SentinelOne Singularity Endpoint Reviews

My use cases for SentinelOne Singularity Complete are mainly for endpoint security to detect, prevent, and respond to cyber threats in real time. SentinelOne Singularity Complete serves as the first use case for endpoint security.

Our organization does not have the Ranger functionality because our customer does not require it.

We have integrated SentinelOne Singularity Complete with Shuffle SOAR technology, which is a most powerful tool.

Our organization is an MSSP provider with 10+ customers for whom we are providing security. We have 8,000 endpoints installed for our customers, and we are a 24/7 team providing security to our clients.

We have applied the protect policy and take basic analysis, which takes a couple of minutes before we raise the alert.

Regarding Purple AI, we are using it to identify the IOC. We have limited access to Purple AI, but we are using it for threat hunting purposes to find the IOCs.

What I like the most about SentinelOne Singularity Complete is the rollback capability for Windows systems. The TAC team and VSS rollback are the two features I appreciate most about SentinelOne Singularity Complete.

The response of the TAC team is very good. If SentinelOne Singularity Complete did not have a TAC team or support team, I would say it would be very lacking. When we get stuck anywhere, whether in any admin task or any threat hunting or investigation path, they are very helpful because there is a human voice on the other side helping us.

What I dislike about SentinelOne Singularity Complete is the high number of false positive alerts we get because our client sends us mail within one week stating that the CPU is highly utilized and resource consumption is high.

Regarding data privacy and security when using Purple AI, I can say that security-wise, it is good, though anyone can exploit that one.

I have been using SentinelOne Singularity Complete for two years.

Stability-wise, SentinelOne Singularity Complete is very good. It runs continuously, and if our endpoint is online, it will protect our endpoint 100 percent.

Regarding scalability, I heard that one of our competitor organizations deploys 15,000-plus endpoints for their customers. Scalability-wise, SentinelOne Singularity Complete is very good in that 15,000-plus endpoints are managed on one management console, which is double of our organization's deployment.

I have contacted the technical support or customer support, and this is the most significant reason we are using SentinelOne Singularity Complete. They are very helpful because there is a human voice on the other side helping us.

If you compare with CrowdStrike, our organization has shifted to SentinelOne Singularity Complete only because of that TAC team or support team.

We are using CrowdStrike, and in CrowdStrike, we are using Charlotte AI. If we raise a ticket on the community portal, within one or two hours, we get a reply from the team, and they are very helpful and can also come to the call. However, with CrowdStrike, I do not prefer it from my perspective as compared to SentinelOne Singularity Complete.

For the initial deployment of SentinelOne Singularity Complete, I can say that it is very easy. We just need to create one tenant for the SentinelOne Singularity Complete platform. SentinelOne Singularity Complete setup is very easy.

Maintenance is not actually required from my end because we are an MSSP provider, so no maintenance is necessary.

I can say that when an alert comes, we already have the protect policy and protect mode. After applying the protect policy, everything is taken care of by SentinelOne Singularity Complete.

I do not have knowledge about the pricing for SentinelOne Singularity Complete because our sales team handles that. SentinelOne Singularity Complete is very valuable to me.

I would give SentinelOne Singularity Complete a rating of 10 out of 10 because you can compare it with CrowdStrike, and I can say that SentinelOne Singularity Complete is top tier.

We are managing 7,000 to 8,000 endpoints for clients, and the setup is very easy. I have given SentinelOne Singularity Complete an overall review rating of 10 out of 10.

On-premises

Amazon Web Services (AWS)

I have extensive experience with SentinelOne products and am particularly impressed with SentinelOne Singularity Complete. The solution integrates effectively with third parties.

I find it extremely reliable. For instance, I report monthly for compliance and other security metrics across our multi-cloud platforms. Primarily, we rely on Microsoft, especially with Entra ID and MFA. While Microsoft provides decent reporting tools, they can make it difficult to get high-level summaries. In contrast, Singularity allows me to pull insights across various platforms, not just Microsoft and Azure. Whether I’m using it within AWS, with single sign-on, or with one of our partners, I can see all the relevant data.

