SentinelOne Singularity Complete Reviews

We use SentinelOne Singularity Complete as an endpoint detection and response solution to detect advanced threats in memory and protect our environment from ransomware attacks.

We are ingesting data from Singularity Complete into our team. The integration between Singularity Complete and Splunk works well, pushing all alerts from Singularity Complete to our soft tool. We have also looked at other SentinelOne products, but we only use a few of them.

We use Ranger to detect rogue sensors by scanning networks for endpoints that do not have SentinelOne installed. We do not use Ranger Pro.

Ranger is used to identify endpoints that do not have SentinelOne installed, ensuring 100 percent coverage. However, we also use a network access control tool to verify that endpoints have the necessary security telemetry and toolsets installed. The NAC tool can either orchestrate the installation of missing components, quarantine endpoints or simply notify us that components are missing.

The biggest benefit for us, other than mitigating the risks, is that Singularity Complete has raised the bar for red teaming, compared to the previous tool we were using. Some of the agent coverage in the previous toolset was becoming a limitation, but Singularity Complete gives us better coverage and visibility, both for red teaming and in general.

Over time, Singularity Complete has helped to reduce alerts. At the beginning of the implementation, we had to spend some time training the system, accepting events, and so on. However, over time, the number of alerts has been reduced.

Singularity Complete has helped our MTTD by providing broader visibility into our environment.

We collect a lot of telemetry from Singularity Complete. We then use this telemetry to search for malicious processes, which we would not have been able to see before. In other words, in addition to the standard setup that we expect, we are extracting additional telemetry from Singularity Complet to identify malicious processes and other types of threats running on endpoints.

Singularity Complete can be improved by allowing for better nesting of policies. Currently, when we create a policy and want to apply two different policies to an endpoint, we cannot do so. Instead, we must create two separate policies and place the endpoint in each policy, even if the only difference between the policies is slight. This makes the policy nesting process cumbersome and inefficient. Therefore, allowing for nested policies would be a valuable improvement to Singularity Complete.

The Endpoint Health telemetry could be improved. This is likely true of all tools, but I think it would be particularly useful for us to be able to see the sensor when it is running on an endpoint and starts to consume more memory, or if there is a memory leak. This would allow us to collect better telemetry on this topic.

I have been using SentinelOne Singularity Complete for one and a half years.

Singularity Complete is stable, but there are occasional instances where the sensor monitors a specific process that starts to malfunction, which is naturally possible. In these cases, we need to investigate and add an exception to prevent the sensor from monitoring the process so heavily, if it is a valid process so that it can return to normal operation. Therefore, there is a significant amount of tuning required. If the tuning is correct, Singularity Complete operates quite well and is certainly stable.

Singularity Complete is scalable. We have 2,500 endpoints. I know other organizations that have over 70,000 endpoints.

We have technical support that we can access, but I think it could be stronger. Currently, we deal with some local support, but their knowledge is limited. I would like to establish a closer relationship with SentinelOne International support, especially for the upgrade we are planning next year. I was in Tel Aviv in June and July and visited the SentinelOne offices to speak to them about this.

Neutral

Our previous solution, Cybereason was not very good at detecting things happening in memory, so we were looking to replace it with SentinelOne, CrowdStrike, or Cortex XDR by Palo Alto Networks. The replacement had to be able to see things happening in memory and deal with ransomware attacks. SentinelOne Singularity Complete was able to meet our requirements.

The initial deployment was slightly more complex than our previous tool because we needed to understand and implement the exceptions. These exceptions included both standard exceptions and our own custom exceptions related to how applications behave. However, the complexity is justified by the better coverage and protection that the new tool provides.

Three people from our company were involved in the deployment, which took about six months. This included removing the previous solution and replacing it with Singularity Complete.

The cost of Singularity Complete is similar to our previous solution but it comes with additional options such as Kubernetes integration. We make sure to benchmark the prices against other EDR solutions before renewal to ensure we are not overpaying.

I would rate SentinelOne Singularity Complete eight out of ten.

We started looking at the reception technology, but it was too much for us and required too many permissions. As a result, we did not proceed with it.

Ranger provides network and asset visibility, but we use other telemetry to build a data lake, which we then use to give us more holistic visibility.

Singularity Complete is definitely innovative. It offers better coverage of endpoints and sensors than our previous solution, as well as better coverage from red teams and other threats. It also provides us with much better telemetry from endpoints than our previous solution. This includes features that our previous EDR tool promised but did not deliver.

SentinelOne is a fairly mature product. I think we first looked at it about six or seven years ago when it first came out. It has definitely matured a lot since then. When we first saw SentinelOne, it had a lot of problems with automatically killing things without alerting us. However, we have definitely seen improvements in the solution from a product perspective. Additionally, there are now more modules and integrations available. We have looked at the reception part of it, as well as quite a few other pieces, including Rogue Sensor Pro. We have looked at a lot of little bits, so it has quite broad coverage in terms of what it actually will cover.

