SentinelOne Singularity Complete Reviews

We use SentinelOne Singularity for cybersecurity. For example, ransomware protection. It protects our network against the latest cybersecurity threats, continuous monitoring, and real-time checks of our network. 

There are many things that we consider in a solution, such as how often it updates and does patches, and what issues are there in the network or on the desktop or OS. If any patch is missing, it should inform me and send me CVSS and CVSE scoring of my threat perspective.

SentinelOne Singularity has hundreds of features. The most valuable feature of the solution is the ease of use and threat control.

The training for SentinelOne Singularity should be free. The solution has a lot of features but we do not know how to use them all. The moment someone purchases the solution they should contact them and provide them with a feature session on how to use the features.

When we connect the solution to our patch management system they should explain to us how to do it. Additionally, it should be notifying me what patch is missing in my system.

I have been using SentinelOne Singularity for approximately six months.

SentinelOne Singularity is stable.

We have approximately 250 users using this solution in my organization.

I have used the support team from SentinelOne Singularity.

I rate the support from SentinelOne Singularity a four out of five.

Positive

We used two solutions for the comparison, CrowdStrike and McAfee. We did do tests before going to SentinelOne Singularity in many areas, such as ease of use, technical comparison, scanning capabilities in terms of cybersecurity perspective, and ransomware protection. Ransomware blocking is a better feature in SentinelOne Singularity.

We have a team of people who have a set of parameters that we use to scan all these tools. They perform comparisons on each and every aspect and SentinelOne Singularity scored better. 

The deployment of SentinelOne Singularity is straightforward and very easy. The whole process of deployment took four hours.

When it came to the price compared to other solutions we tested, SentinelOne Singularity gave us the price of our expectations whereas CrowdStrike could not.

First-time users of this solution should prioritize what they want to protect, and establish if they have the expertise to maintain it. The solutions don't require any high-end expertise to be deployed or maintained but a normal IT system administrator is needed to do it.

I would recommend this solution to others.

I rate SentinelOne Singularity a nine out of ten.

I use it for company computers in reference to end-point protection scanning for malware, hunting for malware on the network, and on the devices. 

One is the behavioral engine and the AI are both built into the agent, so it doesn't need the internet. 

The interface is good and it is easy to use. The engine that they use to look for malware and for viruses is very good. 

There are features that I would like them to add. They have little to do with endpoint protection, but if they could add encryption and DLP on, it would make it even better. 

I have been working with SentinelOne for just over a year now.

Yeah, it is stable. It does not use a lot of computer resources, even though the engine is built into the agent. If there are new updates, it alerts you when the updates are there and need to be installed. SentinelOne is an efficient solution.

Yes, it is scalable.

I have not had any issues that I needed to talk to customer support about.

The initial setup is very straightforward and easy. Once you install it, auto-updates are initialized. When you put in watches, you are searching for items, you need customization, and you add or remove rules, which is quite easy.

I use in-house implementation.

We are seeing a return on our investment.

The licensing is okay. I don't think it is bad. Depending on which one you get, I think it is fifty dollars for each user annually. The more users you have, the cheaper it is.

I use all security tools from SIMS to DAMs, to DLP solutions, firewalls, etc.

For me, the experience has been very good. I would rate SentinelOne a nine out of ten.

We primarily use the solution for security. It’s for endpoint and response detection.

It is primarily protecting all my servers now, and most of the end users are connected to SharePoint OneDrive and emails, which are already taken care of from Microsoft through endpoint security. I don't have to really worry too much from the end-user point of view. Still, in case if they ever happen to click on any of the phishing emails or malicious files, it will block their computer immediately without even coming through the server level.

It is covering one of my IT audit purposes - not only from the protection of the data and doing security through my network but also addresses most of the compliances from an audit point of view.

It is very effective so far. It has saved us from a couple of ransomware attacks already. I'm very impressed.

They support most of the operating systems that we use - not just Windows or not just prominent versions of Apple or Linux. I have various versions that support almost all the operating systems in the market.

