SentinelOne Singularity Complete Reviews

First, budget-wise, and for the quick actions I take in automation, certainly AI plays a crucial role.

The most valuable features are the quick action and restoration capabilities. I can catch any behavior and restore everything for the last two changes. There's also automation that gives my team free time, preventing them from having to look for every alert. As a result, we don't need their action on some emails.

Integration with the firewalls is needed because there is no integration with Forti as a FortiAnalyzer. It is currently integrated with FortiManager and the Forti box, but if I have an analyzer, it doesn’t integrate with them. It would be better if there were direct integration with FortiAnalyzer.

I have used the solution for two years.

The stability is just okay.

The scalability is good at more than ninety percent.

I would rate the customer service at an eight.

I tried, when busy, CrowdStrike, and as an endpoint, I work with FortiClient.

The setup is complex related to the XDR because there are more logs, and the queries need someone expert for that. I should create a guide.

The deployment has been done in-house by my team.

If I compare prices between SentinelOne and another solution, I have already conducted this exercise, and SentinelOne is cheaper by more than sixteen percent.

It’s cheaper than other competitors.

I will recommend it to other clients. The quality is good for us based on our operations. We don't have a huge amount of transactions, but it’s good for us. The solution meets our needs. It’s good. Overall product rating is eight out of ten.

We use Singularity to secure our workstations and servers.

Singularity has added some features to our security setup. It adds layers of protection to our security servers and workstations. One advantage of Singularity over other traditional antivirus products I use is that it doesn't use as many resources as other products. 

If you resolve them permanently, the solution can reduce the number of alerts. Some applications keep triggering alerts, and you need to remove them, or they will continue to do so. We need physical signatures to prevent them from alerting again in the future. We can reduce the alerts by about 80 to 90 percent annually. Our old antivirus wouldn't flag some applications as malicious, but SentinelOne detected them, so we removed those applications, and it reduced our alerts.  

Singularity has reduced our organizational risk by about 80 to 90 percent. We were able to address those alerts and remove a lot of malicious files that our previous solution didn't recognize. We saw a significant advantage in the first year. We've experienced a massive improvement in our mean time to detect. We have a large user base, but Singularity Complete performs better than our previous solution.

Singularity has the same features as other antivirus products, but it provides an added layer of security and vulnerability protection. It's also light on resources. Singularity doesn't use a lot of CPU or memory. We can consolidate our security solutions into one centralized platform, and monitor all our workstations and servers from one place. 

SentinelOne is causing a problem with the data service that causes one of our applications to crash randomly. We're still looking for a permanent fix, but we have implemented a temporary workaround that excludes that application from the scan. 

I have used Singularity for 4 or 5 years. 

I rate Singularity Complete 9 out of 10 for stability.

I rate Singularity Complete 9 out of 10 for scalability. 

I rate SentinelOne support 9 out of 10 because they're very responsive.

Positive

I previously worked with Sophos and ESET. The primary reason we prefer SentinelOne is that it doesn't consume a lot of resources. 

Deploying Singularity is straightforward, and it doesn't require you to restart the servers in the latest version.

Singularity isn't cheap, but it's worth what we pay for it. 

I rate SentinelOne Singularity Complete 9 out of 10 overall. Singularity performs as well as expected, and it's less resource-intensive than other products.

We need to provide a form of antivirus for our cybersecurity insurance. The new term now is EDR or endpoint detection response. I tested out several vendors including CrowdStrike, SentinelOne, and Cisco. SentinelOne definitely stood out. My use case is pretty for much protecting all of my end-user devices and all of my servers on-premise and in our virtual environment.

We were trying to solve for visibility and license management. We used to use other products, and licensing became an issue. We would have issues where clients would not really be connected all the time. They would just randomly lose connection. And that was with McAfee. 

ESET was another one that we used in the past, and we just kept running the issues with the physical server. So having a cloud-managed EDR solution, the agent-based, cloud-managed solution, has worked very well for a few years now at multiple companies. It's the first thing I bought when I came to my new company.

I really like Ranger. I like the deep dive of Ranger in an incident section. Diving into each incident and being able to see complete visibility of when the action was taken against something that it deemed a threat is valuable. Using those incidents in Ranger is definitely up there on my list of favorite features. I have multiple locations all across the globe. Being able to separate my devices, per location, is super helpful.

It's good at ingesting data and correlating. It has zero issues with ingesting data with the agents installed. I've had no issues with that. Being able to go through and create exclusions for specific types of data, like SQL has been really tough in our environment. Being able to just go through and customize those exclusions and working with the support team is great. We also have Vigilance, which is another SOC that they offer. That's a fantastic service.

Everywhere I have an agent, it sees everything, and it does so when I deep dive into a threat or a proposed threat. It does pick out host names, and IP addresses, and it just gives you a really clear picture where you can read it.

I like that Ranger requires no new agents or hardware. Anytime you can keep it lightweight enough. If you add a function and you only pay for your yearly fee for an extra function without making changes in your environment, that's huge. 

I love the reporting. The reporting definitely helps me see the entire network and find what open ports are out there. I can work with my network team to get those things closed, which is fantastic. I like the ease of looking at the graphs and the reports.

The solution has helped reduce our alerts. Instead of waiting on a monthly basis and then executing a plan, I'm able to keep up with it all throughout and day to day. That granular control has left me very impressed.

It gives me peace of mind. My staff isn't really using it. I know I have 24/7 eyes on it. 

