SentinelOne Singularity Complete Reviews

We use SentinelOne Singularity Complete to detect and respond to "unknown unknowns," which are threats that haven't been previously identified. Our process involves monitoring for any unusual activity or deviations from typical program behavior. This includes analyzing parent and child processes to ensure they're loading correctly and not communicating with unauthorized external servers for remote execution.

For example, I encountered a phishing email that triggered an investigation. Fortunately, Singularity Complete offers an event log feature that allows me to analyze the incident. The tool's built-in Advanced Detection Analytics functionality helped me identify the downloaded file, and its access time, and track its interactions with applications, including attempted installations. Furthermore, Singularity Complete boasts a rollback capability, enabling me to revert to a safe state before the malicious activity occurred. I've utilized this feature successfully for several clients.

In addition to Singularity Complete's event log and rollback functions, it excels in antivirus detection. It effectively identified even sophisticated threats like the MimiKatz attack, which attempts to escalate user privileges in Linux and Windows systems. The tool's signature-based detection proved valuable in this instance.

Automating threat resolution has significantly improved our security operations. On average, I scan around forty million files, and the detection rate has been quite good.

The integration capabilities significantly enhance my existing security environment. It is a night and day difference compared to CylanceOPTICS by BlackBerry, which I used previously. While CylanceOPTICS was good, it relied on an algorithmic approach that flagged millions of potential threats, resulting in some false positives that needed manual analysis and training. SentinelOne, on the other hand, leverages eleven different engines simultaneously, including AI, machine learning, heuristics, and dynamic and static scans. This comprehensive approach offers robust protection, and if something falls through the cracks, it can consult a cloud database for the latest threat intelligence. Beyond its detection capabilities, SentinelOne offers exceptional visibility and control. I can easily investigate events at any time, like tracking who accessed Yahoo Finance within my organization across specific timeframes. The global tenancy feature empowers me to apply scans and threat signatures across different segments or even my entire network, ensuring consistent protection. The more I explore SentinelOne's features, the more impressed I am. It's incredibly powerful and versatile, offering a level of security and control that far surpasses my previous solution.

The interface is user-friendly, but there's a learning curve due to its extensive capabilities. Navigating for someone unfamiliar with threat hunting can be challenging as they may need to explore every option. However, some features have tooltips explaining their function when hovered over.

Accessing the knowledge base often requires a partnership with the company. While I lack this access, my distributor provided the comprehensive admin guide.

Ranger is an excellent feature for threat scanning. While alternative pen testing tools like Digital Defense exist, Ranger offers a unique advantage. It utilizes SentinelOne agents as probes within the network, allowing scans for irregular connections and identifying devices without the agent. This provides a comprehensive view of potential vulnerabilities. Imagine we decide to deny access to certain devices. In that case, every agent with those policies implemented, throughout our network, would individually isolate their traffic. This isolation prevents communication with the rogue devices. Consequently, even if one of those devices harbors a threat, it's unable to move laterally within the network. All other devices, recognizing it as unauthorized, will refuse to communicate with it.

Ranger requires no additional agents, hardware, or network modifications. It's essentially a built-in feature of the existing agent. Therefore, if we have the module, we already possess the capability. Activation can be done remotely through the cloud. So, when we decide to upgrade to Singularity Complete, they'll offer us the option of adding Ranger Plus. If we agree, a small additional fee, typically around a few dollars, will be applied per client. While it might seem a bit pricey, considering the value it provides, I believe it's worth the investment. It translates to roughly five dollars per client. For instance, with 50 machines, the monthly cost would be $250. In my experience, it hasn't significantly increased my expenses. There might be a slight increase, but I haven't noticed any substantial impact.

SentinelOne Ranger effectively prevents vulnerable devices from being compromised by isolating their network traffic. This feature is just one of many within the SentinelOne platform, which includes a built-in router and firewall integrated directly into the agent. This integration allows for seamless compatibility with Windows firewalls and offers granular control over network traffic. For example, Ranger enables modification of the firewall's IP stack, granting the ability to isolate specific traffic based on defined rules. This can be particularly useful for segregating vulnerable devices and preventing their communication. While not recommended for general use, advanced users can leverage SentinelOne's Singularly Complete feature on, for example, a VMware server to further isolate vulnerable devices. By running the client software on a separate network from the server, administrators can block unauthorized traffic based on Ranger's or the agent's identification. This effectively isolates the vulnerable device, even if it's compromised since it lacks any incoming network traffic. The server acts as a default gateway, filtering and controlling all incoming traffic.

Singularity Complete can help reduce alerts when a threat is identified and a solution is implemented. However, if a threat is known but no solution is available, using Singularity Complete might increase alerts. This is because suppressing alerts for a known threat without addressing it can create a false sense of security. While Singularity Complete allows manual blacklisting of threats, it cannot import large lists of threats from spreadsheets in one go, a feature available in CylanceOPTICS. This can be time-consuming for dealing with many threats. Overall, Singularity Complete has improved in its alert management, but it remains average compared to competitors. While detection is excellent, the alerting system still requires some refinement.

As a threat detector, I perform threat analysis to quickly identify threats. This has significantly reduced the time I spend on analysis, allowing Singularity Complete to free up about 30 percent of my time for other tasks.

Singularity Complete has achieved a 15 percent reduction in our mean time to detection. This efficiency gain is powered by eleven different detection engines running concurrently, ensuring comprehensive identification of potential threats.

Singularity Complete can reduce our mean time to respond by providing a clear path to the root cause of an attack. However, it doesn't always do this, and sometimes further investigation is necessary. Nevertheless, the tool significantly speeds up the process of identifying the root cause. For example, imagine the timeline indicates a suspicious file was executed. We can use Singularity Complete to find out when it last ran in our environment, even if it wasn't detected on the same day. If the threat appeared recently but the file ran a month ago, it suggests a potential Trojan was planted. This prompts further investigation into how the file arrived on the system. It could have been introduced through a USB drive, email attachment, copied file, or existing on a network share. While Singularity Complete won't explicitly state the location like "Share five," it will provide a hash that can often lead us to the network path.

