SentinelOne Singularity Complete Reviews

I use SentinelOne Singularity Complete as our next-generation antivirus on our endpoint. I review detected malware and verify whether it is legitimate or a false positive. Additionally, we can control endpoints, such as correlating them or blocking specific activities on any endpoint. We also have visibility into what is happening, including what is installed, being installed, or uninstalled on endpoints.

SentinelOne Singularity Complete can help reduce alerts, but we must first add exclusions based on our existing features to keep the false positive rate low.

SentinelOne has helped our staff save time investigating and handling incidents.

It has helped reduce our MTTD and our MTTR.

The hunting feature is most valuable for detecting malicious or suspicious activity.

The way Singularity Complete handles blocking external mass storage is annoying because it is so difficult to unblock single endpoints. We can only add a general rule to block everything, and we cannot add any exceptions. Additionally, Singularity Complete uses different names for endpoints other than the actual actions that will happen or be taken, such as quarantining a device. This is also confusing, as the wording used by Singularity Complete is slightly different from other endpoint security solutions and can be difficult at the start.

I have been using SentinelOne Singularity Complete for almost three months.

Singularity Complete is stable.

Singularity Complete is extremely scalable.

Technical support is super helpful. 

Positive

The price of Singularity Complete compared to some of its competitors is competitive.

I would rate SentinelOne Singularity Complete eight out of ten.

SentinelOne Singularity Complete has room to grow, but it is overall very good. It is a mature software product with an awesome UI. There are many options and actions available. 

No maintenance is required from our end.

SentinelOne Singularity Complete is a straightforward, stable solution that is easy to learn.

We use SentinelOne Singularity Complete as the antivirus for our computers.

We wanted a solution that could maintain the protection of our computers so we implemented SentinelOne Singularity Complete.

SentinelOne Singularity Complete is a lightweight application with a quick threat response.

Singularity Complete has helped reduce our alerts with prompt responses.

Singularity Complete has freed up several hours of our staff's time each week, allowing them to focus on other projects. They no longer need to manually monitor hundreds of computers, as they now have a single dashboard to manage them.

It has reduced our MTTD through prompt action taken against the vulnerability or threat.

It has also reduced our MTTR through quick notifications that allow us to respond within minutes.

Singularity Complete has helped us reduce our organizational risk.

The management dashboard is the most valuable feature.

The most difficult part of using Singularity Complete is logging in, as they often update the management console. I don't know if our accounts become disassociated or what the deal is, but if we don't log in within a certain amount of time, we have to go through a password reset or account reset process.

I have been using SentinelOne Singularity Complete for around five years.

SentinelOne Singularity Complete is stable with no downtime.

SentinelOne Singularity Complete is scalable.

The technical support team is prompt.

Positive

The price is fair for what we are getting.

I would rate SentinelOne Singularity Complete nine out of ten.

SentinelOne is very mature. It's a lightweight application that does not waste a lot of resources, and the quality is definitely good.

Singularity Complete is a self-sustained standalone application that updates to the cloud. Every computer checks in and updates as needed.

I manage our future application deployments and ensure that Singularity Complete is automatically pushed out and kept up to date.

SentinelOne is a good overall security partner.

It's always worth testing out different solutions and finding the one that works for each organization. But as far as SentinelOne Singularity Complete goes, it's been an easy process for our organization and I recommend it to others.

We mostly use SentinelOne to protect our computers and know which users are logging in.

SentinelOne gives the end-user and our IT staff a level of security, knowing that when they're downloading something, talking to a client, or looking at email, their computer is secure. And if, God forbid, they click on the wrong link or download the wrong item, SentinelOne will step in and block anything from happening.

The simplicity of the solution is key. There's only one portal to look at. I don't have to jump around to a couple of programs or combine multiple programs into one. It provides ease of management for me and my team.

And with Singularity, I don't have to worry as much about scanning. It has taken some of my daily activities away, such as system scans, identity scans, and making sure that everything is updated. Also, I now don't have to manually update anything on the laptops for security. The fact that SentinelOne can do that automatically has given me time back in my day.

It saves us at least a couple hours a week, and more if we need to do a full upgrade. If we're doing a full upgrade and have to update every SentinelOne client or any endpoint protection, it could take a day to touch every computer. Now, it takes five minutes to make a policy and push it. It all depends on what the day's workload is, but it definitely saves us time.

