SentinelOne Singularity Complete Reviews

Our main use case is to protect all the Linux servers. We use it only for servers, not for users.

SentinelOne Singularity Complete is one of the most mature solutions available. It shows great benefits over time.

We can install filters to analyze every alert, and make some whitelists, blacklists, and exceptions, thus helping reduce alerts.

It can reduce the organization's risk. It gives better control to our limited team resources.

It already has AI capabilities, which is one of their advantages.

When you select a policy for a type of server, such as an Active Directory, we can apply a dedicated policy. We can have a dedicated policy for Exchange Server and a dedicated policy for MS SQL, Oracle server, etc.

The interface of SentinelOne Singularity Complete is user-friendly, and we can quickly find what we need.

The main issue with SentinelOne Singularity Complete was the process memory used for Linux servers, which generated a lot of tickets and incidents due to the high load of disk consumption and memory. The problem was on all systems, but especially on Linux servers. It might have already been fixed.

SentinelOne Singularity Complete is the best EDR in the market, but it will evolve, though I have concerns about using US partners in Europe due to the geopolitical context. It is better to work with European companies.

I have been using SentinelOne Singularity Complete for approximately four years.

For stability, I would rate it a nine, as I have experienced only the issue of overload.

The technical support from SentinelOne Singularity Complete is very active and good, with a strong knowledge base available online. The response time of technical support is satisfactory and acceptable.

I would rate their support a nine out of ten based on reactivity and the solutions they provide; this is based on my team's interactions, not mine.

For Windows servers, we are using Defender. SentinelOne Singularity Complete is only used for Linux servers. 

The initial setup was not really complex; we only needed one on-premise management server to deploy to different servers. It took about two months for about 300 servers.

I am the third party assisting in the deployment.

I don't know about the licensing model. It seems easy, but it's not my area of expertise. I don't have information on how it compares to its competitors, but the pricing is per device.

We conducted some PoCs between SentinelOne Singularity Complete, Defender, and Carbon Black, and we decided to go with SentinelOne Singularity Complete based on usability. 

It is unclear if it has helped reduce our organization's mean time to detect or respond because we have a platform with four people, and we are using SOC as well. Our main activities are done by four people, and we don't have much time to conduct thorough investigations.

I cannot assess SentinelOne Singularity Complete's ability to be innovative because we stayed with it after choosing it and never compared it with others.

Overall, I would rate SentinelOne Singularity Complete a nine out of ten because nothing is perfect, but it is close.

I use SentinelOne Singularity Complete on our servers, specifically in our remote desktop services environment. I also use it alongside ESET for our workstations. Our environment isn't huge, with about 30 people, although we've had up to 50 users. I mostly use it as a security solution.

We have noticed a reduction in alerts since implementing SentinelOne Singularity Complete. 

The security aspect is the most valuable feature for me. Although SentinelOne Singularity Complete is marketed as providing superior blocking capabilities, my experience has varied. It has helped reduce alerts compared to other security solutions, which can be a positive feature since constant alerts tend to be overwhelming. However, this also leads to uncertainty about whether the solution is doing its job effectively.

The solution could improve its notifications and communications. For example, I don't receive much information about what threats have been blocked. A weekly report logging blocked threats would be helpful. Additionally, there should be a balance between too many notifications and no notifications at all, as neither product I'm familiar with strikes a comfortable medium.

An agent of ours clicked a link in an email that initiated what appeared to be a ransomware attack. The only thing that prevented the attack from succeeding was a free version of Malwarebytes that was running on the session, which effectively protected against it. The MSP confirmed that SentinelOne failed to detect the threat, but the free Malwarebytes version ultimately prevented it from impacting or compromising our systems.

Singularity Complete's interoperability with other SentinelOne solutions works well, but it doesn't work well with other third-party tools. Initially, it conflicted with the ESET we use on our workstations and the staff computers, and then they had to set up a white list for that.

I have a year and a half of experience with SentinelOne Singularity Complete.

SentinelOne Singularity Complete sometimes conflicts with third-party solutions. Initially, it conflicted with ESET on my workstations, requiring a whitelist setup. This indicates room for improvement in stability when interacting with other solutions.

My deployment is relatively small, and SentinelOne Singularity Complete works within those constraints. However, it is more of an add-on than a tool for consolidating security solutions within my organization.