If there is any suspicious activity, they just straight away block the computer from further infection. The moment we call the support, they investigate everything in detail. Only then will they release it - if they find it is okay. During their own verification, they’ll see how it works and will not give access to the IT admin or to me. Only they will enable it when they are sure it is safe. The responsibility is taken off of us and onto them completely.

It is all automated. If any user or any Sentinel client is having an issue, the email alert will come, and we'll have to just look at it.

It's complete and total protection.

I cannot speak to any missing features. It has what we need.

If they can extend their product further on the DLP side of it so that I don't have to have another agent run exclusively for DLP production, that would be ideal.

I’ve been using the solution for a bit more than six months now.

The solution is absolutely stable. There are no bugs or glitches.

I haven't seen all the features. However, I will probably start looking at it since it has saved us from a couple of cyber attacks. Probably I will take a walk-through again from the technical team to understand if there are any further scalable options to implement on my infrastructure.

We are using it for service only right now. However, we have decided to scale up for all the end users.

Support is very good, and their help is immediate.

Positive

I'm still using VDAT on Windows endpoints. We use Defender. Windows is comprehensive as well. Most Windows users with personal PCs have Windows Defender, and it works well. That said, I was not sure and still am not sure how well it will protect the servers if there is any ransomware attack on the network.

It’s very easy to implement the solution. It’s not complex at all. I’d rate it a five out of five in terms of ease of implementation.

For me to implement across eight servers, it took maybe a day. Two days at a maximum.

It’s on the cloud and therefore doesn’t require maintenance.

They did the implementation. However, I installed the agent. Everything and the configuration were already set. They just guided me through how exactly it was set up. They did the walk-through of the complete product, and that's it.

We’ve already seen a 100% ROI even after just a few months. I’d rate it five out of five.

We pay to license every year. However, I’m not sure of the pricing. They might cost $100 each. It’s reasonably priced. I’d rate it four out of five in terms of affordability.

I did compare it to other solutions and found this product to be more compatible with more operating systems.

We are using the latest version of the solution.

I highly recommend the solution to others.

We’re just customers.

I’d rate the solution nine out of ten.

We are a Dutch distributor working for Infinigate, a company specializing in distributing security solutions across Europe. One of our vendors is SonicWall. 

The instant rollback for Windows support is a nice feature.

Certificate distribution is quite easy, for example, using BitBucket SSL Inspection in conjunction with the firewall. More and more web traffic is via HTTPS, everybody is sending encrypted data, which needs to be decrypted for security purposes, then delivered. The integration of SentinelOne and the SonicWall Capture Client makes certificate distribution easy, which is needed for a SSL security setup.  

The 365 management and analytics from the cloud is another great feature.

It would be good to see some small tools to test files or hashes that are a potential threat, I know there are already products offering this.

We have been distributing this solution to our clients for two to three years.

The stability is fine, I haven't heard about any serious issues. 

Within the cloud, the solution is as scalable as required. The CapEX is quite low and you can scale this solution for thousands of users. 

Within our company, we use a Sophos product, as we have been working with them for 25 years and have a more established relationship. 

The initial setup of this solution is straightforward. As soon as you install it, the policy is sent from the cloud, and perhaps some certificates, and you are up and running, so that's relatively easy. I would rate the setup experience a four out of five, as there is always room for improvement.

When I open my browser, and I'm behind the SonicWall firewall without Capture Client my browser will tell me that I cannot browse the internet until I install the client. Then there is a button in the browser to install it, I click on it as a user, and after a few minutes, I'm up and running. Now I can browse again, but with a client, so it's pretty easy.

As a distributor, we advise our resellers and they sell it to their end customers, so most of the time the resellers implement. I often give demos and training, where I show them how to do it. From a distributor role, most of the installations are done by our resellers.

The CapEX is very low because you don't have to buy any management tools or install them on your hardware. It's all based in the cloud and comes with cloud advantages. 

Just buy the Capture Client and buy the installer itself in a license of 100,000, or whatever is needed. You don't need to invest in any management tools because they are already installed, and maintenance from the client will keep everything up and running. 