In terms of reducing alerts, that did not happen at the beginning, but now that we have it fine-tuned, I don't get as many false alerts. It has really dialed itself in to know what issues to look for. We're not getting spammed with insignificant stuff anymore. It definitely took some time to figure out the alert system and how to make the emails work for us. But now that we have it running, I know that when I get a notification that it's a real one.

And it has reduced our mean time to detect because I don't have to detect. It does it for me. And similarly, for our mean time to respond, it's definitely quicker because I get the email notification right away, and it becomes a priority in our ticketing queue from the notification. Once that comes in, someone on my team stops what they're doing and looks at the alert set. Nothing will sit on the network for long now with it scanning all the time.

It has reduced our organizational risk.

The alerting features are the most valuable. We know that when something goes wrong, we get alerted instantly. That gives us a leg up. Even before the user knows what's happening, we're being alerted to step in and stop anything catastrophic from happening.

I would like to see a better mobile app so that I could look through my phone at the alerts and not have to go to the website. They should make it a little more mobile-accessible.

We have been using SentinelOne Singularity for about a year and a half.

There have been no issues at all.

Scaling is easy. It's not hard to expand it at this point.

When I contacted their technical support, the experience was okay. They fixed the issue. It was just a matter of getting to the right person.

I would rate SentinelOne highly as a strategic security partner. For any issues we had, they have been responsive, talking to the vigilance team and high-level teams. Again, it always comes down to finding the right person. It takes time to get to the right person, but once we get there, it's fine. They are able to help with our needs.

Positive

We previously used Sophos. We switched to Singularity because it's simpler, easier to use, and rated higher.

When looking at the quality and maturity of Singularity, it's a great program. Depending on what program you are coming from, there might be a little learning curve, but once you get past that, it's easy to use, and it becomes very intuitive after some time.

It took some time to figure out how to make the deployment work, to get it on everyone's computers, and to get the organization to fully adopt it, but it really wasn't hard in the long run now that we have it deployed.

There is no maintenance involved on our end. I can push policies during the day to upgrade the clients.

We did it in-house. The implementation was done by me and four other guys.

We did have training, but they didn't help with the deployment. They just showed us how to use the program itself.

The pricing is reasonable. It may be a little high, but it's on par with everything out there.

I wish the more users you have, the better the price would be.

We looked at CrowdStrike.

We have SentinelOne deployed through Intune, but we use the cloud login to work on any alerts or events that pop up. When new SentinelOne updates are available, we log into the cloud portal, make a new batch, and just send out the update automatically to all 400 clients that we have. If any events or errors show up, we go through the normal process. We let the vigilance team look at them, remove the computer from the network if need be, isolate it, and do our normal due diligence on what the error or the event is telling us.

We're very happy with the SentinelOne platform, so we haven't looked at anything else recently.

It is an all-in-one agent on multiple operating systems that can detect malicious and suspicious activities. You can also use it to respond to different threat signals that you get from the platform.

There are multiple engines that run different types of detection, such as behavioral-type activities, that it can detect. It can also detect malicious activity based on a hash. It's a pretty great tool.

Overall, the level of detection and visibility we get have vastly improved, and that means the protection for our company has improved likewise.

Singularity has helped reduce the number of alerts we get. We were using FireEye at one point, and it was producing a ton of false positives. We have seen a major reduction in false positives, and that has saved our team's time. We have time to do other projects now.

In my previous company, we were using a Cisco product, and there was a ton of time wasted. Out of a 40-hour week, about eight to 10 hours were wasted, and with Singularity, we were able to get back about nine of those hours. Obviously, there are alerts coming in, and you have to investigate them, but the number was greatly reduced. In my current company, about 15 hours a week were wasted with false positives and wild goose chases and alerts. Now, we may put an hour into investigations. The great thing about SentinelOne is that you can get right down to what's going on with the events and deep visibility. It has saved us around 12 to 14 hours a week.

It's pretty quick when it comes to time to detect because you're right on the endpoint. Some agents have a delay in terms of when they report back to a console or a reporting server, but with SentinelOne, it seems that the agent is talking to the console right away. There isn't a huge delay.

Our mean time to respond is also very quick once we see the threat come in. It depends on the policy that is in place and the type of threat. If it is something suspicious, which we don't always have a set response for with the platform, we are able to easily look at what's going on a couple of minutes before the threat and what comes after. We can see the artifact on the endpoint, what is executed and what the user was probably doing. That means we're able to respond really quickly with all that visibility.

