. We switched to SentinelOne because we wanted stronger detection capabilities, faster automated response, and better visibility into advanced threats. SentinelOne’s AI-based approach and single-agent design were important factors for us, along with the ability to automatically isolate and remediate incidents without relying completely on manual action.

The initial setup was straightforward. We use the SaaS model, cloud-based solution, and console on cloud, so it's very straightforward. I rate the setup a 4.8 out of five, and I would give it a five if they added application control.

Yes, we have seen clear ROI after moving to SentinelOne. The biggest saving has been the reduction in manual investigation and remediation time. Since most incidents are handled automatically, our team spends less time reacting and more time on proactive work.

We also avoided several potential ransomware impacts, which in itself protects us from large financial and operational losses. The single agent and tool consolidation also reduced the need for multiple products and maintenance efforts.

Overall, the time saved, lower incident impact, and improved security confidence clearly justified the investment.

Pricing is okay and costs almost the same as Trend Micro. We have a partnership with SentinelOne, and it costs about $30 to $35 per user per year.

We also evaluated Malwarebytes and CrowdStrike before choosing SentinelOne. Malwarebytes was simple to use but it didn’t provide the same level of autonomous response or forensic depth that we needed. CrowdStrike was strong in detection, but overall SentinelOne offered better rollback, a single-agent approach, and more automation.

In the end, SentinelOne gave us a more complete platform for prevention, response, and investigation rather than just detection. The balance of features, automation, and usability was the main reason we selected it.

I rate this solution a ten out of ten. SentinelOne is the next-generation EDR solution. Once it is installed, no action is required from the end user. It's machine learning and AI integrated, and 95% of threats are blocked. It's a great product.

I am an MSP and provide service on behalf of SentinelOne.

I manage the incident logs from SentinelOne for our clients.

We integrated the SysLog server with SentinelOne without any issues.

SentinelOne Singularity Complete saves clients time by offering a comprehensive security solution that combines automatic detection, machine learning, behavior monitoring, and zero-day attack protection, all in one place, compared to traditional on-premise solutions.

SentinelOne Singularity Complete significantly reduced the number of alerts.

SentinelOne Singularity Complete freed up three of our people to focus on other tasks.

The most valuable features of SentinelOne Singularity Complete are machine learning because it saves us time, device control for data privacy, and the token. 

SentinelOne Singularity Complete needs to improve the integration capabilities with SIEM.

I have been using SentinelOne Singularity Complete for eight months.

SentinelOne Singularity Complete is extremely stable.

SentinelOne Singularity Complete is scalable.

Cloud deployment for this project was a simple process. With two people involved, it only took one hour to activate the tenant and configure everything.

I would rate SentinelOne Singularity Complete nine out of ten.

SentinelOne Singularity Complete stands out as a mature security solution. Its robust threat detection, data loss prevention, and machine learning capabilities all point to its effectiveness.

My company leverages SentinelOne Vigilance and SentinelOne Singularity Complete for managed SOC.

SentinelOne Singularity Complete, together with SentinelOne Vigilance, is an EDR tool, with capabilities such as these, which I found valuable: the dashboard that shows you all the information and the power to either manually or automatically quarantine issues or threats in the environment.

SentinelOne Vigilance is one of the feature sets of SentinelOne Singularity Complete as a whole, and my company found SentinelOne Singularity Complete a little bit easier to use and flexible; plus, it had several feature sets.

I've not been using SentinelOne Singularity Complete for a long time to have a lot of feedback on its areas for improvement, as my team is still learning the tool, but what comes to mind is the need for it to give more straightforward directions or communication about detection or what has been detected.

We officially deployed SentinelOne Singularity Complete, including its feature set SentinelOne Vigilance, about three months ago.

SentinelOne Singularity Complete has been very stable, so it's an eight out of ten for me, stability-wise.

SentinelOne Singularity Complete is a scalable solution, which is one of the reasons why my company uses it.

I found the technical support for SentinelOne Singularity Complete excellent, especially in terms of communication. Support is nine out of ten for me.

Positive

We previously used Atos as our SIEM tool and wanted to replace it with a newer technology, so we're now using SentinelOne Singularity Complete.

I'm involved in deploying SentinelOne Singularity Complete, and I found the process straightforward. My company is still going through with the deployment because of the ninety-day deployment model.

I have people in my team assisting with SentinelOne Singularity Complete implementation.

I've seen ROI from SentinelOne Singularity Complete within a month after deploying the solution, mainly after my company started getting different alerts, which I was happy about.

I found the pricing for SentinelOne Singularity Complete reasonable, which is one of the reasons my company went with it.

SentinelOne Singularity Complete requires just a little bit of maintenance, as my team has to update agents and do some finetuning, but not too much.

My rating for SentinelOne Singularity Complete as a solution is eight out of ten.

My advice to people looking into using SentinelOne Singularity Complete is to ask for sample reports and processes to understand how SentinelOne would let you do it.

The company I work with is a SentinelOne customer.