We have deployed Singularity Complete across the company and all lines of business, including our branches in South Africa and other parts of Africa. This includes approximately two and a half thousand endpoints.

Four people are managing Singularity Complete. Every six months we have to update the sensors. 

We have definitely told others about and shown them Singularity Complete, and we have told them that we are happy with it. When implementing Singularity Complete, we need to know what our expectations are and, obviously, test the solution thoroughly to prevent any negative outcomes.

I review the data logs from each SentinelOne agent using Skylight to develop queries. We have been using Star Alerts to create custom alerts based on those rules. We also partner with their Vigilance team for 24/7 monitoring.

We implemented SentinelOne Singularity Complete to gain widespread visibility into global markets and to facilitate easy agent deployment for EDR and XDR solutions.

SentinelOne Singularity Complete's interoperability with other SentinelOne and third-party applications is excellent. We recently used a proof of value to integrate some of our other email products, such as Proofpoint, with SentinelOne Singularity Complete. The ease of use has been amazing. Singularity Complete has been a great data ingestion platform, and we have already gained a wealth of data that we never had access to before.

Singularity Complete's ability to ingest and correlate data across our security solutions has been effective. We can see a significant number of events from our DNS logs, firewall logs, and email tenancy. Overall, it has performed very well thus far.

We ended up getting rid of QRadar and relied heavily on Singularity Complete. Singularity Complete allowed us to deploy the SentinelOne agent on a significant number of domain controllers and collect much more information than we could with QRadar alone. We needed to purchase additional licenses to quantify the data more effectively. However, Singularity Complete provided the same if not even more enrichment because it allowed us to see a lot of things about the transitioning of IP ranges, the ingressing of traffic from different IP ranges if they are open to the internet, and who is contacting those ranges via different endpoints. Overall, Singularity Complete has provided a significant improvement in data ingestion over our previous solution of QRadar.

Overall, we have seen a quicker response time with Singularity Complete. We are able to drill down into events in a much more granular way. This allows us to respond better, correlate the information that Singularity has gathered, and come up with a definitive answer to certain questions. Because of Singularity's enrichment of the data that we currently have, we are able to answer these questions more accurately, carefully, and with more specific timestamps. Since we have some of these deployed globally, it is very important for us to get the centralized time zones correct so that we know exactly when an event occurred.

Singularity Complete has helped us reduce the number of false positives. It provides us with a wealth of data enrichment, which allows us to distinguish between normal and abnormal events in our environment. This is important because we have billions of events happening every ten minutes across our many deployed endpoints. In the past, we would waste analyst time investigating alerts that turned out to be false positives. However, with Singularity Complete, we can now quickly identify which alerts are most likely to be legitimate and prioritize those for investigation. For example, if Singularity Complete tells us that a particular event has been seen a thousand times on one endpoint but only twenty times on another endpoint, we know that the twenty occurrences on the second endpoint are more likely to be abnormal and worth investigating.

Singularity Complete has helped free up our staff's time for other projects. With all the data enrichment that Singularity Complete has provided us, we are no longer chasing false positives. We are able to set our custom Star rules so that we receive the alerts that are most relevant to our organization, rather than broad alerts that may or may not be relevant. This allows us to focus our attention on what matters most and to investigate more accurate alerts. As a result, we are able to dedicate time to other projects. Before Singularity Complete, our analysts spend two to four weeks. With Singularity Complete in place, we've seen a reduction of two to three weeks, depending on the vendor. On average, analysts now spend three to ten days analyzing logs.

Singularity Complete substantially reduced our MTTD.

Our MTTR has been substantially reduced by Singularity Complete. We are now able to respond within the hour of receiving the alert.

Singularity Complete has helped our organization save costs by eliminating the need to replace equipment infested with malware. We can now detect, remediate, and roll back malware attacks as needed, thanks to the visibility that Singularity Complete provides. We can drill down into actual alerts, not just false positives, and eradicate any malware that may be infecting our systems.

Singularity Complete has reduced our organizational risk by providing us with much broader visibility into various endpoints deployed globally. This allows us to see what is normal in our environment, rather than reacting to what may not be normal.

The most valuable aspects of SentinelOne Singularity Complete are the ease of deployment with the Sentinel Agent and the enhanced visibility with Skylight, which provides correlation of logs and all endpoint data in a centralized location.

The ingestion and correlation of data would be improved by integrating with email security solutions such as Proofpoint or our email security solution. We do not yet have a marketplace integration, so we had to build it from scratch. As a result, it has been somewhat difficult for this particular use case, but the data is available and we are able to correlate it with users, not necessarily with endpoints, but we are making progress.