When it comes to cost savings, in the first company where I used SentinelOne, man-hours were saved, and it was cheaper to use SentinelOne than the Cisco product.

One use case where we've reduced risk has been due to users using something risky. They were trying to use an application that's like a keylogger. We've blocked it, and we've also created a rule using a star to detect when people are trying to use it. We have also set up rules to detect downloads of risky software, and that's protecting us too. It's protecting us from risk, but there's not a lot of reduction other than some protections and blacklists.

The deep visibility is a valuable feature. I can use it during threats or alert signals that we get. I can also use it when we have alert signals from other security tools that we have. I can use the SentinelOne platform to dive into those, even though there's no alert from SentinelOne, and zero in with a timestamp using its deep visibility to look at an endpoint and see if there's anything going on that might be correlated to a threat.

And Singularity's interoperability with other solutions has been a major bonus. You can put exclusions in place for other security platforms. For example, if you're using Symantec, you could easily put in an exclusion for that. The way that you can put them in, with the scope and the different groups, is really great. Singularity also provides pre-baked exclusions for interoperability with other pieces of equipment. For instance, for Microsoft SQL Servers, it already has pre-baked exclusions that you can put in for interoperability. It's far beyond the other platforms that I was using before.

In terms of ingestion, it's definitely taking in a lot of information at the endpoint level. You still need a human to do some of the correlation of the activities. The SentinelOne platform is looking at the endpoint, but you still need a human on the other end to analyze what the human at the other end of the endpoint was doing. But overall the solution does pretty well at correlating activities. I have seen some serious threats come in, and it definitely detects them right away with a pretty good correlation to the threat.

During my use of it over the years, they've been continuously improving it.

My biggest complaint is that when you're logged into the console there is the Help section where you can review all the documentation. But when you log in to the support portal, there is documentation there as well. They need to sync those two into one place so that I don't have to search in two different locations for an answer.

And I'm on the fence about whether to keep the agents a little bit longer than they do, before they go end-of-support. That might be an improvement, but I'm not positive about that.

I have been using SentinelOne Singularity Complete for about four years.

Uptime is all the time. 

I've only had one experience where there was a disconnect between the agents and the console. It was pretty brief, but that is when I opened a case with support. I had never seen that before, so the uptime is awesome. It's up 99.9 percent of the time.

It's very scalable. We are working on a special project, in which we want to set up a lab for a special event. I talked with our support, and they said we could set up another site. It's really scalable.

As I mentioned, I recently had a case because there were a lot of agents offline for a moment. Their support responded within one minute. That was an outlier. Every other case that I've opened up with them has not been a priority-one issue, but they usually respond within about five to 10 minutes, and they have been really great. I have not had an issue yet with support.

Everyone I've worked with in support is awesome. They always have the answers. Even if it's a complex issue, we usually get right down to it. I'm really happy with support.

Positive

I have used it in two different workplaces. Both workplaces were replacing platforms that just did not perform well and did not give you good visibility into what was going on on the endpoints. Both had a higher rate of false positives, and neither had the various detection engines that SentinelOne provides.

I was involved in the initial deployment of the solution in my previous place of employment and it was straightforward. It was only made complex by our own IT department.

There is a little maintenance. I check on a daily basis because you can build out multiple groups. When a new agent is deployed, I have it start off in a specific group to get the agent installed, and then it does a full disk scan. There is a little maintenance—and maybe no one else does this—but I log in and check for new systems. Once they have their full disk scan completed, I'll move them over to the production policy. You could do that on a weekly basis but I do it daily. The morning maintenance is less than five minutes for me, and you could definitely do that weekly as well.

I did it mostly by myself. I had another engineer working with me but that was it. It's really easy, a no-brainer. And that was for about 1,200 endpoints

I'm not a manager, but the return on investment may be in saving man hours.

When we were checking out different platforms we did get a price from Microsoft and it was unreasonable. SentinelOne was definitely reasonable and worth the money.

I've used several different platforms. We had a demo of the Carbon Black EDR, and I've used the FireEye EDR, Symantec, and Cisco.

We did a comparison between CrowdStrike, Carbon Black, and looked at Microsoft's EDR products.

