SentinelOne Singularity Complete Reviews

I typically deploy it into typical business environments such as law offices, doctors' offices, and marketing companies. I have clients of all walks of life, including accountants, attorneys, doctors, and veterinarians. I work in a very simple environment and am not dealing with high security, such as CIA-level security. For example, I use it in a doctor's office where it does a good job staying HIPAA compliant.

The best aspects of SentinelOne Singularity Complete for these clients are its ability to detect malicious activity. While there are sometimes false positives, they are minimal, making it quite effective. It recently stopped a ransomware attack at one of my clients, proving its reliability. The clients do not see immediate efficiency gains or significant time savings.

I haven't done any integrations, as I'm just in the beginning stage of ramping up the product implementation and mastering the product. I don't qualify myself as a master in the use of SentinelOne Singularity Complete, so I cannot offer great insight on this.

I have dealt with SentinelOne Singularity Complete for less than a year.

The stability of SentinelOne Singularity Complete is demonstrated through its ability to detect malicious activity. While there are sometimes false positives, they are minimal. It recently stopped a ransomware attack at one of my clients, proving its reliability.

My clients are mostly small, and my largest client has about thirty computers. I do the deployment myself, and it's not a huge effort. It's not comparable to dealing with a company that has three thousand computers.

In the past, I used another product that malfunctioned and caused high processor activity which required stopping and reinstalling it. However, this hasn't happened with SentinelOne Singularity Complete. I used to have many false positives with other products that would block good programs, but I haven't experienced that with SentinelOne Singularity Complete, making it more quiet and efficient.

The initial setup was very simple; deployment is straightforward. Fine-tuning it is a bit more involved, but overall, it's a very simple product to get started with.

I was a part of the setup and deployment process.

The return on investment for my clients isn't visible until there is an incident or an attack that gets stopped. Then they realize the value of prevention. The challenge with security products is that ROI isn't apparent until an incident demonstrates the potential for loss. Clients often think they are immune, especially small ones, believing they're too small to be attacked. They don't realize that the cost of an attack could be a hundred thousand dollars, while they perceive the likelihood as very low.

The pricing for SentinelOne Singularity Complete is good. There are other products that are less expensive, but I tell my clients that in security, they cannot cut corners or look for the cheapest solution. If they want security, looking for the cheapest solution means they have the wrong approach, because good products are not cheap.

I don't have hands-on experience with CrowdStrike, Cisco, or Palo Alto products, but I know the companies. I do not have experience with AI features or AI analytics yet. I don't think there is real-time threat intelligence within SentinelOne Singularity Complete, and if there is, I'm not using it. I'm just getting to learn the product, so I cannot offer any deep insightful opinion. On a scale of one to ten, I would rate it a nine or a ten, as I'm very happy with it currently.

The whole purpose of having the product is to have endpoint security and visibility with those endpoints as well. After an evaluation period, we determined the product would be a fit for our organization.

The security and visibility we have on all endpoints helped our organization immensely.

There's not one particular item that stands out the most besides the availability of the product itself. We're a small organization. Having the visibility and the protection that it provides helped out greatly. Plus, it fits with our requirements.

The product does not have to go across a lot of different solutions. We don't have a cloud or anything like that where we have to push it in terms of visibility. The deployment is fairly simple. In the end, the overall visibility of it is very simple and the usability has been very simple for us as well.

So far, it helped to reduce our alerts. Based on the application that we would utilize prior to this product, the alert reduction is similar. It is not 100% the same, just similar. They gave us some visibility into what was going on, which provided a 30%, if not more, alert reduction.

It helped free up staff time. Using this solution, we don't have to keep our eyes on it 100% of the time.

It reduced our mean time to detect and respond. 

The product helped reduce organizational risk.

The overall product quality is good. I'd give it three and a half stars out of five. It checked all of our boxes. It met the requirements of the security we needed.

If for some reason, we were breached, it gave us the comfort of knowing that we could either automatically set the product to fix the issue or at least record it and let our team go in and resolve the issue. However, it also has the data to hunt the threat if need be. It's given us so much more than we would have expected from a product. Their dashboard is great. We log in and we get everything we need to know right out of the box on our dashboard. If we have anything that's infected it will tell us all of that information in real time. In our environment, it works without giving us any issues or slowing down our productivity in the process. The agent that runs on the system is not heavy. It's easily portable.

