SentinelOne Singularity Complete Reviews

We are using it for endpoint security. It acts as an antivirus as well as is useful for endpoint detection. We are using the same product for both use cases. 

SentinelOne is very lightweight. It doesn’t consume much memory of endpoints. Endpoints don't hang, and machine performance doesn’t get impacted. Their technical support is also very nice.

It has all the features that other leading products in the market provide. They should keep enhancing it based on the challenges in the market. I am fine with its detection capability, but they can work more on deep inspection.

I have been using this solution for around two years.

It is stable. I would rate it a four out of five in terms of stability.

It is scalable. I would rate it a four out of five in terms of scalability. We have more than 1,200 users who are using this solution.

Their technical support is very nice. I would rate them a five out of five.

Positive

It is very easy to implement or install. I would rate it a five out of five in terms of the ease of setup. It does require maintenance by someone.

Its cost is yearly. It is not much costlier than other leading products available in the market. I would rate it a four out of five in terms of pricing.

We were looking for an antivirus and EDR solution. We evaluated some of the products, and finally, we decided to go for SentinelOne EDR. CrowdStrike was one of the solutions we evaluated. SentinelOne was lightweight, but CrowdStrike had a more secure door.

I would rate it a nine out of ten.

We use SentinelOne mainly for lateral movement, ransomware, anti-malware, AI engine, and forensics.

The most valuable features of SentinelOne are the lateral movement and the use of the Active Directory.

SentinelOne can improve by having better integration with Active Directory.

SentinelOne can be deployed on-premise and in the cloud.

I have been using SentinelOne for approximately two years.

SentinelOne is stable. However, the only issue I had was with legacy system, such as older kernels. The newer systems are more stable.

The scalability of SentinelOne is good, but my biggest concern is they need to find some way to automatically install their agents to specifically Microsoft Windows devices because not every IT infrastructure has SECM of others that automatically deploy it. It would be helpful during the migration of new customers.

We have approximately 4,000 systems using the solution and plan on adding another 400.

I haven't had the opportunity to interact with SentinelOne support.

I have previously used Microsoft Windows Defender.

The initial setup of SentinelOne is very easy. You only need to turn it on and it starts working with a couple of clicks. The ease of implementation is SentinelOne strongest feature.

We have three people deploying SentinelOne. As part of the team deploying the agent, there are multiple teams involved, and each one can deploy an agent when they have their own time.

SentinelOne can cost approximately $70 per device.

The advice I would give others that are thinking of implementing SentinelOne is if they have any other solutions, I would highly recommend them to start using it, especially if they have Active Directory. It's very good at picking up weird anomalies.

I  rate SentinelOne an eight out of ten.

The most important feature is the roll-back feature because when any system is corrupted, we can easily restore it within a few seconds. Also, if an end-user is not connected to your network, they can communicate with the central manager. We can be notified of any end-user activity with a central dashboard. The solution is also a very lightweight agent model compared to other solutions like Sophos, Carbon Black and the app action from X-microsite product. SentinelOne does not use the RAM SCP installation for the agent, and the user interface is also straightforward.

The setup process could be improved, and it would be good if artificial intelligence were added as an additional feature in the next release.

We used SentinelOne at my previous company before I left eight months ago, and it was deployed on cloud base.

It is a stable solution.

It is a scalable solution, and we have about 800 users using SentinelOne. We only need one person for maintenance, and they can offer maintenance in person and remotely via email and SMS.

I rate the technical support a ten out of ten. The support is very easy if you connect with global support. A company focused on non-technical issues can't easily adopt the solution. You have a support team from the layman language.

The initial setup was a bit complex but very simple if you set up a single order.

I rate the price of SentinelOne a ten out of ten, meaning it is the best price in the market. This is because SentinelOne has a nominal cost. For example, if CrowdStrike costs $1000, SentinelOne provides the same features for about $7 to $8.

I rate this solution a ten out of ten. I have around 10 to 15 years of experience in security and have used products like Sophos, Micro and CrowdStrike. CrowdStrike and SentinelOne are the best, but SentinelOne is preferred because of its great features and nominal cost.