It has improved significantly with its upgrades, especially in threat hunting and analysis. Now, when it identifies a threat, it efficiently kills the process and attempts to quarantine the affected items. If it cannot, the system continues its automated threat hunting. This feature is fantastic because it remediates issues while maintaining a clear audit trail, which is great for compliance. However, a drawback is that although it handles threats effectively, I sometimes cannot access the necessary data quickly enough to address recurring problems and prevent them from escalating. The good news is that the platform is robust and supports our security needs. While it's not perfect, it certainly has its strengths.

The analytics and reporting can be a bit overwhelming. I love the dashboards, but I find that I need to better understand PowerQuery—specifically when to turn it on and off and its limitations. It's similar to SharePoint in that regard. As a former SharePoint instructor, I know it like the back of my hand. The best thing about SharePoint is that it can do whatever you want; the worst part is also that it can do whatever you want. You really need to know what you want before diving in. Most people usually have a good idea of what they need. SharePoint offers a lot out of the box, but you can customize it further if you wish. However, customization often requires hiring someone, which can be risky since you never know if it will work as intended. On the other hand, PowerQuery can help bridge some of those gaps within Singularity. The challenge arises when you want to incorporate what you've done into dashboards and charts, as there are limitations. For instance, I want more clickable drill-down options that allow me to filter on specific sections of the data, but that's currently not possible. It’s not to say that improvements won’t come in the future; it's just that it feels a bit early at this stage.

Additionally, I find some navigation features frustrating, like the back button in certain contexts. For example, if you open PowerQuery from a chart, it doesn't open in a new window or tab. Clicking the back button takes you all the way back to the previous state, causing you to lose whatever progress you made. However, I'm actively providing this feedback to my partner, Pro Circular, through whom we access SentinelOne. They take our input seriously, and I've been sharing my observations. They have their own views but are addressing the issues I raise. It's good to see that suggestions occasionally lead to updates and improvements.

I have been using SentinelOne for approximately three and a half to four years, with particularly intensive use in the last two and a half years.

Though I wasn't present for the implementation, the success of SentinelOne Singularity Complete migration heavily depends on having a quality partner. Prior to the purchase and recent changes, experiences with SentinelOne's support and product were not positive.

I obviously want it to be more affordable, and I believe we should be able to achieve that. However, my main concern is partner pricing; that's where they really need to focus. While we can manage it ourselves, if we're going back to the traditional service management model with trusted service providers, I depend heavily on ProCircular as our SOC partner. They offer a few different solutions, but SentinelOne Singularity appears to be the preferred choice.

Similarly, SHI can provide various options as well, but according to my account representative, SentinelOne is gaining momentum and improving significantly. However, it’s important to note that we're only talking about a timeframe of around six months. I'm happy to share this feedback because insights like these can impact future purchasing decisions for other tech leaders like myself who have decision-making authority.

As for pricing, it’s essential to address that. Reputation and quality are important, but especially in today’s economy, price is a significant factor. Unfortunately, many organizations are prioritizing price right now. My hope is that SentinelOne and Singularity can recognize the importance of partner pricing and economies of scale.

Right now, I'm focusing on the basics of cloud integration. I have established a standard that I need to recreate, particularly with SentinelOne. It serves two main purposes: it is our primary antivirus solution for both Windows and Linux. There are various ways to forward logs from other systems where SentinelOne cannot be installed, such as firewalls and databases. However, they all provide similar functionality. There are two types of integrations available: you can use a plug-in, or you can utilize the standard Singularity integration. For AWS specifically, I've standardized the ingestion of AWS CloudTrail data across all platforms. Azure has a similar capability, so now I can view all my cloud reports in one place instead of having to switch between different dashboards, like SentinelOne's or AWS's Security Hub and GuardDuty. I can consolidate everything into one platform, which is very convenient. The integrations are robust, and from a plug-in perspective, I realize that I might not even need to use them. Some older systems, such as Cisco, can forward logs to a log management system, and SentinelOne Singularity Complete handles those logs seamlessly, which is fantastic. There's still a lot more I want to accomplish, but I'm pleased with the progress so far.