My experience with SentinelOne's customer support has been mixed. We were performing a software upgrade for our Office Suite, which required temporarily disabling SentinelOne on the server. This was necessary because we were removing and reinstalling software. However, we couldn't simply request that our MSP disable it immediately. SentinelOne's policy required the MSP to contact their company and schedule the deactivation at least 24 hours before. Although we notified the MSP 12 hours before our intended start time, we could still not proceed as planned. Consequently, we had to postpone the project by an additional 24 hours.

Neutral

We previously used ESET on our servers, but our managed service provider recommended switching to SentinelOne Singularity Complete. ESET provided more frequent notifications, alerting us when it blocked something, which was helpful, although sometimes a bit excessive, similar to Norton products. While not quite as intrusive, finding a comfortable balance between ESET's transparency and Singularity Complete's lack of communication is challenging. Neither product offers the ideal middle ground; it's either an overwhelming number of notifications or none at all.

The initial setup was handled by the MSP, and I was somewhat against it from the start because I had heard rumours about it being a significant resource hog. My only concern was that I didn't want anything that would negatively impact the environment and slow it down, as the agents don't have time for that. Unfortunately, right from the start, we experienced the very impact I feared. Agent logins, which usually took around ten seconds, took six to seven minutes.

The deployment was completed in one day.

My implementation involved three people: myself, the marketing VP, and a former IT staff member. I had to reboot the servers, which caused minimal downtime.

Other than some delays initially with the agents and then during a software upgrade, there hasn't been any significant impact on ROI.

I did not notice a significant increase in cost after adding SentinelOne. It was close to the previous year's cost, which could be an annual increase unrelated to SentinelOne.

I rate SentinelOne Singularity Complete seven out of ten.

When we first deployed SentinelOne Singularity Complete with remote desktop services on our RDS server, we encountered problems. The software was running multiple instances of itself, one for each user session, in addition to the instance running on the actual server hardware. This caused the server to run extremely slowly, with users experiencing login times of six to seven minutes before reaching their desktops. To fix this issue, the MSP changed it to where it wasn't running independent sessions. It would just run on the server itself. It took the MSP half a day to make the changes.

SentinelOne Singularity Complete can be a decent solution for environments with newer hardware that can handle the overhead. It has a reputation for being secure, but its impact on performance was not suitable for my environment.

As a company with 30,000 employees and 26,000 endpoints worldwide, we have diverse operational needs that SentinelOne Singularity Complete effectively addresses.

SentinelOne Singularity Complete effectively addresses numerous challenges. As a cloud-based SaaS solution, it seamlessly protects office and remote workers, safeguarding laptops and other devices. Its comprehensive coverage extends to cloud infrastructure across multiple operating systems like iOS, Linux, and Windows, including Kubernetes environments. This versatility, coupled with its ability to fulfill various use cases, has made SentinelOne Singularity Complete our trusted security solution for the past four years.

SentinelOne Singularity Complete integrates with our other security solutions, correlating data from NDR, ADR, SIEM, and XDR tools. All this information is consolidated within SentinelOne, providing a centralized access point.

SentinelOne Singularity Complete has helped us streamline our security operations by consolidating multiple solutions into a single platform. We are currently in the process of acquiring a threat intelligence platform to complete our security stack.

We use Ranger to monitor our network and track connected devices. This is crucial because it helps us quickly identify unauthorized machines connected to our infrastructure, including personal devices. We have additional security measures in place, but Ranger provides an extra layer of protection. It also alerts us if the SentinelOne Singularity Complete agent is missing from any new or existing machines, allowing us to take appropriate action.

SentinelOne Ranger's agentless and hardware-independent nature is crucial for our environment with 26,000 endpoints, as manual management of such a large number would be extremely challenging.

Ranger uses a multi-layered approach to prevent vulnerable devices from being compromised. We employ scanners, network configurations, and a risk scanner to assess devices, endpoints, servers, and cloud infrastructures. Vulnerability reports and timelines for remediation are shared with device owners or custodians. This proactive strategy enables us to address vulnerabilities efficiently and secure our infrastructure.

SentinelOne Singularity Complete has significantly enhanced our security posture. While no system is impenetrable, this solution has brought us closer to achieving a high level of protection, ensuring we maintain at least a 90 percent security level.