Singularity Complete helps manage costs by eliminating the need for additional products with overlapping functionality. This saves us thousands of dollars per month on full scans, as our existing agent already possesses that capability. By deploying it across all organizational agents and enabling Ranger, we can conduct daily scans that provide comprehensive insights into our network activity.

Singularity Complete has helped reduce our organizational risk. However, it's important to remember that no system is foolproof. While I haven't experienced a security breach since installing it, I deliberately expose some machines to potential threats to test and observe new attack techniques. To strengthen our security posture, I've implemented additional measures. Some machines have less aggressive scan and detection settings to simulate vulnerabilities and observe attacker behavior. Additionally, our network is layered, with weaker points that serve as honeypots, while critical systems are protected by stricter security protocols. Beyond Singularity Complete, we utilize Palo Alto Networks and FortiGate firewalls for further protection. Ultimately, the decision to invest in additional scanning capabilities depends on the cost and our overall security strategy.

The most valuable feature is the ability to drill down into individual sequences of processes. This allows for building a highly detailed timeline of events, which is incredibly helpful. Additionally, the quality of the intelligence provided is excellent, making it difficult to choose between the two. The solution effectively reveals the attacker's tactics, including the mechanism or injection method used, how they exploit vulnerabilities and their use of decoys or misdirection tactics like dequay attacks. They may target one area initially, then shift focus to another, potentially planting seeds for future attacks. Overall, the timeline, intelligence, and overall capabilities of SentinelOne Singularity Complete are highly impressive.

Everything operates in real-time, allowing us to conduct in-depth analysis to uncover previously unknown threats. This capability stems from the use of dynamic libraries, which enable flexible code execution. The key concept here is the ability to pivot within an application. We can dissect and analyze this pivoting behavior, which is a rare feature among software solutions. Additionally, the system allows us to create our custom signatures. By identifying a threat and performing a global search, we can locate other instances of the same threat across our network and establish correlation points. Subsequently, we can create a signature based on a unique identifier (story ID) and integrate it into the initial login scan. This enables us to proactively detect and respond to any attacks that utilize that specific signature, making it a powerful tool for threat prevention.

The uninstallation process for the SentinelOne agent could be improved. While it is currently possible to uninstall through the console, it can be more complex if registry modifications are required. Streamlining this process, especially for users with console access, would be a valuable improvement.

I encountered issues running Singularity Complete alongside other machine-learning tools. The program uses hooks, which we configure through a whitelist to specify allowed functionalities for each app. However, I've observed compatibility problems with certain applications. This seems to stem from my limited access to information from those companies, hindering the creation of effective hooks.

For example, an external scanner's EXE file might not provide hooks for features like memory protection or script locking, potentially conflicting with SentinelOne's capabilities. In my experience, Singularity Complete doesn't always play well with others. While it coexists with Kaspersky's detection without issue, enterprise AI solutions employing algorithmic scans or pre/post-execution analysis can pose problems. We might need to modify the whitelist due to unavailable information about the application's memory range. Sharing this information could create vulnerabilities, so companies understandably keep it confidential. While I believe CylanceOPTICS could likely work with Singularity Complete, I haven't achieved it because I prioritize optimal protection. Disabling all CylanceOPTICS features and putting it in uninstall mode allows it to function but without intervention. In such cases, CylanceOPTICS detects threats first, possibly due to its higher application number in Windows. Similar behavior has been observed with other products.

Deep Instinct is another excellent detection software I use for remote devices. Expanding Singularity Complete's coverage to include IoT devices, Linux, servers, Docker, and mobile platforms (currently limited to Deep Instinct on my devices) would be highly beneficial. While Deep Instinct allows uploading and installation via email code, Singularity Complete currently lacks this functionality.

I have been using SentinelOne Singularity Complete for over five years.

I've only had one interaction with their tech support, but it was excellent. In situations where we're struggling with an investigation, I believe they have a guardian contract that could allow them to analyze our findings. Alternatively, if we're having difficulty detecting something, they can guide us through the process. However, my access to their tech department was limited to a single instance when I needed it. The impressive part is that they were willing to help me even though I was from a partner company. Such helpfulness is rare in many organizations, which often require expensive fees before offering similar assistance.

Positive

Previously, we used CylanceOPTICS by BlackBerry but transitioned to SentinelOne Singularity Complete due to its enhanced user-friendliness. The latter platform boasts comprehensive investigation capabilities, allowing us to delve deeper into the specifics of security incidents. We can examine parent-child relationships, delve into registry entries, and analyze memory ranges with ease. The feature set is truly extensive.

While CylanceOPTICS offered some of these functionalities, it could not identify pivoting areas within an attack. If I needed to investigate the pivot itself, CylanceOPTICS wouldn't suffice. SentinelOne proves invaluable in such situations. By examining registry entries or monitoring running processes, it helps us pinpoint the root cause, be it a Run DLL or a Windows EXE file disguised as innocuous activity. While CylanceOPTICS might catch the attack, it wouldn't reveal the underlying malicious intent. SentinelOne grants us this crucial level of insight, empowering us to respond effectively.

I rate SentinelOne Singularity Complete a nine out of ten. While the product itself is impressive, the price point is on the higher side. The only drawback is the limited support access. If they offered more affordable support options or provided unrestricted access to their knowledge base, I would easily give it a ten. Unfortunately, they haven't implemented this yet, as it would unlock more resources and expertise for users. Ultimately, it is what it is, but hopefully, they'll consider these improvements in the future. 