It has evolved significantly. Prior to SentinelOne Singularity's acquisition of DataSet, there were numerous issues and negative feedback. Previously, common complaints involved having to implement exclusions due to lack of thorough investigation. However, these complaints have ceased since the changes were implemented.

They offer a lot of options, especially when it comes to integration. With the recent upgrades they've made to their platform, it truly appears cohesive, almost like a single pane of glass. There is a lot of consistency, which makes navigation easier. However, the challenge lies in the distinction between EDR and XDR. SentinelOne is still part of the product, but it’s important to recognize that SentinelOne and Singularity operate separately. This situation is both a positive and a negative. The positive aspect is the uniformity of the interface, which you would expect to make it more intuitive and user-friendly. I know they’re working toward that, but the systems are fundamentally different. Your EDR, XDR, and other tools need to be considered separately; one involves installation and monitoring logs, while the other focuses on ingestion. They do an impressive job of bringing together commonalities among EDR, XDR, and the managed extended detection response, but if you choose one path over the other, you need to understand that the approach may vary. It’s a bit of a blessing and a curse at the same time.

I would rate it an eight out of ten. For ten, it has got to be rock solid all over the place.

The main use cases for SentinelOne Singularity Complete include EDR, XDR, and NGSIEM.

SentinelOne Singulality Complete has the ability to ingest and correlate across security solutions extensively.

SentinelOne Singularity Complete seamlessly ingests logs from various other technologies besides the SentinelOne EDR platform. We have integrated with several firewalls, different firewalls. We have integrated with cloud ingestion, such as AWS and GCP, which is seamless. There are other solutions that can be integrated with SentinelOne Singularity Complete, incorporating security log ingestion.

The XDR platform helps to consolidate different security solutions.

Regarding Ranger functionality, it provides network and asset visibility and can ingest logs from network sources, capturing any threat metrics, including IOCs.

I cannot confirm if SentinelOne Singularity Complete reduces alerts as I have not worked heavily on that aspect. The system captures different telemetry from network devices.

Customers mainly use SentinelOne Singularity Complete on both public and hybrid cloud. This is advantageous, as we can use a relay agent to commit updates for computers that do not have internet access. Those telemetry can also be received, which is a clear value differentiator.

The rollback feature is the most useful feature of SentinelOne Singularity Complete. When a machine is infected, we have the option to roll back to the earliest date, providing ransomware protection. The second biggest differentiator is the hybrid implementation, which means unlike other EDRs, all machines need not be connected to the internet. We can have a local relay agent that can perform updates and upgrades to machines that are not connected to the internet directly, which is very helpful for updating air-gapped implementations.

The installation of SentinelOne Singularity Complete is very seamless. We are able to implement fresh rollouts of thousands of machines in a matter of one or two days, provided the machines are available. We are immediately able to see the telemetry and ingestions of the log taking place.

The biggest benefit for my customers is that it is autonomous, where mostly everything is automated, and the threat detection, as well as auto-remediation rules, are set up. Hence, minimum intervention is required from our side in case of known threats. I consider the automation and autonomous decision-making as the cornerstone.

Sometimes, SentinelOne Singularity Complete takes time to reflect on some machines, which could be due to poor network connectivity. However, I don't see any major problems.

It takes time for updates to reflect on the central console when putting in a new machine.

Regarding recommendations, they have acquired a company called Prompt Security, which is working on AI gateway and AI security posture management. I want to see how it gets integrated with the SentinelOne platform, and I am looking forward to what they will do with Prompt Security.

My customers have not calculated a return on investment because most purchases happen as a mandate. It is imperative for organizations to move from antivirus to EDR and XDR platforms. The decision is mostly for corporate security rather than based on a return on investment.

I have been working with SentinelOne Singularity Complete for three years.

I have not come across big disruptions or breaches with SentinelOne Singularity Complete. Whatever known viruses exist are automatically eliminated, similar to a usual antivirus. I have not used threat hunting situations and have not been exposed to that currently.

There are not many stability issues regarding upgrades. Everything is managed automatically, so there is no user interference needed for upgrades.

SentinelOne Singularity Complete is very scalable. I have seen customers scaling up to 25,000 users very easily without challenges.