We often experience interruptions to our investigations in SentinelOne Singularity Complete. It would be helpful if we could resume our search query from where we left off, even if we lose internet connectivity or the platform is caching results. This would reduce our MTTR by eliminating the need to wait for the platform to load results again. We expect some load times due to the amount of data in our environment, but the current load times are too long and sometimes produce no results. We would like to see the overall response time of the platform improved.

One area for improvement would be per-user dashboarding. This may be a permissions issue, but we currently only have organization-wide dashboards. I think per-user dashboards would be beneficial because they would allow users to focus on their specific investigations. For example, when a user opens Singularity Complete, they can see a dashboard that is tailored to their current investigation.

I have been using SentinelOne Singularity Complete for three years.

I would rate the stability of SentinelOne Singularity Complete as a seven out of ten. We have sometimes encountered problems where queries do not load or take an abnormally long time to load, especially when we are narrowing down the search range to a fourteen-day period, which is standard for us. We have also seen queries that run for twenty minutes or so and then log us out. Additionally, the time narrowing feature, or at least the custom time slots, where we can specify a date, such as September 18, may not work depending on how we write the query. We have had to get used to the custom syntax for the time stamps. Finally, we have sometimes seen data that does not update as often as it should.

We have not experienced any problems with scalability. We are able to onboard new machines, and within a day or two, we see more data populate for those machines. So far, scaling has been very helpful for us. This is one of the reasons why we wanted to onboard with Singularity Complete, to get that visibility and to get it right away.

Most of the technical support team members I have spoken to at the level two and level three levels of support have been very helpful and willing to share resources and documents from the help portal and knowledge base articles.

Positive

We previously used IBM Security QRadar but it did not provide the level of data ingestion we required so we switched to SentinelOne Singularity Complete.

We have seen a return on investment from SentinelOne Singularity Complete, based on our reduced time to detect and respond to threats, as well as the overall risk reduction to the organization.

Our organization is very satisfied with SentinelOne Singularity Complete, especially compared to other options available. It is very affordable and easy to license, and it allows us to onboard new analysts quickly, with a turnaround time of one day at most.

We evaluated CrowdStrike, but the way their deployment platform worked would not work for our organization.

I would rate SentinelOne Singularity Complete eight out of ten.

We just started using Ranger this week. So far, we've done small test use cases to see what our endpoints can communicate with. Ranger has identified a significant number of machines, including printers, other endpoints, and personal machines, which gives us a better understanding of our network security.

SentinelOne Singularity Complete has come a long way. I believe it used to be called Power Query or even Data Set at one time. We're currently using the Skylight portion of Singularity Complete, which is a newer addition. Compared to where it was, Singularity Complete is now leaps and bounds ahead. It's the product we use when we need a lot of raw data and the ability to customize what we're looking for in our environment. The wealth of information that we get from every endpoint with the Singularity Complete agent installed allows us to create a large number of custom rules and alerts. This saves us a lot of time, especially for our analysts, who no longer have to respond to as many false positive alerts. 

We have a maintenance process in place for our custom rules and alerting. We have a dedicated team of members who are responsible for maintaining these aspects, but overall, we have not encountered any major issues that have impacted our team. A lot of this maintenance does occur outside of office hours.

With SentinelOne Singularity Complete, experiment and use it to its fullest potential, even if a mistake is made. It is a robust platform, so causing any serious damage is unlikely. Some specific features to play around with include custom roles, alerting, fields, power queries, search queries, data retention, and customized displays for the analysts. Tailoring the platform to specific needs will help get the most out of it. Singularity Complete collects a lot of data, so make sure to parse and categorize it in the most efficient way for the organization.

We have deployed SentinelOne Singularity on each end-user machine, as well as on the majority of our servers, utilizing it as an antivirus solution. Additionally, we employ SentinelOne Vigilance for our Security Operations Center. Moreover, we extensively utilize this solution across all our machines for tasks such as inventory control, asset tracking, and software monitoring. Furthermore, we have incorporated Ranger AD to enhance security within our active directory setup.

We use Ranger and Ranger AD. We incorporate the data from our SentinelOne Singularity into our SIEM. Moreover, in terms of Ranger, they are both accessible through the same console. When I click, the information is readily available. It's quite straightforward. Furthermore, concerning the transmission of logs to our SIEM, I don't believe we've ever encountered any problems with the initial setup or ongoing functionality.

Ranger offers visibility into our network and assets, which is quite significant. While other tools are available, having this functionality integrated is advantageous since we have it incorporated into a couple of our tools. This covers everything from our switches onward; although there are different options available, Ranger stands out because we are already using Singularity for other purposes. Hence, having it included is beneficial. While it may not be a decisive feature, it's something we always keep enabled.

It is important that Ranger does not necessitate new agents, hardware, or network changes. The fact that it's present, and functions seamlessly, alleviates any need for concern on my part. Furthermore, it effectively identifies new elements.

