SentinelOne Singularity Complete Reviews

I am an MSP and provide service on behalf of SentinelOne.

I manage the incident logs from SentinelOne for our clients.

We integrated the SysLog server with SentinelOne without any issues.

SentinelOne Singularity Complete saves clients time by offering a comprehensive security solution that combines automatic detection, machine learning, behavior monitoring, and zero-day attack protection, all in one place, compared to traditional on-premise solutions.

SentinelOne Singularity Complete significantly reduced the number of alerts.

SentinelOne Singularity Complete freed up three of our people to focus on other tasks.

The most valuable features of SentinelOne Singularity Complete are machine learning because it saves us time, device control for data privacy, and the token. 

SentinelOne Singularity Complete needs to improve the integration capabilities with SIEM.

I have been using SentinelOne Singularity Complete for eight months.

SentinelOne Singularity Complete is extremely stable.

SentinelOne Singularity Complete is scalable.

Cloud deployment for this project was a simple process. With two people involved, it only took one hour to activate the tenant and configure everything.

I would rate SentinelOne Singularity Complete nine out of ten.

SentinelOne Singularity Complete stands out as a mature security solution. Its robust threat detection, data loss prevention, and machine learning capabilities all point to its effectiveness.

We are a system integrator. We are a SentinelOne partner, and we provide Singularity Complete to our customers.

Singularity Complete has helped to reduce alerts. There is about 50% reduction. It automatically generates alerts and can also solve a problem.

It has reduced the mean time to detect (MTTD). It has real-time detection, and it has been very good so far.

The mean time to respond (MTTR) has been reduced. We can respond to an incident in 10 to 15 minutes.

Singularity Complete saves costs for our customers. Its automation helps save money. There is a reduction in the operational costs.

It reduces the risk for the organization. They have an AI engine to detect new threats, such as Zero-day threats.

It is a robust solution. It provides great visibility. It scans and shows the vulnerabilities in our devices.

It is complicated to do certain tasks.

I have been working with Singularity Complete for about one year.

It is stable. Our customers have not had any issues.

I have not used their support so far.

I have worked with Symantec and one more solution for endpoint protection. Singularity Complete has an AI engine. There is no need to download anything.

It is very easy to deploy. It takes about a week.

We are a partner of SentinelOne. We are happy with SentinelOne as our strategic security partner. 

I would rate SentinelOne Singularity Complete a ten out of ten.

Using SentinelOne isn't part of my daily tasks. My team only uses it when there's a detection, so the tool is only kept as a screenshot or wallpaper and is only used when there's an alert. It doesn't give us many alerts anyway.

My company uses SentinelOne for EDR purposes for alerts, detections, and patch deployment. For example, some clients ask my team to patch multiple devices and apply policies to the devices, so my team updates policies, applies patches, and updates machines per Windows and Mac updates.

My company also uses SentinelOne for EDR detections and investigations, including forensic purposes.

The most valuable feature of SentinelOne is the good graph it provides. It has a specific page where it detects the recent attacks on other machines or the hackers, for example, group APT28 and all. It shows the active group or predators in the market, the tactics the group uses, and the recent attacks the group performed.

My company even asked a particular client to onboard devices on SentinelOne because it's easier to graph the alerts. The tool can provide you with a better graph that shows when the alert started, the process, the challenges, and the parameters of the processes.

SentinelOne also has a knowledge base embedded in it. You have to visit the page to get the details.

I also like that you can see the activities performed for the alerts received from your end. You have a bunch of people working on SentinelOne, and you don't have to worry about not knowing who received and resolved the alerts because you can get information on the activities on the tool. You can view the actions on the alerts and who has taken action. This is a valuable feature of SentinelOne that's not usually provided on the other EDRs because it's unrelated to the investigations. I can see who recently closed or resolved a particular alert on SentinelOne because the name of the person who took action will appear on the activity page.

Another feature I like a lot about SentinelOne that I can't find in other EDR solutions is the AI segregation and categorization of events. You'll be directed to the logon events category if you're looking into logon-related events. If you're looking into network-related events, you'll be directed to another category, the appropriate one. Based on your search, the SentinelOne AI will segregate the results into categories. You can click on the category and view the categories related to your events. The segregated results then make it easier to do the investigations.

An area for improvement in SentinelOne is the search feature. It could be easier. For example, you can select the number of results that will be shown to you, such as two thousand events, and you can even go up to twenty thousand events for the search you've made, but you can't go beyond twenty thousand. You can only receive up to twenty thousand if you find login-related, detection-related, or process creation-related events. That's the limitation in the search feature of SentinelOne, which ruins the task because it isn't enough when you're doing your investigation.