I have contacted SentinelOne support via TAC lines for understanding suspicious behavior, and they help drill down further. We get support directly from the TAC line for any false positives or to understand whether it is a true positive or false positive alert.

I would rate the support from SentinelOne Singularity Complete as an eight out of ten.

Positive

The initial setup of SentinelOne Singularity Complete is straightforward and very easy. All we need to do is set up a tenant, create the package file, and once we install it, it automatically connects. We can set up the entire system in a matter of one hour for a large customer.

SentinelOne Singularity Complete is not expensive; they are very aggressive when it comes to price points.

Compared to Microsoft and other competing solutions, SentinelOne Singularity Complete is very aggressive price-wise.

The cost depends on a per-device basis.

The full-fledged platform should be around $7 to $10 per device per month.

I have had limited experience with Purple AI, which gives copilot-features wherein I can use a pull-down menu to identify based on any IOCs present. The retrieval time is very fast. I can ask certain copilot questions, frame certain queries on the drop-down menu, and immediately see whether those telemetry match in my systems.

Predominantly, my customers buy SentinelOne Singularity Complete from us. Small customers may purchase from the AWS marketplace, but enterprise customers mostly buy through partners.

I recommend SentinelOne Singularity Complete as a good investment where you can rely on the technical support. There is always a human voice available if we get stuck somewhere, and I am very happy about the solutions and interactions we have. You are bound to have clarity when alerts come in, and you need a vendor who can answer and troubleshoot those situations and clarify what the alert is all about. If you are looking for more TAC line support for incidents, go ahead with SentinelOne Singularity Complete.

I rate SentinelOne Singularity Complete eight out of ten.

Hybrid Cloud

Amazon Web Services (AWS)

I used SentinelOne Singularity Complete in the past and applied it to many customers in the Caribbean region. The use case was to implement SentinelOne Singularity Complete as a tool to replace the old antivirus systems that customers had. When we presented SentinelOne Singularity Complete, most customers appreciated it because the price was very competitive. They decided to provide this as a managed security service, which was very beneficial for them.

I appreciated the centralized dashboard that we used to manage the solution and the straightforward deployment process. We could deploy using Group Policy Objects to install the clients, which made the process very easy.

I loved the way that we could collect information and trigger actions when we identified a malicious file or a threat. Ranger was excellent for identifying other assets in the network that did not have the solution deployed, allowing us to create a map of the network. It was very important for us to identify workstations and servers that were not protected.

SentinelOne Singularity Complete reliably identifies real threats, which is a significant advantage as we could detect threats that other tools missed. The alerts are excellent for receiving notifications, and we could integrate with SIEM tools. This made it easy for us to create dashboards and see whenever we had an issue, and we could also create automations that could disconnect the device from the network or take other preventive measures to stop the spread of a virus.

I think dashboards could be improved with a dashboard creator feature that would allow us to select the information we want to extract and generate customized dashboards.

I worked with SentinelOne Singularity Complete for approximately three years.

SentinelOne Singularity Complete is very easy to deploy and implement.

SentinelOne Singularity Complete is very scalable for our needs.

Support was very good. When we needed assistance, we received it in a timely manner and the issues were resolved.

I worked with Defender and other tools including CrowdStrike, with particular experience managing CrowdStrike.

We implemented the complete solution in customer environments to integrate with their existing infrastructure.

SentinelOne Singularity Complete offers a very competitive price. When we implemented it, we could reduce costs with the total cost of ownership compared to other solutions.

When we presented SentinelOne Singularity Complete, most customers appreciated it because the price was very good. They decided to provide this as a managed security service, which was very beneficial for them.

When we implement SentinelOne Singularity Complete, we always create automations so that detection is very efficient in terms of timing. When we identified a threat, we could create rules to block the machine and put it in quarantine. This made it easy to investigate and we could have a broad overview of when the issue started, allowing us to manage issues in a shorter timeframe.

The mean time to respond was reduced in our security operations center. We used it to handle alerts and could act as soon as we received them. When we managed other vendors, it was time-consuming, but with SentinelOne Singularity Complete, it is much better.