SentinelOne Singularity Complete has helped improve our response time. In areas where we don't have twenty-four-seven support, VigilanceOne will take over. We use VigilanceOne through SentinelOne, and it ensures constant monitoring. This makes me feel more at ease, knowing that there's continuous surveillance. With the addition of Ranger, Ranger AD, and VigilanceOne, I believe we have gained better insight into our entire network. This combination offers us an added layer of comfort.

It has helped reduce our MTTD and MTTR.

It has helped reduce our risk overall.

SentinelOne Singularity Complete is exceptionally proficient at alerting and identifying any anomalies or unusual behaviors on the machines. While we do encounter false positives, it has successfully detected several instances of malicious activities on the machines. Having the capability to gain insights across our network, observe all our machines, and have a centralized view of what's protected and where things are is incredibly advantageous.

The process of uninstalling and reinstalling older agent updates needs improvement. I am aware that the newer versions of SentinelOne that they have been working on are more effective. One of our major frustrations arises when we attempt to remove SentinelOne Singularity Complete from a machine and it only partially uninstalls.

The initial tier of support, when we call or engage with them in conversation, assigns a representative to assist us. However, we have occasionally encountered difficulties with the initial person, either due to their lack of knowledge or failure to follow through. In such cases, we have had to seek assistance from others or navigate through basic support on our own. Despite this, it appears that everything is progressing in the right direction. This is why we chose to renew our contract with them and even expand our range of products with their company.

I have been using SentinelOne Singularity Complete for three years.

I would rate the stability a nine out of ten.

I would rate the scalability a ten out of ten.

My feelings are moderate towards the technical support.

Neutral

We had Sophos Intercept X Advanced Cloud Security initially. We had acquired all these tools through a different program. Despite having these tools, a virus managed to get through and bypass all our defenses. This is why we opted for SentinelOne Singularity Complete – we wanted to test the effectiveness of the AI-based approach compared to the traditional signature-based method.

The initial setup was quite straightforward. During the initial phases of deployment, we had a couple of helpful individuals assisting us with the solution deployment, which resulted in a relatively smooth process.

The deployment was carried out by two administrators collaborating with one or two individuals from SentinelOne. Subsequently, we needed to initiate the installation and verify the installs. Consequently, I assembled a team of technicians for this task as well. To be specific, there were around two administrators and possibly four to six technicians dedicated to checking and ensuring the proper functionality of the setup. This was necessary due to the replacement of the old solution across twelve hundred machines within a limited timeframe.

The implementation was completed in-house.

I believe that the current pricing and licensing structure is fair. While it may not be a budget-friendly solution, I think it's reasonable considering what we are receiving.

We evaluated other solutions through online research, but we were recommended SentinelOne Singularity Complete by a company with which we were collaborating. Since the solution performed effectively during our cleanup process, we decided to continue using it.

I would rate SentinelOne Singularity Complete a nine out of ten.

SentinelOne Singularity Complete has matured over the last two years and is a more complete product.

Moderate maintenance is required to keep up with the end users.

I do consider SentinelOne a partner. I do believe that their program is developing, but I wouldn't use them for all purposes everywhere. This is due to my mindset. Nonetheless, I do perceive that SentinelOne is increasingly becoming more of a partner.

We use it for endpoint security for all of the systems in our environment. We have servers and workstations. We have macOS and Linux operating systems, and we are using it as an EDR/endpoint protection platform.

There is a lot of improvement from a security maturity perspective. Even though we have a very reputable and well-known SIEM, one of our go-to applications in our environment is SentinelOne. On a daily basis, almost all my staff or my analysts use it and operate it every day. It gives us a lot of information and a lot of data about what is going on. In addition to the detections, we are able to use and leverage Binary Vault. We could also use Remote Script Orchestration, which is an add-on that we could add to the platform. It allows us other functionalities that we would not normally have with another product in the same category. It allows us to run scripts on endpoints remotely out of the SentinelOne administrative GUI, which we use for all kinds of purposes. It has improved our abilities significantly in what we can do.

We have visibility into all our systems. We have visibility into malware or any suspicious activities that are occurring. We have the ability to quarantine systems based on the risks. If there is something going on, we have the ability to do that. We can also run remote scripts on systems, and we can control certain types of devices such as USB access. We have the ability to control what people can do with USBs. That is another functionality we use.