We primarily use the solution for security purposes. 

It's an easy tool and it offers a different experience. It is a new generation product.

The initial setup was easy.

It's stable and reliable.

The product can scale as needed.

While I'm sure improvements are necessary, there isn't one specific area I've found to be lacking. 

Security could always be better. It always needs to be adjusted to keep up with what's happening. 

I've been using the solution for two years. 

We haven't had any issues with stability. It's reliable. there are no bugs or glitches and it doesn't crash or freeze. 

It's scalable. We are using management software on the cloud. Therefore, if we want to install 1,000 agents, it doesn't impact our business now. We can scale and it's got a central implementation method for agents.

Technical support has been very good and we are quite pleased with them. 

Positive

We actually use regular antivirus solutions as well, such as Sophos and McAfee.

It's a simple, straightforward setup. It is not overly complex or difficult. 

We have a small IT team and have found that we just need to have one person managing the product. 

We deployed it using an outside resource.

I cannot speak to the exact cost. Our managers buy the licenses. That said, it is my understanding that we are using the subscription model and pay for it yearly. I'm not sure if there are any other ancillary fees beyond that.

I'm a customer and end-user. 

I'm not sure which version of the solution I'm using. 

I'd rate the solution eight out of ten. It's a good overall product. 

Sentinel One protects our endpoints from malware, viruses, trojans, and other cyber attacks. We outsource the management of Sentinel One to another organization. They monitor for infections at any endpoint on the console and work to determine if it's a false positive or an actual attack.

Most of the time, Sentinel One can automatically identify an attack, and it quarantines the process to block the attack. If Sentinel One can't make that determination on its own, the third-party team will further investigate the suspicious traffic. 

SentinelOne is doing its job and protecting our endpoints from various cyberattacks. Since we implemented the solution, we haven't seen any big cyberattacks get through, which has happened before. Any malware and threats we've seen in the past have been resolved by SentinelOne.

I like that SentinelOne doesn't use a lot of system resources or make the system slow. It also performs a full scan quickly—within two hours. It has an easy-to-use end-user GUI. 

We want more communication about features that we request and when they will be added to the product. For example, they can tell us what is being done about it. part, if that can be shared for the new features. 

We've requested that SentinelOne's agent provide more reporting on the endpoint's OS, system host, modem, and serial number. It's not able to determine this now. If the SentinelOne team can provide us with some updates about whether they're working on it, that would be useful.Also, we'd like SentinelOne to upgrade automatically. It doesn't automatically update the agent if some system has an older version of the SentinelOne. It has to be triggered from the console.

We have been using SentinelOne for a year now.

We've had SentinelOne for a year and haven't faced any major issues, so I would say it is reliable.

SentinelOne is scalable, but we need to purchase additional licenses. We have purchased two licenses for 300 endpoints. The license not only applies to the users but also to some of the servers. We have SentinelOne installed on some of our critical servers. It can be scaled to whatever size we want if we purchase enough licenses.

We haven't contacted SentinelOne support directly. When we need help, we reach out to our service provider. SentinelOne deals with threats when it detects them. If not, the service provider will analyze them. We haven't had issues with them so far. Their service is satisfactory and cost-effective.  

This is the first time we have used endpoint security. We were using an antivirus solution before this. I would say Sentinel One is doing the job perfectly.

Setting up SentinelOne is a pretty straightforward process. We have around 300 systems in our environment. Working with our security service provider and four other colleagues, we completed the deployment 10 to 15. It's worth noting that we were handling our daily tasks, so we weren't working on this the entire time. 

After deployment, we have to scan the endpoint for maintenance and upgrade. We also need to regularly update the endpoint agents from the console. Our security service provider primarily handles upgrades to the console itself. 

We have outsourced this whole thing to a security service provider. They provide complete security services for SentinelOne. They worked with our in-house IT team, and I took the lead. Once I learned the process from them, I could deploy it on a few systems, and they did the rest.

SentinelOne isn't cheap, but it's less expensive than CrowdStrike It's priced competitively. There are no add-ons. We have a Singularity Complete license, which includes everything we need for endpoint protection. 