Initially, when we first deployed the solution, it caused some third-party connectivity issues. It would see it as an application that was not secure. However, we were able to put in a white listing, to help us operate well. We had to do that with around five applications that we ran. Once we applied those fixes, we haven't had any issues since.

I'd like them to make it easier to log in. 

I've been using the solution for two years. 

I have not experienced any downtime with it. It has not crashed. 

It won't run on our accounting server and we're not sure why the agent caused the conflict with this particular server. Beyond that, it's fine.

We deployed the solution to about 200 endpoints. 

We've only contacted technical support for the licensing portion of the process. They were very helpful and very straightforward. Everything was right on the money. Once we made the call over the ticket, we were contacted and it was resolved while we were on the phone.

Positive

We used Fortinet as well. We've used a few products and this solution does everything we've asked it to do. It was a good replacement for the free Fortinet solution and it protects against things Fortinet does not. 

In the past, for some reason, we found that somehow or another, the agent was disabled, and we have not determined as to why that is just yet. 

I was involved in the solution's initial deployment.

The deployment was fairly easy. We had a product that allowed us to push the agents out there. It was time-consuming based on the fact that we didn't have full automation. The only other drawback was when it was going through and doing some form of machine learning, it would block certain applications that we had to whitelist with the system in order to get it to work. However, we deployed it in less than thirty days, and it's been running everything well since then.

Our team, comprised of four people, handled the implementation. 

There isn't really any maintenance needed. All the agents update well. It is fairly automated.

The initial onboarding was done with SentinelOne. After that, we took it from there.

The pricing is good. It's a big factor for us. Their pricing comes in at much less than Fortinet or CrowdStrike.

We looked at similar products, such as CrowdStrike and other versions of Fortinet.

I'd rate the solution an eight out of ten.

I'd advise new users to do a proof of concept. That way, you get some time with the system before you deploy it into the environment and you can iron out issues. If you have 1,000 endpoints and only 1% of the issues that we ran into, it would still be significant and you'd want to deal with them head-on to make the full deployment easier. 

One of our use cases is that we wanted some type of visibility into our vulnerabilities and insight into our endpoints.

Ranger really helps us because, even though we're a smaller team of security professionals, it gives us a good eyes-on-glass approach. And if there is a known vulnerability, we can automatically see that without having to spend more time looking at it. In the past, we would do all of this manually. We would have to go into our systems and see which IP address is coming from the outside world and see the IP address, workstation, current version, hostname, MAC address, et cetera. Now, we can easily see that in the report that we get every day.

We used Rapid7, but Singularity has certainly helped reduce alerts. We have a threshold set in Singularity so that if one of our critical devices is vulnerable, we get automated email alerts. The alerts tell us what we need to look at in terms of logs and the like, and they help us automate some of our internal processes.

Personally, it has saved me a lot of time, about one-third of my day. And our mean time to detect has been reduced by anywhere from 45 minutes to an hour. But our mean time to respond has been pretty much about the same. I'm logging into SentinelOne every day and I see what's going on. If there is anything that needs to be talked about with our sysadmin team to get patches rolled out, we have a meeting about it every week. SentinelOne, overall, has brought our organizational risk down by at least 35 to 40 percent.

It helps us with our compliance efforts too, especially for auditing. If someone asks, "Do you have a list of all your endpoints?" we can definitely say "yes." And if they ask, "How is it categorized, by IP address, workstation, or OS?" we can see it's on this particular network and it's made by that manufacturer.

With Ranger, we can see the device inventory, the networks, how many workstations we have that it's scanning, how many printers, how many mobile and IoT devices, and servers.

It identifies what applications are vulnerable. If I go to the applications, such as Adobe Photoshop or Adobe Reader, I can see our current list of vulnerabilities: How many are vulnerable and how many need to be updated with patching. One of the most valuable aspects is the ease of finding specific vulnerabilities.

About every month, when I go into SentinelOne, if there is a vulnerability that we know about, I search for that vulnerability—for example, Adobe. There are different versions of Adobe, but I'm not able to compile them into one report. I have to create separate reports for those versions. Some of the reporting could be improved a little bit. I wish all Adobe products could be included together, or that you could mix and match Adobe with some other software or video player.

