SentinelOne Singularity Complete Reviews

In comparison to CrowdStrike, they use a lot of ICANN fees in the UI. But this isn't a problem for me because I am already familiar with CrowdStrike's interface and navigation panel. I still don't use the hamburger mini version of CrowdStrike because I am used to the old panels.

The rollback issue isn't marketed by CrowdStrike. I'm certain of it. We can, however, do it indirectly. If you want to do rollback in craft with RTR over Windows shadow copies, there is a workaround. 

This is an argument I occasionally use against SentinelOne. If you use rollback, your system has already been infected. CrowdStrike claims, that they don't do this, they are not a backup solution, and they don't allow any ransomware to work in their systems. 

By the way, rollback is a plus in the eyes of customers.

If CrowdStrike can do it with a single click, it will be a great turn of events.

The ability to get queries by pressing the "tab" button is a plus for SentinelOne.

SentinelOne makes it more difficult to define users.

It is difficult to manage users in SentinelOne.

There are many defining roles. It is granular, but it is also complicated. It is more granular than CrowdStrike, but it is not preferred because you have to check hundreds of roles. It's a challenge.

This user assignment feature would be more efficient. It would be fantastic if they could design it.

In comparison to CrowdStrike, EDR is less detailed. CrowdStrike provides more information about an adversary than SentinelOne.

Having a good EDR is a huge plus. In my opinion, it earns two points. The number will be nine if they can expand it with a more detailed one. 

I could complain about SentinelOne's pricing right now, but I am sure CrowdStrike is using its own staff to provide its clients with a complete solution. Being expensive is a little more reasonable than you think. 

Most people want to know why CrowdStrike is more expensive than other options.

CrowdStrike can assist you with their technical personnel, and CrowdStrike is the only provider who can assist you with their own threat hunters. SentinelOne is not currently doing this.

I have been using SentinelOne for three weeks.

I deployed it on my computer. I am testing it and trying to evaluate what is missing between the two products. I would like to see both of their advantages and disadvantages, which are not written. I am trying to gain real-life experience with these products. I have a lab. 

On these virtual machines, I have at least ten vendors. Some are legacy antiviruses, while others are next-generation antiviruses. I have worked with a variety of brands. These labs are being used for comparison.

I use automatic updates. As a result, it's most likely the most recent version.

The thing is, I can't say a thing about it because I need to digest a lot of data and launch a lot of attacks on SentinelOne, which I haven't done much of. Two or three assaults.

It was successful in prevention and detection, but I need to try some other methods to see if I can bypass SentinelOne.

This solution is currently being used by only two people. Myself and one of my teammates.

Not right now because things will be different in the real world, but we are only two computers with SentinelOne. So we didn't have that kind of experience right now.

When compared to CrowdStrike, the initial setup is more complex.

It only took me 10 minutes to install it on two PCs.

At this time it is only a trial. After the trial period, I am going to purchase two licenses from SentinelOne. To make comparisons too and continue investigating both products.

We simply want to compare in real-life conditions CrowdStrike, SentinelOne, Microsoft, and other legacy antiviruses such as McAfee, Micro, and so on.

If you are running an enterprise business, you should definitely go with CrowdStrike, but if you are on a tight budget, you could look into SentinelOne, but CrowdStrike is the better option. If you can stretch your budget.

If you need next-generation antivirus and EDR solutions or if your budget is limited, you can consider SentinelOne, but if you can increase your budget or convince your management to increase your budget, CrowdStrike would be ideal.

I am simply checking. I am not a customer. I am not a partner. I'm a CrowdStrike partner. I am only using it for my own needs. Because people frequently inquire about the differences between other brands and CrowdStrike. 

People come to me for CrowdStrike assistance. And I have to explain the key differences between the two products. And BattleKart does not accurately reflect the information. When compared to BattleKarts, the real-time experience is more valuable.

I would rate SentinelOne a seven out of ten.

This is an anti-malware and threat management product. We are customers of SentinelOne and I'm a system engineer.

We chose SentinelOne because of the protection it offers against ransomware. It provides good security that gives peace of mind.

We sometimes have issues with the disc space and that's because of the anti-ransomware technology they use. The volume of shadow copies becomes too large and we have to manage that. 

I've been using this solution for two years. 

This is a stable product. 

The solution is scalable, we have around 500 users in the company. 

I have issued some tickets to technical support and they were very responsive. 

Positive

We use an in-house person along with a third-party consultant for implementation.

I believe that SentinelOne is quite an expensive solution. 

This is a good product, but it has some issues so I rate it eight out of 10. 

We primarily use the solution for EDR to protect critical devices.

The AI feature is great, as are its automatic features. The solution can scan for malware easily. And then the ransomware protection is excellent.