We compared a few endpoint security solutions, including CrowdStrike before introducing SentinelOne to our organization

I rate SentinelOne eight out of 10. It's a good endpoint security tool, and I wouldn't hesitate to recommend it to others. 

We have the solution deployed on-premises and, for the last year, on the cloud as well. We have two systems.

Over the last year of Corona, we provided a lot of laptops to our workers to work at home. But because they're not connected, at first, to our network, they can't connect to the SentinelOne instance on-premises. We wanted something that would protect them when they're on the internet, and not only after they connected to our network. That is why we got the system that is in the cloud, to protect all the company laptops.

We don't have a lot of incidents because ours is a very closed network. We don't connect directly to the internet. So SentinelOne is only a barrier between us and the emails or between us and the files that go into our network. 

Three years ago, one of our employees got an email from someone and opened a file. It was ransomware. It started to infect the disks and I didn't know if it had started to encrypt the network routes. I stopped the computer, but I didn't know if another computer had also been infected. I waited for a company that was giving us support for those kinds of things. They got the disk and they started to check and analyze it. After four hours—and that was very quick, by their standards—I got the first analysis. If I had had SentinelOne the whole thing would have taken between 10 seconds and one minute. And then there was the cost of the SLA that we paid to the support company for that kind of support. A four-hour SLA costs a lot of money; the basic SLA is eight hours.

It has cut the response times to nothing. When we have an incident, we get an email in seconds and I can respond in a second to any threat. Even if it's a false alarm, I get the alarm immediately. For example, when we started to work from home, I accidentally installed a program that writes to the MBR partition in the laptop. It wanted to write to the MBR partition and SentinelOne stopped the file and it saved me from having to install the whole computer again. So it not only protects against threats but against mistakes. It's like having a big brother sitting behind you who protects you.

When you pay for a system like SentinelOne, along with the other systems that we have, we're less dependent on a SOC.

The solution gives me peace of mind when it comes to the reliability of the computers on our system. We can work through the internet, as has been happening recently with half of the company working from home, and I know that I have a system that has my back, that protects me. I know it does because I have tested it.

There isn't a single valuable feature, it's the whole engine and system. It's working online in  real-time and gives us alerts, on-click. We chose SentinelOne because in the millisecond that I clicked on the file, I got a block-alert.

SentinelOne's Static AI and Behavioral AI technologies are among the most effective for protecting against attacks because they analyze not only the file's surface, but the behavior of the file. When I described to my manager what I was going to buy, I described a system that analyzes file behavior. If you open a calculator, calc.exe, you know it's going to open calc.exe, and maybe open service X or Y, but it won't go to the internet, to an IP, and spread something. When you analyze the behavior or reaction of each file that works on your PC, it's something else. It's a different level of EDR.

When there is an incident, the solution's Storyline feature gives you a timeline, the whole story, what it began with, what it opened, et cetera. You have the whole picture in one minute. You don't need someone to analyze the system, to go into the logs. You get the entire picture in the dashboard. The Storyline feature has made our response time very fast because we don't need to rely on outside help. We see the whole picture in front of us, from the beginning to the end. We can see, with the click of a button, if that file ran on more computers, not only one or two, and how it spread to other computers. We can see the whole tree and we can immediately respond. We don't need to wait for analysis.

The UI is very clear. You don't need to look for something or to dig to understand where it is. It's all in front of your eyes.

All they need to do to improve it is for it to grow further. The hackers don't sleep. If the hackers don't sleep, the solution continually needs to be updated. They need to keep ahead of the hackers.

I have been using SentinelOne for two years.

It has never gone down. In two years I haven't had any software or hardware problems.

The scalability is driven by demand. If I need to buy 100 licenses, I can buy 100 licenses. We started with 50 and now we have 200 on-premises and 100 on the cloud.

In terms of expanding our usage, we have a SCADA network. It is our operational network. That network is 100 percent disconnected from the outside world. It's not connected to any network, not to IT and not to the internet. We use a regular antivirus there. We plan on deploying SentinelOne to support that and to remove the old antivirus.