Our team is dedicated to refining alerts and eliminating false positives from our solutions. Additionally, a team is responsible for identifying and excluding alerts from the solution. We can manually expedite this process by reviewing these elements and utilizing our security tools. We have been able to reduce the alert volume by 20 percent.

Our 30-member Security Operations Center team has been able to redirect their focus to other tasks due to the time saved after implementing SentinelOne Singularity Complete.

SentinelOne Singularity Complete has helped us improve our mean time to detect threats, which we accomplish using the Vigilance service for detection and response.

SentinelOne Singularity Complete has helped us decrease our organizational risk. We utilize the Security Scorecard to manage our security posture, which has remained steady at 90 percent.

Unlike other endpoint solutions like Kaspersky or Trend Micro, SentinelOne's agents are exceptionally lightweight, updating seamlessly without consuming significant network or system resources. This ensures smooth operation and user-friendly control. Moreover, SentinelOne's support team is highly competent, providing timely assistance and going the extra mile to resolve any issues.

When SentinelOne Singularity Complete is used as the central hub for viewing alerts from all integrated security solutions, it is challenging to identify the specific solution that triggered each alert.

I have been using SentinelOne Singularity Complete for almost four years.

SentinelOne Singularity Complete is stable.

The technical support team is quick to respond to and resolve our issues.

Positive

Our hybrid environment has raised security concerns for management, leading them to seek an all-in-one solution. After conducting multiple proof-of-concept tests for endpoint security, they determined that Kaspersky was insufficient for their needs due to inadequate functionality and management complexity. As a result, they transitioned to SentinelOne Singularity Complete.

SentinelOne is actively developing new innovations and introducing additional integration platforms.

I would rate SentinelOne Singularity Complete nine out of ten.

SentinelOne Singularity Complete offers comprehensive endpoint security by automatically updating without impacting bandwidth. Unlike traditional signature-based solutions, it employs a behavior-based approach to detect and immediately address malicious or suspicious files and processes.

We are 100 percent confident with SentinelOne as a strategic security partner.

Maintenance has been seamless, and while SentinelOne does notify us in advance of any required downtime, I haven't experienced any interruptions in the past year and a half.

With 30,000 employees and 26,000 endpoints worldwide, our organization has implemented SentinelOne Singularity Complete across all endpoints.

We have it for all of our client machines and servers. It is the antivirus solution for all clients and servers. We are also looking into going further with their log analysis portion. We are working with them in terms of pricing.

The overhead on the CPU is minimalistic, not taking up too many system resources.

Making exceptions and exclusions through the console interface is smooth, providing a very good experience. The clients communicate with the web console in less than a minute, which is much faster than other solutions such as Malwarebytes.

SentinelOne has helped us with consolidation. We have Malwarebytes installed along with SentinelOne, and we are moving just to SentinelOne. SentinelOne has the most widespread and up-to-date coverage because of the fact that we can deploy it fairly quickly. Its rogue detection feature helps catch systems missed during initial deployment. We are the most up-to-date now. 

It saves time for the staff once it is up and running. Once the system has gotten used to everything, it just works. There is a six to eight-month learning curve for the system to get used to your servers and software.

In the beginning, we had a fair number of false positives coming across, but once the system got set up, it has been pretty much running on its own. If we are running a lot of internal IT scripts for applications that are triggering the antivirus, it might detect that as suspicious. We have to configure it to exclude things. Overall, it is pretty smart. Its automation is working fairly well for us that way. 

As a strategic partner, they have been very vocal with us. They have been communicative and supportive. The product itself is robust. We have not had any situation where it failed and broke the computer. There is no CrowdStrike-type scenario going on.

Based on the updates they have done, they are focused on advancing the product. There is a constant evolution going on. The system is getting more robust. We are advancing and not digressing anywhere in terms of technology.

We moved from ESET, and we find that the licensing scheme, particularly how the licenses are attributed to clients, is pretty nice compared to what ESET offers. We work in a highly virtualized environment. We have roughly 150 to 160 virtualized clients that are refreshed daily. Every night, the systems refresh. With the old antivirus solution, the licensing would count into the thousands, necessitating manual deletion. Luckily, SentinelOne has a feature to decommission automatically, which has been fantastic. 

One area for improvement is automated deployment. I use it through a group policy. I put in the PC name, and when the user logs in, if the PC is in that group, it attempts an MSI install through Active Directory via GPO. That seems to play a little havoc and can conflict with manual installs, causing issues where it wants to delete and reinstall the client. To resolve this, I remove the computer from the security group, and it then stops complaining. The automated installation could improve in this regard.