We have used SentinelOne for the last year and a half, and we're pretty happy with it.

I haven't had any issues with the platform. There hasn't been any crashing or lagging. Everything seems to be current. Overall, it's pretty seamless and I get really good results with it. I include it in my routine every morning and afternoon. I review the SentinelOne reports to see what vulnerabilities have been detected.

It is definitely scalable. You can really expand it and, for us, that is huge. As our organization grows, we will likely look at acquisitions, and, with those acquisitions, we will definitely get the other company's devices deployed through SentinelOne. It will allow us to grow and have their devices in the SentinelOne console as well, and have visibility.

I have contacted their support for a vulnerability issue, and they were able to help out with that. They told me how to get it remediated and what scan to perform.

It has helped us consolidate our security solutions. At one point, we had Rapid7 and SentinelOne. However, we realized we could take what Rapid7 has and consolidate it into one platform. At a high level, they're almost the same tool, but SentinelOne has a few more features and functionalities.

Also, we could see how many operating systems we have in our current environment through the standard image system we had. But now, we can see that through SentinelOne. That has been a key takeaway because we can see how many Windows, Linux, Apple, and Android devices we have.

In addition to Rapid7, we were looking at CrowdStrike for our endpoint detection, and at Sophos as well. Clearly, SentinelOne was the best for us.

SentinelOne is definitely a leader in the marketplace because it has a lot of features to offer. There are some pretty good integrations with it as well, and there are things you can change in the settings and how it's deployed.

The quality of the solution is great. I don't have any complaints other than that small reporting issue I mentioned. In terms of maturity, Singularity is one of the top-notch eyes-on-glass solutions that you can have, especially as it relates to your endpoints and vulnerabilities. It gives you that technical deep dive into what the vulnerability is, what workstation it's on, and whether there are any other endpoints affected.

There are some integrations that we could possibly use, but we haven't used any. There is one with KnowBe4 that we are looking to use.

As for maintenance, I don't have to do any in my role, but it does require some, such as upgrading versions.

If you're looking for a solution like SentinelOne, and you're looking to get an eyes-on-glass approach for your endpoint devices and your vulnerability management program, this could be one of your top solutions. Overall, I'm happy with it and my team is very happy with it. Our scans are fully automated and that is never an issue for us. It offers a lot of capabilities, expansion, and growth. If your company is looking to grow, it's definitely all there for you. You get a really good report on your devices and your networks.

We utilize SentinelOne Singularity Complete as an EDR and MDR solution for both our clients and internal operations.

We wanted to offer our clients a next-generation, AI-based antivirus solution for their endpoints, which is why we opted for SentinelOne Singularity Complete.

We incorporate SentinelOne Singularity Complete as a component of our multifaceted cybersecurity approach. Therefore, its capability for integration, as well as its capacity for data ingestion into NXDR, holds great significance for us.

SentinelOne Singularity Complete functions effectively in ingesting and correlating data across all our security solutions. While we employ an additional SOAR for more extensive correlation, SentinelOne Singularity Complete performs exceptionally well at the endpoint.

SentinelOne Singularity Complete is utilized as a component of our Managed Detection and Response service, resulting in a reduction in the number of alerts forwarded to us.

It helps free up our staff to focus on other projects.

SentinelOne has helped reduce our MTTD. It has also helped reduce our MTTR.

SentinelOne Singularity Complete helps our organization save money through pass-through cost savings.

It helps reduce the risk for our organization.

The most valuable feature is the machine learning capability, as opposed to the traditional rule-based antivirus. This is essential for effectively stopping malware attacks.

We are not utilizing all the features available with SentinelOne Singularity Complete, including the built-in XDR and Ranger, due to the substantial associated costs. There is potential for improvement in the cost aspect.

The area in which I would recommend SentinelOne to continue progressing is focused on enhancing its product. This involves not only internal development but also strategic partnerships similar to the Wiz integration which brings a lot of value.

I have been using SentinelOne Singularity Complete for three years.

It is stable. The downtime has been minimal.

The solution has met all of our scaling requirements.

I previously used ESET and McAfee. We sometimes still use Microsoft Defender for some use cases and we have some clients that still prefer to use CrowdStrike.