I would rate this solution an eight out of ten.

I would advise people to consider this solution, because the combination of SentinelOne and SonicWall Capture ATP is very powerful. I would also advise people to have a look at the Capture Client and test the differences with other AVs.

SentinelOne has a patented feature with a Sandboxing technique, they have four Sandboxing techniques. They also have an AI technique, machine learning from SonicWall, and millions of sensors around the world to detect threats and zero-day attacks. This corroboration of security threat data shared by everyone makes the solution a powerful security engine. As Capture ATP also works on the firewall, it's not only their AV clients who are feeding the machine learning and the threat data, but also their firewalls.

We primarily use the solution for security purposes. 

It's an easy tool and it offers a different experience. It is a new generation product.

The initial setup was easy.

It's stable and reliable.

The product can scale as needed.

While I'm sure improvements are necessary, there isn't one specific area I've found to be lacking. 

Security could always be better. It always needs to be adjusted to keep up with what's happening. 

I've been using the solution for two years. 

We haven't had any issues with stability. It's reliable. there are no bugs or glitches and it doesn't crash or freeze. 

It's scalable. We are using management software on the cloud. Therefore, if we want to install 1,000 agents, it doesn't impact our business now. We can scale and it's got a central implementation method for agents.

Technical support has been very good and we are quite pleased with them. 

Positive

We actually use regular antivirus solutions as well, such as Sophos and McAfee.

It's a simple, straightforward setup. It is not overly complex or difficult. 

We have a small IT team and have found that we just need to have one person managing the product. 

We deployed it using an outside resource.

I cannot speak to the exact cost. Our managers buy the licenses. That said, it is my understanding that we are using the subscription model and pay for it yearly. I'm not sure if there are any other ancillary fees beyond that.

I'm a customer and end-user. 

I'm not sure which version of the solution I'm using. 

I'd rate the solution eight out of ten. It's a good overall product. 

Sentinel One protects our endpoints from malware, viruses, trojans, and other cyber attacks. We outsource the management of Sentinel One to another organization. They monitor for infections at any endpoint on the console and work to determine if it's a false positive or an actual attack.

Most of the time, Sentinel One can automatically identify an attack, and it quarantines the process to block the attack. If Sentinel One can't make that determination on its own, the third-party team will further investigate the suspicious traffic. 

SentinelOne is doing its job and protecting our endpoints from various cyberattacks. Since we implemented the solution, we haven't seen any big cyberattacks get through, which has happened before. Any malware and threats we've seen in the past have been resolved by SentinelOne.

I like that SentinelOne doesn't use a lot of system resources or make the system slow. It also performs a full scan quickly—within two hours. It has an easy-to-use end-user GUI. 

We want more communication about features that we request and when they will be added to the product. For example, they can tell us what is being done about it. part, if that can be shared for the new features. 

We've requested that SentinelOne's agent provide more reporting on the endpoint's OS, system host, modem, and serial number. It's not able to determine this now. If the SentinelOne team can provide us with some updates about whether they're working on it, that would be useful.Also, we'd like SentinelOne to upgrade automatically. It doesn't automatically update the agent if some system has an older version of the SentinelOne. It has to be triggered from the console.

We have been using SentinelOne for a year now.

We've had SentinelOne for a year and haven't faced any major issues, so I would say it is reliable.

SentinelOne is scalable, but we need to purchase additional licenses. We have purchased two licenses for 300 endpoints. The license not only applies to the users but also to some of the servers. We have SentinelOne installed on some of our critical servers. It can be scaled to whatever size we want if we purchase enough licenses.

We haven't contacted SentinelOne support directly. When we need help, we reach out to our service provider. SentinelOne deals with threats when it detects them. If not, the service provider will analyze them. We haven't had issues with them so far. Their service is satisfactory and cost-effective.  

This is the first time we have used endpoint security. We were using an antivirus solution before this. I would say Sentinel One is doing the job perfectly.