Prior to using Sentinel one we were using McAfee Endpoint Security. We switched because I understood that the systems that are only checking file signatures don't work anymore.

We installed it, in the beginning, on-premises on our computer inside the network, and the installation was done with an integration company. Every three or four months we upgrade because our location is not connected to the internet directly.

The on-premises deployment took something like a week to get it deployed to everyone, but the installation itself was very quick, half a day. Then, to see what should be put in the blacklist or what to exclude took about two weeks. The deployment was done by me and the IT manager.

The cloud version was very simple, no problem. Things were done automatically.

The integrator we used was DnA-IT. They only did the installation for the first implementation.

Now that we are going back to the workplace, I will start to work with them on an hourly basis, and we'll learn about all the features from them. They have good guys who know what I need and what we're going to do. I am one person who supports 400 people, so I need the time to sit with the system and to learn it. The system has a lot of features that we don't use or that we don't understand how to use because we haven't had a lot of time in the past year to research them and sit with the company to teach us. We work with the basic features, things like the blacklist and the USB restrictions. The integrator will show us how to use the more advanced features. I'm starting to think that if we can implement all the features from SentinelOne, I will be able to cut the antivirus that we are paying for.

We also use DnA-IT for support. If necessary, they open a ticket with SentinelOne.

It's cost-effective. The price of 100 licenses that I need in the cloud is cheaper than one Bitcoin I would need to pay in the case of ransomware. It's already paying for itself.

The pricing is very fair for the solution they provide.

Aside from the standard licensing fee, the only other costs are for the hardware, because we use Hyper-V on-premises.

I don't remember the names of the other solutions we tested because it was more than two years ago. At that time, SentinelOne was a very young, small, Israeli company with a new product. We were using another startup on our OT network and I asked them if they knew of a good EDR company and they told me there's a little company like ours, our friends, check them out. We also checked two other companies.

We did a penetration test on some solutions. A company that we work with on pen testing planted malware in Excel files, in a macro. We tested how each of the solutions alerted us on the macro and about what it was doing. SentinelOne alerted us at the moment I clicked on the mouse. When I got the popup alert from SentinelOne, I said, "That's it."

In the other software that we checked, there was a little delay because the software got the file, transferred it to the cloud, waited for the cloud to handle the file, and then got the answer back. It took about half a minute or a minute. But in half a minute or a minute, an attack can destroy half of the network. In fact, one of the others didn't detect it at all.

My advice is check out SentinelOne. See how the system works in a real-time attack. Only when you see how it works in real life, in real time, will you understand the ROI of the system. Simulate an attack, simulate a file, simulate that file changing something, and see how it works. I can say to my manager, "I have McAfee installed on my system, I'm safe," and they'll check the checkbox and move on, without understanding what they are doing. I need to sleep well at home and I can do so by knowing I have a system that has my back. That is what SentinelOne is.

Our primary uses are endpoint protection and application inventory.

The management is done through the SentinelOne web interface.

We work strictly in a Windows environment, using it for both workstations and servers.

At the moment, using SentinelOne brings us peace of mind. It has only highlighted a few things and generally, we've been quite lucky.

In terms of the engines that SentinelOne uses, it has stopped various scripts from running and it's highlighted lateral movement that we weren't expecting. From that perspective, it's been good.

We don't have a lot of incidents but SentinelOne has reduced our response time by a couple of hours, per incident. It does a lot more than what the previous AV products did.

The most valuable features are application auditing and malware detection.

Application inventory and auditing highlight which applications are installed on the endpoints, and whether there are any known vulnerabilities. If the endpoint is not patched then it will be reported. This helps us in terms of validating our patch management methodology.

On the malware protection, it looks like it stops all malware and detects things such as suspicious activity.

The automatic monitoring of OS processes is a good thing to have. However, I'm not totally familiar with the product in-depth. It gives peace of mind in terms of our security and it doesn't seem to have any impact from an end-user perspective.

We use the threat detection feature.