We have been using SentinelOne for one year.

I would rate their support an eight out of ten. The rating would be better if they picked up the phone and had someone talk immediately. We are using the automated email process for support, and they respond within an hour or two hours sometimes.

Positive

We had moved from ESET.

We have not been hit since using it. I have experienced a ransomware attack only once, a few years ago, with minimal damage. Since then, I have not faced any intrusions, which is one reason I chose SentinelOne over ESET.

It has not helped us save costs. We are increasing costs because we are going more toward the avenue of protecting as a city. We have been watching other cities around us get hit, so there is more focused attention on protection at this level. We are moving to the complete license solution and looking at expanding that into Vigilance.

When it comes to interoperability, we are going to look at some integration with our FortiGate system for the firewall to help analyze the logs that come through there. We are slowly moving from stopping the intrusion to more like a preemptive, preventative focus.

To those considering using this solution, I would advise digging into the console and taking the time to learn. Some people complain and find it confusing, but understanding the system's ins and outs is crucial. The console is well laid out, so it is worth taking the time to learn it.

The quantity of detection is quite a lot in the first few months. The product has a learning curve, so you have to guide it in the beginning so it gets used to the scripts and applications that are running in your system. We have created quite a list of exclusions, and I always take the time to look at each one. Since September 2024, false positives have been reduced to one every two weeks.

Overall, I would rate it a nine out of ten.

This is an Umbrella platform that provides endpoint security as well as cloud security and provides ingestion like identity and network protection. These are the use cases we work with our clients as per managed security services. It provides great endpoint and cloud security services.

With the AI-based capabilities and the high detection rate, the mean time to detect and mean time to resolve the complete dwell time is less on that particular point. This really directly helps in that area.

The feedback is very good. Detection time and mean time detection, all the security metrics like mean time to detect and dwell times, make SentinelOne Singularity Complete great from the Sentinel point of view. It also provides the MITRE ATT&CK metrics on the dashboard, which helps us to understand tactics and techniques.

There are multiple features such as network controls and device control. We can manage the device as well as detect any unprotected or rogue identity and rogue endpoints across the enterprise. All of these are great features from SentinelOne Singularity Complete.

It reduces the manual intervention time. It reduces the alert noise and now has the AI capabilities to drill down that particular event or incident.

In terms of enhancement, SentinelOne Singularity Complete may increase to include some agent for email protection.

I have demo experience, not production work on the AI Purple where we can take the data from multiple vendors or from Sentinel, and it will provide the enhanced observability and visibility. I have a couple of demo level experiences because that product we are not using right now.

Scalability is also a nine.

Technical support is also good. I would rate it around nine. When we have any escalation or something, it is very helpful in that area.

Positive

It is a simple process.

We are the managed service provider, so we help our clients. Sometimes it requires some advanced level of configuration or implementation.

CrowdStrike is the main competitor, along with Palo Alto Cortex and Microsoft Sentinel. These are the three main competitors for the product range from SentinelOne.

It is very hard to compare on this point until we have any kind of detailed one-to-one comparison. It actually depends on the use case on how we are implementing and which services we are opting. SentinelOne provides MDR and EDR detection, so it is a very great portfolio when compared. However, every peer competitor is also evolving day by day, so it is very hard to tell on that point.

It is helpful because it provides the data ingestion from other vendors also. SentinelOne Singularity Complete, from the end user perspective, provides the complete security protection, which is the first thing we are looking for. It has very few false positives. With device control, we can manage the device inventory as well as compliance as per the standard working. These are the features which SentinelOne Singularity Complete provides.

SentinelOne Singularity Complete is a very great product. Network discovery and device control and these features are very helpful for administrators and cybersecurity analysts to help the cybersecurity portfolio correctly.

I would rate this review a nine overall.

We use SentinelOne Singularity Complete for all of our endpoints, including virtual machines, physical servers, and laptops.

The solution gives us a good sense that the systems are secured against malware, drive-by fileless attacks, and advanced behavioral attacks. This is our primary reason for having the product, and it does a good job in that regard.

It does not require a lot of management. It is hard to quantify the time savings but it does not require a lot of our time. If I spend an hour a week on it, that is a lot.