The implementation is carried out in collaboration with our partner, ConnectWise. While we handle the agent deployment, they manage all the configurations.

If we weren't using any protective measures, and we were consistently experiencing security breaches, this would result in an exponential level of risk when compared to an alternative solution. Expressing this concept can be quite challenging. How would we even identify if a breach has occurred? Typically, we'd notice something like data encryption taking place. 

So, I believe implementing robust cybersecurity measures is an essential aspect of operating in any technology-dependent field today. It's essentially become a fundamental requirement. That's how we perceive its significance in the present day. Therefore, we communicate this necessity to all our clients and that is where the return on investment can be perceived by using SentinelOne Singularity Complete.

The cost of utilizing all the features of SentinelOne Singularity Complete is high.

I rate SentinelOne Singularity Complete nine out of ten.

SentinelOne Singularity Complete EDR and MDR endpoint agent is a fantastic product. We layer that with other solutions as opposed to only using SentinelOne Singularity Complete.

SentinelOne is undoubtedly a market leader, and I believe it offers a comprehensive and excellent solution. It is on par with other next-generation or AI-based antivirus solutions available in the marketplace.

Depending on the organization's current solution, if they are transitioning from a product like ESET, then the approach to antivirus will be completely different. If they are transitioning from CrowdStrike, I believe the change will be less significant. Testing needs to be conducted, but I anticipate that they can observe immediate value from SentinelOne Singularity Complete. Furthermore, I am confident that they can deploy it without significant concerns about increased risk. Personally, I have never been worried about introducing additional risk by using SentinelOne Singularity Complete.

We use SentinelOne Singularity Complete as our EDR to monitor our network. We incorporated SentinelOne Singularity Complete into our SIEM to mitigate threats.

We implemented it because we needed more insight into the interactions that occurred on our endpoints.

SentinelOne Singularity Complete's interoperability with third-party tools enables seamless data exchange and effortless information extraction or export between them.

Its ability to ingest and correlate data across our security solutions simplifies the process considerably. It's akin to pulling data into a SIEM and correlating timestamps, IP addresses, MAC addresses, and any other metric that would link the two machines.

It helps reduce alerts which is one of the things that attracted us to the solution. It has reduced the alerts by around 75 alerts per week.

Singularity Complete frees up our staff for other projects and tasks, thanks to its out-of-the-box setup and automated operation. I only need to intervene when a real threat emerges.

It helps reduce our mean time to detect and our mean time to respond.

Singularity Complete helps our organization save on costs by preventing malware from entering our machines which would result in downtime and machine repairs.

It helped reduce our organizational risk by 20 percent. 

The most valuable features are threat hunting, the ability to disconnect or disable a machine's network connection in real time, and the ability to restore the connection once the issue is resolved quickly.

Singularity Complete needs to improve its ability to granularly select and extract the executable files that I want to run.

I have been using SentinelOne Singularity Complete for four years.

I would rate the stability of SentinelOne Singularity Complete a nine out of ten.

I would rate the scalability of SentinelOne Singularity Complete an eight out of ten.

The technical support is difficult to contact.

Neutral

In my previous company, I used VMware Carbon Black. When I changed jobs, my new company was already using SentinelOne Singularity Complete. 

We've seen a positive return on investment with SentinelOne Singularity Complete. The key benefit for me was the ability to proactively prevent suspicious activity on our endpoints. As a practitioner rather than a manager, I dealt with an incident on an endpoint and was impressed by the solution's capabilities. Singularity Complete automatically contained the threat, allowing me ample time to clean the infected machine. Most importantly, it prevented the need to rebuild any other machines, even the affected ones in most cases. I often resolved issues on endpoints within an hour or two, minimizing downtime and ensuring user productivity.

The pricing for SentinelOne Singularity Complete is competitive. SentinelOne has a better price out of the box compared to Carbon Black and CrowdStrike.

Carbon Black lacked the same level of back-end support as CrowdStrike Falcon Complete.

I would rate SentinelOne Singularity Complete a nine out of ten.

SentinelOne Singularity Complete is an innovative solution that is ahead of Carbon Black and on par with CrowdStrike.

It is a high-quality mature solution that will help improve any security stack.