The retention period of the tool also has room for improvement. The retention period is a time when you can patch up the logs, even older ones. Still, on SentinelOne, the retention period is only one week or one week up to twenty-eight days, and that period is insufficient, especially for a security breach. If a security breach occurs within the company, it could be six months to a year, so if you want to view the logs, you cannot go beyond the limit set by SentinelOne.

The retention period of the tool is way less than what other EDR solutions provide. SentinelOne and CrowdStrike come with a shorter retention period, which means you cannot go beyond one month when investigating the logs.

One month is the timeframe of the retention period, and one week is real-time, as scheduled by the vendor. For forensics purposes, the retention period is critical, so what would make SentinelOne better is a more extended retention period that lets you investigate logs. If you want to patch logs, you can directly call or reach out to the vendor who can provide you with the logs. If the vendor has no logs, you won't get the initial alert when the incident starts.

What I want to see from SentinelOne in its next release is a faster search. I also wish that the twenty thousand event limitation be removed.

I've been using SentinelOne for nine to ten months now.

SentinelOne is a stable tool that never crashes. It's a good product.

Its stability is nine out of ten because, at times, the tool lacks robustness when searching. For example, if I want to search, it can take some time based on my ability to search. Searching on SentinelOne can be much faster because, search-wise, it could be a little laggy.

The scalability of SentinelOne is much better than other tools, so it's a ten for me, scalability-wise.

I haven't contacted the technical support for SentinelOne, but many of my colleagues had experience getting SentinelOne support. One case was about the retention period because a client had been compromised and needed more logs from SentinelOne, but the support team couldn't provide more logs as the retention period was too short.

My company chose SentinelOne over other solutions because it's powerful in the areas of detection, flagging for alerts, and logs. The alert creation is stronger in SentinelOne, so my company went with this tool.

The initial setup for SentinelOne was easy, and I manually performed it. It's easy to deploy a device onto SentinelOne. You have to run the agent, and the application, then the tool will be onboarded. It's that easy.

The deployment of SentinelOne hardly took me half an hour. Once you've learned how and executed the agent file on the machine, you'll start getting the logs. You'll test, configure, and collect the right resources and receive the logs.

I implemented SentinelOne, so it's in-house.

As a developer, I have no information on the pricing of SentinelOne.

I'm using SentinelOne, the EDR solution.

SentinelOne is deployed on the cloud, probably the public cloud, though I wonder if it's private or public. It's on the cloud because it has many more features and doesn't use up many resources even when there's a high workload, and as a tool, SentinelOne performs very well. It may be on AWS or Azure, though.

Within the company, twenty people personally use SentinelOne daily.

My company is a partner of SentinelOne, so my team recommends it to clients, especially if clients require more detection and easy onboarding.

I'd tell anyone looking into implementing the tool that it's fun to learn and use. You can use it without needing many clicks to isolate the machine or perform your required activities. One of the best features of SentinelOne is that it has minimal mouse actions. For example, when you click on a machine, you'll get the hyperlink that shows you the machine details, the uptime, when it was first and last seen, the memory, and all the machine details. You get the details in one location, such as the applications installed on the machine, the network-related configurations of the machine, and the machine processes. You won't get as many features from other EDR solutions. You can isolate the machine, repair and update the machine, update the knowledge base and software, and onboard a particular device on SentinelOne. The tool has many more features. It's a good tool.

My rating for SentinelOne is nine out of ten. Still, if the twenty-thousand event limitation is removed, then that's the time I'd give the tool a score of ten because if there's no limit set, then you can get all process details related to your investigation.

The primary use case of the solution is cybersecurity. The solution provides endpoint protection against direct threats and insider threats.

The most valuable features are Deep Visibility, Remote Script Orchestration, and Ranger.

The solution can improve by adding more granular firewall capabilities. I would like to see an interface where I can in one view change the security posture of all groups with one click. I would like to have a listing of all the groups and then apply what's relevant to all the groups at once.

I have been using the solution for one year.

The solution is extremely stable.

The solution is scalable.

The tech support is brilliant.

Positive

The initial setup is straightforward. It takes about four weeks to deploy.

The implementation was done in-house.

The ROI is good. Once you go through the stabilization phase and get to know and understand the customer's environment and configure accordingly to what the customer needs, the return is there immediately.