We use it as an Enterprise EDR solution for threat detection, anti-malware, and security investigations.

SentinelOne Singularity Complete has greatly enhanced our security posture. We feel that our endpoints are more secure. We are in the know of what is happening within our company from a security perspective. We are confident in the ability to detect untrue positives. It has also helped us in achieving industry certifications such as SOC 2.

SentinelOne Singularity Complete has absolutely helped reduce our organization's mean time to detect. There has also been an impact on our mean time to respond. With the integrations that we have set up with Splunk and other products, we are able to respond to incidents as soon as they alert us.

We have a couple of integrations with it. They are alright. I am not blown away by its integration capability.

SentinelOne Singularity Complete has not helped reduce alerts. If anything, we create more alerts with it. We are able to fine-tune the product to reduce noise and alerts, but without it, we would not have any alerts. It is the piece of software that provides that alerting capability for us.

SentinelOne Singularity Complete has not helped free up staff. In a way, it creates work for us, but that is the purpose of the product.

The deep visibility and the ability to perform security investigations and assess our endpoint security posture are the most valuable features.

There should be Terraform support for console administration. Dynamic tagging would be also useful. 

The auto-upgrade capability should be improved.

I have been using SentinelOne Singularity Complete for two years at this company. My company has been using it longer than that.

Its stability is pretty good. I like the stability of their agent.

It is extremely scalable.

Their technical support is pretty good. I would rate them an eight out of ten.

Positive

I was not here when they bought this solution, but I know why we bought the tool. We replaced another EDR solution, and then we used it as our enterprise EDR solution for ransomware prevention, threat hunting, and security investigations. We were using CrowdStrike previously. SentinelOne Singularity Complete also saved us money. It is very competitive compared to CrowdStrike.

I have used a couple of EDR solutions. SentinelOne Singularity Complete is less mature than CrowdStrike, but it is definitely one of the top players in the industry.

SentinelOne Singularity Complete has not helped reduce our organizational risk. It is about the same as CrowdStrike in this aspect.

We have it on our laptops and the cloud, so our setup is hybrid. I am in charge of deployment, and it is as simple or complex as any other solution. 

It requires maintenance on our end.

We have a team, but I do most of the work. I am in charge of it.

It is hard to define the ROI. It does not save us money, but it prevents security breaches. In the grand scheme of things, it is definitely worth investing in. 

Its pricing is competitive. 

It has competitive pricing and great support. It is a complete solution.

As a strategic security partner, they collaborate with us quite a bit on our overall posture. They constantly have webinars and education sessions for us to deepen our security knowledge and how to use their product. They have assisted us on various PoCs for different offerings that they have and different services they offer. They help us to understand how each of those components integrates into our overall security posture. We did a PoC of the Ranger functionality.

I would rate SentinelOne Singularity Complete a seven out of ten.

Our company is a platinum partner and uses the solution to provide endpoint protection for customers. 

A few new customers require the on-premises solution but others use the cloud technology. 

The solution offers excellent detection and integration capabilities. 

Integrations talk to other security vendors and share data with the help of the API. No other product offers this functionality. 

The solution is a bit costly for some customers. 

DLP support would be a good addition. Currently, there are multiple vendors and agents on endpoints. The solution looks at data from a specific documentation view so it would be beneficial to use that same documentation to look at DLP. 

I have been using the solution for six years. 

The solution is stable so I rate it a nine out of ten. 

The solution is very easy to scale. Scalability is the best and the GUI itself is very fast with no issues. A customer with 10,000 clients still gets fast responses. 

Technical support is very good and helpful in getting results. 

The turnaround time for solving bugs or finding workarounds for customers is quick. 

The setup is simple and the solution can be deployed using any tool. Vendors can also remotely deploy the solution.

If the solution is set up properly with the right policies and processes in place, then it won't require too many maintenance resources. Customers can also utilize the solution's NDR service instead of staffing that position. One technician can easily handle ongoing maintenance.  

We implement the solution for customers. 

The pricing is comparable with other vendors but some customers find it a bit costly. There is a bit of pricing flexibility with the solution, but initial quotes can surprise customers. 

I rate pricing a six out of ten. 

The solution stands out because has excellent detection and integration capabilities. In my opinion, the solution is better than Microsoft, CrowdStrike, and Palo Alto. 

Customers are very happy with deployments and stick with the solution year after year.

I rate the solution a nine out of ten. 

Our company serves as resellers and solution engineers for our enterprise customers. We deploy and support the solution in customer environments. 

The XDR capability is quite good and offers advantages such as its real-time detection that is superior to CrowdStrike. I hear that face detection capabilities have also been added. 

The dashboard should include troubleshooting because it can have problems. 

Sometimes, the XDR does not configure its policies for data security on time. 

The XDR should include ECI compliance, multiple data securities, and the load balancer for network firewalls under one umbrella. It would be beneficial to buy a salient solution that does everything. 

The cloud side could be improved to include security, advanced integrations with other products, storage accounts, monitoring, and support. 