We are deploying it across eight locations, encompassing all departments and protecting our 500 employee endpoints.

I am an IT security analyst and I update the sensors myself.

We use SentinelOne Singularity Complete as our endpoint security solution to detect malicious activity and unusual behavior. It is a great tool for analytics and forensic investigations, and it has a good feature for catching threats. I was particularly impressed with this feature.

We implemented SentinelOne Singularity Complete to secure our endpoints.

SentinelOne Singularity Complete has helped us consolidate our security solutions. We can create use cases and workflows in SentinelOne, and analyze alerts and logs. We can also create custom policies based on our needs. For example, we can create workflows for post situations, or detect specific types of attacks, such as persistence or defense evasion techniques. We can use these techniques to create our own custom use cases, which can then be deployed in production to detect these types of threats.

After deploying SentinelOne Singularity Complete, we were confident we would not face any endpoint security threats. SentinelOne was able to block the type of events that were a true positive. Sometimes, we have also received false positives, but SentinelOne should detect this activity. So, that was the expectation, and SentinelOne has met it. This is very helpful.

SentinelOne Singularity Complete met our business needs and requirements. It was easy to deploy and manage as an administrator, and we can manage the console without having to constantly connect to the user or machine. We can do many things from the console alone, such as taking remote sessions, uninstalling any other solutions or products, and performing cleanup activities. This has been very helpful. We saw these benefits within one month of deploying Singularity Complete.

SentinelOne Singularity Complete helped reduce the number of false positive alerts we were receiving with our previous solution.

SentinelOne Singularity Complete has helped us save three hours per day of our staff's time. The single console makes it easy to manage compliance, including health check reports and the applications we are managing. We were able to identify and remediate malicious files through the console, without having to resolve the issue directly with users or other teams. This is a significant improvement.

SentinelOne Singularity Complete has helped reduce our MTTD and our MTTR.

SentinelOne Singularity Complete has helped reduce our organizational costs by eliminating the need for other endpoint security solutions. It is a cost-effective solution that provides comprehensive protection.

It has reduced our organizational risk by 90 percent.

The threat detection and prevention capabilities are valuable, providing development programming support that enables us to perform fair investigations. SentinelOne also provides security for installed devices for all operating systems, including Mac, Windows, and Linux, for users who cannot install SentinelOne themselves and need to connect with the administrator.

SentinelOne Singularity Complete needs to support more common development languages, such as PowerShell and Python so that we can better use the solution.

In the release, I would like to have application management features and pre-defined command features that allow us to take control of the system. 

SentinelOne needs to provide more documentation for administrators and analytics.

I have been using SentinelOne Singularity Complete for six months.

I would rate the stability of Singularity Complete eight out of ten.

I would rate the scalability of Singularity Complete eight out of ten.

We have 24/7 support, but it is just moderate.

Neutral

SentinelOne is more secure and offers better scope for threat hunting on Linux than other security solutions, such as CrowdStrike and Microsoft Defender for Endpoint. SentinelOne Singularity Complete allows us to consolidate solutions and is easy to administer from a single console.

The initial setup is straightforward. After completing the proof of concept, we deploy the Singularity Complete solution for our clients. We install the agent and create group policies for detection and prevention. We use a configuration management solution to deploy Singularity Complete within five to ten minutes.

One person can complete the deployment.

We implemented the solution in-house.

I would rate SentinelOne Singularity Complete seven out of ten.

I would rate SentinelOne Singularity Complete's ability to be innovative eight out of ten.

SentinelOne Singularity Complete has a mature GUI.

We deployed SentinelOne Singularity Complete in one of our client environments with 13,000 machines and 1,000 servers.

SentinelOne Singularity Complete maintenance consists of daily monitoring for updates and prioritizing policies and requires around five administrators.

SentinelOne is a good strategic partner.

SentinelOne Singularity Complete makes it easy to perform operations and investigations.

We use SentinelOne Singularity Complete as an endpoint detection and response solution to detect advanced threats in memory and protect our environment from ransomware attacks.

We are ingesting data from Singularity Complete into our team. The integration between Singularity Complete and Splunk works well, pushing all alerts from Singularity Complete to our soft tool. We have also looked at other SentinelOne products, but we only use a few of them.