Setting up SentinelOne is a pretty straightforward process. We have around 300 systems in our environment. Working with our security service provider and four other colleagues, we completed the deployment 10 to 15. It's worth noting that we were handling our daily tasks, so we weren't working on this the entire time. 

After deployment, we have to scan the endpoint for maintenance and upgrade. We also need to regularly update the endpoint agents from the console. Our security service provider primarily handles upgrades to the console itself. 

We have outsourced this whole thing to a security service provider. They provide complete security services for SentinelOne. They worked with our in-house IT team, and I took the lead. Once I learned the process from them, I could deploy it on a few systems, and they did the rest.

SentinelOne isn't cheap, but it's less expensive than CrowdStrike It's priced competitively. There are no add-ons. We have a Singularity Complete license, which includes everything we need for endpoint protection. 

We compared a few endpoint security solutions, including CrowdStrike before introducing SentinelOne to our organization

I rate SentinelOne eight out of 10. It's a good endpoint security tool, and I wouldn't hesitate to recommend it to others. 

We have the solution deployed on-premises and, for the last year, on the cloud as well. We have two systems.

Over the last year of Corona, we provided a lot of laptops to our workers to work at home. But because they're not connected, at first, to our network, they can't connect to the SentinelOne instance on-premises. We wanted something that would protect them when they're on the internet, and not only after they connected to our network. That is why we got the system that is in the cloud, to protect all the company laptops.

We don't have a lot of incidents because ours is a very closed network. We don't connect directly to the internet. So SentinelOne is only a barrier between us and the emails or between us and the files that go into our network. 

Three years ago, one of our employees got an email from someone and opened a file. It was ransomware. It started to infect the disks and I didn't know if it had started to encrypt the network routes. I stopped the computer, but I didn't know if another computer had also been infected. I waited for a company that was giving us support for those kinds of things. They got the disk and they started to check and analyze it. After four hours—and that was very quick, by their standards—I got the first analysis. If I had had SentinelOne the whole thing would have taken between 10 seconds and one minute. And then there was the cost of the SLA that we paid to the support company for that kind of support. A four-hour SLA costs a lot of money; the basic SLA is eight hours.

It has cut the response times to nothing. When we have an incident, we get an email in seconds and I can respond in a second to any threat. Even if it's a false alarm, I get the alarm immediately. For example, when we started to work from home, I accidentally installed a program that writes to the MBR partition in the laptop. It wanted to write to the MBR partition and SentinelOne stopped the file and it saved me from having to install the whole computer again. So it not only protects against threats but against mistakes. It's like having a big brother sitting behind you who protects you.

When you pay for a system like SentinelOne, along with the other systems that we have, we're less dependent on a SOC.

The solution gives me peace of mind when it comes to the reliability of the computers on our system. We can work through the internet, as has been happening recently with half of the company working from home, and I know that I have a system that has my back, that protects me. I know it does because I have tested it.

There isn't a single valuable feature, it's the whole engine and system. It's working online in  real-time and gives us alerts, on-click. We chose SentinelOne because in the millisecond that I clicked on the file, I got a block-alert.

SentinelOne's Static AI and Behavioral AI technologies are among the most effective for protecting against attacks because they analyze not only the file's surface, but the behavior of the file. When I described to my manager what I was going to buy, I described a system that analyzes file behavior. If you open a calculator, calc.exe, you know it's going to open calc.exe, and maybe open service X or Y, but it won't go to the internet, to an IP, and spread something. When you analyze the behavior or reaction of each file that works on your PC, it's something else. It's a different level of EDR.

When there is an incident, the solution's Storyline feature gives you a timeline, the whole story, what it began with, what it opened, et cetera. You have the whole picture in one minute. You don't need someone to analyze the system, to go into the logs. You get the entire picture in the dashboard. The Storyline feature has made our response time very fast because we don't need to rely on outside help. We see the whole picture in front of us, from the beginning to the end. We can see, with the click of a button, if that file ran on more computers, not only one or two, and how it spread to other computers. We can see the whole tree and we can immediately respond. We don't need to wait for analysis.

The UI is very clear. You don't need to look for something or to dig to understand where it is. It's all in front of your eyes.