It is hard to quantify the reduction in the mean time to detect unless you are a pretty big organization and you are tracking that. However, it has been able to detect things and alert about them pretty much instantly in the console. We also get emails right after that. In terms of the Vigilance MDR service, one Saturday morning, I tripped an alert for something I was doing. I thought of waiting and seeing how long it would take on a Saturday morning at 10 AM for them to jump in and figure it out. They took about 20 minutes.

Any good endpoint security product should reduce your organizational risks, and SentinelOne Singularity Complete has done that. It is almost impossible to quantify the reduction.

We were able to easily realize its benefits within 30 days.

The console is light years better than the CrowdStrike console, which had just a bunch of different screens cobbled together. It is much more unified and much easier to work with. It is very nicely designed. It is one of the better user interfaces I have ever seen for web application management. 

The product is pretty easy to manage and pretty easy to deploy. It also has a pretty low resource footprint.

The false alerts can be annoying, especially during administrative tasks. We have had a number of occasions where the software impacted a third-party application, so the application would either not run or exhibit other technical issues. We were also not getting any alerts in the console to indicate that SentinelOne was having a negative interaction with the product. Finally, after hours of troubleshooting, we turned off the endpoint security for the product, and the application just started working fine. We have probably had a good half dozen of those. It is quite annoying.

I have had experience with SentinelOne Singularity Complete for two years.

Their support is top-notch. I have been in the business for thirty years, and I have dealt with just about every support company out there. I am used to mediocre enterprise support, but SentinelOne's support is very good, deserving a ten out of ten.

Positive

We were running CrowdStrike prior to SentinelOne. We were using CrowdStrike Complete, but it was simply way too expensive to sustain for our budget. We were looking for something that was equally capable and did not have a huge price tag with it, so we ended up going with SentinelOne and their Vigilance MDR service.

SentinelOne Singularity Complete has not helped us consolidate other solutions. It was a one-for-one replacement for CrowdStrike. It has not helped us to get rid of anything at this point.

I have used Bitdefender in the past. We had their GravityZone Ultra, which had XDR Complete, but there were so many alerts. We would literally spend hours. We would pick a day a week or a day every couple of weeks and try to trace down alerts and clear out the console. From that perspective, SentinelOne does give off fewer false positives. However, when we are dealing with administrator or network administrator or developer tools, for obvious reasons, they tend to trip the alerts on the product. For normal end-user work, there are seldom any false positives or alerts that are not valid. It is almost never. I am the IT director, and it is always tripping on things I am doing. When I install some encryption software or disk wipe software, I get many alerts in SentinelOne, but for the actual end-users, typically, we do not get any false positives.

We use their public cloud. We deploy the agents ourselves. We do the updates through their public cloud, but we do the initial deployment ourselves.

The initial setup was pretty straightforward. There are some nuances to the product, naturally. It is an enterprise-class endpoint security product, so there are things that you need to learn and understand about how it works. The same is true of CrowdStrike, Palo Alto Cortex, or any other product in the same category.

We have multiple locations with about 35 remote users.

We used their onboarding service, which was very helpful because we would have meetings every week or two with the actual SentinelOne employee engineer to talk about our deployment and ask questions about particular features and best practices. It was worth the extra expense.

I had one other network administrator working on it with me, and I just assigned him the task of deploying software and working with me on some of the policy configurations.

I do most of the maintenance on it. The maintenance typically requires adding an exclusion here or there, troubleshooting an issue, or uploading logs for support to look at an issue or a question that we have. I do not spend 50 hours a year on it.

SentinelOne is significantly less expensive than CrowdStrike. I recently did a price comparison between CrowdStrike and SentinelOne to determine where we are going for the next three years. CrowdStrike is 200% to 300% the cost.

For their complete service, we were paying CrowdStrike 45K for 85 endpoints for a year. We have stepped down, and we are doing MDR and not having SentinelOne manage our policies and things. We have 200 endpoints, and our yearly cost is 17K, so we have gone from 45K to 17K. From a detection standpoint, depending upon which MITRE framework tests you look at, both vendors jockey up and down in the top ten. They are pretty comparable from a performance and efficacy standpoint, so there is not a 200% to 300% gap there.

I always do a round-robin. My final three ended up being Palo Alto Network's Cortex product and CrowdStrike's Falcon product, the lesser version of their MDR Overwatch product.