Most traditional antivirus platforms are very basic in terms of how you add exclusions. Usually, you completely exclude an application from detection. They do not provide you with various modes or various levels of visibility into an application. SentinelOne provides different levels of visibility, so you can have a level that has some visibility and does not completely make the application invisible to SentinelOne. It is the first platform that I have ever worked on with such capability. Instead of just a binary exclusion on or exclusion off, they provide different interoperability modes. There are five interoperability modes. Some are performance-focused, and some are visibility-focused. They allow you to select the mode that will give you the best balance of visibility and performance depending on the application. It is very handy. Most endpoint security platforms, antivirus, and EDRs are binary. You apply the exclusion and have zero visibility into what that particular application is doing in your environment. With SentinelOne, you can implicitly trust, or you have the ability to say that you trust it, but you want to have an eye on it if anything ever happens. For example, your third-party software is compromised, as happened with SolarWinds, and it starts doing funny things in your environment. That is what the interoperability exclusions give you with SentinelOne. This is an excellent feature.

In terms of its ability to ingest and correlate across our security solutions, they have recently added the Singularity marketplace in XDR. Not all of them but most of them are included in the license. We do leverage it. It gives us additional context. For example, we were able to add the VirusTotal API, which adds the context of what VirusTotal has in terms of information on a particular detection or binary that is detected in SentinelOne. They are starting to build those APIs out. We are able to add more context from other third-party applications. It is excellent. It is at no cost to us. We are using quite a few of them already for other platforms that are built out of the box. We are starting to leverage any out-of-the-box APIs for the platforms that we have.

It has helped us with a little bit of consolidation. We were able to consolidate the device control. We were using another platform for that. We had another completely separate vendor for USB control, and now, we have decided to not renew that license and move all the controls through SentinelOne.

It has not helped reduce alerts. The point is not to reduce alerts. It is to increase alerts. The point of Singularity is to reduce incidents, and, we for sure, have achieved that. The point of the Singularity platform is to block things that we do not want to occur in our environment or at least have visibility to them so that we can take action. If we were to strip it out completely, the organization would be in a much worse place.

It has helped free up our staff for other projects and tasks because the incident response has diminished. I do not have my analysts responding to threats. I have them just validating when something is detected to ensure that we are okay. For sure, it has freed them up. There are about 25% of time savings.

It has reduced our mean time to respond (MTTR). Without it, we would not have very much visibility into detections. It has improved our mean time to detect by 80% to 90%. If we did not have Singularity Complete, we would have very little visibility on the endpoints at least, and that is where most of our threats are occurring.

We have a service from SentinelOne called Vigilance. This service has reduced our mean time to react or respond. This 24/7 service has improved our mean time to respond significantly because it is the SentinelOne analysts who are responding. It has improved our mean time to respond by 80% because they are performing the analysis. They are the experts, and they are looking at the detection in our console. We do not have to go out and try to perform that same level of understanding of what we have just seen. Their experts take a look at that. Instead of spending hours and hours trying to figure out what we are seeing, it is literally down to just minutes by the Vigilance team. It is a separate license that we have incorporated with our Singularity license. It is a part of their MDR solution. It is a service they offer.

It has overall reduced our organizational risk.

The EDR functionality of the platform is what we use the most. That was the primary reason why we got SentinelOne. That is what we use the most in terms of functionality.

The ease of use can be better in Deep Visibility. It is not always the easiest. If I have not been in there in the Deep Visibility module for a long time, I do not always find it that easy to use. I tend to go and have to consult the help quite often if I have not been in there a long time. I am not a primary user of the application, so I do not always find it second nature to go in there and gather information. It could be a little easier. 

We have been using this solution for four years.

Its stability is next to nothing. It probably has an uptime of 99.99%. The only issue you would have is that the agent sometimes becomes unresponsive or corrupt, but there is not a single application in the world where you do not have some level of corruption or issues that may arise. If anything, it is much better than the others that we have.

It is very scalable. We have doubled the number of licenses or agents we have had in the last three years, and we have not had any issues.

They are excellent when it comes to interoperability and exclusions. For example, you may have somebody in your environment complaining about slowness, or you may have several situations where end-users may report that a certain application has been slow on their computer. SentinelOne gives you the ability to remotely pull the logs off a computer and send the logs to tech support for them to perform an analysis. They can perform their analysis from the logs and come back to you and say, "From what we are seeing, it looks like you have an application running application ABC that seems to require an exclusion. We recommend this interoperability type." All you have to do is say, "Oh, perfect. Thank you very much for that information. Add the exclusion." They have done all the analysis for you. You check back with your end-user to see if that has rectified the situation. In almost every circumstance that we have run into, it got rectified. I have never seen that type of analysis performed by an EDR or endpoint protection provider before. It is the first time I have seen that. This aspect of their support is excellent. However, some of the other things are not always detailed enough in terms of what we should be doing. They can be a bit vague, and if it does not help the situation, they may have to raise the issue to a different tier. So, they can be a little vague about exactly what you should do, but at least they set you on the right path. Overall, I would rate them an eight out of ten.