It's pretty easy to set up.

The technical support is great.

The product can scale.

The solution just needs to step up and take on other solutions. Some are a bit stronger in comparison.

My improvements have been qualitative. For example, previously they didn't have a mobile device solution. However, two months ago, or three months ago they released the mobile version. Previously, they could only cover Linux, Windows, and macOS. However, two months, three months ago roughly, they start supporting mobile devices.

I'd like to see more documentation. 

SentinelOne documentation is only available to partners or people who own SentinelOne. There is no public documentation of SentinelOne. With other EDRs you can literally fix your problem by going to the documentation publicly. There is always public documentation. However, with this product,  public documentation is hidden from subscribers. If you Google some SentinelOne issue, you don't find any answers. There needs to be more public information about the product.

We added some sessions with a customer to go through testing, including a UAT session and testing session of the solution, and the customer listed some things they wanted to see in the solution. 

I've been dealing with the solution for 14 months. 

Overall, the solution is between 90%  and 95% stable. Sometimes it causes a blue screen and causes the device to crash. It causes servers or computers to crash. That's a huge gamble. You could install SentinelOne on your computer and if you do, there's the risk that your production machine could go down when SentinelOne came on. Stability is a gamble for SentinelOne. There's more chance of crashing your computer. And the only solution when that happens is to go and install it through safe mode.

The product is actually scalable.

Our customers are small, medium, and enterprise companies. We support all of them, both small and medium enterprising arms.

SentinelOne technical support is awesome. If there is a five-star option, I'd give them six stars. They give good support.

Positive

I'm also working with CrowdStrike Falcon. I have worked with Carbon Black as well. SentinelOne is better than Carbon Black.

The priority of EDR before any complex feature is the ability to detect and then prevent malware attacks. That will be main reason of an EDR. SentinelOne does a very good job of detection of online threats. Once you get targeted by a ransomware attack, SentinelOne will notice that. Carbon Black doesn't do that.

The implementation process is pretty easy. 

The pricing is reasonable. I'm an engineer and therefore can't speak to exact pricing. 

We're a partner.

We sell SentinelOne. We implement and deploy. We have a partnership, basically. 

I'd rate the solution eight out of ten.

My advice to other users is if you are going to any solution out there, number one is to make sure if there are issues tey can be easily fixed. With this product, you won't have to have a problem going for three months unsolved or going for two months unsolved. 

We primarily use the solution for endpoint protection. 

SentinelOne is very simple to install and very simple to manage. It's very aggressive, so it does protection well, and it seems to be stopping attacks that other solutions cannot.

The ability to integrate this product with an antivirus solution would be welcome. Even consolidation with more security products, like Umbrella networking abilities etc. to provide more on this platform, that would be great.

We have been implementing this product for our customers for a few months now. 

The solution is very stable.

We have implemented this product for companies ranging from 10 to 200 endpoints, with many hundreds of users and it has been fine with this volume. 

We get support from our local reseller in Israel and their support has been fine.

We trialed an ESET product, but it didn't provide us with the solution we needed. 

The implementation time depends on the size of the network but it's usually very short, no more than a day or two.  

The pricing of the solution seems reasonable, we got a discount but it still seems reasonable. The licensing cost is $3 to $4 per endpoint and can be paid monthly or yearly, with the price changing according to commitment. 

I would rate this solution a nine out of ten. 

I would say it is important to understand all the settings to deliver exactly what the customer requires. 

It is an endpoint solution. It is for our workstations and other devices to alert us to any kind of malware threats that might be lurking. 

In terms of deployment, it is through a managed service.

It is a good endpoint solution. That's the reason we chose it. We looked at other solutions, such as CrowdStrike, and based on the cost and the services it delivers, it was the better choice.

I would like to see a better control panel for the managed service side of it.

We have been working with it for about six to eight months. 

It is stable.

As far as I know, it is easily scalable.

It is through a managed service.

It takes a little time to put it in.

It is a good solution. You just need to check out the managed service part of it.

I would rate it a nine out of ten.

We use SentinelOne as an endpoint protection solution.

The overall integration functionality for this solution could be improved. 

I have been using this solution for three years. 

This is a scalable solution.

The customer support for this solution is good.

The initial setup is straightforward.

I would recommend that anyone considering using this solution first understand exactly how this solution works and what their business needs. 

I would rate this solution a nine out of ten. 

We are a company with several types of PC users. Our office ranges from marketing to sales, and we also have people who are remote on laptops all over the world, as well as an R&D department. Those people use PCs in different ways. 

We wanted a platform that has ways of dealing with various kinds of users, but we also wanted a central management so we could overview the state of all our endpoints with one view.

We use the central cloud interface to manage all our endpoints.