We use Ranger to detect rogue sensors by scanning networks for endpoints that do not have SentinelOne installed. We do not use Ranger Pro.

Ranger is used to identify endpoints that do not have SentinelOne installed, ensuring 100 percent coverage. However, we also use a network access control tool to verify that endpoints have the necessary security telemetry and toolsets installed. The NAC tool can either orchestrate the installation of missing components, quarantine endpoints or simply notify us that components are missing.

The biggest benefit for us, other than mitigating the risks, is that Singularity Complete has raised the bar for red teaming, compared to the previous tool we were using. Some of the agent coverage in the previous toolset was becoming a limitation, but Singularity Complete gives us better coverage and visibility, both for red teaming and in general.

Over time, Singularity Complete has helped to reduce alerts. At the beginning of the implementation, we had to spend some time training the system, accepting events, and so on. However, over time, the number of alerts has been reduced.

Singularity Complete has helped our MTTD by providing broader visibility into our environment.

We collect a lot of telemetry from Singularity Complete. We then use this telemetry to search for malicious processes, which we would not have been able to see before. In other words, in addition to the standard setup that we expect, we are extracting additional telemetry from Singularity Complet to identify malicious processes and other types of threats running on endpoints.

Singularity Complete can be improved by allowing for better nesting of policies. Currently, when we create a policy and want to apply two different policies to an endpoint, we cannot do so. Instead, we must create two separate policies and place the endpoint in each policy, even if the only difference between the policies is slight. This makes the policy nesting process cumbersome and inefficient. Therefore, allowing for nested policies would be a valuable improvement to Singularity Complete.

The Endpoint Health telemetry could be improved. This is likely true of all tools, but I think it would be particularly useful for us to be able to see the sensor when it is running on an endpoint and starts to consume more memory, or if there is a memory leak. This would allow us to collect better telemetry on this topic.

I have been using SentinelOne Singularity Complete for one and a half years.

Singularity Complete is stable, but there are occasional instances where the sensor monitors a specific process that starts to malfunction, which is naturally possible. In these cases, we need to investigate and add an exception to prevent the sensor from monitoring the process so heavily, if it is a valid process so that it can return to normal operation. Therefore, there is a significant amount of tuning required. If the tuning is correct, Singularity Complete operates quite well and is certainly stable.

Singularity Complete is scalable. We have 2,500 endpoints. I know other organizations that have over 70,000 endpoints.

We have technical support that we can access, but I think it could be stronger. Currently, we deal with some local support, but their knowledge is limited. I would like to establish a closer relationship with SentinelOne International support, especially for the upgrade we are planning next year. I was in Tel Aviv in June and July and visited the SentinelOne offices to speak to them about this.

Neutral

Our previous solution, Cybereason was not very good at detecting things happening in memory, so we were looking to replace it with SentinelOne, CrowdStrike, or Cortex XDR by Palo Alto Networks. The replacement had to be able to see things happening in memory and deal with ransomware attacks. SentinelOne Singularity Complete was able to meet our requirements.

The initial deployment was slightly more complex than our previous tool because we needed to understand and implement the exceptions. These exceptions included both standard exceptions and our own custom exceptions related to how applications behave. However, the complexity is justified by the better coverage and protection that the new tool provides.

Three people from our company were involved in the deployment, which took about six months. This included removing the previous solution and replacing it with Singularity Complete.

The cost of Singularity Complete is similar to our previous solution but it comes with additional options such as Kubernetes integration. We make sure to benchmark the prices against other EDR solutions before renewal to ensure we are not overpaying.

I would rate SentinelOne Singularity Complete eight out of ten.

We started looking at the reception technology, but it was too much for us and required too many permissions. As a result, we did not proceed with it.

Ranger provides network and asset visibility, but we use other telemetry to build a data lake, which we then use to give us more holistic visibility.

Singularity Complete is definitely innovative. It offers better coverage of endpoints and sensors than our previous solution, as well as better coverage from red teams and other threats. It also provides us with much better telemetry from endpoints than our previous solution. This includes features that our previous EDR tool promised but did not deliver.