The thing that I did not like about Overwatch was that they would tell you that something was going on and here is what you should do, but they would not help you with it. SentinelOne was a little bit more helpful in terms of hopping in. Ultimately, Palo Alto is not support-friendly. I use Palo Alto Firewalls, and their support is not that great. It has not been for a while, so I hesitate to go into their endpoint security as well. It is also expensive. It requires a lot more infrastructure and cost to deploy. It is probably more akin to CrowdStrike from a cost perspective.

I briefly considered Bitdefender's MDR solution using GravityZone where they did the MDR piece of it. It was probably half or a third of what we would have spent for SentinelOne, but I did not have the sense that it was quite the next-gen product that I was looking for, even though it scored pretty well.

All these are very similar because they base their activity on what a piece of software is trying to do on the system. It is a real-time behavioral analysis. They do not use predefined signatures from the last 25 years. They are trying to do things in real time. In terms of how long it takes to have visibility into what an application is doing and how quickly they can lock it down once they have the visibility, each vendor scores differently, but each of these three would generally be considered in anybody's top five.

SentinelOne is fairly innovative. I like what they are doing with the integration of their Purple AI for being able to do real-language queries of their telemetry data. You do not need to know all the correct syntax, which helps us non-SecOps folks who have to dabble in it periodically. We can do real-world queries. I have not asked for pricing on that. It is probably more than I want to pay for it, given that we do not get too much use out of this kind of feature, but they are continuing to innovate in that regard. From that perspective, it is a good product.

SentinelOne Singularity Complete is very mature at this point.

We have not yet had an occasion to integrate it, although, in a couple of weeks, we are going to be integrating their Cloud Funnel service with another MDR provider, Red Canary. We have not done that yet, and we have not made use of their other interoperability pieces.

They have two Ranger products. One is the Ranger Identity Protection product, which is kind of an add-on product, and the other one is more of a rogue detection product. We did subscribe to the Ranger Identity Protection product, but it was so difficult to work with that we finally stopped using it. It was a subscription.

Our correlation is whatever is going on in the endpoints. We are not pulling in Palo Alto firewall telemetry, or Okta or O365 data at this point, but we are moving in that direction. We are simply using it for endpoint security and for their Vigilance MDR service.

SentinelOne is good as a strategic partner. We are in the third year of our three-year contract and plan to continue with them. We are not going to go directly to them. We are going to go through one of their partners, Red Canary, but we will be using the SentinelOne Complete product and then using Red Canary to do the MDR along with active remediation and SIEM ingestion of our Okta data, our Palo Alto firewall data, and our O365 data. They can then begin to cross-correlate events and attacks across different attack surfaces of ours.

I would rate SentinelOne Singularity Complete a nine out of ten.

We primarily use the solution for EDR, which it does in a brilliant way. We are also using it for log management. We can use it for investigations, reporting, and security incident management.

The most important aspect of the solution is that the load on the machine is not very high. It doesn't take up battery resources.

The solution prevents ransomware and other threats.

So far, it is working brilliantly. The dashboards and UI are user friendly, as is the ability to configure as needed.

It seems to have a lot more capabilities. The XDR capabilities, in particular, look very strong. We're currently looking into that.

If we want to do integrations with third parties, we don't have very many challenges around that.

The ability to ingest and correlate across our security solutions is very useful. It's impressive. The AI engine it has is excellent.

It helps us consolidate our security solutions.

While it does not allow us to reduce alerts per se, it does a good job of correlating. The way it's integrated into the SIM, it's working to the expectations we have.

The solution helps free up people so that they can work on other tasks. We don't have to grow our team too much now. My security team is actually quite small - about five people. We all get more time to handle other tasks.

We've noted that it does help reduce mean time to respond. We can identify events easier and those that are most critical are brought to the forefront. Previously, we were in the dark. Now we have so much more visibility. It's been a huge improvement. 

It's effectively helped to reduce organizational risk. 

They are still largely an EDR product. The MDR side needs to be demonstrated. They need to make zero trust more robust. 

I've used the solution for around two years now.

I'd rate the solution's ability to scale eight to nine out of ten. 

The SLA is good and the support team is quite impressive. They are very quick. I never need to escalate.

Positive

We were using Sophos and Symantec previously. We switched as SentinelOne took up fewer resources and could support a Linux environment. 

The initial setup is fairly straightforward. 

