SentinelOne Singularity Endpoint Reviews

This is an anti-malware and threat management product. We are customers of SentinelOne and I'm a system engineer.

We chose SentinelOne because of the protection it offers against ransomware. It provides good security that gives peace of mind.

We sometimes have issues with the disc space and that's because of the anti-ransomware technology they use. The volume of shadow copies becomes too large and we have to manage that. 

I've been using this solution for two years. 

This is a stable product. 

The solution is scalable, we have around 500 users in the company. 

I have issued some tickets to technical support and they were very responsive. 

We use an in-house person along with a third-party consultant for implementation.

I believe that SentinelOne is quite an expensive solution. 

This is a good product, but it has some issues so I rate it eight out of 10. 

I use it for company computers in reference to end-point protection scanning for malware, hunting for malware on the network, and on the devices. 

One is the behavioral engine and the AI are both built into the agent, so it doesn't need the internet. 

The interface is good and it is easy to use. The engine that they use to look for malware and for viruses is very good. 

There are features that I would like them to add. They have little to do with endpoint protection, but if they could add encryption and DLP on, it would make it even better. 

I have been working with SentinelOne for just over a year now.

Yeah, it is stable. It does not use a lot of computer resources, even though the engine is built into the agent. If there are new updates, it alerts you when the updates are there and need to be installed. SentinelOne is an efficient solution.

Yes, it is scalable.

I have not had any issues that I needed to talk to customer support about.

The initial setup is very straightforward and easy. Once you install it, auto-updates are initialized. When you put in watches, you are searching for items, you need customization, and you add or remove rules, which is quite easy.

I use in-house implementation.

We are seeing a return on our investment.

The licensing is okay. I don't think it is bad. Depending on which one you get, I think it is fifty dollars for each user annually. The more users you have, the cheaper it is.

I use all security tools from SIMS to DAMs, to DLP solutions, firewalls, etc.

For me, the experience has been very good. I would rate SentinelOne a nine out of ten.

We primarily use the solution for security. It’s for endpoint and response detection.

It is primarily protecting all my servers now, and most of the end users are connected to SharePoint OneDrive and emails, which are already taken care of from Microsoft through endpoint security. I don't have to really worry too much from the end-user point of view. Still, in case if they ever happen to click on any of the phishing emails or malicious files, it will block their computer immediately without even coming through the server level.

It is covering one of my IT audit purposes - not only from the protection of the data and doing security through my network but also addresses most of the compliances from an audit point of view.

It is very effective so far. It has saved us from a couple of ransomware attacks already. I'm very impressed.

They support most of the operating systems that we use - not just Windows or not just prominent versions of Apple or Linux. I have various versions that support almost all the operating systems in the market.

If there is any suspicious activity, they just straight away block the computer from further infection. The moment we call the support, they investigate everything in detail. Only then will they release it - if they find it is okay. During their own verification, they’ll see how it works and will not give access to the IT admin or to me. Only they will enable it when they are sure it is safe. The responsibility is taken off of us and onto them completely.

It is all automated. If any user or any Sentinel client is having an issue, the email alert will come, and we'll have to just look at it.

It's complete and total protection.

I cannot speak to any missing features. It has what we need.

If they can extend their product further on the DLP side of it so that I don't have to have another agent run exclusively for DLP production, that would be ideal.

I’ve been using the solution for a bit more than six months now.

The solution is absolutely stable. There are no bugs or glitches.

I haven't seen all the features. However, I will probably start looking at it since it has saved us from a couple of cyber attacks. Probably I will take a walk-through again from the technical team to understand if there are any further scalable options to implement on my infrastructure.

We are using it for service only right now. However, we have decided to scale up for all the end users.

Support is very good, and their help is immediate.

Positive

I'm still using VDAT on Windows endpoints. We use Defender. Windows is comprehensive as well. Most Windows users with personal PCs have Windows Defender, and it works well. That said, I was not sure and still am not sure how well it will protect the servers if there is any ransomware attack on the network.