As far as consolidation of security solutions goes, I have some suggestions for my leadership. I think we can definitely consolidate. For instance, we have a certain network segmentation where we have multiple security tools, including the SentinelOne agent and other agents on the devices. These devices are lower-end systems that don't have super-high specs like you might have on a power user's PC. In that area, we could eliminate one of the security agents and leave the SentinelOne agent. We would be covered in several different areas, such as FIM. I could create a custom rule to watch a certain configuration file, and if it changed, we would receive an alert. You can definitely use it to consolidate. Although we haven't done that yet, we're going to start because it's possible with the SentinelOne.

I believe we could save money by reducing the number of agents on those endpoints. If you walk that back to the yearly cost when we buy licenses, we should be able to save money on licensing for the other agent that we're using.

SentinelOne is very mature as an EDR platform. I would definitely put it in my top two. Across the breadth of everything I've dealt with using SentinelOne, even support, it's definitely top-two and you should check it out. I don't have a bad thing to say about it.

You definitely have to check out SentinelOne. They are firing on all cylinders for multiple areas that you want to consider when buying a tool like this. They're at 100 percent. When it comes to visibility, they present the information so that it's easy to read and understand. Responding is really easy to do. Support, which is a big factor nowadays, has faltered at some companies over the past four years, but support from SentinelOne has been awesome. Put SentinelOne in your PoCs. If you're looking at a couple of companies, you have to look at SentinelOne.

SentinelOne as a provider is a major player in hardening the protection of our environment.

I use SentinelOne Singularity Complete for endpoint protection and remediation. It protects all computers in my company and sends real-time alerts about malware, viruses, etc., that may have found a way through all of my company's defenses.

SentinelOne Singularity Complete has benefited my organization through its rapid ability to find new and existing malware that I must act on. As the solution uses AI technology, it's able to find both known and unknown threats.

My organization realized the benefits from SentinelOne Singularity Complete quickly from the time of deployment.

What I found most valuable in SentinelOne Singularity Complete is the ability to connect to the terminal remotely. The solution is pretty handy because it allows my company to do investigations and whatnot, wherever the person may be. After all, I belong to a hybrid organization, which means you never know if someone will be in the office.

It is another tool in the tool belt for looking at some of the files, which means that even if the file is not a virus, you can go in and do some investigation.

SentinelOne Singularity Complete has excellent interoperability with other SentinelOne solutions, including third-party tools. I was pleasantly surprised with how in-depth the APIs go because it's almost integrated with my company's SOAR solution, consolidating all alerts in one place and triangulating more per case. In my company, SentinelOne Singularity Complete is integrated with a third-party tool.

My impression of the ability of SentinelOne Singularity Complete to ingest and correlate data across security solutions is good so far, though right now, my company only set up SentinelOne Singularity Complete. Still, it's good that the integration option exists because, in the future, who knows? My company might do some integration depending on what the timing allows.

My company has not consolidated solutions yet because SentinelOne Singularity Complete is just one of the many tools used within my company. It's a helpful tool, but it's not the only player.

SentinelOne Singularity Complete helped free up staff for other projects and tasks and is time-saving, though I don't have specific data on that.

The tool has also helped reduce my organization's mean time to detect. However, I can't give an approximation just because SentinelOne Singularity Complete is the only solution my organization uses. The tool has also helped reduce my organization's mean time to respond because, together with the SOAR solution, SentinelOne Singularity Complete allows my company to go in and correlate everything to find out where the threat came from, so my company can go in and take the appropriate measures to shut down threats more reliably.

SentinelOne Singularity Complete has helped reduce organizational risk because it's one of the modern architecture tools, which gives more confidence in the detections my company sees. The tool also reduces the number of false positives and false negatives, so my company knows that if the tool shows a hit, then that truly warrants further investigation.

I'd give SentinelOne Singularity Complete an eight out of ten in terms of its ability to innovate because it's very much on par with a few other options out there, though I can't recall the names right now.

SentinelOne is an excellent strategic security partner that quickly incorporates my organization's feedback. My organization hasn't had any problems. If my team is looking for a feature, for example, SentinelOne either edits a roadmap or makes the change pretty quickly if there's bandwidth.

They say there is an investigation function in the interface of SentinelOne Singularity Complete, but it's not absolutely available for use. It's a function I've been looking for, but my company can't use it yet for some reason, so this is an area for improvement.

Another area for improvement in the tool is the larger learning curve that stems from it being full-featured, so there's a more significant learning curve in figuring out the environment versus using a more traditional antivirus. It's a lot more than just installing it on the machines.

The other disadvantage of SentinelOne Singularity Complete is that the agent doesn't auto-update, and my company found it more complicated than usual to get the agent updated and keep it updated.