Positive

It was a product by Carbon Black called Carbon Black Response and Carbon Black Defense. We switched because Carbon Black was purchased by VMware at the time, and their customer service was diminishing substantially. Some of the older products that we still had by Carbon Black were not being supported as well as they were previously. Their technology roadmap was not fantastic. We started looking at other products. We found CrowdStrike and SentinelOne to be more up-to-date and more modern EDR solutions. We saw a noticeable improvement in terms of technology and detection. At the time, SentinelOne was priding itself on the level of number of detections it could detect. A lot of that came into the reviews of the product at the time and the type of tests that it was undergoing and its performance in those tests. That was a primary reason for deciding to go with SentinelOne and going away from Carbon Black. Pricing was another excellent aspect of the platform.

They host the platform in the cloud. It is a SaaS application for us.

Its deployment was extremely straightforward. All you have to do is deploy their agents on your computers. The agent checks in with your cloud console, and you start retrieving information immediately. Carbon Black Defense has that capability as well, but we went with SentinelOne because it did have that cloud capability. When COVID hit, and everybody left the office to go home to work, it was seamless for us. We have full visibility into every single system and asset in the organization whether they are on-premises or off-premises. They could be traveling. They could be anywhere in the world. As long as they have Internet connectivity, we have full visibility into their computers.

In terms of maintenance, the only maintenance that is required is to maintain the health of the agents. Sometimes the agents can become corrupt or stop functioning, so you have to ensure that you are checking for assets in which you run into those situations. The other thing would be the agent versions. You have to maintain agent versions as new versions of the agents come out. You can either automate it so that your agents get updated automatically on whatever schedule that you want, or you can do it manually. You can also do it through some other software deployment platform. That is the only thing you have to do maintenance on. The backend is all maintained by SentinelOne. All the updates to the console environment are taken care of by SentinelOne. Because it is a SaaS application, the only thing that the customer is responsible for is the agent deployment and upgrades.

We worked directly with the SentinelOne team. From our side, there were two of us. From their side, there was probably just one engineer.

It has helped our organization save costs. In terms of metrics, I can only go by what other competitors were charging at the time, and we got it at a significantly better price than what some of the other competitors were charging.

The ROI is not just from the platform itself. It is also from the Vigilance service perspective that has freed up my guys to do many other things. It saves my analysts at least two to three hours per day in man-hours, so there is a huge return on investment there. For the price that the service costs, it is extremely good value.

Their pricing was extremely competitive. That is why we stayed with them so long. We are renewing at the end of next month. We have already put in the approval. It is all set to go. We are renewing for another year or so year over year. It has been a very effective product, and it has been priced very competitively.

To someone who is researching Singularity Complete, I would say that it is excellent in terms of quality and maturity.

I would advise performing an extensive proof of concept. If you have the ability to use a security tool validation platform to test out multiple platforms before choosing one, that would be a good idea. You should also understand various modules that are add-ons to the platform. It is extremely important.

I have used the Ranger functionality, and I am very familiar with it. It provides network and asset visibility. You can configure the agent to scan the subnet that it sits on and look for other assets that are missing the SentinelOne agent. You can create a policy saying that if a device sits on a specific subnet and has, for example, more than five systems, try to interrogate those systems to see if they are the systems that may be eligible for the SentinelOne agent but are missing one. We did not renew the license for that specific functionality of SentinelOne about a year ago. We decided to go with another vendor to give us that type of visibility.

Overall, I would rate SentinelOne Singularity Complete a nine out of ten.

The whole purpose of having the product is to have endpoint security and visibility with those endpoints as well. After an evaluation period, we determined the product would be a fit for our organization.

The security and visibility we have on all endpoints helped our organization immensely.

There's not one particular item that stands out the most besides the availability of the product itself. We're a small organization. Having the visibility and the protection that it provides helped out greatly. Plus, it fits with our requirements.

The product does not have to go across a lot of different solutions. We don't have a cloud or anything like that where we have to push it in terms of visibility. The deployment is fairly simple. In the end, the overall visibility of it is very simple and the usability has been very simple for us as well.

So far, it helped to reduce our alerts. Based on the application that we would utilize prior to this product, the alert reduction is similar. It is not 100% the same, just similar. They gave us some visibility into what was going on, which provided a 30%, if not more, alert reduction.

It helped free up staff time. Using this solution, we don't have to keep our eyes on it 100% of the time.

It reduced our mean time to detect and respond. 

The product helped reduce organizational risk.

The overall product quality is good. I'd give it three and a half stars out of five. It checked all of our boxes. It met the requirements of the security we needed.

If for some reason, we were breached, it gave us the comfort of knowing that we could either automatically set the product to fix the issue or at least record it and let our team go in and resolve the issue. However, it also has the data to hunt the threat if need be. It's given us so much more than we would have expected from a product. Their dashboard is great. We log in and we get everything we need to know right out of the box on our dashboard. If we have anything that's infected it will tell us all of that information in real time. In our environment, it works without giving us any issues or slowing down our productivity in the process. The agent that runs on the system is not heavy. It's easily portable.