In my environment, I support a law firm and a music company while pursuing my research. Additionally, I use Intel hardware for testing purposes. My security strategy prioritizes avoiding complete system reimaging whenever possible. While I have encountered compatibility issues with specific SentinelOne versions and certain software, these were primarily during testing when I intentionally introduced malicious files. In general, the software has proven effective in preventing and mitigating threats.

SentinelOne Singularity Complete has been excellent in its ability to be innovative.

While SentinelOne Singularity Complete is well-established software, the developers continuously strive to improve it. After all, no software ever truly reaches complete maturity. To remain effective, we must constantly adapt, improve, and refine ourselves in response to evolving threats and technologies.

I'd love to partner with SentinelOne right now, but as a small business, cost is a major concern. That's why I'm working with a distributor. They purchase larger license blocks, like five thousand or ten thousand, and because I was one of their early customers, they granted me access. While I have a partnership with them, it's not a formal one. To my knowledge, they require organizations to have at least one hundred or two hundred seats to be considered for a true partnership. I'm unsure if a program exists for smaller businesses, but based on what I've seen, access to their knowledge base, support team, etc., seems to be restricted to contracts with a minimum seat capacity of one hundred or two hundred.

We used it only for six months. Initially, it turned out to be a good product, but then we had an issue, so we stopped using it. We are now using CrowdStrike.

From an endpoint perspective, we have a heterogeneous environment. We have Windows, we have Mac, and we have Linux endpoints. We deployed it on all the endpoints, all different operating systems, and cloud instances as well. Our AD was also integrated along with the identity solution, but the issues specifically get reported on the endpoints for open-source or Linux. That is why we decided not to move forward with it.

By implementing SentinelOne Singularity Complete, we wanted security for our endpoints. After COVID, endpoint security became even more critical because our perimeter was more exposed. It was expanding wherever the end users were, so endpoint security became much more critical. Previously, in terms of endpoint security, the traditional antivirus, anti-malware, and endpoint protection were disconnected systems. We did not have any offline correlation, log collection, or policy management, whereas SentinelOne, as well as CrowdStrike, come with a central console. For compliance requirements, such as ISO, SOC 2, or PCI, we have to provide evidence in terms of the status of the endpoint patches and security posture. That is possible through the central console. That was the motivation for us to move to one of these products. SentinelOne was our first choice, but we ran into a specific issue.

We had not specifically signed up for any risk management, but we were also looking to expand that to a completely managed SOC where we do the log correlation as well. When we initially started, we only started with the endpoint, identity, and cloud.

The main reason for getting this solution was that it was a new-gen endpoint solution for having an organization-wide view of security vulnerabilities or abnormal behavior. That was the main reason we got started with SentinelOne Singularity Complete. It gave us a lot of that information. It also helped us with compliance requirements. In the case of any specific instance or any abnormal behavior, its reports certainly helped us with the root cause analysis and collection of logs. It helped us in providing or collecting the evidence that we could use in our compliance reports to ensure proper reporting for relevant legal entities.

The ranger product helped us to do discovery of endpoints. We could identify our rogue devices.

SentinelOne Singularity Complete helped to reduce alerts. It groups the alerts. If you have similar alerts coming from the same server or a couple of servers at a similar time frame, it groups them and sends a single alert along with the device ID. This way, you have less number of alerts for the team to work on. If the agent itself is not in the running state or does not have the latest signatures available, it basically groups the alerts and tries to create a single alert. You have all the endpoints listed out, and you can take action against that particular issue rather than the same issue being reported from thousands of machines together. It is hard to provide the metrics, but generally, it helped quite a bit. I had around 8,000 endpoint licenses, and if 20% of the services started reporting the same issue, there would have been 1,500 to 1,600 alerts in a minute. It merges them into a single alert. We can also define a real-time action. A single alert helps our backend team to take action easily. The same is applicable to the SentinelOne support as well. If certain patches or certain actions are required to mitigate an issue, their team can do the mitigation in one shot and the fixes get pushed to all the servers that were reporting that particular issue. In one shot, you can automate and orchestrate your mitigation.

SentinelOne Singularity Complete helped reduce the mean time to detect and the mean time to resolution. There was at least a 10% reduction.

SentinelOne Singularity Complete did not help us save any direct costs, but there is an opportunity in terms of manhours saved in the backend because of having all these features integrated. There were indirect cost benefits. We saved a lot of hours because our engineers did not have to keep an eye on all the alerts. They could automate certain actions. That was an indirect cost benefit. I cannot list any direct cost benefits. These are costly products.

SentinelOne Singularity Complete absolutely helped reduce organizational risk. It is meant for that. We had different levels of reporting available. We could have an executive view. We could view the standards or framework that we were using. We could see the level of compliance to various standards in terms of percentage. We could also define the actions by accepting something as a risk or mitigating that by orchestrating.

There is centralized reporting and view. We can have role-based access management where technical people or monitoring people can have a central dashboard with a single view of all the endpoints. Whether our endpoints are running on Windows, Mac, Linux, or any flavor of operating systems, and even mobile devices, we can have a central dashboard through which we can do complete user management and policy management. We can have a complete security posture organization-wise, department-wise, or business-wise.

They have a good data lake kind of feature where you can ingest all the security logs. They can be from your endpoint, your identity management system, or your cloud. They can be from any of those services, so you get to do log analytics. That is one of the features that I liked about it. The same capability is also available with CrowdStrike which we are now exploring because of the issue with SentinelOne. However, at the time, with SentinelOne Singularity Complete, because of log analytics, we could do threat intel or sandboxing or have custom logic written for any specific kind of reaction. Those kinds of things were quite easy.

Log analytics and a couple of other things were also pretty good.