It has helped me reduce my mean time to detect. I would be lost without the tool. It definitely helps me figure things out really quickly. I can figure out the whole story very quickly. 

It helps with my mean time to respond. It definitely helps with that. I get an alert in my email immediately, which lets me just know that something happened to my environment. That's something that I previously did not have in my old tool set.

I do want to see Vigilance reach out with that Identity. I don't have Identity, however, it's a very good tool. There is another tool that I use called Purple Knight that does very similar things. I'd like to see adding Vigilance to the visibility of Identity. 

One thing I don't like is the exportable report. They're not as useful as I'd hoped they would be. I always feel like I have to finagle them a little bit before I can present them to the executive board. The reporting needs to be beefed up a bit more. Everything feels a little lacking. They're trying to keep it simple, yet it is a little oversimplified. 

I really wish it could be an app on my phone. If I could open up an app on my phone and get all the alerts or look at my environment and see the health real quick, that would be ideal. It doesn't have to be a full feature.

I'd like the ability to have text alerts, for example, if something gets quarantined. 

The website, if you are trying to figure out what all the products are, it's kind of busy. I don't know what all the products are. The marketing is a little tough to follow. 

I've been using the solution for three years.

I haven't experienced any stability issues. 

The solution is extremely scalable. It's super easy to push out to thousands of clients if you really need to. I haven't had any issues. It scales very well.

Usually, technical support is very good. They are very knowledgeable. It's usually 24 hours for a response. I've had a couple of phone conversations with them. Right now, we're going basically through email. They give me a ton of information. They're open to working with my third-party MSP. Right now, the MSP brought up a concern about a very specific function that needs a little bit more tending to in the exclusion arena. 

Positive

We had Defender at this company before.

I was involved in the initial setup.

The deployment is very straightforward. It's super easy to just download your agent, and you get your site token, you install, and you push it out. We use the PDQ at my last company. Here, we use SCCM. We push it out with the MSI, with the site token pre-installed. I see it on my dashboard. It's easy.

My last deployment was handled by myself.

The solution does not require any maintenance anymore. It used to be kind of a headache to go through and have to update the agent. And just to remember to do it. Now I get the email. It tells me there's a new agent out there. I go read up on what the changes are, which is great. Then I go in there and set up the auto-install on the agents, and it just hits them on the schedule. You only have to really pay attention to it once in a blue moon when a new agent is installed or there's a general release.

I installed the solution myself.

I can pay, for my environment, between $30,000 and $40,000 a year, and that's a pretty good deal.

I'm a customer and end-user.

I haven't really done any third-party tools. I've looked into their Identity tool which is one of the newer offerings that they have. It's a very nice offering. It is rather expensive. That said, it is very nice to be able to see Active Directory all in one pane of glass. Honestly, the hardest thing about my job as a security professional is having all these different tools so the more I can see everything in one area, the better it is.

The quality and maturity are important. The company is relatively new in the space, however, they are pretty mature in the market and pretty well-respected. 

SentinelOne is a great strategic partner. I can't see myself doing security without them at this point. They are one of the backbones of my security platform. They were the first pieces even before I bought Cisco Duo or Meraki. 

I'm excited to see where this will be in the next ten years. I can just see this platform just going crazy. I would love to see maybe a little bit more focus. We have to deal with a lot of sensitive equipment that run specific jobs and I love how SentinelOne, and specifically Ranger, is very passive in its ability. It complements our OT. I would love to see some way of getting away from the super expensive platforms of Tenable and bringing in some of these functions that Tenable offers from a scanning platform fully into SentinelOne in the future.

I'd rate the solution nine out of ten.

This is a best-in-breed solution. If you're looking at anything in comparison, do your due diligence, do proof of concept between whatever companies you're looking into. However, SentinelOne is the best-in-breed.

We use the tool for malware protection and the XDR portion to track intrusions and possible exploitations.

I find the product very easy to maintain and troubleshoot. Their engineers are very helpful if you need additional assistance. It's one of the best products I've used. It's easy to use from my standpoint, both for troubleshooting and with the support we get from their team if necessary.

I find its interoperability with other solutions very good. When there are issues, because everything eventually has issues, the team is very good about running logs and finding out what portion is having issues. We can either exclude a portion of it or make it work. They find a solution.

We haven't had any issues with how we ingest or correlate data across security solutions. We use APIs and things like that to ingest data. For us, we haven't had any issues with the tools we use, but I can't speak for other organizations.

We now have threat hunting, visibility, and malware protection in one console. There are other portions we don't leverage because we choose to keep them separate, like our firewall, but we could if we wanted to.

The solution has helped us reduce false positives. We still get alerts, but I think they're more dynamic now. We have fewer issues with systems. It doesn't take as many resources, so we don't have outages caused by hijacking resources. We've probably reduced our issues with that by 90 percent from the previous program we were using.

The tool has helped free up our team's time. Especially when it comes to upgrades, I went from taking several months with the previous software to getting it done in a week or two for 15,000 to 17,000 assets. It's freed up months.

While I don't track mean time to detect specifically, I know it's very quick because of the way it detects intrusions. It's anomaly-based, not signature-based. It will flag something, review it, determine whether it's a false positive or actually malicious, and then quarantine it. It's pretty instantaneous. We've averted several ransomware attempts before they could infect anything.

Our mean time to respond has decreased significantly. The response is much quicker now, especially since very little gets reverted to us for handling. The Vigilance AI portion usually takes care of most of it, determining the severity of something and whether it needs human attention.