SentinelOne is a fairly mature product. I think we first looked at it about six or seven years ago when it first came out. It has definitely matured a lot since then. When we first saw SentinelOne, it had a lot of problems with automatically killing things without alerting us. However, we have definitely seen improvements in the solution from a product perspective. Additionally, there are now more modules and integrations available. We have looked at the reception part of it, as well as quite a few other pieces, including Rogue Sensor Pro. We have looked at a lot of little bits, so it has quite broad coverage in terms of what it actually will cover.

We have deployed Singularity Complete across the company and all lines of business, including our branches in South Africa and other parts of Africa. This includes approximately two and a half thousand endpoints.

Four people are managing Singularity Complete. Every six months we have to update the sensors. 

We have definitely told others about and shown them Singularity Complete, and we have told them that we are happy with it. When implementing Singularity Complete, we need to know what our expectations are and, obviously, test the solution thoroughly to prevent any negative outcomes.

We use it for our endpoints. It is installed on all of our servers and desktops. It is a replacement for the AV platforms that we used to have. 

Overall, the product monitors what is happening on your machines. It monitors incoming mail and web addresses that your browsers are trying to access. It looks for suspicious activity that may occur on your desktop or on your server and generates alerts based on the type of activity. It might find a malicious file that you downloaded. Like a virus scanner, it would scan something. It might find something that it suspects to be malicious. It will look at that item and go to its own threat intelligence sources to see if it is a known threat. If it is a known threat, it will either block it or do something to it based on how you have pre-configured it. If it suspects something to be a threat but does not have any reference, meaning that it is an unknown threat, then depending on what it detects or how that thing may behave, it would either alert you or suppress or isolate it. It can do a number of things. It depends on the inner workings of the product itself, but our use cases are to protect our endpoints. It is a replacement for our AV, but it is a whole level above what AV used to be. It is the evolution of AV.

We had three different AV platforms in our organization. There was no central way to manage them. We had no complete visibility. From one part of our organization, we had no visibility into another part of our organization. By putting this platform in, we now have one view of the entire organization. We can look at threats as they span our organization. Threats could potentially be moving around. We can detect if they are spreading to other parts. We could not do any of that before.

Singularity Complete has a much better detection engine. It detects a lot more than an AV can. AV is pretty much finished. There would not be AV anymore.

In terms of interoperability, we do not have any other SentinelOne solution. This was our first one. There is not a lot of interoperability between endpoints and everything else. The only interoperability that is useful for us right now is the log data that it provides to our SIEM. It allows us to do correlative analysis between different areas. If we have a threat that could be going from endpoints to internet devices, such as switches, or places where the EDR system is not installed, it becomes valuable when we are sharing data from the EDR and our other systems, and we have a tool that analyzes all that data to look for threats that may span in our entire environment. I do not see the interoperability being a problem with our other tools, and I am sure it would not be an issue amongst SentinelOne's own tools as well, but I do not have any data points on that yet.

Singularity Complete has helped big time to reduce our alerts. In fact, that was my concern with it. I was concerned that we are not seeing too many alerts anymore. I had a meeting with them recently, and I mentioned to them that I feel that we should be getting more alerts. They are going to take a look at our platform to make sure it is working fine, but it seems to be doing a great job of dealing with the alerts in an automated fashion. I became a little bit suspicious that it might be doing too good of a job, so we are just having them double-check. It is just me making sure all my I's are dotted, and my T's are crossed. As a security person, I do not like to have questions out there, but otherwise, it is doing a great job.

It has freed up our time. It takes a lot less time to investigate things. It takes care of a lot of things for us. It has offloaded 30% to 50% of some of the work that we had to do in the past. It allowed us to work and focus more on higher-priority items.

It has absolutely reduced the mean time to detect. It has probably reduced the time to detect by 75% because we just did not have some of these capabilities before.

Singularity Complete has also reduced our mean time to respond but not as much as the mean time to detect. It does a lot of resolution of issues for us. It has probably improved that by 30% to 50% because it does a lot of that automatically, but it frees up our time. We can resolve the stuff that needs our personal assistance a lot quicker because we have more tools and capabilities at our disposal through SentinelOne than we had before.

Singularity Complete has saved us costs big time. We have eliminated three different vendors and the associated maintenance of those platforms. We needed more people and resources to manage three different things, but now, we do everything with just a couple of folks. Our time savings are about 50%.