We ran into production issues related to CPU utilization on Linux endpoints. Our production environment's performance got degraded like anything. After a lot of debugging, we figured out that because it consumed a big percentage of the CPU and memory. Some of the applications were restarting automatically or randomly. We had an auto-healing infrastructure, so if the system memory was available, the application would restart on its own. When this issue got prolonged, we could see a lot of service failures because of being out of memory. This issue started hitting us wherever we had persistence connection requirements. Because existing connections were breaking completely, any transaction that somebody was doing online got terminated, and that was a big issue.

They should improve it for the open-source or Linux endpoints. They can provide customizations where we can limit the on-access CPU utilization or memory utilization. It should honor the specified limit and use only a limited percentage of CPU and memory rather than utilizing all the CPU or memory available on a system. 

Other than that, I do not have any input. There is a lot of potential. There are a lot of possibilities for orchestration and sandboxing. Because we hit one particular issue, we were not able to continue using it, but I see a lot of opportunities there.

With SentinelOne Singularity Complete, we did not work for a long time. We gave away this product within six months. There were some problems or issues reported, and that is why we discontinued using this product. We stopped using it nine to ten months ago. We have now migrated completely to CrowdStrike.

I discarded this product within six months. I would rate its stability a five out of ten.

Its scalability is fine. I would rate it a nine out of ten for scalability. 

We used it in a heterogeneous environment. We had about 8,000 endpoint licenses.

I would rate their support a six out of ten because the issues that I had reported were not resolved.

As a strategic partner, SentinelOne is pretty good. They are very proactive.

Neutral

Prior to SentinelOne Singularity Complete, we had multiple pieces. We did not have one single product for everything. For endpoint security, we had McAfee as an antivirus and anti-malware. For identity, there was a different application altogether. For SIEM, there was a completely different solution, and for log correlation, we had a different log management server. Dashboarding solutions were completely different. EPO was the tool that we had to orchestrate some of the endpoint and antivirus-related policies.

We were having some challenges with SentinelOne Singularity Complete, so we migrated to CrowdStrike. We are now also exploring CrowdStrike's SIEM solution.

From a maturity standpoint, both SentinelOne Singularity Complete and CrowdStrike are mature products.

We deployed it on-prem and on the cloud. Its deployment was straightforward. It was orchestrated via my backend tool.

It does not require much maintenance. The maintenance required is similar to an endpoint. One or two people are sufficient for 8,000 to 9,000 licenses because they need to just monitor the status. In case they find a rogue device, then only they have to take action. Otherwise, once they have a complete deployment done, they just need to automate reports and tasks. Those kinds of things certainly help.

It is expensive. There is no doubt about it. If one of the functions does not work, it becomes very difficult for any CIO to justify the cost.

I would not be able to share the exact price, but we had almost 8,000 endpoint licenses, and it was a huge cost.

CrowdStrike is not cheaper than SentinelOne. Both products go neck to neck. Both are costly products. 

I would advise going for this solution only if you have a clear use case.

I have only one recommendation. If anybody wants to use such a solution to its potential, they need to be very clear about their use case. They need to know whether they want to go for the complete solution or they are just focusing on the endpoint solution. If you have a complete use case that requires EDR, identity, cloud, and log analytics, then SentinelOne or CrowdStrike makes sense. If you only have an endpoint use case, then these solutions do not make sense. It would not be a cost-effective deal.

After the complete endpoint deployment, you have complete asset visibility. We never used the life cycle management piece. We were just using the EDR feature.

SentinelOne Singularity Complete did not help free up the time of our staff for other projects and tasks. It has a lot of potential to do that, but we used it for a very short duration. Because of the issue we had, we did not continue using this solution. However, it has a lot of potential.

I would rate SentinelOne Singularity Complete a six out of ten. After they improve the product and their support, I may increase the rating. At this time, I cannot rate it more than six.

We use SentinelOne Singularity Complete for network protection and response.

SentinelOne Singularity Complete effectively ingests and correlates data from all our security solutions, providing a unified view for better threat detection and response.

SentinelOne Singularity Complete aggressively identifies and quarantines potential threats. It effectively catches threats that other EDRs might miss. Overall, we find this level of aggressiveness acceptable for an endpoint protection solution and are satisfied with SentinelOne Singularity Complete's performance. We saw the benefits immediately.

SentinelOne Singularity Complete significantly reduces alerts by filtering out many false negatives. This allows us to identify actual threats as soon as they are categorized, separating true positives from the filtered noise. This helps us focus on the real threats, eliminating the need to sort through irrelevant alerts. The number of alerts has been reduced by 75 percent. It also helped to free up a significant amount of our time to work on other tasks.

SentinelOne Singularity Complete has significantly improved our ability to detect threats, even those previously unknown. This advanced EDR solution provides alerts for any suspicious activity, regardless of classification, allowing us to proactively assess and mitigate potential risks.

While SentinelOne Singularity Complete shows promise in reducing our organization's costs, the solution is still new to us and we haven't quantified the exact savings yet.

It improved our organization's security posture by enabling us to proactively identify and neutralize emerging cyber threats, thereby reducing overall risk in the ever-present threat landscape.

SentinelOne Singularity Complete stands out for its threat-hunting abilities and the agility of its agents in detecting malicious content across our gateways and endpoints. We're impressed by the breadth of threats covered by their constantly updated signature base, providing full protection against new cyber threats. While we're still exploring the platform's full potential, Singularity Complete's extensive capabilities, and superior coverage compared to our previous solution have already given us a significant security advantage.

SentinelOne Singularity Complete offers competitive pricing, but there's always potential for even better value.

I have been using SentinelOne Singularity Complete for one year.

SentinelOne's technical support was good at assisting with onboarding through troubleshooting actions and resolving configuration problems.

Positive

After using Symantec and Fortinet's EDR solutions, we migrated to SentinelOne Singularity Complete seeking a more comprehensive defense. SentinelOne's aggressive threat detection capabilities were a major factor in our decision.