It has helped us save costs, particularly regarding fewer infections throughout the network. While I don't have exact numbers, we've had a reduction in costs associated with reimaging machines due to malware.

It would be nice to be able to adjust the canned reports manually and choose the specific data we want to report on instead of being limited to their pre-set reports.

I have been using the product for three years. 

In terms of stability, we have no downtime from SentinelOne Singularity Complete. We may have some complications with interoperability when we deploy something new that didn't get tested, but that's usually not SentinelOne's fault. It's usually because a third party changed something that had already been whitelisted.

We haven't had any issues with scalability. It scales very well from small to large. We're at 16,000 endpoints, and it's very easy to deploy and manage.

I've contacted technical support myself. Their response time depends on the severity with which you submit the case. For low priority, it takes about a day or two. For high priority, it's within an hour or two, according to their SLA. They're very prompt.

Positive

We switched from Symantec to SentinelOne Singularity Complete mainly because of cost and technology changes. Symantec wasn't changing quickly enough as technology moved toward the cloud, and things were going faster. Broadcom was still using heavy, clunky on-premises agents that used a lot of resources. SentinelOne Singularity Complete was new, next-gen, smoother, and quicker with less downtime. They manage their end in the cloud, so we don't have to maintain our console.

We saw the benefits immediately after deployment. The deployment was seamless, easy to learn, and easy to use—very intuitive. The initial deployment was pretty seamless and easy. It took us about six months to fully deploy, but that was because we did it in segments. We're a global organization with many different entities, so we had to do it segmented. It probably would have taken us a quarter if we had just set it out all at once.

The only maintenance we require is keeping our agents up to date. We do this manually because we go through a change approval process to ensure we don't introduce anything that will harm the system. We then test and deploy.

We used SentinelOne's guidance, but we did the deployment ourselves in-house.

My impression of SentinelOne Singularity Complete as a strategic security partner is that it's state-of-the-art, easy, and uncomplicated. As an engineer, I find the product easy to deploy, maintain, and efficiently. I rate the overall solution a ten out of ten. 

I advise new users to read the manual before they start using it. Understand all the different modules to utilize them as intended and get the best out of them. Also, use their support if you have questions before you deploy. Get a game plan and follow their recommendations.

I use SentinelOne Singularity Complete to prevent and mitigate attacks on my laptop.

While traditional antivirus programs can offer some protection, they often fall short against advanced cyber threats. This means having an antivirus doesn't guarantee my laptop's safety, as I've experienced with viruses, blue screens, and even complete crashes. Therefore, finding a more comprehensive security solution that actively prevents infections and stops attacks before they happen is crucial. The repeated blank screens on my laptop are a clear sign of a compromised system and so I implemented SentinelOne Singularity Complete to mitigate these problems.

The interoperability of SentinelOne Singularity Complete is one of the key features. I integrated SentinelOne Singularity Complete with another solution for a customer and it was seamless.

SentinelOne Singularity Complete integrates well with my existing security solutions and provides effective data correlation. While our company has a smaller security stack, the larger customers who've incorporated Singularity across their entire security infrastructure have experienced seamless integration.

It streamlines our security posture by consolidating disparate solutions into a unified platform. This eliminates the need to navigate siloed interfaces for attack visibility, while automated response capabilities minimize the manual effort required for mitigation.

I sold the Ranger functionality to a customer who is an ISP and needed more network visibility.

Customers appreciate the ease of use of SentinelOne Singularity Complete's Ranger functionality, as it doesn't require installing new agents, or hardware, or making network changes.

SentinelOne Singularity Complete provides us with the confidence of knowing we're protected when connecting to external networks. Its user-friendly interface and seamless integration enable us to easily add more security features as our needs evolve, without incurring significant costs.

The number of alerts has been reduced. We used to get a lot of false positives and the solution has reduced our alerts by over 60 percent.

By quietly resolving most issues in the background, SentinelOne Singularity Complete frees up our time for other projects and tasks. This way we don't have to call our support team and we don't lose any productivity. We can save around four hours a day when an issue is detected.

Our MTTD has been drastically reduced by SentinelOne Singularity Complete to less than 30 seconds.

Our MTTR has been reduced thanks to the automated AI response from SentinelOne Singularity Complete. What we do after that is use the insights provided by the endpoints and the management console to help guide the client on what steps should be taken moving forward.

Switching to SentinelOne Singularity Complete significantly reduced our security costs. Previously, our solution was both expensive and insufficient for our needs. By moving to SentinelOne, we achieved a 40 percent cost saving. Additionally, we benefitted from time savings and increased productivity, further contributing to our overall cost reduction.

SentinelOne Singularity Complete has helped to reduce our organizational risk by over 70 percent.  

The offline protection offered by SentinelOne Singularity Complete for my devices is valuable.

The automatic mitigation features are incredibly valuable. Over the past two months, receiving alerts on my laptop about mitigated attacks has been one of the key benefits. It's fantastic that I don't have to manually intervene in the mitigation process, yet I'm still informed about potential threats and assured that I'm protected.

The detailed history logs allow us to easily detect malicious behavior within the network.

I would like to have firewall functionality within SentinelOne Singularity Complete.

I have been using SentinelOne Singularity Complete for eight months.

SentinelOne Singularity Complete is extremely stable in the cloud.

SentinelOne Singularity Complete is highly scalable. We have had many clients easily scale their number of endpoints.

The technical support is good.