The license is paid annually and is competitive. There are features that are not included in the licensing cost but it does include Vigilance and STAR.

I give the solution a nine out of ten.

On average, once the implementation phase is complete the solution only requires two people to maintain it.

Our primary use case for SentinelOne is antivirus and malware protection. 

I found the detection the most valuable. 

There is room for improvement with the management interface. It could be more user friendly. 

I have been using SentinelOne for less than a year but more than six months. 

SentinelOne is a stable solution. 

SentinelOne is a scalable solution. We have some 300 people using it in our organization and plan to increase usage as the company grows. Every machine we roll out gets that product.

We used Trend Micro before we switched to SentinelOne. We made the switch because SentinelOne is not signature-based, it's an AI solution. 

The initial setup was straightforward. It entails simple installers and we deployed it through policies. We deployed it as a package on all PCs and servers and it took two weeks.

Deployment can be done in-house with one technical person. 

I recommend it. It just works. 

SentinelOne is an antivirus and an EDR platform. We are using is simply for its antivirus and EDR features.

The solution is overall very good in terms of protecting endpoints and servers from malicious activities, malware, cyber attacks, viruses, worms, and so on. It offers really good security.

The initial setup is easy.

We have been happy with the stability.

It is possible to scale the product.

There is good documentation available, and support works to help users resolve issues.

It doesn't have application control capability. Other antivirus or EDR solutions have that. I would be happy if SentinelOne added that to their platform. This is the first point.

The second point is SentinelOne should provide support for legacy open-source operating systems. For example, old versions of Oracle are not supported by SentinelOne.

The third point is that SentinelOne does not support a few platforms, including IBM AIX and UNIX-based OS. These three platforms are almost all used in all enterprises, and SentinelOne does not support them. If SentinelOne provides agents for these missing platforms, it'll be very good.

It would be ideal if they offered video support for troubleshooting issues.

I've been dealing with the solution for just over one year.

The solution is stable and reliable. We have been happy with its performance. There are no bugs or glitches, and it doesn't crash or freeze. 

I'd give it a four out of five in terms of stability.

The scalability has been very good.

There are thousands of both users and servers. Everyone uses it.

I have raised a lot of tickets, and their support is very good. However, with other members, when we have raised tickets in the past, we were able to have technical sessions through Zoom, WebEx, or Teams very easily. That's true, for example, with Microsoft, Cisco, McAfee, and Kaspersky. With SentinelOne, they are providing very good support, excellent support, however, their engineers are not very interested in providing online sessions, which is more convenient.

When you face any issue, they always provide documentation and videos - and that's very good. However, sometimes it's required that they show us how something is done. Doing some sort of video call helps with the walk-through. SentinelOne engineers, most of them, are not so much interested in doing this.

We did previously use a different solution. However, I can't speak to which product that was.

Other solutions that I usually use in other organizations were on-premises.  This one is cloud-based. The point is, when you have your antivirus or EDR solution on-prem, that's your responsibility to troubleshoot the core server and do that maintenance patch and all of those kinds of tasks. When the solution is hosted in the cloud, all of these responsibilities belong to the provider, in this case, SentinelOne. When a new patch is getting released from the vendor, normally, if we were using legacy platforms, we would have to upgrade each endpoint one by one. By using cloud-based EDRs, it can be done automatically and reduces maintenance time.

The solution is very easy to set up. It's not overly complex or difficult. 

The implementation strategy was very simple: removing the old antivirus solution and replacing that with SentinelOne.

It took us three months to migrate and deploy.

We have ten to 14 people that can handle deployment and maintenance. Only one person, however, needs to handle typical maintenance tasks. 

We handled the initial setup ourselves. We did not need any outside assistance. 

Licensing is part of the procurement team. I can't speak to the exact cost of the product.

We are a customer of SentinelOne.

SentinelOne does not have a version. SentinelOne is a centralized platform that is hosted in the cloud. It's the agent that we install on servers and clients, it has versions we are using the latest version of agents. 

The product has two deployment options, cloud deployment, and on-prem deployment. Most people prefer to use cloud deployment in the way we do.

I recommend this solution often. I'd rate the solution eight out of ten.

My advice for other companies that do not use SentinelOne is this: that everyone, every company, likely has its own antivirus solution, whether it's McAfee, Symantec, Kaspersky, and so on. These platforms provide only an antivirus solution, however. If they replace their solutions with SentinelOne, they will have two features: EPP, endpoint protection from antiviruses, and EDR, endpoint protection and response features. They will not need to install two applications, one antivirus, and one EDR, on their clients' computers; only one agent can do anything.