The initial setup was seamless thanks to the SentinelOne support team. We had three people involved with the deployment from our local team and the support engineers online.

The SentinelOne support team helped us with the implementation in-house and it was seamless.

The pricing for SentinelOne Singularity Complete is competitive.

We evaluated several endpoint detection and response solutions, including Symantec, SentinelOne, CrowdStrike, and Bitdefender. While Symantec offered a phased migration option from on-premises to cloud and maintained endpoint interoperability, its EDR and threat-hunting capabilities fell short compared to SentinelOne. SentinelOne's robustness ultimately outweighed the advantages of the other options, including CrowdStrike's strong detection capabilities but higher price point, and Bitdefender's overall offering.

I would rate SentinelOne Singularity Complete nine out of ten.

We're in the process of consolidating our security solutions by migrating some services to the SentinelOne platform. While SentinelOne is a strong contender, we're also evaluating other tools to diversify our security posture and avoid vendor lock-in. This multi-platform approach will ensure we have the full protection needed.

As of now, no maintenance has been required for SentinelOne Singularity Complete.

SentinelOne is a strategic partner for our security operations. Their solution helps us maintain the safety of our internal systems, applications, and users. As security is a top priority, we consider them a top-tier partner in our overall operations.

I recommend SentinelOne Singularity Complete for anyone needing a robust Endpoint Detection and Response solution. However, to ensure it meets your specific needs, thoroughly evaluate its capabilities against your current operational requirements. If it aligns with your needs, consider a trial to experience SentinelOne's operation firsthand before committing to a contract.

Considering our sensitive data and security needs, we require a top-tier endpoint protection solution. SentinelOne Singularity Complete stands out as a market leader, achieving high ratings and verification from industry experts like Gartner.

Our organization is leveraging SentinelOne Singularity Complete to achieve a comprehensive endpoint security solution. This involves utilizing SentinelOne's EDR functionality across all our endpoints, including IT, OT, and legacy systems. By integrating additional log sources, we're expanding to XDR which will further enhance threat detection, investigation, and response capabilities. This enriched data will also enable the creation of custom workflows to streamline security operations and improve the overall effectiveness of SentinelOne alongside existing security solutions like Office 365, proxy servers, and firewalls, allowing for better correlation and incident response.

Our previous antivirus solution wasn't strong enough to keep up with the growing number and complexity of cyberattacks. Traditional antivirus struggles to monitor all endpoint processes and activities. SentinelOne Singularity Complete addresses this issue with its Endpoint Detection and Response capabilities. EDR collects comprehensive endpoint data and stores it centrally, allowing us to monitor all running processes, identify evolving threats and their techniques, and take appropriate action. Additionally, SentinelOne's built-in AI and ML can detect suspicious behavior that traditional antivirus solutions might miss, providing advanced protection against modern cyberattacks.

Our organization utilizes a two-pronged approach to cybersecurity with SentinelOne. On-premises, SentinelOne Singularity Complete safeguards our sensitive big data that never leaves our network. Additionally, we leverage the cloud-based SentinelOne SaaS solution for further protection.

SentinelOne offers a marketplace that expands its XDR capabilities. This marketplace allows for seamless integration with various security solutions, including Azure AD, email gateways, threat intelligence platforms, firewalls, and proxies. By integrating these tools, we can create automated response playbooks within the XDR platform, streamlining our security posture.

SentinelOne Singularity Complete excels at gathering and analyzing data from various security solutions. Its built-in marketplace offers over 120 connectors that automatically ingest logs, enabling correlation and better incident response through custom workflows. This integration streamlines security operations by minimizing manual effort and allowing security personnel to focus on faster remediation.

We leverage Ranger to secure our raw networks and functionalities that SentinelOne has limited coverage for. Additionally, we actively search for vulnerabilities in our systems.

Ranger is a valuable tool for improving network and asset visibility. It helps us identify gaps in our coverage by highlighting raw networks and unmonitored endpoints. These blind spots represent areas where we lack agent deployment, and Ranger essentially acts as a roadmap for prioritizing where to install them for a full view of our environment.

Ranger has a seamless integration process. From the console, we enable Ranger, triggering the installation of a lightweight agent on our endpoints. This agent then monitors traffic to identify coverage gaps and potential vulnerabilities within our system.

Integrating all log sources and creating a custom workflow will streamline analyst workloads. This will automate most of the basic tasks currently handled manually, freeing up the team for other projects. The analysts performing investigations and remediation will see a significant reduction in time spent on repetitive tasks.

Since implementing SentinelOne Singularity Complete, our mean time to detection has been drastically reduced, going from two full days down to just ten minutes each month.

SentinelOne Singularity Complete has reduced our mean time to remediation.

SentinelOne Singularity Complete has been a valuable asset in reducing our organization's security risks. Its features, including device control and firewall management, provide us with the tools we need to effectively manage and secure our endpoints.

SentinelOne offers several valuable features for threat detection and response. Correlation, static analysis, and other detection engines work together to identify and address security issues. Additionally, the STAR Rules feature allows us to create custom alerts based on specific attacker behaviors or indicators of compromise. This empowers us to not only respond to built-in threats but also proactively detect and prevent emerging ones by defining custom actions for abnormal activity. In short, SentinelOne goes beyond native threat detection, offering customization to tackle even the newest threats.

SentinelOne Singularity Complete needs more connectors for integration with more solutions.

It seems there are currently two separate installers for the same device, one in MSI format likely for Windows and another in a potentially custom EXP format. Ideally, these could be combined into a single installer. If that's not feasible, the EXP format could be used as a self-extracting archive that automatically installs the software using the MSI installer. This would eliminate the need for two separate agents and provide a more streamlined installation experience.