The Deep Visibility feature is something that we have used once or twice. It gives us visibility of all of the activities that took place, to determine what exactly was caused. We don't use this feature very much, purely because we don't have many things to look at. We did find some things that were suspicious, and we were able to resolve them. It highlights certain things that we weren't aware of, and then we were able to go in and understand them further. At that point, we either marked an issue as a false positive, or we denied it permission to continue. In either case, SentinelOne stopped it from proceeding. 

At the moment, my confidence is quite high with respect to the effectiveness of the distributed intelligence at the endpoint. I haven't had reason to determine if it's not working and at the moment, it seems to be doing what it says it does.

With respect to product patches, it should have the ability to patch directly from SentinelOne, rather than be presented with a list and have to do it separately. As it is now, it shows you what products require patching, but you need a separate application to install the patch. If you could initiate an update to the application from SentinelOne, that would be a nice feature. 

I have been using SentinelOne for approximately a year and a half.

Overall, the stability is very good. We have had one version where it had a high CPU usage, but the later versions were better.

We have not run into problems with scalability. It can be very good.

There are three users in the company including the IT department, helpdesk, and operations manager. At the moment, we have implemented 100% of our endpoints. Probably, as we add endpoints over time, our usage will increase slightly.

The technical support is excellent. We have only had to use them two or three times, and the response has been very fast, very detailed, and very explanatory.

Prior to SentinelOne, we used Symantec Endpoint Protection. We switched because SentinelOne offered various features such as Deep Visibility, threat analysis, and application inventory. There were a lot of features that SentinelOne had that Symantec didn't, at the time.

The initial setup is very straightforward. It was pretty much all done for us. Essentially, all we had to do was install the agent on each workstation that was upgraded.

It took about three weeks to deploy, covering all 212 of our endpoints.

We didn't have a specific implementation strategy. We somewhat phased it in, and all of the new devices would be installed with SentinelOne. As we go through the different workstations, we replace what is necessary and upgrade the agent. It was a case of going through our four different offices and because we're quite small, we did it one by one.

There is no maintenance required, post-deployment.

SentinelOne support assisted us with deployment and it was done pretty much right away. They were very good.

Once the tenant was created, they gave us an overview of how to use it. The product is quite straightforward and easy to use and. There are probably elements we could go through further with SentinelOne, but I don't know if it's because I buy through a third party. Maybe, the third party is supposed to do more, but I'm not sure.

The reseller that we purchased SentinelOne from is O2 Mobile, and the experience was fine.

Although there isn't a tangible ROI, the product gives us a lot more detail and insight into the threats, which is valuable. There has been ROI, but it's more time value rather than a hard dollar value.

The price is reasonable in terms of what the product offers. SentinelOne is more affordable than some competing products, and it's not overly expensive for what you're getting.

We looked at Trend Micro before choosing this product. SentinelOne looked easier to use and it was almost a complete product. We didn't go into too much depth, and I cannot compare the detection capabilities, but the cost was a factor.

My advice for anybody who is implementing this product is to fully understand all of the elements that it provides and to be aware of all of the features. For myself, I think it's important to have a deeper and better understanding of all of the functionality that the product offers.

At the moment, we have a lot of trust in SentinelOne. If it continues to stop future threats then I will continue to rate it highly, or even perfect. At this time, I wouldn't say it's perfect because I can't say that I haven't been compromised because of it.

I would rate this solution a nine out of ten.

Our use cases are for client and server visibility in our enterprise and operational technology environments, as EPP and EDR solutions.

Traditionally, we have had an open policy on endpoints in terms of what has actually been installed. We don't really centrally manage the application. So, we have had a sort of dirty environment. Now that we have SentinelOne with its advanced capabilities, this has enabled us to detect and categorize unwanted applications. It has given us a good foothold into the area of inventory management on endpoints when it comes to our applications as well.

One of the main selling points of SentinelOne is its one-click, automatic remediation and rollback for restoring an endpoint. It is extremely effective. Everything is reduced, like cost and manpower, by having these capabilities available to us.