It's giving me confidence that my network is protected. The ROI is not so much cost savings as security on offer. We can safely sustain our business and secure our data assets. However, the time and cost savings we've seen are quite good. 

The solution is moderately priced. It's a valuable solution to have, however. 

We are evaluating Crowd Strike at the moment. 

We are a SentinelOne customer. 

The quality and maturity of the product are good. It's one of the market leaders. It's delivered on what it's supposed to do. 

I'd rate the solution nine out of ten.

They are a good strategic security partner. They have the right credentials. They're offering a relevant service and it helps me communicate to my customers. I rate them very highly.

We use SentinelOne's EDR platform. We use Ranger for network discovery. It helps to find out any endpoints that do not have an agent or rogue devices that may come up on the network that are not protected. It allows us to isolate them until we have the proper protections in place.

We are starting to delve into Identity.

The EDR platform has helped us achieve our business goals by providing the best security against ransomware, which is the number one threat to our business.

We have seen a lot of benefits since we deployed SentinelOne many years ago. We were able to consolidate around eight different antiviruses globally. It saved us licensing costs, human capital, and the amount of time it takes to keep up with some of the legacy technologies.

Other than that, the product gives us so much visibility to things. We did not have that visibility before. It also gave us access to every endpoint globally from a single platform. My engineers and my SOC operators are able to touch every endpoint globally in a matter of seconds. We are able to consolidate all the data that we are getting from the platform. We then build rule sets and protections and automate playbooks to be able to help save time so that we can focus on some of the bigger threats that we have.

SentinelOne has had a huge impact on our risk management posture. In my viewpoint, any threats, especially with ransomware being the biggest threat to our business, can lead to downtime for operations. If manufacturers are not making the product, we are not making money.

SentinelOne has helped us improve our analyst efficiency because of the simple fact that it is a single singular platform where they have access to every endpoint data that is out there in the world in our scope of devices. It gives them the ability at their fingertips to dive deep into the telemetry data that they need to make a justification or make a decision about a threat.

SentinelOne helps us reduce noise. We also leverage SentinelOne Vigilance as a managed service provider, which takes away the load from my analysts. It enables us to develop playbooks to cut down the noise and helps us to prioritize what matters the most, which makes us way more efficient. It makes us speedier when it comes to the time to react to a threat.

SentinelOne, especially the Vigilance team, helps us to reduce false positives. It is not only because the technology itself is so good at what it does; it is also because of the information that we get related to a threat or an alert. The information is enough for us to have some sort of disposition on what that is. We can then write a rule or mute that through a click of a button so that it is not constantly coming to the surface.

SentinelOne helps us with our incident response process tenfold. We have so many options, from automation to using Purple AI, to give my analysts more confidence in their abilities. It is an amplifier. It is not a replacement. It is a way for them to build their confidence and skill set, but it also increases our efficiency and our time to respond to threats. The storylines with SentinelOne were probably one of the first things that caught my attention back when EDR was new to the market. They help the analyst develop a storyline or improve the storyline that they have already developed.

SentinelOne helps us with our mean time to detect by the fact that we have every endpoint consolidated into one platform. We have the prioritization based on the rule sets, the type of devices, the classification of the data it holds, or the classification of the department or the sensitivity of a manufacturing process in that environment. These methods help to cut the detection time for my analysts.

The platform provides multiple ways to communicate. With the addition of Vigilance and their main services, there is a very drastic reduction in the mean time to respond based on the information they give us. The information that we receive from those methods helps us to make a lot quicker decisions with the threats.

From an organizational perspective, SentinelOne helps me and empowers my team to be able to communicate to the business about some of the adversarial threats that we have in our environment. A lot of times when an endpoint or a production or line unit is impacted, the teams come to us with reports of a false positive, but in fact, it is not. SentinelOne helps us to educate, inform, and reinforce to the organization why we are here. We are here to help. We are here to help the business grow.

When we first looked at SentinelOne, we had a very distributed legacy antivirus environment. Through SentinelOne's platform, we were able to consolidate about eight different antiviruses globally, thus saving money and time. There were savings in terms of human capital or the amount of time it takes to keep up with some of those legacy technologies.