SentinelOne provides an amazing amount of visibility over clients and servers. Anything done on a server, on a client, with a network connection, login, logout, changes in directories, et cetera, is recorded. Using query searches, you can find what happened very easily.

We use SentinelOne Singularity for cybersecurity. For example, ransomware protection. It protects our network against the latest cybersecurity threats, continuous monitoring, and real-time checks of our network. 

There are many things that we consider in a solution, such as how often it updates and does patches, and what issues are there in the network or on the desktop or OS. If any patch is missing, it should inform me and send me CVSS and CVSE scoring of my threat perspective.

SentinelOne Singularity has hundreds of features. The most valuable feature of the solution is the ease of use and threat control.

The training for SentinelOne Singularity should be free. The solution has a lot of features but we do not know how to use them all. The moment someone purchases the solution they should contact them and provide them with a feature session on how to use the features.

When we connect the solution to our patch management system they should explain to us how to do it. Additionally, it should be notifying me what patch is missing in my system.

I have been using SentinelOne Singularity for approximately six months.

SentinelOne Singularity is stable.

We have approximately 250 users using this solution in my organization.

I have used the support team from SentinelOne Singularity.

I rate the support from SentinelOne Singularity a four out of five.

Positive

We used two solutions for the comparison, CrowdStrike and McAfee. We did do tests before going to SentinelOne Singularity in many areas, such as ease of use, technical comparison, scanning capabilities in terms of cybersecurity perspective, and ransomware protection. Ransomware blocking is a better feature in SentinelOne Singularity.

We have a team of people who have a set of parameters that we use to scan all these tools. They perform comparisons on each and every aspect and SentinelOne Singularity scored better. 

The deployment of SentinelOne Singularity is straightforward and very easy. The whole process of deployment took four hours.

When it came to the price compared to other solutions we tested, SentinelOne Singularity gave us the price of our expectations whereas CrowdStrike could not.

First-time users of this solution should prioritize what they want to protect, and establish if they have the expertise to maintain it. The solutions don't require any high-end expertise to be deployed or maintained but a normal IT system administrator is needed to do it.

I would recommend this solution to others.

I rate SentinelOne Singularity a nine out of ten.

We use SentinelOne to collect logs and data. We will connect it to other tools and places in the future.

It is easy to collect and retain logs with SentinelOne. When you need to compare information, the data is available. It also has the possibility to configure information. It integrates well with all the other solutions we use. 

The only concern we have is that there are a few features that were not readily available. We use a lot of application files that didn't have a connection.

We would also like to see integration with other tools that have to collect the logs.

Although Microsoft claims the use of building artificial intelligence to correlate events, we have actually had a couple of events that should have logs but did not. The solution is not at the same level in terms of building artificial intelligence.

SentinelOne can do a better job of not only creating corrective action based on the correlation. For example, someone was trying to repeatedly change their password. What they didn't realize was that they weren't connected correctly.

I have been using SentinelOne for six months.

SentinelOne is a stable product.

Scalability is based on the measure. There is no limitation regarding scalability if you pay for the upgrades.

Technical support is good. When you need help from Microsoft, there is a long list of resources to help understand the issues.

Positive

The initial setup is straightforward as we have contracts with Microsoft Office Supplies, commodities, defender, and Active Directory.

I would rate the ease of initial setup of SentinelOne a five out of five. It is easy.

Our company used a third party that provided the utility. 

This solution is less expensive than its competitors. You might need to buy additional space depending on how much they are willing to provide. I would rate the pricing a five out of five.

We selected SentinelOne because it was less expensive than the competitors. We also saw the speed of evolution with Microsoft, so it can be involved theoretically when compared to Splunk.

We also chose SentinelOne because of the balance between features. It is stable and has enough choices. Being with Microsoft, we felt confident that the solution would evolve.

If you are considering SentinelOne, you should consider the cost of storage. Otherwise, the product is easy to deploy. You either need to have your own security operating center or hire someone that will use Sentinel or the secondary service. For you to consume the data, you may have had an internal security center or Sentinel.

With SentinelOne you have to invest extra cost. You have to always think of how much it will cost you to delay a response by a couple of days. If the incident is going to cost two days of revenue for the organization, that is much more than the cost of the solution.

I would rate SentinelOne an eight out of ten because of the price point and the features you get.