It’s very easy to implement the solution. It’s not complex at all. I’d rate it a five out of five in terms of ease of implementation.

For me to implement across eight servers, it took maybe a day. Two days at a maximum.

It’s on the cloud and therefore doesn’t require maintenance.

They did the implementation. However, I installed the agent. Everything and the configuration were already set. They just guided me through how exactly it was set up. They did the walk-through of the complete product, and that's it.

We’ve already seen a 100% ROI even after just a few months. I’d rate it five out of five.

We pay to license every year. However, I’m not sure of the pricing. They might cost $100 each. It’s reasonably priced. I’d rate it four out of five in terms of affordability.

I did compare it to other solutions and found this product to be more compatible with more operating systems.

We are using the latest version of the solution.

I highly recommend the solution to others.

We’re just customers.

I’d rate the solution nine out of ten.

We primarily use the solution for EDR to protect critical devices.

The AI feature is great, as are its automatic features. The solution can scan for malware easily. And then the ransomware protection is excellent.

It's pretty easy to set up.

The technical support is great.

The product can scale.

The solution just needs to step up and take on other solutions. Some are a bit stronger in comparison.

My improvements have been qualitative. For example, previously they didn't have a mobile device solution. However, two months ago, or three months ago they released the mobile version. Previously, they could only cover Linux, Windows, and macOS. However, two months, three months ago roughly, they start supporting mobile devices.

I'd like to see more documentation. 

SentinelOne documentation is only available to partners or people who own SentinelOne. There is no public documentation of SentinelOne. With other EDRs you can literally fix your problem by going to the documentation publicly. There is always public documentation. However, with this product,  public documentation is hidden from subscribers. If you Google some SentinelOne issue, you don't find any answers. There needs to be more public information about the product.

We added some sessions with a customer to go through testing, including a UAT session and testing session of the solution, and the customer listed some things they wanted to see in the solution. 

I've been dealing with the solution for 14 months. 

Overall, the solution is between 90%  and 95% stable. Sometimes it causes a blue screen and causes the device to crash. It causes servers or computers to crash. That's a huge gamble. You could install SentinelOne on your computer and if you do, there's the risk that your production machine could go down when SentinelOne came on. Stability is a gamble for SentinelOne. There's more chance of crashing your computer. And the only solution when that happens is to go and install it through safe mode.

The product is actually scalable.

Our customers are small, medium, and enterprise companies. We support all of them, both small and medium enterprising arms.

SentinelOne technical support is awesome. If there is a five-star option, I'd give them six stars. They give good support.

Positive

I'm also working with CrowdStrike Falcon. I have worked with Carbon Black as well. SentinelOne is better than Carbon Black.

The priority of EDR before any complex feature is the ability to detect and then prevent malware attacks. That will be main reason of an EDR. SentinelOne does a very good job of detection of online threats. Once you get targeted by a ransomware attack, SentinelOne will notice that. Carbon Black doesn't do that.

The implementation process is pretty easy. 

The pricing is reasonable. I'm an engineer and therefore can't speak to exact pricing. 

We're a partner.

We sell SentinelOne. We implement and deploy. We have a partnership, basically. 

I'd rate the solution eight out of ten.

My advice to other users is if you are going to any solution out there, number one is to make sure if there are issues tey can be easily fixed. With this product, you won't have to have a problem going for three months unsolved or going for two months unsolved. 

We are a Dutch distributor working for Infinigate, a company specializing in distributing security solutions across Europe. One of our vendors is SonicWall. 

The instant rollback for Windows support is a nice feature.

Certificate distribution is quite easy, for example, using BitBucket SSL Inspection in conjunction with the firewall. More and more web traffic is via HTTPS, everybody is sending encrypted data, which needs to be decrypted for security purposes, then delivered. The integration of SentinelOne and the SonicWall Capture Client makes certificate distribution easy, which is needed for a SSL security setup.  

The 365 management and analytics from the cloud is another great feature.