I've been working with SentinelOne Singularity Complete for six months as an end user.

We didn't have any problems with the stability of SentinelOne Singularity Complete.

For the most part, SentinelOne Singularity Complete is scalable, but with my company's problem with auto-updates, it just means needing to rely on other tools to get new agents pushed out to the endpoints. It would have been better and more scalable if there was a way to update on the directory.

We found the technical support for SentinelOne Singularity Complete one of the best we've ever had to deal with, surprisingly, so we'd rate it as ten out of ten. If we open a ticket, we'll typically get some answers quickly, but for more complex issues, we have standing meetings with them that are set once a week so that they can go more in-depth.

Positive

My current organization only uses SentinelOne Singularity Complete, but in my previous organizations, more traditional antivirus was used, like BitDefender, and it was fine.

With SentinelOne Singularity Complete, I'm more confident that it can detect threats better and will miss fewer incidents coming in because of the more modern ways it detects malware.

I was not involved in the entire setup process for SentinelOne Singularity Complete, but it was mostly straightforward. However, getting the agents onto the machines was more complicated than the team would have liked.

The team started with a test machine and then expanded after issues arose, including figuring out how to fix the issues.

We implemented SentinelOne Singularity Complete in-house, with the support of the SentinelOne team, whenever we had questions.

I have seen ROI from SentinelOne Singularity Complete.

I have no information on the pricing or licensing cost for SentinelOne Singularity Complete.

I wasn't involved in evaluating solutions, so I'm unsure if the company evaluated other solutions before choosing SentinelOne Singularity Complete.

The organization I'm working for doesn't use the Ranger function of SentinelOne Singularity Complete. It uses a homegrown solution for network visibility.

I don't believe SentinelOne Singularity Complete has helped reduce alerts within the company, and it's not because it can't but because the SOAR solution handles the alerts and sends the alerts. Still, there is potential to improve the process.

I've not observed cost reduction or money saved from SentinelOne Singularity Complete just because it's such a small aspect in the grand scheme of things. It's tough to put a number on that.

Many people were involved in deploying SentinelOne Singularity Complete for the organization.

I'm the one maintaining the solution, and for my organization, in terms of scale, one person is sufficient to maintain SentinelOne Singularity Complete.

The solution is deployed on three thousand endpoints worldwide on both MacOS and Windows machines, along with an agent on the servers.

I advise others looking into implementing SentinelOne Singularity Complete to be prepared to work with the SentinelOne support team. Implementation is not hard to do, but the support team is there to help with much of the work and is happy to help. My standard advice is to ensure you're also checking out other providers. Just because the solution works for my organization, it doesn't mean it will work for yours. You have to find a solution that checks all the boxes for your organization.

I would rate SentinelOne Singularity Complete as eight out of ten.

We got rid of our previous vendor, and we went with SentinelOne. We basically use it as our AV platform. In other words, it is supposed to be a solution that is next-gen and can detect ransomware and give us the opportunity to roll back if we are attacked.

The organization wanted to take advantage of their rollback feature so that, if we ever did suffer ransomware, that would help us with triage or remedying the issues.

The rollback feature is the most valuable aspect of the solution. 

In terms of its ability to ingest and correlate across our security solutions, we're still early on. The implementation team has helped us turn on the XDR feature, however, we haven't utilized it as much as we should. We're still testing the capabilities. 

We did a pilot with the Ranger functionality. The organization opted not to purchase it just yet. Long-term, next fiscal year, we may adopt it. It does come at an extra cost. It may be added during the next renewal.

The previous vendor had a lot more features and capabilities under the license. For example, I lost DLP as Sentinel One does not have DLP. By choosing this solution, I created a security gap. 

It has not helped us reduce our alerts. In my last solution, I did not get alert fatigue. We are fresh into the implementation and are getting a lot of false positives. 

We just went live this past year. I would say we have been using the solution for maybe six to eight months.

The product has been up more than it's been down. We typically do get alerts if there is a maintenance window. That's appreciated. There have been times when we have had issues accessing the console. that tends to get resolved quickly. That said, no one vendor can boast resiliency. 

We only have one module or solution from them. We haven't tacked on multiples from a scalability side. However, from a licensing side, it's easy to add extra agents, it's easy.

I've contacted technical support multiple times. The level of satisfaction is 50/50. It depends on who picks up the ticket on their end. If it's a level one help desk versus an engineer will dictate how easily we get an answer or not. If someone is not well-versed on the backend, we'll need to escalate and that takes time. 