SentinelOne endpoint protection enters a reduced functionality mode during certain resource-intensive events. This mode temporarily limits some features and may require a machine restart. In some cases, the agent might even get disabled. To restore full functionality, we need to re-enable the agent and reboot the machine, which can be inconvenient. Ideally, SentinelOne should improve its handling of resource usage to avoid these disruptions.

The technical support response time has room for improvement.

I have been using SentinelOne Singularity Complete for three months.

The current version of SentinelOne Singularity Complete is stable.

SentinelOne Singularity Complete is highly scalable.

The technical support response time is slow.

Positive

Our previous antivirus solution, Symantec Endpoint Security, struggled to keep up with evolving cyber threats. Additionally, integrating it with other security tools proved to be a slow and cumbersome process. Since switching to SentinelOne, we now benefit from seamless integration with various log sources and other security solutions, enabling a more holistic and responsive security posture.

The initial deployment was straightforward and took four months to complete in our large environment but it was not complex to onboard the machines based on our policies.

Four people were required for the deployment. 

While the cost of SentinelOne Singularity Complete might seem high at first glance, it's important to consider the value it offers. This helps to average out the cost.

I would rate SentinelOne Singularity Complete nine out of ten.

SentinelOne Singularity Complete offers a comprehensive security solution for cloud workloads and endpoints. While it excels at covering all these areas, it could benefit from more granular control and further enhancements. The ability to extend its protection to cloud security or cloud servers, similar to CSPM tools, would be valuable for taking action within cloud or microservice environments.

Maintenance is required for updates.

SentinelOne is a good strategic security partner.

Before implementing SentinelOne Singularity Complete, it's crucial to understand how it will integrate with your existing systems. This ensures compatibility and avoids any unintended consequences. Make sure to create exclusions for any applications that might conflict with SentinelOne to prevent disruptions.

SentinelOne Singularity Complete is an MDR solution. It is used mainly to detect advanced threats in our teams and on-site teams.

I have used two different vendors before Singularity. Each had its pros and cons. However, Singularity is the most complete tool for EPP and EDR. From a financial, operational, and performance point of view, it is very efficient to have a single solution.

Ranger is a good feature. The XDR functionality provides the timeline of the attack. The product provides deep analytics for threat hunting. My team uses it to detect incidents and for threat hunting. I like the app inventory feature. It is very good for detecting unauthorized apps by our security policy.

I have raised a couple of comments regarding the speed of investigating incidents and performing analysis by the MDR service team. We are a telecom company. We are sensitive to the information of the users. The speed of investigation of the MDR service team must be improved.

I have been using the solution for one year.

The product is pretty stable. It didn't create any issues on the endpoints, laptops, and PCs.

We haven't tried to scale the tool yet, but the solution will be scalable after we increase our license.

The support team is very collaborative. We have a dedicated account manager who is also a part of our support line. We do not face any delays or major inconveniences from the support team. I rate the support an eight out of ten. I will give it a ten out of ten when SentinelOne has better coverage in the Middle East.

Positive

I have used Kaspersky, CrowdStrike, and Carbon Black. After using these solutions for a year, I chose Singularity Complete. The other solutions are existing products and are leaders. However, Singularity Complete is better than them from a financial and technological perspective.

The initial setup is not complex. It's similar to any endpoint solution implementation. We require one staff to deploy the solution. We mainly use AWS as our cloud provider. We also use GCP.

We did the implementation ourselves. It was like any other solution. We faced similar issues. They were not big issues, though. It doesn't require a lot of technical expertise.

We have seen a return on investment because we have saved at least 50% to 60% since we bought the tool. It is an achievement when we get one solution instead of two at 50% less cost. It improved our KPIs.

The licensing is convenient, straightforward, and very clear. I care more about the breakdown of the license than the licensing itself. Some vendors have very complex licensing schemes. SentinelOne's licensing scheme is very clean.

Carbon Black has a competitive version of Singularity Complete, but it is not at the same level as Singularity Complete. It lacks features like threat hunting and Ranger. So, I chose Singularity.

We didn't have any major issues related to the integration. However, we had some issues related to the implementation on the server site. It was solved by upgrading the agents. Initially, we had a couple of issues related to integration, but after that, it was solved.

The solution gives us more visibility into alerts but doesn't reduce them. It might help after we conduct the patching and vulnerability management, but we haven't tested it yet.

Singularity Complete has helped free up our staff for other projects and tasks. We have a full-fledged SOC team that uses SIEM tools. We use it to complement our SOC and our XDR and MDR solutions. We have Singularity Complete as a technology for further investigation and threat hunting.

When we get an alert from the SOC team, we use the tool to do the analysis and threat hunting in 30 minutes per incident. It is a considerable saving in the team's time because we have limited engineers and security analysts. The tool saves 50% of the staff's time.

The product has helped us save on operation and acquisition costs by 70%. We have replaced two solutions from other vendors with Singularity Complete. Singularity Complete has surely helped reduce our organizational risk. We had a lot of alerts from the previous vendors. Now, we see fewer alerts.

Compared to its competitors, Singularity Complete is very mature. It exceeds in some areas, especially in threat hunting. I have seen other solutions. They have very strong capabilities in detection but not in threat hunting. Singularity Complete makes a difference with our analysts when they perform threat hunting and threat analysis.

I like the product's vision very much. Everything has to be on a single agent, and the integration is very much worked on. It has a very good integration roadmap. It has a very complete and strategic vision. It doesn't sell only endpoint products. I like the completeness of its vision.

People who want to buy the tool must test all the features to see how they will get value from the product because it's very complex and feature-rich.

Overall, I rate the solution a seven out of ten.

We use Singularity to secure our workstations and servers.

Singularity has added some features to our security setup. It adds layers of protection to our security servers and workstations. One advantage of Singularity over other traditional antivirus products I use is that it doesn't use as many resources as other products. 