Positive

We previously used Sophos and Fortinet for the firewall but switched to SentinelOne Singularity Complete because of its more robust capability, ease of integration, and lower cost.

SentinelOne Singularity Complete stands out as the most innovative and forward-thinking solution in the market. Through strategic acquisitions, SentinelOne has gained a distinct edge over its competitors.

In the beginning, our technical team did not have a lot of information but once they received some guidance from SentinelOne the deployment was easy.

The efficiency gains and enhanced security delivered by SentinelOne Singularity Complete consistently ensure a positive return on investment.

SentinelOne Singularity Complete's pricing is affordable. They offer licenses from zero to a hundred making it accessible even for smaller businesses.

We evaluated CrowdStrike but we didn't have much information about how it worked, its functionality, or cost.

I would rate SentinelOne Singularity Complete a nine out of ten.

SentinelOne Singularity Complete is a mature solution that takes care of most of our use cases for EDR and the Ranger functionality provides visibility into our network. SentinelOne Singularity Complete as a first line of defense gives us peace of mind.

No maintenance is required from our end.

SentinelOne is my go-to as a strategic security partner when it comes to anything EDR-related.

SentinelOne Singularity Complete is a great solution and I recommend it. SentinelOne Singularity Complete can easily be deployed in any environment and is cost-effective.

I am part of the security team, and our strategy is to have this EDR deployed on all of the company's assets, all of our endpoints. We wanted a powerful platform in terms of detection and response to incidents.

It gives us a first layer of security. In addition, we have hired the SentinelOne Vigilance Respond team, a 24/7 SOC that monitors and mitigates. And, in case we need to escalate an alert on any of our assets, it allows us to do a bit of threat intelligence analysis and debug any asset on any topic.

It has helped reduce alerts thanks to the Vigilance service over the last two years. This includes all types of incidents, whether critical, medium, or low priority. Most of the alerts are managed by them, and we do not see them. We only see those that require some information that only our company has, but very few reach that level since Vigilance is directly in charge of managing them. If we had to manage the alerts that Vigilance manages, between 30 and 50 percent of my workday would go to reviewing alerts.

Overall, it has reduced our mean time to detect by about 70 percent, as that is the percentage in which it acts as an autonomous tool. And our mean time to respond has been reduced by 80 to 90 percent because we have SentinelOne's DFIR, Digital Forensics and Incident Response, team involved.

By providing that first layer of detection and response, SentinelOne allows us to have eyes on all our endpoints and, from there, to manage if a machine or a server has been compromised. We can directly isolate it from the network so that malware or ransomware cannot spread broadly.

It has helped us consolidate security solutions, although we did have some problems. The DFIR team responds quickly, and the Vigilance Respond team is continually working with us, managing the alerts. We do quarterly evaluations, and the support team always responds well, plus we interact with the tool ourselves.

The security team has gained a presence and control over the company's equipment that we did not have before.

Every device that does not have SentinelOne installed is a risk, and without SentinelOne, the difference would be significant. It has helped reduce our organizational risk by 70 percent.

SentinelOne has three services that are very well consolidated:

1. Technical support, through which they help you, suggest new configurations, and resolve questions. 
2. The Vigilance Respond service, which is a 24/7 SOC that works on and manages all the alerts that are raised in SentinelOne on our devices. It’s a first layer of defense that filters a lot of the requests. Sometimes we end up escalating something because there are times when we need to understand if the alert is a false positive or not.
3. DFIR, Digital Forensics and Incident Response. This team is in charge of doing all the forensic analysis of an incident, and we have a certain number of hours contracted with them. Their advisors' technical level is very high and enables you to create a high-quality forensic report, in case you have to escalate or report it to senior staff. The DFIR team is excellent.

Another aspect that is very good is the solution’s ingestion and correlation across security solutions. We opted for SentinelOne because it gives you visibility and control over all the devices on which you have the agent deployed. That is very valuable because, in the end, all the attacks enter only through one gateway, which is usually a user's computer. If you do not have visibility over that computer and the ability to manage it, you cannot block it, restart it, or run a full scan to see if the user has clicked on a link or if any type of malware has been downloaded. This is a layer of visibility and basic management that any company needs.

Also, there is the threat intelligence and activity correlation. They not only detect and respond to incidents but also prevent them.

We started using SentinelOne Ranger, but we found two problems. Perhaps they are particularities, but they should be addressed as they may change the minds of other companies that are considering this feature.

The first problem is that, while it scans all the assets that are on the network, when it comes to discerning whether an asset is a server or a laptop, it tends to fail. It does not have a very high level of precision. We have experienced problems when reporting these types of assets to those responsible for installing the agent, and then they tell us, "Hey, this is not a server, this is a fax," or "this is a printer." When things like that happen, we lose credibility.

The other issue that we saw with the functionality of Ranger is that if, for whatever reason, you have a product with SentinelOne installed but it is on a client's network, the SentinelOne agent starts scanning the ports and the network and goes to a honeypot. As a result, the client may think that it is being attacked because someone has reached its honeypot, when it’s actually us on the client's network. When you don't know that this is happening, it can generate conflict and tension with the clients. Once you know about the problem, you can deactivate that process, but sometimes it can have a negative impact.

Ranger does provide me with visibility of the network, but not completely because the assets it scans are often mistakenly identified regarding what type of device they are. A SentinelOne agent is worth a lot of money, and there is no point in putting it onto a printer, for example. It should have the ability to go a little further and be more precise.