Initially, when we first deployed the solution, it caused some third-party connectivity issues. It would see it as an application that was not secure. However, we were able to put in a white listing, to help us operate well. We had to do that with around five applications that we ran. Once we applied those fixes, we haven't had any issues since.

I'd like them to make it easier to log in. 

I've been using the solution for 4 years. 

I have not experienced any downtime with it. It has not crashed. 

It won't run on our accounting server, and we're not sure why the agent caused the conflict with this particular server. Beyond that, it's fine.

****Update: This has been resolved since this review

We deployed the solution to about 200 endpoints. 

We've only contacted technical support for the licensing portion of the process. They were very helpful and very straightforward. Everything was right on the money. Once we made the call over the ticket, we were contacted and it was resolved while we were on the phone.

Positive

We used Fortinet as well. We've used a few products and this solution does everything we've asked it to do. It was a good replacement for the free Fortinet solution and it protects against things Fortinet does not. 

In the past, for some reason, we found that somehow or another, the agent was disabled, and we have not determined as to why that is just yet. 

I was involved in the solution's initial deployment.

The deployment was fairly easy. We had a product that allowed us to push the agents out there. It was time-consuming based on the fact that we didn't have full automation. The only other drawback was when it was going through and doing some form of machine learning, it would block certain applications that we had to whitelist with the system in order to get it to work. However, we deployed it in less than thirty days, and it's been running everything well since then.

Our team, comprised of four people, handled the implementation. 

There isn't really any maintenance needed. All the agents update well. It is fairly automated.

The initial onboarding was done with SentinelOne. After that, we took it from there.

The pricing is good. It's a big factor for us. Their pricing comes in much less than Fortinet or CrowdStrike.

We looked at similar products, such as CrowdStrike and other versions of Fortinet.

I'd rate the solution a ten out of ten.

I'd advise new users to do a proof of concept. That way, you get some time with the system before you deploy it into the environment, and you can iron out issues. If you have 1,000 endpoints and only 1% of the issues that we ran into, it would still be significant, and you'd want to deal with them head-on to make the full deployment easier. 

This is our primary and only EDR in our environment. We have this deployed to corporate workstations and servers, utilizing a variety of operating systems including Windows, macOS, and various Linux distributions. The data ingested into Deep Visibility provides great insight into what is going on in our environment. The XDR capabilities in there almost make you not even need a traditional SIEM anymore. The Identity solutions involing Active Directory security provide great information on our environment for continuously auditing and remediating threats.

SentinelOne's ability to prevent, detect, and respond to threats like ransomware and zero-days without requiring immediate human intervention saves us a lot of time and manpower. We have seen multiple occasions of rogue applications, suspicious downloads, and unauthorized USB drives get flagged and quarantined before anything could happen.

We have gained 2-3x more visibility into our endpoints with the benefits from Deep Visibility. The timelines created from incidents paint a very accurate picture of what happened in a given time window.

The platform has significantly enhanced our security posture through three key areas:

1. Unified Visibility and Simplified Integration (XDR):
   • Excellent Data Correlation: The solution excels at ingesting and correlating data across multiple security tools (we integrate it with three to four other platforms) inside of Deep Visibility. It doesn't just receive data; it processes it to provide actionable insights, saving us significant manual parsing time.
   • Seamless Integration: We rarely need custom API work due to its strong native integration support with our common platforms, streamlining our security architecture and allowing us to consolidate several tools into the platform itself.
2. Network Visibility (Ranger):
   • The Ranger functionality provides comprehensive network and asset visibility without requiring new agents, hardware, or network changes. 
   • Ranger has enabled us to quickly identify and manage numerous unknown endpoints, successfully reducing our unknown endpoints count from hundreds down to single digits.
3. Improved Security Metrics and Risk Reduction
   • Thee solution has measurably improved our Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR), giving our SOC quick alert times and the ability to react almost immediately to incidents.
   • We estimate it saves us several days' worth of analyst time overall. While direct financial savings are hypothetical, the platform has clearly and significantly reduced our organizational risk compared to our previous security posture.

The grouping feature needs improvement. There are many times I've wanted to do blacklisting or exclusions for specific people in a group, however, I don't want to remove them from the group itself. Giving admins the ability to create subgrouping would allow for all parent exclusions to be applied without the need to create all new scopes. 

The integration of an MFA push when signing into the admin console. I know this is a small thing but it is much more convenient to accept a push versus scroll through my many 2FA profiles to find the code for SentinelOne's platform.

I've been using the solution about 5 years while being on both an IT support team and Cyber Security team.

They are pretty stable. The company is expanding at a good rate and they are releasing new features to maintain the stability effectively. Downtime on their end has been very minimal.