If you resolve them permanently, the solution can reduce the number of alerts. Some applications keep triggering alerts, and you need to remove them, or they will continue to do so. We need physical signatures to prevent them from alerting again in the future. We can reduce the alerts by about 80 to 90 percent annually. Our old antivirus wouldn't flag some applications as malicious, but SentinelOne detected them, so we removed those applications, and it reduced our alerts.  

Singularity has reduced our organizational risk by about 80 to 90 percent. We were able to address those alerts and remove a lot of malicious files that our previous solution didn't recognize. We saw a significant advantage in the first year. We've experienced a massive improvement in our mean time to detect. We have a large user base, but Singularity Complete performs better than our previous solution.

Singularity has the same features as other antivirus products, but it provides an added layer of security and vulnerability protection. It's also light on resources. Singularity doesn't use a lot of CPU or memory. We can consolidate our security solutions into one centralized platform, and monitor all our workstations and servers from one place. 

SentinelOne is causing a problem with the data service that causes one of our applications to crash randomly. We're still looking for a permanent fix, but we have implemented a temporary workaround that excludes that application from the scan. 

I have used Singularity for 4 or 5 years. 

I rate Singularity Complete 9 out of 10 for stability.

I rate Singularity Complete 9 out of 10 for scalability. 

I rate SentinelOne support 9 out of 10 because they're very responsive.

Positive

I previously worked with Sophos and ESET. The primary reason we prefer SentinelOne is that it doesn't consume a lot of resources. 

Deploying Singularity is straightforward, and it doesn't require you to restart the servers in the latest version.

Singularity isn't cheap, but it's worth what we pay for it. 

I rate SentinelOne Singularity Complete 9 out of 10 overall. Singularity performs as well as expected, and it's less resource-intensive than other products.

We need to provide a form of antivirus for our cybersecurity insurance. The new term now is EDR or endpoint detection response. I tested out several vendors including CrowdStrike, SentinelOne, and Cisco. SentinelOne definitely stood out. My use case is pretty for much protecting all of my end-user devices and all of my servers on-premise and in our virtual environment.

We were trying to solve for visibility and license management. We used to use other products, and licensing became an issue. We would have issues where clients would not really be connected all the time. They would just randomly lose connection. And that was with McAfee. 

ESET was another one that we used in the past, and we just kept running the issues with the physical server. So having a cloud-managed EDR solution, the agent-based, cloud-managed solution, has worked very well for a few years now at multiple companies. It's the first thing I bought when I came to my new company.

I really like Ranger. I like the deep dive of Ranger in an incident section. Diving into each incident and being able to see complete visibility of when the action was taken against something that it deemed a threat is valuable. Using those incidents in Ranger is definitely up there on my list of favorite features. I have multiple locations all across the globe. Being able to separate my devices, per location, is super helpful.

It's good at ingesting data and correlating. It has zero issues with ingesting data with the agents installed. I've had no issues with that. Being able to go through and create exclusions for specific types of data, like SQL has been really tough in our environment. Being able to just go through and customize those exclusions and working with the support team is great. We also have Vigilance, which is another SOC that they offer. That's a fantastic service.

Everywhere I have an agent, it sees everything, and it does so when I deep dive into a threat or a proposed threat. It does pick out host names, and IP addresses, and it just gives you a really clear picture where you can read it.

I like that Ranger requires no new agents or hardware. Anytime you can keep it lightweight enough. If you add a function and you only pay for your yearly fee for an extra function without making changes in your environment, that's huge. 

I love the reporting. The reporting definitely helps me see the entire network and find what open ports are out there. I can work with my network team to get those things closed, which is fantastic. I like the ease of looking at the graphs and the reports.

The solution has helped reduce our alerts. Instead of waiting on a monthly basis and then executing a plan, I'm able to keep up with it all throughout and day to day. That granular control has left me very impressed.

It gives me peace of mind. My staff isn't really using it. I know I have 24/7 eyes on it. 

It has helped me reduce my mean time to detect. I would be lost without the tool. It definitely helps me figure things out really quickly. I can figure out the whole story very quickly. 

It helps with my mean time to respond. It definitely helps with that. I get an alert in my email immediately, which lets me just know that something happened to my environment. That's something that I previously did not have in my old tool set.

I do want to see Vigilance reach out with that Identity. I don't have Identity, however, it's a very good tool. There is another tool that I use called Purple Knight that does very similar things. I'd like to see adding Vigilance to the visibility of Identity. 

One thing I don't like is the exportable report. They're not as useful as I'd hoped they would be. I always feel like I have to finagle them a little bit before I can present them to the executive board. The reporting needs to be beefed up a bit more. Everything feels a little lacking. They're trying to keep it simple, yet it is a little oversimplified. 

I really wish it could be an app on my phone. If I could open up an app on my phone and get all the alerts or look at my environment and see the health real quick, that would be ideal. It doesn't have to be a full feature.

I'd like the ability to have text alerts, for example, if something gets quarantined. 

The website, if you are trying to figure out what all the products are, it's kind of busy. I don't know what all the products are. The marketing is a little tough to follow. 

I've been using the solution for three years.

I haven't experienced any stability issues. 

The solution is extremely scalable. It's super easy to push out to thousands of clients if you really need to. I haven't had any issues. It scales very well.

Usually, technical support is very good. They are very knowledgeable. It's usually 24 hours for a response. I've had a couple of phone conversations with them. Right now, we're going basically through email. They give me a ton of information. They're open to working with my third-party MSP. Right now, the MSP brought up a concern about a very specific function that needs a little bit more tending to in the exclusion arena. 

Positive

We had Defender at this company before.

I was involved in the initial setup.

The deployment is very straightforward. It's super easy to just download your agent, and you get your site token, you install, and you push it out. We use the PDQ at my last company. Here, we use SCCM. We push it out with the MSI, with the site token pre-installed. I see it on my dashboard. It's easy.