Another very clear area for improvement, one that I don't understand why they haven't deployed it yet, is a self-updating SentinelOne agent. The agent has a version, and what SentinelOne proposed up until one year ago is that you had to be proactive in consulting the dashboard to see if your agent had reached end-of-life and then update it. Now, they've released a new feature where I believe you can schedule updates, so it makes perfect sense for the agent to update itself without any action on our part, and never go out of version. By simply connecting to the network it should be able to download and update.

This idea is not critical because SentinelOne updates many versions of the agent and, when one becomes obsolete, it does not mean that it no longer works. But this is something that SentinelOne should know how to work with. A solution could be that if you do not have the ability to auto-update the agent, SentinelOne would directly tell you which agents are not updated. That way, we would not have to go to the documentation, look at the dashboard, and filter the agents by version. It would be great if it were able to tell if the operating systems are unsupported so that we wouldn't have to look in the official documentation at whether the Windows Server is outdated or not.

If the agents self-updated, maintenance due to the update process would be minimal.

I have been using SentinelOne Singularity Complete for about two years.

SentinelOne is very stable. It has never dropped or caused any problems

We do not have it in any cloud. The agent is located on devices; we manage almost 10,000 computers. Our company has a presence in nine European countries, and SentinelOne is used in all of them. Our department is the group that supervises all regions, including Spain, France, the Nordic countries, Poland, Romania, the Czech Republic, Austria, and Switzerland.

We are continually deploying new agents because we detect more and more devices. SentinelOne will stay in our company until it dies, so to speak. With what it has cost us to get here, we will not change now.

Support responds in less than a day.

SentinelOne is a top partner in the industry.

Positive

Defender for Endpoint is more expensive than SentinelOne. Other solutions are more expensive and others are cheaper, but in terms of cost-benefit ratio, we’ll always stick with SentinelOne.

The detection and visibility over all assets, whether by the agent or Ranger, and the ability to take action as a result are worth it. It is all very intuitive, and for me, these elements are our return on investment.

All the portals, at the end of the day, are "first cousins", such as CrowdStrike and Palo Alto, although that's not exactly an EDR. We went to a global cybersecurity congress in London, and all the solutions were there: SentinelOne and its competition. At the portal, user, and other levels, they are practically the same. Each will have something that is better and something that is worse, but they are quite similar.

You have to do a cost-benefit analysis. Understand the context of your company. It is not the same for a bank or an insurance company compared to a company in the industrial sector that does not manage sensitive data. Understand your particular needs. After a cost analysis, if there is enough budget, choose SentinelOne.

The most important lesson I have learned using SentinelOne is to always listen to what the Vigilance Respond team says.

We are still chasing the benefits of the solution. The model is already deployed, but we are a very large company, and every day we find new devices that do not have SentinelOne. We are still in that phase of continual improvement, of improving the solution and achieving even more benefits. We are getting to the most isolated cases of, for example, servers that have little RAM, and we are debating if we should apply SentinelOne to them because, perhaps, the server will be affected more so. 

We are dealing with these small cases and continuously improving. You don't get all the benefits in two months; it is an ongoing process.

I would recommend SentinelOne, and if, in the end, it is a question of budget, choose it. If I became a CSO tomorrow, that is what I would do.

Foreign Language:(Spanish)

¿Cuál es nuestro caso de uso principal?

Soy parte del equipo de seguridad y nuestra estrategia es implementar este EDR en todos los activos de la empresa, en todos nuestros puntos finales. Queríamos una plataforma potente en términos de detección y respuesta a incidencias.

¿Cómo ha ayudado a mi organización?

Nos da una primera capa de seguridad. Además, hemos contratado al equipo SentinelOne Vigilance Respond, un SOC 24 horas al día, 7 días a la semana que monitorea y mitiga. En caso de que necesitemos escalar una alerta sobre cualquiera de nuestros activos, nos permite realizar un poco de análisis de inteligencia de amenazas y depurar cualquier activo sobre cualquier tema.

Ha ayudado a reducir las alertas gracias al servicio de Vigilance durante los dos últimos años. Esto incluye todo tipo de incidentes, ya sean críticos, de prioridad media o baja. La mayoría de las alertas las gestionan ellos y nosotros no las vemos. Solo vemos aquellos que requieren alguna información que solo nuestra empresa tiene, pero muy pocos llegan a ese nivel ya que Vigilance se encarga directamente de gestionarlos. Si tuviéramos que gestionar las alertas que gestiona Vigilance, entre el 30 y el 50 por ciento de mi jornada laboral se dedicaría a revisar alertas.

En general, ha reducido nuestro tiempo promedio de detección en aproximadamente un 70 por ciento, ya que actúa como una herramienta autónoma. Ademas, nuestro tiempo promedio para responder se ha reducido entre un 80 y un 90 por ciento porque contamos con el equipo DFIR, análisis forense digital y respuesta a incidentes de SentinelOne involucrado.

Al proporcionar esa primera capa de detección y respuesta, SentinelOne nos permite vigilar todos nuestros puntos finales y desde allí, gestionar si un equipo o un servidor se ha visto comprometido. Podemos aislarlo directamente de la red para que el malware o el ransomware no puedan propagarse ampliamente.

Nos ha ayudado a consolidar soluciones de seguridad, aunque si tuvimos algunos problemas. El equipo de DFIR responde rápidamente y el equipo de Vigilance Respond trabaja continuamente con nosotros, gestionando las alertas. Hacemos evaluaciones trimestrales y el equipo de soporte siempre responde bien, además interactuamos con la herramienta nosotros mismos.