Positive

We previously used Trend Micro. It was cheaper and had more features under license. However, management was looking for cyber security insurance and methodology. Therefore, management decided to go through Sentinel One.

Getting the solution spun up and put into the environment, and getting it set up to where it's working smoothly, was okay in terms of a process. They are like any other vendor trying to give you a white-glove service.

I was involved in the initial setup.

Once we understood the methodology, it was pretty straightforward. 

I chose to rely on people who knew how the product worked. I relied on their input and insights. We did procure professional services to really get into training and understanding the solution.

The learning curve continues to be the false positives. I've had to create a new exclusion list from scratch. I'm still going through the process. 

New users need to have a work-in period. There will be a period to get all of the little anomalies tweaked out.

There were three of us implementing the solution.

There's no real maintenance to worry about. That's why we purchased the SaaS solution. We do need to update the agent. 

I implemented the solution with the assistance of professional services. 

Purely from a budget perspective, Sentinel One was more expensive than my previous vendor, plus I lost a lot of features. I can't say that I see cost savings yet while using the solution. 

We also piloted CrowdStrike. 

I haven't used the solution in conjunction with any other third-party solutions and can't speak to its integration capabilities. We will do that, we just haven't yet.

The solution hasn't freed up any time. It's the same as our old solution. 

So far, it has not changed our mean time to detect. However, I have not seen a true positive yet. I would need to see a real threat come into my environment yet. This is true with the mean time to respond. The process is exactly the same. I have it configured so that if anything is critical, I get real-time alerts. 

I'd advise new users to hone in on the subject matter experts and grill them during the POC. We were so accustomed to doing workflows a certain way, it was almost like how we had to learn how to walk again when we switched solutions. 

I haven't seen Sentinel One's innovation just yet. We have asked for adjustments or features. We're going through a feature request platform and I have yet to see them implement a feature we requested. My previous vendor, Trend Micro, was very willing to implement changes.

You can't just take it back if you don't like it. It's here to stay. There's no going back to the previous vendor. We need to make it work. We want to stay with them at least a good while.

I'd rate the solution eight out of ten.

I would advise new users to understand what workflows they are accustomed to and how their current setup works so that they can ask a lot of questions during the POC. It's important to fully understand Sentinel One's logic to be successful.

We utilize SentinelOne Singularity Complete as our EDR. The solution has replaced our previous solutions, Trend Micro and Symantec antivirus.

The Symantec agent we had before would require almost a reboot every time you would make a change, an agent update, or even sometimes in definitions. None of them were as comprehensive as SentinelOne Singularity Complete regarding threat detection and response. I don't believe any of them had any of the rollback features that are available through SentinelOne.

Overall, having more coverage and confidence in our antivirus is part of our decision to choose SentinelOne Singularity Complete. The other consideration was cost. We were going to upgrade to a more comprehensive threat protection solution either way. We were also looking at CrowdStrike then, and SentinelOne beat it by pricing while offering the protection we were looking for.

The solution's in-place upgrades have been very helpful. Another valuable feature is the ability to set policy exclusions on different scope levels, such as at the site or across all sites. Having the API access and documentation for the API is very valuable. If we needed a feature that didn't already exist in the SentinelOne console, we could cook it up ourselves and have it run whenever we wanted.

I feel like SentinelOne is very locked away from being able to be sold to smaller businesses to self-manage. We did have to jump through a lot of hoops to purchase SentinelOne and have control over it because, most of the time, you're forced to go through a reseller. In our experience, the reseller also wanted to manage it for us.

Unless it's a managed detection and response, that's not adding as much value as adding access outside of our organization that we may not necessarily want. The ability to have more direct purchasing for smaller groups and smaller businesses would be great. However, I understand if that's not part of what SentinelOne wants and is not lucrative for their bottom line.

I have been using SentinelOne Singularity Complete since June 2021.

My only issue with the solution's technical support so far is that we can only communicate via email tickets, not phone calls. However, we've still been able to resolve the majority of issues. Their response time is pretty fair. I wish there were more abilities to conduct a remote session because there are a lot of situations where I will have to get walked through some instructions.

Then I have to give feedback saying that an instruction is unavailable, or I can't do this because this device is in this situation or this mode. There may have to be three or four back-and-forth messages before we can proceed to the next step because it isn't an interactive remote session. It is just email communications with a delay every time, which adds to some frustration.