The Deep Visibility feature is the most useful part of the EDR platform. It gives us good insights into what is actually happening on the endpoints, e.g., when we have malicious or suspicious activity. We came from a legacy type AV previously, so we didn't have that level of visibility or understanding. For simplifying threat-hunting, it is extremely useful, where traditional techniques in threat hunting are quite laborious. We can put in indicators of compromise and it will sweep the environment for them, then they would give us a breakdown of what assets have been seen and where they have been seen, which is more of a forensics overview.

From a forensics point of view, we can see exactly what is going on with the endpoint when we have threats in progress. It also gives us the ability to react in real-time, if it has not been handled by the AI. We have set the policy to protect against unknown threats, but only alert on suspicious ones. 

The Behavioral AI feature is excellent. It is one of the reasons why we selected SentinelOne. We needed a solution that was quite autonomous in its approach to dealing with threats when presented, which it has handled very well. It has allowed us to put resources into other areas, so we don't need to have someone sitting in front of a bunch of screens looking at this information.

The Behavioral AI recognizes novel and fileless attacks, responding in real-time. We have been able to detect several attacks of this nature where our previous solution was completely blind to them. This has allowed us to close gaps in other areas of our environment that we weren't previously aware had some deficiencies.

The Storyline technology is part of our response matrix, where you can see when the threat was initially detected and what processes were touched, tempered, or modified during the course of the threat. The Storyline technology's ability to auto-correlate attack events and map them to MITRE ATT&CK tactics and technique is very effective. By getting that visibility on how the attack is progressing, we can get a good idea of the objective. When we have the reference back to the framework, that is good additional threat intelligence for us.

Storyline automatically assembles a PID tree for us. It gives us a good framing of the information from a visibility standpoint, so it is not all text-based. We can get a visualization of how the threat or suspicious activity manifested itself.

The abilities of Storyline have enabled our incident response to be a lot more agile. We are able to react with a lot greater speed because we have all the information front and center.

The solution’s distributed intelligence at the endpoint is extremely effective. We have a lot of guys who are road warriors. Having that intelligence on the network to make decisions autonomously is highly valuable for us.

The role-based access is in dire need of improvement. We actually discussed this on a roadmap call and were informed that it was coming, but then it was delayed. It limits the roles that you can have in the platform, and we require several custom roles. We work with a lot of third-parties whom we rely on for some of our IT services. Part of those are an external SOC function where they are over-provisioned in the solution because there isn't anything relevant for the level of work that they do.

We have used it for around 10 to 11 months.

In the 11 months that we have had it, we have only had one problem. That was related back to a bug on the endpoint agent. So. it is very stable when I compare it to other platforms that I have used, like McAfee, Symantec, and Cylance.

Being a SaaS service, they take care of all the maintenance on the back-end. The only thing that we have to do is lifecycle the agents when there is a new version or fixes. So, it is very minimal.

It is highly scalable. It is just a case of purchasing more licensing and deploying agents.

We have three global admins, myself included, with about 10 other administrators. Primarily, the way that we are structured is we have a client team and a server team. So, we have resources from each geographical region who have access to the solution to police their own environment on a geographical basis. So, we have three global admins, then everybody else just has a sort of SoC-based level functionality, which goes back to the custom role issue because this is too much access. 

The technical support is very good. My only criticism is they are not very transparent when they are giving you a resolution to a problem. We have had several cases where we have had a problem that we have been given the fix for it. However, when we asked for background information on the actual problem, just to get some more clarity, it is very difficult to get that. I don't know if it's relative to protecting the information regarding the platform or a liability thing where they don't want to give out too much information. But, in my experience, most vendors when you have a problem, they are quite open in explaining what the cause of the issue was. I find SentinelOne is a bit more standoffish. We have gotten the information in the end, but it is not an easy process. 

When responding to fixing a problem, they are excellent. It is any of the background information that we are after (around a particular problem) that we find it difficult to get the right information.

We were previously using Trend Micro Deep Security. The primary reason why we switched was that it is rubbish. It is a legacy-based AV. We had a lot of problems functionality-wise. It was missing a lot of things, e.g., no EDR, no NextGen capabilities, and it had interoperability problems with our Windows platform deployments. So, there was just this big, long list of historical problems.