It has helped reduce our organizational risk because we can detect more things that are hitting us. I cannot give a number on that, but it has definitely reduced our risk exposure. From a pure security standpoint, our risk frame point used to be flagged as red. We were missing a lot of things, and now, it is green.

The single pane of glass is probably the most valuable. That is a big one. We could see everything from one view. 

The automatic detection and response is great. It takes care of a lot of alerts that it generates before they even cross our desks, which is great. 

It has advanced detection capabilities. It has the ability to go and look for known threats that are in the environment. Its ability to detect even unknown threats and any suspicious activity is great. We are very happy with it.

It is not so much on the Singularity platform itself, but they have their own built-in SIEM that is included with it. That needs to evolve a little bit. It is relatively basic in its capabilities. They have potential there for a great product and a needed product too. Having some kind of SIEM capability with the endpoint solution will save me from buying a bigger SIEM or buying another one. I could just use the one that comes with my endpoint solution.

From the looks of it, it does pretty much what we need, but it could do more. It would be nice if it had some newer features that other players have. They would have a good market advantage if they were offering SIEM as a part of it. They kind of do that, but it is not something they are promoting. We just stumbled on it, so you can use it for doing other things as well, not just endpoint incident and event collection.

We installed it in January, and we were doing a gradual ramp-up over three months. It has been up and running for about four months now. It is completely up and running.

We have not had any issues. The performance seems good. 

It seems very scalable. We have not run into any issues. We pushed it over about 2,000 endpoints. It performs the exact same way it has been.

I have not personally contacted them, but my team has contacted them. Especially during deployment, they were very helpful. They helped us to get it done. The feedback I got was positive.

We had three different AV platforms. We eliminated McAfee, Defender, and ESET. Singularity Complete does everything better than these because it has got capabilities that these products did not even have. The biggest thing for us is the single pane of glass, so we can see right down to the machine. It is great at machine isolation, and it has better detection and mitigation capabilities than any of these products. It does a lot of it behind the scenes. A lot of it is automated and does not require us to do anything.

It is a cloud solution with local installs at the endpoints, so everything is cloud.

I manage security for the organization. I was not doing the deployment, but I was a part of the deployment team, the meetings, and the decisions when we were going to do different things. I was not pushing the software to anybody's desktop but my team was.

It was not a difficult installation. Based on the feedback that we got, it was pretty straightforward. It went over relatively smoothly.

It does not require any maintenance. It is cloud-based, so we do not have to do much to it. The endpoints will update themselves periodically, so there is not much for us from a maintenance standpoint. It does not have a lot for us to do.

We acquired our SentinelOne implementation through a reseller. We used the reseller's help, but we did almost 90% of it ourselves. They helped us manage the project piece and provided expertise and guidance. Between SentinelOne and the vendor itself, we got it done, but we did 90% of the heavy lifting.

There were probably four or five people between all of our locations, but most of it was done remotely. There was no need to touch individual desktops. We were able to push most of it out.

SentinelOne was half the price of CrowdStrike.

We looked at all the big ones, such as CrowdStrike. That is the first one that comes to mind. We even looked at Microsoft Defender and Sentinel. We looked at a few other solutions out there. We had an IBM demo there, but I do not remember what theirs was called. Bitdefender was another one that we looked at.

We went to Singularity Complete for the feature set. They did not have a robust feature set the way CrowdStrike does, but they had everything that we needed. CrowdStrike had even more advanced features, but SentinelOne's pricing was half of what CrowdStrike sells for. It was a pretty easy decision for us to go with SentinelOne. They were much better than the other players that we looked at. It came down to between SentinelOne and CrowdStrike, and the pricing made all the difference. They also seemed pretty easy to deal with, whereas with CrowdStrike, it felt like they were doing us a favor. When we talked to them, I just did not get a great sense of them, but price was one of the main things. CrowdStrike's price was double of SentinelOne's price.

I would advise a couple of things. If you are using a reseller to buy this and install it for you, have a good reseller that you can call upon for support and help manage the project. The other thing that I would probably suggest is to negotiate your education up front and not after the fact. It does not come with a lot of training. They even charge for the online university, so you should probably negotiate that as a part of the negotiation process before you sign a deal. Other than that, it is good.

I would rate Singularity Complete a nine out of ten. For my use case, it is definitely a nine.