Suppose there's something that's concerning to us that we really wanted to make sure wasn't a false negative as a threat. While we were worried about it, we would just have to wait for responses and be unable to communicate with anybody.

Neutral

SentinelOne Singularity Complete's initial setup is straightforward.

We did not use an integrator, reseller, or consultant for the solution's deployment. I have had some experience with SentinelOne in the past. We just read through some of the documentation and asked a couple of questions. There was also some information on what other administrators have done to implement the solution.

That has worked well, and things have been pretty smooth sailing since the implementation. I've been pretty happy in that regard, and it wasn't a big pain to replace our existing antivirus solution. Two other guys were involved in the solution's deployment, but I was heading up the task.

We have not seen a return on investment with SentinelOne Singularity Complete because we have not used it. It has just added costs for us that we're not taking advantage of.

SentinelOne Singularity Complete's pricing is not terrible. It's not enough to make us want to move away from using SentinelOne. The solution's pricing is not too bad for what it's offering, like the documentation that comes with it. I feel like it should be an optional add-on for people who may not be using things to integrate or may not want to integrate things.

We have used very little of SentinelOne Singularity Complete's interoperability with other solutions. It has looked like it has been nice because we have been scoping out the use of a managed detection and response and have SentinelOne Singularity Complete plugin with other solutions for log output. There hasn't really been anything we wanted to use that SentinelOne was incompatible with.

I believe SentinelOne Singularity Complete is very capable of ingesting and correlating across our security solutions. I don't think I've seen any solutions that would necessarily outperform it. It's done everything that we've needed it to. Again, we have not used it extensively.

SentinelOne Singularity Complete has not helped us consolidate our security solutions, but that's our choice. We like going into the console and seeing everything within there and the dashboards we already have access to.

I can't say that I think SentinelOne Singularity Complete has helped reduce alerts. We would like to use SentinelOne to correlate our alerts so we're getting alerts from multiple different areas to see what matches up there. Currently, we still have an ad hoc solution where we're looking at different sources for that information because we don't have it all trusting each other yet.

Overall, for supply chain attacks, we're hesitant to give access to other products to our SentinelOne. We just don't want to put all our eggs in one basket, but that's more of a mindset problem than a functionality problem.

SentinelOne Singularity Complete has helped free up our staff for other projects. The solution's automation functionality, notifications, alerts, additions with its API, and custom tools to do what we want have helped me not to have to go in and manually check for things. For example, SentinelOne says they do not need to do static file scans other than when you first install the agent.

Our compliance requires that we still have static agent scans on a regular basis, preferably daily. You can launch those from within the console, but it's not viable for me to log in to the console daily and initiate that. Since there's no ability to schedule that in the future, that was best done with the API script that runs automatically and can give us feedback on how it went.

I believe SentinelOne Singularity Complete has helped reduce our organization's mean time to detect. We get some good context within there of what the threat was. Most of the time, it has pretty good notes regarding what it got flagged for if it's behavior-based, but some static file threats don't show the indicators.

We do not know what to do with some threats or understand what it is. We've been told we would need to get the SentinelOne vigilance or managed detection and response to fill that gap. We have been looking at managed detection and response but haven't put it in place yet.

SentinelOne Singularity Complete has helped reduce our organization's mean time to respond from our previous antivirus solutions. The solution gave us some more context than we had and also the ability to isolate each endpoint. If an endpoint looks scary and we don't know what it's doing exactly, we can cut off all of its internet access except SentinelOne until we feel it's a clean endpoint. SentinelOne Singularity Complete has helped reduce our mean time to respond by 20 minutes.

Singularity Complete has helped reduce our organizational risk. There have been multiple things that could have potentially been an incident, and they were stopped in their tracks by the solution. For that, we've been able to demonstrate the solution's value to our leadership in terms of keeping it.

SentinelOne Singularity Complete has not helped our organization save on its costs. SentinelOne Singularity Complete isn't optional and was forced onto us from the licensing. We didn't really get a choice on whether we wanted those extra features, but we had to pay for the SentinelOne Singularity Complete add-on, which is just a blanket cost.

If it was up to us, we might not have chosen it, but it was not. We don't use many of the features, and many of the things we like are within the basic SentinelOne license.

We earlier used SentinelOne Complete, and then we used SentinelOne Complete with Singularity. There hasn't been a great improvement since we've done that. We haven't used many of its features or had any guidance on recommendations that would be helpful to put into place without having to buy anything else.