El equipo de seguridad ha ganado una presencia y control sobre los equipos de la empresa que antes no teníamos.

Todo dispositivo que no tenga SentinelOne instalado es un riesgo y sin SentinelOne, la diferencia sería significativa. Ha ayudado a reducir nuestro riesgo organizacional en un 70 por ciento.

¿Qué es lo más valioso?

SentinelOne cuenta con tres servicios que están muy bien consolidados:

1. Soporte técnico, a través del cual te ayudan, sugieren nuevas configuraciones y resuelven dudas.

2. El servicio Vigilance Respond, que es un SOC 24 horas al día, 7 días a la semana, que trabaja y gestiona todas las alertas que se generan en SentinelOne en nuestros dispositivos. Es una primera capa de defensa que filtra muchas de las solicitudes. A veces terminamos escalando algo porque hay ocasiones en las que necesitamos entender si la alerta es un falso positivo o no.

3. DFIR, Análisis Forense Digital y Respuesta a Incidentes. Este equipo se encarga de hacer todo el análisis forense de un incidente, y tenemos contratada una determinada cantidad de horas con ellos. El nivel técnico de sus asesores es muy alto y te permite crear un informe forense de alta calidad, en caso de que tengas que escalar o informar a tu personal superior. El equipo de DFIR es excelente.

Otro aspecto que es muy bueno es la incorporación de la solución y la correlación entre las soluciones de seguridad. Optamos por SentinelOne porque te brinda visibilidad y control sobre todos los dispositivos en los que tienes implementado el agente. Esto es muy valioso porque, al final, todos los ataques entran sólo a través de una puerta de enlace, que suele ser la computadora del usuario y si no tienes visibilidad sobre esa computadora o capacidad de administrar, no podrás bloquear, reiniciar o ejecutar un análisis completo para ver si el usuario ha hecho clic en un enlace o si se ha descargado algún tipo de malware. Esta es una capa de visibilidad y gestión básica que cualquier empresa necesita.

Además, cuenta con una gran inteligencia de amenazas y correlación de actividades. No sólo detecta y responde a incidentes sino que también los previene.

¿Qué necesita mejorar?

Empezamos a utilizar SentinelOne Ranger, pero encontramos dos problemas. Quizás sean particularidades, pero conviene abordarlas ya que pueden hacer cambiar de opinión a otras empresas que estén considerando esta característica.

El primer problema es que, tal vez escanea todos los activos que hay en la red, pero la hora de discernir si un activo es un servidor o un portátil, tiende a fallar. No tiene un nivel de precisión muy alto. Hemos experimentado problemas al informar este tipo de activos a los responsables de instalar el agente y luego nos dicen: "Oye, esto no es un servidor, esto es un fax" o "esto es una impresora". Cuando suceden cosas así, perdemos credibilidad.

El otro problema que vimos con la funcionalidad de Ranger es que si, por cualquier motivo, tiene un producto con SentinelOne instalado pero está en la red de un cliente, el agente SentinelOne comienza a escanear los puertos y la red y va a un honeypot. Como resultado, el cliente puede pensar que está siendo atacado porque alguien ha llegado a su honeypot, cuando en realidad somos nosotros en la red del cliente. Cuando no sabes que esto está pasando, puede generar conflicto y tensión con los clientes. Una vez que conozcas el problema, puedes desactivar ese proceso, pero a veces puede tener un impacto negativo.

Ranger me proporciona visibilidad de la red, pero no completamente porque los activos que escanea a menudo se identifican erróneamente con respecto al tipo de dispositivo que son. Un agente SentinelOne vale mucho dinero y no tiene sentido ponerlo en una impresora, por ejemplo. Debería tener la capacidad de ir un poco más allá y ser más preciso.

Otra área de mejora muy clara, una que no entiendo por qué no la han implementado todavía, es que el agente de SentinelOne sea autoactualizable. El agente tiene una versión, y lo que SentinelOne proponía hasta hace un año es que había que ser proactivo al consultar el panel para ver si su agente había llegado al final de su vida útil y luego actualizarlo. Ahora, han lanzado una nueva función en la que creo que se pueden programar actualizaciones, por lo que tiene mucho sentido que el agente se actualice sin ninguna acción de nuestra parte y nunca se quede sin versión. Simplemente conectándose a la red debería poder descargarse y actualizarse.

Esta idea no es crítica porque SentinelOne actualiza muchas versiones del agente y cuando una queda obsoleta, no significa que ya no funcione. Pero esto es algo que SentinelOne debería saber cómo ejecutar. Una solución podría ser que, si no tiene la capacidad de actualizar automáticamente el agente, SentinelOne te indique directamente qué agentes no están actualizados. De esa forma, no tendríamos que ir a la documentación, mirar el panel y filtrar los agentes por versión. Sería fantástico si pudieras saber que sistemas operativos no son compatibles para que no tuviéramos que buscar en la documentación oficial si Windows Server está desactualizado o no.

Si los agentes se autoactualizaran, el mantenimiento debido al proceso de actualización sería mínimo.

¿Durante cuánto tiempo he usado la solución?

He estado usando SentinelOne Singularity Complete durante dos años aproximadamente.

¿Qué pienso sobre la estabilidad de la solución?

SentinelOne es muy estable. Nunca se ha caído ni ha dado ningún problema.