All they need to do to improve it is for it to grow further. The hackers don't sleep. If the hackers don't sleep, the solution continually needs to be updated. They need to keep ahead of the hackers.

I have been using SentinelOne for two years.

It has never gone down. In two years I haven't had any software or hardware problems.

The scalability is driven by demand. If I need to buy 100 licenses, I can buy 100 licenses. We started with 50 and now we have 200 on-premises and 100 on the cloud.

In terms of expanding our usage, we have a SCADA network. It is our operational network. That network is 100 percent disconnected from the outside world. It's not connected to any network, not to IT and not to the internet. We use a regular antivirus there. We plan on deploying SentinelOne to support that and to remove the old antivirus.

Prior to using Sentinel one we were using McAfee Endpoint Security. We switched because I understood that the systems that are only checking file signatures don't work anymore.

We installed it, in the beginning, on-premises on our computer inside the network, and the installation was done with an integration company. Every three or four months we upgrade because our location is not connected to the internet directly.

The on-premises deployment took something like a week to get it deployed to everyone, but the installation itself was very quick, half a day. Then, to see what should be put in the blacklist or what to exclude took about two weeks. The deployment was done by me and the IT manager.

The cloud version was very simple, no problem. Things were done automatically.

The integrator we used was DnA-IT. They only did the installation for the first implementation.

Now that we are going back to the workplace, I will start to work with them on an hourly basis, and we'll learn about all the features from them. They have good guys who know what I need and what we're going to do. I am one person who supports 400 people, so I need the time to sit with the system and to learn it. The system has a lot of features that we don't use or that we don't understand how to use because we haven't had a lot of time in the past year to research them and sit with the company to teach us. We work with the basic features, things like the blacklist and the USB restrictions. The integrator will show us how to use the more advanced features. I'm starting to think that if we can implement all the features from SentinelOne, I will be able to cut the antivirus that we are paying for.

We also use DnA-IT for support. If necessary, they open a ticket with SentinelOne.

It's cost-effective. The price of 100 licenses that I need in the cloud is cheaper than one Bitcoin I would need to pay in the case of ransomware. It's already paying for itself.

The pricing is very fair for the solution they provide.

Aside from the standard licensing fee, the only other costs are for the hardware, because we use Hyper-V on-premises.

I don't remember the names of the other solutions we tested because it was more than two years ago. At that time, SentinelOne was a very young, small, Israeli company with a new product. We were using another startup on our OT network and I asked them if they knew of a good EDR company and they told me there's a little company like ours, our friends, check them out. We also checked two other companies.

We did a penetration test on some solutions. A company that we work with on pen testing planted malware in Excel files, in a macro. We tested how each of the solutions alerted us on the macro and about what it was doing. SentinelOne alerted us at the moment I clicked on the mouse. When I got the popup alert from SentinelOne, I said, "That's it."

In the other software that we checked, there was a little delay because the software got the file, transferred it to the cloud, waited for the cloud to handle the file, and then got the answer back. It took about half a minute or a minute. But in half a minute or a minute, an attack can destroy half of the network. In fact, one of the others didn't detect it at all.

My advice is check out SentinelOne. See how the system works in a real-time attack. Only when you see how it works in real life, in real time, will you understand the ROI of the system. Simulate an attack, simulate a file, simulate that file changing something, and see how it works. I can say to my manager, "I have McAfee installed on my system, I'm safe," and they'll check the checkbox and move on, without understanding what they are doing. I need to sleep well at home and I can do so by knowing I have a system that has my back. That is what SentinelOne is.

Our primary uses are endpoint protection and application inventory.

The management is done through the SentinelOne web interface.

We work strictly in a Windows environment, using it for both workstations and servers.

At the moment, using SentinelOne brings us peace of mind. It has only highlighted a few things and generally, we've been quite lucky.

In terms of the engines that SentinelOne uses, it has stopped various scripts from running and it's highlighted lateral movement that we weren't expecting. From that perspective, it's been good.