The solution should include USB blocking for specific machines. 

I have been using the solution for one year. 

The solution is stable with no issues. 

The solution is scalable. 

The technical support is half and half. They offer good support but response time is slow. Sometimes, you have to contact multiple engineers to get good information and that is a challenge. 

Neutral

We deploy the solution for customers. 

The solution's XDR is superior to CrowdStrike. 

I am satisfied with the solution and rate it an eight out of ten. 

We outsourced the operation to a partner, a supplier, and they have managed those services. If the product does identify some abnormal behavior, our supplier is informed, and our main IT division or group IT division is informed. They correct the machine, and they do whatever they need to do.

Nowadays, there is a lot of malware and various other malicious threats. Our system is an internal system. There might be a firewall there, however, malware can still get through an email. However, this solution is very good at detecting abnormal behavior. They act very fast and quarantine machines well. 

We find that having an endpoint protection solution allows us to adapt and react faster. 

I can put something on my pen drive and get the solution to scan it and see if there are any issues. They can identify and block without affecting any core sections. 

The solution is easy to set up.

It's stable.

The solution works quite well and I don't have many notes for improvement. 

The solution can use up a lot of resources when scanning. It would be ideal if it was lighter. 

We find the initial setup does take some time, as you have to do a lot of whitelisting. We'd like the process to be faster. 

I've used the solution for a while. It's been more than two years. 

The solution is pretty stable. I'd rate it seven out of ten. It's pretty reliable. 

You can scale the solution. However, you do have to pay more to expand as you need to purchase more licenses. At this point, we get additional blocks of licenses when we need them. We do not upgrade one license at a time. 

We have about 5,000 clients on the solution currently.

I do not have much experience with technical support.

We also have Microsoft Defender. They are two different products. We use Defender on our machines and workstations, however, not for endpoint security reasons. 

IT installed the solution on my machine. 

That said, my understanding is the initial setup is not overly complex. At first, however, we had to do some whitelisting. You need to perform a few operations, and we had to reinstall the OS, install a backup, and handle whitelisting. While it takes time, it's not hard. 

I'm not sure of the exact pricing of the solution. That's handled by a different team.

We have an IT department that may look at other options, depending on the use case. They've looked at, for example, Sophos, however, they found SentinelOne to be more suitable for us. 

I'm an end-user and not very technical.

While the solution is cloud-based, there's an on-prem server, and that is for the administration of our nodes. Mainly, the subscription is controlled by the cloud.

I'd rate the solution seven out of ten. Depending on the use case and if it makes sense for the company, I'd recommend the product.

It runs continuously and uses AI to look for any suspicious activity. If it does determine that there is a virus or something going on that shouldn't be happening, it not only stops the process but also completely logs the whole function. It tells you in a map version how the attack happened and how it was stopped. It is brilliant. In the past, for example, if I had the same problem in Webroot, I would've had to submit the case to Webroot for viewing so that they could, as a human, literally determine what the cause was, but by that time, it is way too late, whereas, this is the real-time protection.

It protects your machine, and it does an excellent job using AI to determine an attack and stop the attack. Its most powerful feature is prevention, and it can unwind ransomware activity as well. So, it is a really useful product in that sense.

There is the ability to SSH into a machine even if the machine has been disconnected from the network. When a real hazard happens, SentinelOne disconnects it from the internet so that no more transactions can occur, but I still have access to the machine. One of the bigger benefits is that no harm could be done because there is no communication with the internet, but I still have the ability to go in, restart a machine, do some investigations, and make some things happen.

One of the things they could do is extend the product range to include Android and iPhone so that you could have the app on your phone as well. There is probably something going on there with that, but that's something that they're lacking at the moment. For instance, if I was to have to recommend a client to protect their phone, I'd have to recommend Norton or something else. I don't have an answer within the SentinelOne solution.

I have been using this solution for close to three years.

It is perfect. I've seen very few problems related to the app. It is not using too much of the PC's power. It does not make PCs slower. So, I find it the best of both worlds. You reduce the impact of the product on the user, but at the same time, thoroughly protect the user, no matter what he does.

You can certainly have thousands of SentinelOne users. We have 250 users. In terms of our plans to increase its usage, I provide IT as a service. So, as I add clients, I always add licenses for those clients.

Their support is very good. I would rate them a five out of five.

Positive

It was straightforward. It probably took me a week to get 250 machines converted.

It can be done in-house very easily. You probably need one staff member that knows how to implement it, and after that, it pretty much runs itself. It requires very little maintenance.

It is not sold as a consumer product. It is only sold based on the number of licenses. So, as an MSP, you're probably going to pay about three and a half dollars per license, per month to have SentinelOne.

I would advise others to go for it. It is great. As an MSP, the peace of mind it gives me is really significant. While the cost of SentinelOne is higher than Webroot, the reality is that the peace of mind and the knowledge that you are probably not going to get a complete attack, simply because SentinelOne stepped in and stopped it, is worth every penny.

I would rate it a ten out of ten. It is absolutely fantastic.