¿Qué pienso sobre la escalabilidad de la solución?

No lo tenemos en ninguna nube. El agente está ubicado en los dispositivos; Gestionamos casi 10.000 ordenadores. Nuestra empresa tiene presencia en nueve países europeos y SentinelOne se utiliza en todos ellos. Nuestro departamento es el grupo que supervisa todas las regiones, incluidas España, Francia, los países nórdicos, Polonia, Rumanía, República Checa, Austria y Suiza.

Continuamente implementamos nuevos agentes porque detectamos cada vez más dispositivos. SentinelOne permanecerá en nuestra empresa hasta que muera, por así decirlo. Con lo que nos ha costado llegar hasta aquí no vamos a cambiarlo ahora.

¿Cómo es el servicio y soporte al cliente?

El soporte responde en menos de un día.

SentinelOne es un socio líder en la industria.

¿Cómo calificaría el servicio y soporte al cliente?

Positivo

¿Cuál fue nuestro Retorno de Inversión?

Defender for Endpoint es más caro que SentinelOne. Otras soluciones son más caras y otras más baratas, pero en términos de relación coste-beneficio, siempre nos quedaremos con SentinelOne.

La detección y visibilidad de todos los activos, ya sea por parte del agente o del Ranger y la capacidad que tiene de tomar medidas valen la pena. Es todo muy intuitivo y para mí, estos elementos son nuestro retorno de la inversión.

¿Qué otras soluciones evalué?

Todos los portales, al fin y al cabo, son "primos hermanos", como CrowdStrike y Palo Alto, aunque no sean exactamente EDR. Asistimos a un congreso global de ciberseguridad en Londres y todas las soluciones estaban allí: SentinelOne y su competencia. A nivel de portal, usuario y otros niveles son prácticamente iguales. Cada uno tendrá algo mejor y algo peor, pero son bastante similares.

¿Qué otro consejo tengo?

Tienen que hacer un análisis coste-beneficio. Comprende el contexto de tu empresa. No es lo mismo un banco o una compañía de seguros que una empresa del sector industrial que no gestiona datos sensibles. Comprende tus necesidades particulares. Después de un análisis de costos, si hay suficiente presupuesto, elije SentinelOne.

La lección más importante que he aprendido al utilizar SentinelOne es escuchar siempre lo que dice el equipo de Vigilance Respond.

Todavía estamos descubriendo más beneficios en la solución. El modelo ya está implementado, pero somos una empresa muy grande y cada día encontramos nuevos dispositivos que no tienen SentinelOne. Todavía estamos en esa fase de mejora continua, de mejorar la solución y lograr aún más beneficios. Estamos llegando a los casos más aislados de, por ejemplo, servidores que tienen poca RAM y estamos debatiendo si debemos aplicarles SentinelOne porque, quizás, el servidor se verá más afectado.

No obtienes todos los beneficios en dos meses; es un proceso continuo.

Yo recomiendo a SentinelOne. Si al final es una cuestión de presupuesto, elígelo. Si mañana me convirtiera en un OSC, eso es lo que haría.

Our use case primarily involves using SentinelOne Singularity Complete for other clients as an EDR to monitor endpoint-related alerts, including malware and any malicious files, ransomware files, and any attack on endpoints such as servers or laptops. We use it as an EDR.

SentinelOne Singularity Complete has behavior-based AI that detects alerts that are not predefined without relying on predefined rules. For example, it detects zero-day attacks or any behavioral changes in the baseline of the user, or any suspicious anomalies through AI-based threat detection only.

In terms of SentinelOne Singularity Complete's ability to ingest and correlate across our security solutions, when using this AI SIEM, it provides any incident in a unified view only. It correlates and gives the information in one view rather than requiring access to other data sources. It connects the dots and gives a complete, correlated incident.

With SentinelOne Singularity Complete integrated with AI, false-positive alerts have been reduced significantly. I can say that 50% of false-positive alerts have been reduced, and we mostly get true positive alerts. I cannot say 100%, but the false-positive to true-positive ratio has been reduced by 50%.

We do not currently use the Ranger functionality option as it has not been enabled by our organization.

SentinelOne Singularity Complete itself is somewhat laggy and loads slowly at times. Sometimes when there are alerts in the dashboard, we cannot see them and it shows zero alerts. In this case, we have to log out and log in again and refresh it before we can see the alerts. We also experience some flickering issues. The UI needs significant improvement. In this case, I would rate it around 6.5 to seven on stability and performance.

I have been using SentinelOne Singularity Complete for one year and two months.

The mean time to detect with SentinelOne Singularity Complete depends on AI automation as well. Mean time to detect does not process for more than three or four seconds. We get real-time alerts that arrive as incidents occur. The product is performing very well in terms of MTDD and MTTR.

Scalability for SentinelOne Singularity Complete is good. It works well with all the endpoints, even if there are large numbers of endpoints. For example, in an enterprise environment, it performs well. Proper configuration and policies need to be set, but overall it is effective. I would rate it around 8 out of 10 for scalability.

Technical support is good. I would rate it 8 out of 10 because there is a feature of AI support. If we require any help with documentation, we receive it immediately. With a single prompt, we receive help with documentation, and those documentations are very clear.

I have previously used CrowdStrike. I can say SentinelOne Singularity Complete is better than CrowdStrike because it is more AI-capable and integrated. It gives us alerts based on behavior using the AI. In this aspect, I have only used CrowdStrike as an EDR, and I can rate SentinelOne as better than CrowdStrike.