Like any vendor, SentinelOne had its challenges, but throughout our history as a partner and as a customer, they followed through with every commitment they made. That is huge. I do not look for a vendor, I look for a partner—a long-term partner. CISOs need partners to be successful. We have to lean on each other. There are things that they can do to improve the console or improve the product, and they are making strides in it. One value that I can bring to them is the fact that I am on the advisory board. As a customer, we bring problems or challenges or even opportunities to them that they take back to their product teams and marketing teams to come up with a solution. Being able to ride side by side with some of the developments they are making now, in the near future, or in the far future is pivotal to the success of a security organization.

We have been using SentinelOne's EDR platform since 2018.

The support teams speak various languages worldwide, which is beneficial for a multinational corporation like ours. We have teams across the world, and having support in native languages saves us time and increases efficiency.

Positive

We had a very distributed legacy antivirus environment before and selected SentinelOne for its consolidated platform.

We are also using a different SIEM solution currently but are considering migrating to full XDR in the future. We rely very heavily on managed services and Vigilance. We have a small security team, but over time, we will be able to build some hybrid models or hybrid approaches and start to go towards XDR.

When we looked at the EDR, having a single agent was a big deal. We have come a long way since then, but one of the primary reasons why we chose SentinelOne was their ability to package everything from a single agent.

The ROI is significant with SentinelOne, as it saves us money, time, and human resources by consolidating eight different antiviruses into one unified platform globally.

SentinelOne makes licensing easy by reducing the number of modules or packages that they have to offer. A lot of other vendors make licensing very complicated with separate modules or separate costs. By bundling necessary features, SentinelOne ensures that security leaders are not left confused by options. This bundling of necessities has served our needs well.

As they bring on more technologies and more offerings, they are either bundled with the premium packages or other packages they have or they are bundled separately as another SKU.

We compared SentinelOne against its competitors while evaluating EDR solutions. SentinelOne stands out to me from the competition because they stand by every commitment they make. They are extremely transparent and extremely collaborative with the customer base. They take back everything that the customers bring to the table and make the product better. It is a two-way street. We also have to give. We are giving that money for a product, so we are investing in them. At the same time, we want to have a voice. They allow us to have a voice. The fact that they are a true partner sets them apart from the competition.

Their transparency, their willingness to work with customers and receive feedback, and the humility to admit their faults but figure out a way forward with their trusted partners or customers set them apart from the competition. They have done a good job of getting the endpoints correct. They have done a good job at saturating the market with such a good endpoint product. The endpoint data is the most critical telemetry data that we have. If you think about network and email, those are all delivery methods, but a crime is only committed at the target location, which is the endpoint. With that being the most valuable information we have, they have done such a good job with that. They are already there at the endpoint. There are a lot of other things they can do to improve the data that they have with things like identity and network discovery. There are opportunities where you take Purple AI out and put it on top and extend the width or breadth of your security team. You can extend the breadth of reach across multiple facets or multiple layers of defense from one single platform.

AI is huge. It is a topic that comes with a lot of different variables. Some are good, and some are not so good. AI as a whole is not something to fear. It is no different than what mobile computing or cloud computing was. We have to embrace it. Embracing it empowers security organizations, security leaders, and security teams. It empowers them to make more and better decisions, and it also saves some time because a lot of the things that they are doing can be automated through the use of AI. It empowers the defenders, and by empowering them, it saves them time and allows them to focus on more important projects, more important topics, or more important threats. AI can help us cut down our mean time to detect and mean time to respond.

I have had several colleagues looking at SentinelOne and comparing them against some of the competitors, which is what you are supposed to do. To those who are considering purchasing SentinelOne, I would advise moving beyond the product. Do not just consider the product when evaluating SentinelOne. Focus on the leadership, product development teams, and their commitment to working closely with customers for long-term success.

SentinelOne is a true partner. We have had our issues. We have had our incidents. There were some times when I was desperate and needed help. They have been there. They are not there at the meat of it. They have traveled that road all the way to the end with me. That speaks volumes. To colleagues and people who are not yet using SentinelOne, I would recommend taking a look. Go beyond the curtain, the actual product, and the marketing. Look into the teams. Look into the leadership. Look into the success of other customers out there like myself. Call them. Talk to them. Challenge the product and challenge the teams, but do not let the first responses ever be the answer you go with. Continue to develop that relationship. That is what you should look for as a partner.

On a scale of one to ten, SentinelOne is definitely a ten. That is not just product-specific, customer support-specific, or road map-specific. A lot of different areas combined give it that score. Having a true partnership means that you are bringing everything to the table. You are helping each other grow.