It would be good to see some small tools to test files or hashes that are a potential threat, I know there are already products offering this.

We have been distributing this solution to our clients for two to three years.

The stability is fine, I haven't heard about any serious issues. 

Within the cloud, the solution is as scalable as required. The CapEX is quite low and you can scale this solution for thousands of users. 

Within our company, we use a Sophos product, as we have been working with them for 25 years and have a more established relationship. 

The initial setup of this solution is straightforward. As soon as you install it, the policy is sent from the cloud, and perhaps some certificates, and you are up and running, so that's relatively easy. I would rate the setup experience a four out of five, as there is always room for improvement.

When I open my browser, and I'm behind the SonicWall firewall without Capture Client my browser will tell me that I cannot browse the internet until I install the client. Then there is a button in the browser to install it, I click on it as a user, and after a few minutes, I'm up and running. Now I can browse again, but with a client, so it's pretty easy.

As a distributor, we advise our resellers and they sell it to their end customers, so most of the time the resellers implement. I often give demos and training, where I show them how to do it. From a distributor role, most of the installations are done by our resellers.

The CapEX is very low because you don't have to buy any management tools or install them on your hardware. It's all based in the cloud and comes with cloud advantages. 

Just buy the Capture Client and buy the installer itself in a license of 100,000, or whatever is needed. You don't need to invest in any management tools because they are already installed, and maintenance from the client will keep everything up and running. 

I would rate this solution an eight out of ten.

I would advise people to consider this solution, because the combination of SentinelOne and SonicWall Capture ATP is very powerful. I would also advise people to have a look at the Capture Client and test the differences with other AVs.

SentinelOne has a patented feature with a Sandboxing technique, they have four Sandboxing techniques. They also have an AI technique, machine learning from SonicWall, and millions of sensors around the world to detect threats and zero-day attacks. This corroboration of security threat data shared by everyone makes the solution a powerful security engine. As Capture ATP also works on the firewall, it's not only their AV clients who are feeding the machine learning and the threat data, but also their firewalls.

My client uses the solution for endpoint security and email security.

I have found the most valuable feature to be the rapid threat detection. 

We need to analyze the threats and make decisions based on that, so the analytics could be better at analyzing exactly where the threats are coming from.

One of my clients has been using the product for about three years.

My client has said that it is stable. 

It is a scalable solution.

We received a response from technical support within 48 hours. The support is great.

I would rate this solution as an eight out of ten.

It is an endpoint solution. It is for our workstations and other devices to alert us to any kind of malware threats that might be lurking. 

In terms of deployment, it is through a managed service.

It is a good endpoint solution. That's the reason we chose it. We looked at other solutions, such as CrowdStrike, and based on the cost and the services it delivers, it was the better choice.

I would like to see a better control panel for the managed service side of it.

We have been working with it for about six to eight months. 

It is stable.

As far as I know, it is easily scalable.

It is through a managed service.

It takes a little time to put it in.

It is a good solution. You just need to check out the managed service part of it.

I would rate it a nine out of ten.

We have the solution deployed on-premises and, for the last year, on the cloud as well. We have two systems.

Over the last year of Corona, we provided a lot of laptops to our workers to work at home. But because they're not connected, at first, to our network, they can't connect to the SentinelOne instance on-premises. We wanted something that would protect them when they're on the internet, and not only after they connected to our network. That is why we got the system that is in the cloud, to protect all the company laptops.

We don't have a lot of incidents because ours is a very closed network. We don't connect directly to the internet. So SentinelOne is only a barrier between us and the emails or between us and the files that go into our network. 

Three years ago, one of our employees got an email from someone and opened a file. It was ransomware. It started to infect the disks and I didn't know if it had started to encrypt the network routes. I stopped the computer, but I didn't know if another computer had also been infected. I waited for a company that was giving us support for those kinds of things. They got the disk and they started to check and analyze it. After four hours—and that was very quick, by their standards—I got the first analysis. If I had had SentinelOne the whole thing would have taken between 10 seconds and one minute. And then there was the cost of the SLA that we paid to the support company for that kind of support. A four-hour SLA costs a lot of money; the basic SLA is eight hours.