We specifically selected SentinelOne for its rollback feature for ransomware. When we started looking into securing a new endpoint solution about 24 months ago, there was a big uptick in ransomware attacks in the territory where I am based. This was one of the leading criteria for selecting it.

The initial setup is extremely straightforward. The nature of the platform has been very simplistic when it comes to configuring the structure for our assets and policies. Several other platforms that I have worked with are quite complex in their nature, taking a lot of time. We were up and running within a day on the initial part of our rollout. For the whole organization, it took us about 30 days to roll out completely in five different countries across roughly 20,000 endpoints. 

Behavioral AI works both with or without a network connection. We tested it several times during procurement. It can work autonomously from the network. One of our selection criteria was that we needed it to be autonomous because we have air gapped environments. Therefore, we can connect, install, or disconnect, knowing that we have an adequate level of protection. This mitigates certain risks from our organization. It also gives us good assurance that we have protection.

We had a loose implementation strategy. It was based on geography and the size of the business premises in each country. We started with our administration office, but most of our environment is operational technology, e.g., factories and manufacturing plants.

We did the deployment ourselves, but we had representation from the vendor in the form of their security engineer (SE). We did the work, but he gave us input and advisories during the course of the deployment.

Three of us from the business and one person from Sentinel (their SE) were involved in the deployment of SentinelOne.

We saw a return of investment within the first month.

On several occasions, we found some persistent threats that we wouldn't have known were there by using the Deep Visibility feature.

The solution has reduced incident response time by easily 70 percent.

The solution has reduced mean time to repair by probably 40 to 50 percent. This has been a game changer for us.

Analyst productivity has increased by about 50 percent.

We are on a subscription model by choice. Therefore, we are paying a premium for the flexibility. We would have huge cost savings if we committed to a three-year buy-in. So, it's more expensive than the other solutions that we were looking at, but we have the flexibility of a subscription model. I think the pricing is fair. For example, if we had a three-year tie-in SentinelOne versus Cylance or one of the others, there is not that much difference in pricing. There might be a few euro or dollars here and there, but it's negligible.

We evaluated:

• Microsoft Defender for Endpoint
• Cisco AMP for Endpoints
• CylancePROTECT
  
• Apex One, which is Trend Micro's NextGen platform.

The main differentiator between SentinelOne has been ease of use, configuration, and performance. It outperformed every single one of the other solutions by a large margin in our testing. We had a standardized approach in tests, which was uniform across the platforms. Also, there is a lot of functionality built into SentinelOne, where other vendors offered the additional functionality as paid add-ons from their basic platforms.

During our evaluation process, SentinelOne detected quite a lot of things that other solutions missed, e.g., generic malware detection. We had a test bed of 15,000 samples, and about 150 were left for SentinelOne. What was left was actually mobile device malware, so Android and iOS specific, fileless attacks, and MITRE ATT&CKs. SentinelOne performed a lot stronger than others. Cylance came second to SentinelOne, even though they were 20 percent more effective in speed and detection. The gulf was so huge compared to other solutions.

SentinelOne's EDR is a lot more comprehensive than what is offered by Cylance. They are just two different beasts. SentinelOne is a lot more user-friendly with a lot less impactful on resources. While I saw a lot of statistics from Cylance about how light it is, in reality, I don't think it is as good as the marketing. What I saw from SentinelOne is the claims that they put on paper were backed up by the product. The overall package from SentinelOne was a lot more attractive in terms of manageability, usability, and feature set; it was just a more well-rounded package.

Give SentinelOne a chance. Traditionally, a lot of companies look at the big brand vendors and SentinelOne is making quite a good name for itself. I have actually recommended them to several other companies where I have contacts. Several of those have picked up the solution to have a look at it.

You need to know your environment and make sure it is clean and controlled. If it's clean and you have control, then you will have no problems with this product. If your environment isn't hygienic, then you will run into issues. We have had some issues, but that's nothing to do with the product. We have never been really good at securing what is installed on the endpoint, so we get a lot of false positives. Give it a chance, as it's a good platform.

I would give the platform and company, with the support, a strong eight or nine out of 10.