My last deployment was handled by myself.

The solution does not require any maintenance anymore. It used to be kind of a headache to go through and have to update the agent. And just to remember to do it. Now I get the email. It tells me there's a new agent out there. I go read up on what the changes are, which is great. Then I go in there and set up the auto-install on the agents, and it just hits them on the schedule. You only have to really pay attention to it once in a blue moon when a new agent is installed or there's a general release.

I installed the solution myself.

I can pay, for my environment, between $30,000 and $40,000 a year, and that's a pretty good deal.

I'm a customer and end-user.

I haven't really done any third-party tools. I've looked into their Identity tool which is one of the newer offerings that they have. It's a very nice offering. It is rather expensive. That said, it is very nice to be able to see Active Directory all in one pane of glass. Honestly, the hardest thing about my job as a security professional is having all these different tools so the more I can see everything in one area, the better it is.

The quality and maturity are important. The company is relatively new in the space, however, they are pretty mature in the market and pretty well-respected. 

SentinelOne is a great strategic partner. I can't see myself doing security without them at this point. They are one of the backbones of my security platform. They were the first pieces even before I bought Cisco Duo or Meraki. 

I'm excited to see where this will be in the next ten years. I can just see this platform just going crazy. I would love to see maybe a little bit more focus. We have to deal with a lot of sensitive equipment that run specific jobs and I love how SentinelOne, and specifically Ranger, is very passive in its ability. It complements our OT. I would love to see some way of getting away from the super expensive platforms of Tenable and bringing in some of these functions that Tenable offers from a scanning platform fully into SentinelOne in the future.

I'd rate the solution nine out of ten.

This is a best-in-breed solution. If you're looking at anything in comparison, do your due diligence, do proof of concept between whatever companies you're looking into. However, SentinelOne is the best-in-breed.

We use the tool for malware protection and the XDR portion to track intrusions and possible exploitations.

I find the product very easy to maintain and troubleshoot. Their engineers are very helpful if you need additional assistance. It's one of the best products I've used. It's easy to use from my standpoint, both for troubleshooting and with the support we get from their team if necessary.

I find its interoperability with other solutions very good. When there are issues, because everything eventually has issues, the team is very good about running logs and finding out what portion is having issues. We can either exclude a portion of it or make it work. They find a solution.

We haven't had any issues with how we ingest or correlate data across security solutions. We use APIs and things like that to ingest data. For us, we haven't had any issues with the tools we use, but I can't speak for other organizations.

We now have threat hunting, visibility, and malware protection in one console. There are other portions we don't leverage because we choose to keep them separate, like our firewall, but we could if we wanted to.

The solution has helped us reduce false positives. We still get alerts, but I think they're more dynamic now. We have fewer issues with systems. It doesn't take as many resources, so we don't have outages caused by hijacking resources. We've probably reduced our issues with that by 90 percent from the previous program we were using.

The tool has helped free up our team's time. Especially when it comes to upgrades, I went from taking several months with the previous software to getting it done in a week or two for 15,000 to 17,000 assets. It's freed up months.

While I don't track mean time to detect specifically, I know it's very quick because of the way it detects intrusions. It's anomaly-based, not signature-based. It will flag something, review it, determine whether it's a false positive or actually malicious, and then quarantine it. It's pretty instantaneous. We've averted several ransomware attempts before they could infect anything.

Our mean time to respond has decreased significantly. The response is much quicker now, especially since very little gets reverted to us for handling. The Vigilance AI portion usually takes care of most of it, determining the severity of something and whether it needs human attention.

It has helped us save costs, particularly regarding fewer infections throughout the network. While I don't have exact numbers, we've had a reduction in costs associated with reimaging machines due to malware.

It would be nice to be able to adjust the canned reports manually and choose the specific data we want to report on instead of being limited to their pre-set reports.

I have been using the product for three years. 

In terms of stability, we have no downtime from SentinelOne Singularity Complete. We may have some complications with interoperability when we deploy something new that didn't get tested, but that's usually not SentinelOne's fault. It's usually because a third party changed something that had already been whitelisted.

We haven't had any issues with scalability. It scales very well from small to large. We're at 16,000 endpoints, and it's very easy to deploy and manage.

I've contacted technical support myself. Their response time depends on the severity with which you submit the case. For low priority, it takes about a day or two. For high priority, it's within an hour or two, according to their SLA. They're very prompt.

Positive

We switched from Symantec to SentinelOne Singularity Complete mainly because of cost and technology changes. Symantec wasn't changing quickly enough as technology moved toward the cloud, and things were going faster. Broadcom was still using heavy, clunky on-premises agents that used a lot of resources. SentinelOne Singularity Complete was new, next-gen, smoother, and quicker with less downtime. They manage their end in the cloud, so we don't have to maintain our console.

We saw the benefits immediately after deployment. The deployment was seamless, easy to learn, and easy to use—very intuitive. The initial deployment was pretty seamless and easy. It took us about six months to fully deploy, but that was because we did it in segments. We're a global organization with many different entities, so we had to do it segmented. It probably would have taken us a quarter if we had just set it out all at once.

The only maintenance we require is keeping our agents up to date. We do this manually because we go through a change approval process to ensure we don't introduce anything that will harm the system. We then test and deploy.

We used SentinelOne's guidance, but we did the deployment ourselves in-house.

My impression of SentinelOne Singularity Complete as a strategic security partner is that it's state-of-the-art, easy, and uncomplicated. As an engineer, I find the product easy to deploy, maintain, and efficiently. I rate the overall solution a ten out of ten. 

I advise new users to read the manual before they start using it. Understand all the different modules to utilize them as intended and get the best out of them. Also, use their support if you have questions before you deploy. Get a game plan and follow their recommendations.