We don't have a lot of incidents but SentinelOne has reduced our response time by a couple of hours, per incident. It does a lot more than what the previous AV products did.

The most valuable features are application auditing and malware detection.

Application inventory and auditing highlight which applications are installed on the endpoints, and whether there are any known vulnerabilities. If the endpoint is not patched then it will be reported. This helps us in terms of validating our patch management methodology.

On the malware protection, it looks like it stops all malware and detects things such as suspicious activity.

The automatic monitoring of OS processes is a good thing to have. However, I'm not totally familiar with the product in-depth. It gives peace of mind in terms of our security and it doesn't seem to have any impact from an end-user perspective.

We use the threat detection feature.

The Deep Visibility feature is something that we have used once or twice. It gives us visibility of all of the activities that took place, to determine what exactly was caused. We don't use this feature very much, purely because we don't have many things to look at. We did find some things that were suspicious, and we were able to resolve them. It highlights certain things that we weren't aware of, and then we were able to go in and understand them further. At that point, we either marked an issue as a false positive, or we denied it permission to continue. In either case, SentinelOne stopped it from proceeding. 

At the moment, my confidence is quite high with respect to the effectiveness of the distributed intelligence at the endpoint. I haven't had reason to determine if it's not working and at the moment, it seems to be doing what it says it does.

With respect to product patches, it should have the ability to patch directly from SentinelOne, rather than be presented with a list and have to do it separately. As it is now, it shows you what products require patching, but you need a separate application to install the patch. If you could initiate an update to the application from SentinelOne, that would be a nice feature. 

I have been using SentinelOne for approximately a year and a half.

Overall, the stability is very good. We have had one version where it had a high CPU usage, but the later versions were better.

We have not run into problems with scalability. It can be very good.

There are three users in the company including the IT department, helpdesk, and operations manager. At the moment, we have implemented 100% of our endpoints. Probably, as we add endpoints over time, our usage will increase slightly.

The technical support is excellent. We have only had to use them two or three times, and the response has been very fast, very detailed, and very explanatory.

Prior to SentinelOne, we used Symantec Endpoint Protection. We switched because SentinelOne offered various features such as Deep Visibility, threat analysis, and application inventory. There were a lot of features that SentinelOne had that Symantec didn't, at the time.

The initial setup is very straightforward. It was pretty much all done for us. Essentially, all we had to do was install the agent on each workstation that was upgraded.

It took about three weeks to deploy, covering all 212 of our endpoints.

We didn't have a specific implementation strategy. We somewhat phased it in, and all of the new devices would be installed with SentinelOne. As we go through the different workstations, we replace what is necessary and upgrade the agent. It was a case of going through our four different offices and because we're quite small, we did it one by one.

There is no maintenance required, post-deployment.

SentinelOne support assisted us with deployment and it was done pretty much right away. They were very good.

Once the tenant was created, they gave us an overview of how to use it. The product is quite straightforward and easy to use and. There are probably elements we could go through further with SentinelOne, but I don't know if it's because I buy through a third party. Maybe, the third party is supposed to do more, but I'm not sure.

The reseller that we purchased SentinelOne from is O2 Mobile, and the experience was fine.

Although there isn't a tangible ROI, the product gives us a lot more detail and insight into the threats, which is valuable. There has been ROI, but it's more time value rather than a hard dollar value.

The price is reasonable in terms of what the product offers. SentinelOne is more affordable than some competing products, and it's not overly expensive for what you're getting.

We looked at Trend Micro before choosing this product. SentinelOne looked easier to use and it was almost a complete product. We didn't go into too much depth, and I cannot compare the detection capabilities, but the cost was a factor.

My advice for anybody who is implementing this product is to fully understand all of the elements that it provides and to be aware of all of the features. For myself, I think it's important to have a deeper and better understanding of all of the functionality that the product offers.

At the moment, we have a lot of trust in SentinelOne. If it continues to stop future threats then I will continue to rate it highly, or even perfect. At this time, I wouldn't say it's perfect because I can't say that I haven't been compromised because of it.

I would rate this solution a nine out of ten.