Deployment of SentinelOne Singularity Complete is easy. Installing agents is straightforward. We can do it using Active Directory and group policies. It is easy to install agents in endpoints.

In my company, SecureIntelli, we are a team of 15 members with two leads. The 15 members use SentinelOne Singularity Complete on an everyday basis to monitor for our clients.

SentinelOne Singularity Complete saves 50% time for me and my team in responding to alerts, and it has reduced response time by 50%.

SentinelOne Singularity Complete does not require any maintenance from our end. There is maintenance scheduled once a month from SentinelOne itself. We receive prior notification if there is any maintenance scheduled, but it does not take much time. The system will be offline for no more than five minutes. The security is still maintained during this time. If any alerts come or if anything is automatically remediated, it is taken care of in the backend.

I would recommend SentinelOne Singularity Complete over others. If they are using CrowdStrike, I can recommend SentinelOne Singularity Complete over that product. However, it requires some fine-tuning of policies and configuration. If that is done correctly, it works very well as an EDR.

With Purple AI, it summarizes the alerts. Without much manual intervention, we can determine if it is a true positive or not by seeing the Purple AI alert summarization, what has been happening, what process activity is occurring, and what the user behavior is. It also provides recommendations on what to look for and what needs to be done to remediate the attack. This has helped us to respond to low and medium alerts very quickly, but it still requires manual intervention for high and critical alerts because Purple AI is not that accurate. Sometimes it gives more generic answers for any queries. In this way, we use Purple AI and it has benefited us.

I can say that with Purple AI, security is maintained in terms of data privacy. We cannot share it outside. I do not have much detail on this, but based on my experience, it is secure. There is no insecurity in using Purple AI and GenAI.

In terms of threat intelligence with Purple AI, it depends on the quality of the data that it is receiving. With AI analysis, it correlates with the threat intelligence databases, and if there are any matches, it shows whether the observable is a threat or malicious. It is very good in this aspect and it will be updating very frequently.

Purple AI summarizes the alerts in a very concise format. We can determine if it is a true positive or false positive by seeing a summary. Sometimes it is very precise. As it provides remediation recommendations as well, it is very helpful for us to respond in a shorter amount of time.

I am not sure about the financial aspect as I am in a technical department as an analyst and do not have much information on financial matters.

Overall, I would rate this product 8.5 out of 10.

I work with Purple AI and utilize it in SentinelOne.

In my day-to-day activities, SentinelOne Singularity Complete detects malicious activity or dynamic or static activity very quickly within the console.

I have been working with SentinelOne Singularity Complete, which is scalable and easy to deploy for the solution and has strong automation.

The main features of SentinelOne Singularity Complete that positively impact my organization are the useful rollback features, the anti-tampering mode, and automated local version upgrades or downgrades.

The rollback features represent the most usable feature of SentinelOne Singularity Complete. When a machine is infected, I can optionally roll back to the earliest date, providing ransomware protection.

Apart from the rollback feature, the most valuable features include the Ranger functionality, which provides network and asset visibility or endpoint visibility. It ingests logs from network sources and captures any threats, including the IOCs.

Overall, SentinelOne Singularity Complete helps me consolidate my security solutions, as it provides strong automation, reliable support, and valuable rollback capabilities.

I would like to see improvements in the hashes function, particularly in the hashes tab, as multiple hashes are difficult to add in the correct format in SentinelOne Singularity Complete for Windows, Linux, and Mac.

I would like to see included SIEM functionality, with enhancement in log collection capabilities in SentinelOne Singularity Complete.

I have been working with SentinelOne Singularity Complete for the last 2.5 years.

In terms of stability, I believe it is not prone to downtime; it is a stable solution.

I find it easy to scale up when necessary.

I evaluate the customer service and technical support of SentinelOne Singularity Complete as very supportive, with fast response times.

I have seen improvements in meantime to detect and respond, with detection times being very good, less than 15 minutes or even less than 10 minutes.

I previously worked with Trend Micro for EDR, XDR, and endpoint solutions.

The key differences between SentinelOne Singularity Complete and Trend Micro include the biggest benefit of automation, where most functions are automated, including threat detection and auto-remediation rules.

The initial setup of SentinelOne Singularity Complete was straightforward.

I have seen a return on investment with SentinelOne Singularity Complete solution, as it is very easy to understand and functions through one unified agent managing the cloud, SIEM, and EDR solutions.

I find the licensing cost to be very cheap, and implementation is easy, making it so easy to deploy for customers.

SentinelOne Singularity Complete has helped reduce my organization's meantime to detect by minimizing false positives, especially for hashes and IOC blocklist functions.

It is the best method for reducing alerts through the exclusion method in SentinelOne Singularity Complete.

I use the SentinelOne Singularity Complete Ranger functionality.

Ranger in SentinelOne Singularity Complete reduces alerts by capturing different telemetry from the network devices, which is important for my organization as customers mainly use it for both public and private networks.

I don't have specific data to share, but it helps through exclusion and performance-based interoperability to reduce alerts.

Regarding time saving, I find that SentinelOne Singularity Complete helps free up my staff for other projects and tasks as it is a very good product compared to other solutions.

My recommendation for organizations considering SentinelOne Singularity Complete is particularly on the hash part, especially for Linux.

Overall, I would recommend SentinelOne Singularity Complete to others, as I find the solution very good and easy to understand. I have given this review a rating of 9.