Having a centralized tool like SentinelOne Singularity Complete allowed us to manage not only Windows desktops but also servers, MacBooks, and an entire environment. The integration with other SIEM tools is excellent, allowing us to create dashboards, analyze results, and receive alerts as soon as they are triggered.

At this point, SentinelOne Singularity Complete delivers everything it promises to do. We have deployed it from AWS and also created a tenant directly from the portal. SentinelOne Singularity Complete is easy to use, and the dashboards and portal are very user-friendly, which is why I prefer it. I would recommend that others try SentinelOne Singularity Complete because once they do, I believe they will love it. I would rate this review a 9 out of 10.

Public Cloud

Amazon Web Services (AWS)

My usual use cases for SentinelOne Singularity Complete revolve around EDR and XDR, focusing on protecting end machines, including servers, particularly for users with critical applications running on endpoints. It is crucial for them to know how to protect those systems. If at any point phishing or an attack happens, I can provide data protection and restoration to my customers. Those are the primary use cases.

The feature I find most valuable in this solution is its rollback feature.

The rollback feature is incredibly valuable because if my organization gets hacked, I can restore complete data from up to half an hour back by clicking a one-click rollback option available in SentinelOne Singularity Complete.

SentinelOne Singularity Complete's ability to ingest and correlate across my security solutions is significant. It correlates with all other services, for instance with Netskope or Forcepoint. It also correlates with Proofpoint and many other endpoint machines like CyberArk, which is PIM/PAM, along with Netskope, Forcepoint, and Proofpoint, which involve DLP.

SentinelOne Singularity Complete helps me consolidate my security solutions overall, though the consolidation only happens at the endpoint level, not at all levels.

My impression of the Ranger functionality in SentinelOne is that it is a good product that is helpful for my AD environment. It effectively protects my AD machines in that environment.

In my experience, SentinelOne Singularity Complete helps reduce alerts significantly. If any machine comes up, I will receive a notification. So in a day, I might get a thousand emails or alerts. What Singularity does is filter those alerts and provide me with the top 10 or top 15 threats to understand and mitigate the risk. That is a lot of help from Singularity. The reduction in alerts has been around 60 to 70%.

SentinelOne is definitely improving, with a lot of new versions coming out and patches happening on a regular basis. They are acquiring a lot of AI companies and conducting R&D backend work, which is ongoing. By the end of this year, I believe a fully-fledged product will be available. One area needing enhancement is on the commercial front, especially considering the major competition with CrowdStrike. Hence, we must address some challenges, at least for the Indian market.

My experience with SentinelOne Singularity Complete spans four years.

I can rate how stable and reliable SentinelOne Singularity Complete is as a 9.

I can rate the scalability of SentinelOne Singularity Complete as a 10. Whether it is 50, 5,000, or 5 lakh endpoints, it remains scalable.

I do not often communicate directly with the technical support of SentinelOne, but my technical team does.

I would rate SentinelOne's technical support as an 8. Sometimes I get a response from them, but at times they may not have answers and defer to the engineering team, which can prolong the resolution time beyond expectations for customer satisfaction. Overall, it takes a couple of days longer than desired, but the rest of the service is good.

Positive

Before my experience with SentinelOne Singularity Complete, we worked with different technologies such as Trellix and Trend Micro.

I usually participate in the initial setup and deployment of SentinelOne Singularity Complete.

I can describe the initial setup process, but I am not deeply involved in the technical details because my technical team takes care of that. I am mainly focused on the business side.

From my perspective, the initial setup is straightforward. During a demo POC, they showcase the complete process, and the presentation along with the dashboard walkthrough helps the customer partner understand everything. It is not that complex.

SentinelOne Singularity Complete has positively impacted my company by being hassle-free. It provides good ROI, which stands for return on investment. It gives the best security, ensuring that if anything happens, I can utilize the rollback feature. Moreover, it offers a lot of integration scope with other solutions. The agent is so lightweight that it does not cause any system slowness when in use, making everything good.

The ROI I have experienced is straightforward. If I want to buy it for one year or three years, safeguarding it for three or five years down the line means my investment reduces. That is nothing but the ROI. Additionally, if I engage five engineers for this project and implement SentinelOne, then only one resource is needed to manage the dashboard and criticality alerts. This is how ROI materializes in my organization.