Technical support is quick and helpful. They do a good job of addressing issues at level one and escalating if needed.

Positive

We are at about 98% deployment. There are endpoints that pop up that don't have the agent to get it, however, we're past the deployment phase or past the initial configuration phase. It's all just maintaining and tweaking, and as new features come out, we adjust.

I wasn't here for the initial deployment process. I've done a lot of configurations for new features that they've implemented.

Our team does general maintenance. They do a really good job of giving you the information you need to troubleshoot. Their knowledge base is very helpful to those brand new to the console and even more experienced users of SentinelOne.

The solution seems to be quite innovative. They are coming out with new features every month and continue to roadmap impressive products for the future as well.

This is a great product. If a company is unhappy with its current EDR, SentinelOne is a good choice. They are acquiring a lot of companies and solutions to add to their roster in order to provide a more centralized platform. I look forward to what they will bring in the future.

I'd rate the solution nine out of ten. It's going to be a good one-stop-shop and I enjoy working with them.

We use Singularity Complete for end-to-end endpoint security protection, including EDR integrated with other platforms for XDR. The ransomware rollback feature of Singularity is a key reason for its use. 

It is primarily for integration with SIEM to have a single pane of view, integration with web security for sharing insights, and automation of remediation tasks. Additionally, network discovery from the Singularity platform is used to identify rogue devices quickly.

Visibility is greatly improved with Singularity Complete as it allows visibility into endpoint devices and the processes running on them. 

The most valuable feature is the ransomware recovery and rollback feature. The platform's ability to easily integrate with various other platforms is also highly valuable.

It also enables integration with other technologies, saving costs associated with having point solutions. The integrated system allows for significant automation, reducing the time and effort needed for management.

The mean time to response has reduced from hours to minutes due to integrated automation systems.

Improvement is needed in terms of product support. The compatibility with new legacy systems should be enhanced as other EDR products support these systems, which Singularity does not.

I've been working with Singularity Complete for three years.

Singularity is a very mature product that supports most assets available in any enterprise environment. It runs seamlessly without challenges.

Singularity Complete is suitable for large and mid-scale enterprises.

Technical support could be better. I would rate it around six on a scale of one to ten.

CrowdStrike is a competitor. Singularity is better because it supports the ransomware rollback feature.

The setup process is simple and user-friendly.

Initially, anyone can deploy out of the box. When tuning aligned with the environment is required, assistance from a system integrator is recommended.

Integration helps save costs by reducing the need for point solutions.

Pricing is not pocket-friendly. It can be difficult for small-scale companies.

SentinelOne's main competitor in the market is CrowdStrike. However, Singularity Complete is preferred thanks to its ransomware rollback feature.

We provide SOC services for mostly UK clients and use SentinelOne to monitor our clients' endpoints and remedy threats. Some threats are remedied automatically, but others require investigation. We analyze the file and log any new vulnerabilities in our threat intel account. 

Singularity Complete is a one-stop solution that encompasses all the endpoint protection solutions from SentinelOne. We've eliminated about 99 percent of our other solutions by switching to Singularity. It's easy to integrate SentinelOne logs, and we don't need any other tools for threat hunting or SIEM. Everything is on one platform. You can fully realize Singularity's benefits after about 3 months of deployment and training.

The solution is supported by Vigilance, SentinelOne's MDR service. They monitor 24/7 since we have other things to do. We have an SLA that threats will be mitigated within 45 minutes to an hour after detection. Singularity has virtually eliminated our organizational risk from threats. 

Singularity's threat-hunting platform is user-friendly, and I like the built-in remote access feature. External parties can log in securely via the S1 agent. It's easy to integrate S1 logs with our SIS. That's one good thing. We don't need to use any other tools, like a SIEM. 

I would like SentinelOne to add a threat-hunting report and more UEBA features. They could add more SIEM functionality. It would be nice to have the ability to easily drag all the logs from the agents, so there's no need for multiple agents installed on the endpoint. 

I have used Singularity Complete for a year and a half. 

We haven't seen any downtime outside of normal maintenance windows every few months. 

Singularity's scalability is good. 

I used CrowdStrike before, but SentinelOne is easier because I can do more stuff on that. For example, let's say I want to fetch some files from an end user's machine or install something, but I do not manage the machine as a security person. If we need to do something inside, I can do a full scan and use remote access to see everything. 

The SentinelOne suite is appropriate for our use case. If the scope and tasks were different, another EDR might be better. CrowdStrike has built-in UEBA, but it's not as user-friendly as SentinelOne. 

I'm not involved with purchasing decisions, but I believe Singularity must be cost-effective because the management selected it. 

I rate SentinelOne Singularity Complete 9 out of 10. It's an excellent solution for monitoring and managing endpoints. I recommend doing SentinelOne's training to familiarize yourself with how to leverage the entire product.