We only use it on Windows machines.

It delivers the type of security which we were hoping for, since we have a lot of different endpoint users utilizing different types of software. We have people who only use Office software, like email, Word, and PDFs. Then, we have people who use some applications that other people wrote. We also write applications in-house using people who develop software. Therefore, we have some machines using very high-end developer software for mechanical development, electronic development, and software development. Those users are used to managing their PC on their own. The centralize platform allows us to differentiate between those three groups of people. We have overall control and can oversee the security levels at all the endpoints. They have not yet been blocked in any way when performing the functions.

I have one instance where we had a trigger of an attack. Luckily, it appeared to be in an unregistered program created a lot of threats by renaming files. This was something that the employer developed by his own. This was an unknown program that generated a lot of threats to very quickly rename a thousand files. However, it was not an actual attack, but the behavior of that program was such that the AI protection of SentinelOne kicked in and alarmed us of a possible attack. One of our employees created a program just for his benefit. It had exactly the same behavior as a ransomware attack would have had, then it kicked in. This is why I'm confident that SentinelOne will also detect real ransomware actions. That is the only one instance where I encountered the Behavior AI software kicking in.

We haven't had any real attacks over the last year. We did have some intrusions mainly from suspicious files that people were getting via their browser and some attachments that I tried to open with double extensions. Luckily, in the last year, we haven't had any actual attacks.

The effectiveness of the solution’s distributed intelligence at the endpoint is 100 percent. We haven't had any incidents break through. We only see a very small reduction in PC performance.

The main reasons that we use SentinelOne are the antivirus and Behavioral AI protections. We have this solution centrally managed to see what endpoints are active, along with the latest software protection running. It also provides us external control, so we can block machines remotely, even if they are in another country, because we have account managers all over the world. All these features together protect us against strange behavioral programs.

SentinelOne's one-click, automatic remediation and rollback for restoring an endpoint is very handy. We had some issues with programs that were unknown by SentinelOne, then marked as suspicious and quarantined, because we also develop software ourselves and have software packages that were compiled in 1995 and don't conform to the normal rules. SentinelOne always marks those packages as suspicious because they do something different than they should when you compile them with current libraries of Windows, etc. Therefore, we had some interventions of SentinelOne where you can easily whitelist them and rollback the quarantine action so people who use those old-fashioned programs could easily continue with their work. 

This was only an issue during the first month when we rolled out the software, then it starts doing scans mainly on the R&D PCs, which was our great concern. Normal office use is fairly straightforward, but when you develop software (and we also develop software to communicate with our embedded systems), then the demands are a bit different. However, until now, we have been very happy with it.

We have had one or two occasions when we had to roll back off our Windows machine. Then, we had an issue with SentinelOne where we couldn't let the client make contact with the cloud service anymore. Therefore, the integration with the Windows Service Recovery could be improved in the future.

We have been using it for about a year now. We rolled it out in December 2019.

All the endpoints are running without problems. It is very stable. We have deployed several versions of agents. I haven't encountered any issues, apart from when that rollback occurred, and the SentinelOne agents were locked out of the cloud platform, and the only way to retrieve that was by installing it again by hand. 

Up until now, SentinelOne's effectiveness has been 100 percent.

We are a relatively small company with about 80 employees. Most things are offsite. We do not use automated things very much.

There are four users from the admin side.

Together with another colleague, we chose SentinelOne, then tested and deployed it. A few other colleagues have monitoring views in SentinelOne, e.g., if a site has to be whitelisted. 

I had one issue that I brought up with customer support. They delivered a solution in about two hours. It was related to the issue with the agent. I just issued an email, and in about an hour, the problem was solved. I was delivered a good solution: an uninstalling procedure and how to go about it. That's the only thing that we needed it, and the only time we needed the technical support.

Before this solution, we used McAfee, which was not enough for our use. Then, SentinelOne came into the picture. It not only had static virus checking (antivirus), but it also had the Behavioral AI features, like triggers, that we could investigate.

The McAfee solution that we had was more demanding, more expensive, and had less functionality. Three to four years ago, we had an incident with ransomware, and it wasn't detected at the time by the McAfee on all the points. There were two points that were affected. Since it wasn't noticed by the McAfee. we were considering other software solutions from that point on.

SentinelOne offered a good solution, which is the main reason that we went with them. It was easy to manage, although we didn't use McAfee the way we use SentinelOne right now. McAfee was incorporated in our company about 20 years ago, so we probably didn't use all the facilities that McAfee can offer now. 

SentinelOne made us a good offer, especially regarding the Behavioral AI aspect of the protection. Therefore, we just wanted to see what they could offer us. After a year, we are still very satisfied.

SentinelOne had a smaller footprint, both in resources and time-wise, as in load, than the McAfee solution that we had previously.