The decision to switch from the previous solutions was primarily driven by customer base comfort, customer adoption, and market responsiveness. Since SentinelOne is relatively new in India, having been around for five years, the customer adoption rate and ease of use made it easier for many customers to agree to replace Trellix, Trend Micro, and others. This led to a significant switch on their part.

SentinelOne Singularity Complete has definitely helped free up employees for other projects and tasks, both for me and for my customers.

SentinelOne Singularity Complete has greatly aided in reducing my mean time to detect. It is actually very fast because the agent works as an AI agent. It detects any kind of malicious activity or threat in a pretty fast way. It is very fast, and as it is an AI agent, it runs automatically, ensuring rapid detection.

Regarding the mean time to respond, my time is getting reduced by 80, 85, or even 90 percent, which is good.

When considering stability and reliability, if CrowdStrike can replace Trend Micro, then similarly, if SentinelOne can replace Trend Micro and Trellix, the same way CrowdStrike could potentially replace SentinelOne, indicating that the market remains highly flexible.

Based on everything I have described, I rate SentinelOne Singularity Complete as a 10 because I have to promote it, so I present it as my best product.

Public Cloud

Other

My main use case for SentinelOne Singularity Endpoint is the implementation inside of IT Brazil for around 100 users.

I use SentinelOne Singularity Endpoint day-to-day by having a team look at its platform to monitor our equipment and environment, and we also use it to block USB ports, which are the main uses here in Brazil.

Our team relies on SentinelOne Singularity Endpoint for both threat detection and response, though it does not happen very frequently. We keep our eyes on the application within the platform, and when it occurs, we connect SentinelOne Singularity Endpoint with our ITSM in the cloud.

SentinelOne Singularity Endpoint supports our operations as we are using the platform for control.

The best features that SentinelOne Singularity Endpoint offers include the ability to see the path of how malware contaminates equipment, allowing me to follow the entire path to mitigate problems.

This visibility helps my team by being very useful when we talk about threats; we can see the complete path from the start of a malware attempt, and we can run a remote search tool, making it very useful.

The API integration is very helpful for our platforms, including the ITSM I mentioned earlier, and I believe the API connection between platforms is very useful.

SentinelOne Singularity Endpoint has positively impacted my organization through the ease of use of the tool and the protection that it provides.

When I mention the protection that comes with using SentinelOne Singularity Endpoint, I find that the ease of detection is very fast in our platform, especially in our ITSM. We enter the SentinelOne Singularity Endpoint platform and search for anything related to malware directly on the computers, ensuring that nothing passes through SentinelOne Singularity Endpoint EDR.

Currently, I have nothing to suggest for improvements to SentinelOne Singularity Endpoint; we are very happy with the tool.

If I had to imagine one thing that could enhance my experience with SSentinelOne Singularity Endpoint, I would pick an easier way to view or follow the XDR platform, as I had some difficulties with it in the past.

I think that training would be beneficial for using the XDR, as we have a lot of information available there.

I have been using SentinelOne Singularity Endpoint for two years.

SentinelOne Singularity Endpoint is stable.

Scaling within SentinelOne Singularity Endpoint is very easy; if we acquire more licenses, the platform automatically distributes them to our equipment.

Customer support is very good; we opened a few tickets in the last month and received everything we needed from the support team.

We previously used Microsoft Defender and switched because it is not an advanced EDR, leading us to change to SentinelOne Singularity Endpoint.

Before selecting SentinelOne Singularity Endpoint, we evaluated other options such as Sophos and CrowdStrike, finding CrowdStrike to be very expensive and Sophos not meeting our requirements.

I believe we have seen a return on investment, particularly in terms of money saved compared to another tool.

My experience with pricing, setup cost, and licensing is good; the setup is very easy, and the license is per equipment, so it feels fair.

One noticeable benefit is that SentinelOne Singularity Endpoint is cheaper than other tools available in the market.

I do not have anything else to add about my main use case or how SentinelOne Singularity Endpoint fits into my workflow.