Most of the time, if we wanted to use anything in the marketplace, we would have to start paying for something we don't already have or integrate with something we aren't using.

I would say SentinelOne Singularity Complete is pretty mature, and there's a good amount of documentation of details. I would say it's much more mature right now than a year and a half ago when it was introduced. I looked into it then and said there's nothing that looks useful to us here.

Now, there are actually many more applications and things to integrate with it that we didn't have access to before. We're still not using a lot of it. As far as recommending it to somebody else or another company, I am confident that it will plug into all the major utilities and tools you may want.

SentinelOne Singularity Complete requires maintenance, but it's not bad. We need to go into the console and initiate updates for select devices when there are updates available. We need to ensure that we stay within supported and not end-of-life releases of SentinelOne. After those select devices have been tested out and we know there are not many issues with them, I will go ahead and release those to all the other devices we manage in the rolling phases.

That's not too much work. I would not classify it as maintenance, but when detection comes up while using the platform, that works well when we need to check that out. We haven't necessarily caught something that needed to be caught.

I am impressed with what they're doing both for detections for our endpoints and also for the security world at large. A while back, they headed up some of the investigations and publications about the supply chain attack for 3CX software, which was something that we had used and were impacted by. However, thanks to SentinelOne, we did not have any fallout from that attack.

Overall, I rate SentinelOne Singularity Complete an eight out of ten.

We used SentinelOne because we needed a tool that would add extra visibility into the environment. We also wanted something that was easier to use than our existing product so we switched to SentinelOne.

Deep Visibility is a valuable feature. It lets us search across the environment and correlate things much more easily than we could have previously.

The learning curve was a little steep. The solution gives training we can go through, but we have to pay for that. We ended up paying for it so we could get everybody ramped up. The product must enable easier onboarding for less familiar or less formally trained people. It would've helped us adopt it quickly.

I have been using the solution for three months.

We had no stability issues.

The product is on a cloud-hosted instance. It can be integrated into everything that we use. It seems highly scalable.

Support is good. The support team is quick to respond and quick to resolve. We can't ask for anything more.

Positive

The product is cloud-based. The initial deployment was straightforward. We were able to rip and replace and do it all faster than our onboarding team had expected. It was done within a month.

We had the standard onboarding services, but we did all the lifting ourselves. It required four people from our side. Apart from agent upgrades, the tool doesn't need any major maintenance.

We currently see returns in getting our technicians' and engineers' time back.

The pricing makes sense to us. The pricing model is simple. It was easy to move forward from our previous products to the new bundle.

We've been using the tool mostly with third-party applications through Singularity Marketplace. Integrating it with our Microsoft environment has been helpful and convenient. The product is robust in ingesting and correlating across our security solutions. It is doing its job without us having to check it.

Previously, we had a few different endpoint solutions on a single asset. The product helped us rip and replace multiple solutions with one. We did a POC on Ranger but didn't go with it. The solution hasn't reduced any alerts, but it has at least given us more actionable data. We need to do tuning because we're so early in the adoption.

The tool has certainly saved the staff's time. It's able to correlate data a lot better and bring it all onto a single pane of glass, which helps save time. It's hard to quantify right now because we're so early in the adoption. We're definitely able to see more bandwidth for other projects. SentinelOne has helped reduce our mean time to detect.

We have seen the most improvements in our organization’s mean time to respond. We would have had to balance between different solutions or portals to correlate data. Now, the tool is just bringing everything into one place. Taking action within the solution has helped us respond and resolve. Our mean time to respond has been reduced by more than half.

We were using multiple products. We replaced them with SentinelOne. Getting a better solution for the same price was a no-brainer for us. Singularity Complete has helped reduce our organizational risk. The solution's quality is top-tier. The maturity was as good as our current solutions. It was easy to make the choice to move over.

SentinelOne is closely aligned with what the actual responders need to do. It seems like the vendor is building tools and solutions for people in the thick of it, which is a big reason why we went with their product. They are making tools for those who need to use them.

If someone were to evaluate or do a proof of concept, the bigger their initial POC, the better. We found some oddities after expanding the initial POC, which would have been nice to work through before the deployment. The vendors set up a capture-the-flag type of event that really helped us learn the environment, where to go for what, and how to use the tools. I highly recommend having everybody go through the capture-the-flag trial they set up.

Overall, I rate the tool a ten out of ten.