The initial setup was fairly straightforward. It was very easy to start up. You didn't have to go into a lot of documentation to roll it out. We used the management from the central platform, not our own central platform on-premise, and did it on the cloud version. This way, it could be delivered and updated remotely.

The deployment took a week. We deployed it to about 90 endpoints.

We just had a discussion with the SentinelOne service provider onsite. He gave a revision of how SentinelOne should be deployed along with some examples. Before we deployed it to the entire company, we had a testing time of about two months. 

SentinelOne has reduced incident response time. The two main pillars that SentinelOne helps us with: 

1. Central management: I can ensure management that if there is a breach all the machines and endpoints are up-to-date and protected. 
2. SentinelOne allows us to switch off an endpoint remotely, which we could do previously. Most people are on-premises, but there are 15 to 20 people all over the world with laptops connected everywhere. 

It saves a few hours a week for one person, because you can see the statuses of all the machines in one place. 

It was cheaper than McAfee, which was a way to convince management to go with the solution.

At the moment, we are very pleased with the solution.

We saw the Storyline technology briefly. However, the Storyline is only when you have actual attacks, and they are not caught in the beginning. Most of our attacks were caught just by static recognition of the files, so there was no story because the file was not allowed to activate. In the beginning, we did some fake file checks in an enclosed surrounding and in a CM setup, which is how I saw the Storyline facilities, but we don't use it.

I would rate this solution as a nine (out of 10).

We were looking for an EDR solution to get the best protection available, especially against ransomware. For us, any EDR solution needed to be supported by a 24/7 SOC.

We deploy it on-premise, in all of our factories and branch offices, worldwide.

Security operations have been improved as SentinelOne is easier to manage and update compared to most traditional anti-malware products. It enables us, for the first time, to have global knowledge of what's happening in all of our subsidiaries. Previously, each of them had a local antivirus solution.

• Easy to install and update
• Management Console in the cloud
• Ability to partition it in "sites" (our subsidiaries) with local site admin
• Overall good quality protection

Also, in terms of impact on the endpoint, we carefully manage endpoints for specific purposes (such as for connection to industrial machines) to avoid the false positives that are quite typical in a behavioral engine like SentinelOne. But generally, the impact is quite low, and the Management Console and SOC support allow us to check if everything is working properly or not.

In addition, one of the features that convinced us to adopt SentinelOne was that the solution can recognize and respond to attacks with or without a network connection. That is very important.

We started to install SentinelOne on the first endpoints in August of 2019.

Generally, the stability is good, but I would like to see better stability from the solution. The stability issue is partially a con of a behavioral-based product, but being behavioral-based, it also has a lot of pros.

The scalability is good. At present, I can't see scalability limits.

We have SentinelOne installed on almost 1,700 endpoints and have one main admin for deployment and maintenance and about 20 local site admins.

We have some factories and branch offices where the solution is not yet installed. We hope to complete most of them by the end of this year and, by then, have it installed on about 2,300 endpoints.

Support is quite fast to solve problems. The SOC is very good and really operates 24/7. When necessary, they contact SentinelOne support directly and their replies, generally, are quite fast.

We used traditional antivirus solutions. None of them could stop ransomware attacks and that's the main reason we choose SentinelOne.

In terms of the time it takes for SentinelOne to catch malware compared to our previous platform, the results are similar, with an advantage of SentinelOne being its discovering of Zero-day threats and ransomware.

A SOC provider showed us the product, and we worked out a global agreement for EDR and SOC with them.

The initial complexity was mainly related to finding the right exclusions to avoid false positives, especially with endpoints running technical and industrial software.

The rollout in our main company, with about 600 endpoints, was completed in about three months, including the initial fine-tuning for the AI engine.

In terms of our deployment strategy, in the first company where we installed SentinelOne, we chose to maintain our traditional antivirus product, and run SentinelOne together with it. The decision came about because we were not initially confident with SentinelOne. When we deployed it later to all of our subsidiaries, SentinelOne replaced the local antivirus solution.

Main support was provided by the SOC company, working together with our IT Staff.

We have seen a good ROI about the SOC service and the product.

The solution's price/performance ratio is reasonable.

In addition to the standard licensing fees there is, of course, the SOC service fee.

We evaluated main SOC companies and the solutions they provide. Most of them required a SIEM platform but not specifically an EDR solution. In the end, we chose the best and most affordable combination of SOC and EDR.

My advice is to start with a few endpoints and become comfortable with SentinelOne, and test the exclusion rules for endpoints running specific software.

At present, it looks like the most advanced EDR solution on the market, but I think we have to stay tuned to the market and to what's happening in cybercrime, as 100 percent security doesn't exist.