The unified platform experience certainly helps streamline our security operations, making things easier for my team.

In terms of adaptability to new and unknown threats, I believe SentinelOne Singularity Endpoint is the tool I have used the most, and while I cannot compare right now since I have only used CrowdStrike once, I find SentinelOne Singularity Endpoint easier to use than CrowdStrike.

I was not aware of the possibility to use an Offensive Security Engine, but I will seek more information on it.

Having built-in integrations that unify various aspects of cloud security is very significant for my team, as it makes everything easier to manage.

I advise others looking into SentinelOne Singularity Endpoint to check the ease of usage of the tool, as the platform is very helpful and the protection it provides is truly exceptional. I have given this review a rating of 10.

Public Cloud

Microsoft Azure

SentinelOne Singularity Endpoint is used for endpoint security to detect, prevent, and respond to cyber threats in real time. Using AI-based behavior analysis, it helps the SOC team to investigate incidents, automate responses and actions, and protect systems from malware and ransomware. SentinelOne Singularity Endpoint includes EDR, XDR, and NGAV.

A favorite feature of mine about SentinelOne Singularity Endpoint is the VSS rollback feature, which is most valuable. If a laptop is infected with any malware, there is an option to rollback files and recover them from before the attack happened.

Using SentinelOne Singularity Endpoint has helped me reduce alerts because it is integrated with FortiSIEM, one of the leading SIEM tools, and with SOAR technology. Whenever alerts come on SentinelOne Singularity Endpoint, they are directly raised to SOAR technology automatically. This is an automatic tool, so manual interaction is not required. All work is done by SentinelOne Singularity Endpoint, and I only have to take action on the analyst's verdict to determine if it is a true positive or false positive and investigate accordingly.

Dislikes include high false-positive alerts and resource consumption issues with CPU and disk usage.

Ranger functionality is for network discovery and control features. Its primary role is to identify and manage unmanaged devices on the network by detecting rogue devices in detections. It ingests logs from network sources and captures threat metrics, including IOCs. However, I cannot confirm if SentinelOne Singularity Endpoint releases the alert through Ranger, as I have not worked heavily on this feature because the Ranger functionality license is not available. SentinelOne Singularity Endpoint captures different telemetry from network devices.

I have been using SentinelOne Singularity Endpoint for 2.3 years in my career.

Everything is perfect with SentinelOne Singularity Endpoint. There are no stability problems, and the system is very reliable and hands-on.

SentinelOne Singularity Endpoint is very good in scalability. Scalability is extremely easy to achieve as new endpoints and new detection points come on board. The system can scale any number of times, and only the license for each endpoint is needed.

Whenever I get stuck on any alert with SentinelOne Singularity Endpoint and do not understand it, or when I face any admin task challenges, I manually open a ticket with the customer team. Every time they help regarding the case. Each day, if I get stuck anywhere in SentinelOne Singularity Endpoint, whether with any admin task or threat hunting, the tech team or support team will surely help.

For the support team of SentinelOne Singularity Endpoint, I would rate them nine out of ten because there is a human voice there, so they are listening and responsive.

For the first two years in my organization, I used Symantec AV. After that, I changed my domain to SentinelOne Singularity Endpoint.

The initial deployment of SentinelOne Singularity Endpoint is easy and very straightforward. All that is needed is to set up a tenant and create a package file. Once installed, it automatically connects to the management console, and the entire system can be set up in one or two hours.

For one customer of SentinelOne Singularity Endpoint, one to two people are enough for deployment. Because we are a partner with SentinelOne and have many customers, one to two members are sufficient for each customer deployment.

I do not have knowledge about the pricing of SentinelOne Singularity Endpoint, as the sales team handles that. However, based on my knowledge, SentinelOne Singularity Endpoint is very flexible in its pricing range at approximately $9 to $10 per endpoint. We have 5,000+ endpoints because we are an MSSP provider, making it cost-effective.

I would choose SentinelOne Singularity Endpoint. In Symantec AV, there is only signature-based and behavior-based threat detection, whereas SentinelOne Singularity Endpoint has advanced behavior AI and pre-static AI. In Symantec AV, alerts must be manually raised and actions taken on the endpoint, but SentinelOne Singularity Endpoint has fully automated AI. The use cases are moderate in Symantec AV, but SentinelOne Singularity Endpoint is very easy with a modern UI. I prefer SentinelOne Singularity Endpoint because I have worked with both.

The mean time to detect with SentinelOne Singularity Endpoint is very low. The mean time to respond for SentinelOne Singularity Endpoint is approximately two to three minutes since it is integrated with SOAR, and alerts are raised within that timeframe. From endpoint to console, alerts are received in real time with no lagging. SentinelOne Singularity Endpoint requires no maintenance. Since we have a partnership with the SentinelOne Singularity Endpoint team and are an MSSP provider, no maintenance is required. My overall rating for this review is eight out of ten.

On-premises

Other

My use case for the solution is scientific research involving legacy software on older OS versions for complex overflows.

The best features of Singularity Platform are AI-powered autonomous threat detection and extended detection and response, along with cloud workload protection.

Regarding the real-time personalization features, I find that it helps me in detection. It assists me to find detections and furthermore evaluate the detections. It helps me a lot because it is completely beneficial, showing fewer alerts than competitors. In other competitors, alerts are excessive, but here the alerts are fewer rather than too many. It is much more useful for me compared to other products.

The real-time monitoring capabilities are much faster. I would say that it is significantly faster in decision making. In my previous experience with other log analysis tools, whether paid or free, the processing time was excessive, but here the processing time is very minimal and I get what I need very quickly.

Regarding areas for improvement in Singularity Platform, I would say the data security posture and control over sensitive information could be enhanced. If the control were more robust, then it would be better. For instance, when I analyze a log using Singularity Platform, the logs I see are clear, but if they were more descriptive, it would be much better. For example, when I find a log suspicious, if it automatically points out that a particular point in the log at a specific timing or frame is looking malicious, it would be easier for me. I would not have to go through many logs to find this information.

I have been using Singularity Platform, which refers to SentinelOne, for a few months, approximately five to six months.

Regarding stability, I have not encountered any downtime. Depending on my system where I use it, I have seen that even with less RAM, it does not lag. In other SIEM tools, they give lags and glitches, but I have not found any bugs. It is working well.

For stability, I would rate it a nine out of ten.

Singularity Platform is scalable. On scalability, I would rate it between eight and 8.5.

For technical support, I have not needed any technical support until now, so I cannot answer clearly. However, I hope it will be nice because if the application is working so well, why would I need technical support? I think if I need technical support, it will be good.

Negative

I have tested Splunk Enterprise edition and the paid editions, and I have also tested Wazuh. I have tried some paid tools, but I have found that Singularity Platform is far better than others. As a log analyst and SOC analyst, I find it better than others.

The deployment is easier. When I compare it with other SIEM tools, it is much easier. There are not too many settings I have to adjust. For example, with Splunk, it takes too many settings to set up on AWS, but here it does not require too many settings and it does its work well.

Initially, we used two people, and then we expanded to three people using it.

If I estimate how much time it has saved me, I would say it has saved almost 30 to 40 percent of time compared to other tools.

In terms of pricing, I will say that it is worth it for me. Living in India, it is natural for us to prefer things a little cheaper, but whatever the price is, it is worth it. However, as a SIEM tool, if it were priced less, many more people could explore it.

Regarding the fraud detection feature, I did not use it until now, but I have explored the features of fraud detection.

In fraud detection, the logs which are generated and captured are much clearer, meaning clarity is very good in respect to other platforms. I found that the clarity is very good. It also minimizes false positives, which is critical in some situations. Furthermore, the method is top-performing with a wide range of data sets and evaluation matrices.

Maintenance is necessary with Singularity Platform, as artificial intelligence is implemented, so it is 100 percent needed. It depends on the user and the application totally, but the maintenance is needed.

My feedback is that I will surely recommend it. I have already recommended it to many of my colleagues and I will continue to do so in the future. If it is giving us benefits, then why would I not recommend it? I would give a rating of 10 out of 10 for recommendation.

Public Cloud

Amazon Web Services (AWS)