It has cut the response times to nothing. When we have an incident, we get an email in seconds and I can respond in a second to any threat. Even if it's a false alarm, I get the alarm immediately. For example, when we started to work from home, I accidentally installed a program that writes to the MBR partition in the laptop. It wanted to write to the MBR partition and SentinelOne stopped the file and it saved me from having to install the whole computer again. So it not only protects against threats but against mistakes. It's like having a big brother sitting behind you who protects you.

When you pay for a system like SentinelOne, along with the other systems that we have, we're less dependent on a SOC.

The solution gives me peace of mind when it comes to the reliability of the computers on our system. We can work through the internet, as has been happening recently with half of the company working from home, and I know that I have a system that has my back, that protects me. I know it does because I have tested it.

There isn't a single valuable feature, it's the whole engine and system. It's working online in  real-time and gives us alerts, on-click. We chose SentinelOne because in the millisecond that I clicked on the file, I got a block-alert.

SentinelOne's Static AI and Behavioral AI technologies are among the most effective for protecting against attacks because they analyze not only the file's surface, but the behavior of the file. When I described to my manager what I was going to buy, I described a system that analyzes file behavior. If you open a calculator, calc.exe, you know it's going to open calc.exe, and maybe open service X or Y, but it won't go to the internet, to an IP, and spread something. When you analyze the behavior or reaction of each file that works on your PC, it's something else. It's a different level of EDR.

When there is an incident, the solution's Storyline feature gives you a timeline, the whole story, what it began with, what it opened, et cetera. You have the whole picture in one minute. You don't need someone to analyze the system, to go into the logs. You get the entire picture in the dashboard. The Storyline feature has made our response time very fast because we don't need to rely on outside help. We see the whole picture in front of us, from the beginning to the end. We can see, with the click of a button, if that file ran on more computers, not only one or two, and how it spread to other computers. We can see the whole tree and we can immediately respond. We don't need to wait for analysis.

The UI is very clear. You don't need to look for something or to dig to understand where it is. It's all in front of your eyes.

All they need to do to improve it is for it to grow further. The hackers don't sleep. If the hackers don't sleep, the solution continually needs to be updated. They need to keep ahead of the hackers.

I have been using SentinelOne for two years.

It has never gone down. In two years I haven't had any software or hardware problems.

The scalability is driven by demand. If I need to buy 100 licenses, I can buy 100 licenses. We started with 50 and now we have 200 on-premises and 100 on the cloud.

In terms of expanding our usage, we have a SCADA network. It is our operational network. That network is 100 percent disconnected from the outside world. It's not connected to any network, not to IT and not to the internet. We use a regular antivirus there. We plan on deploying SentinelOne to support that and to remove the old antivirus.

Prior to using Sentinel one we were using McAfee Endpoint Security. We switched because I understood that the systems that are only checking file signatures don't work anymore.

We installed it, in the beginning, on-premises on our computer inside the network, and the installation was done with an integration company. Every three or four months we upgrade because our location is not connected to the internet directly.

The on-premises deployment took something like a week to get it deployed to everyone, but the installation itself was very quick, half a day. Then, to see what should be put in the blacklist or what to exclude took about two weeks. The deployment was done by me and the IT manager.

The cloud version was very simple, no problem. Things were done automatically.

The integrator we used was DnA-IT. They only did the installation for the first implementation.

Now that we are going back to the workplace, I will start to work with them on an hourly basis, and we'll learn about all the features from them. They have good guys who know what I need and what we're going to do. I am one person who supports 400 people, so I need the time to sit with the system and to learn it. The system has a lot of features that we don't use or that we don't understand how to use because we haven't had a lot of time in the past year to research them and sit with the company to teach us. We work with the basic features, things like the blacklist and the USB restrictions. The integrator will show us how to use the more advanced features. I'm starting to think that if we can implement all the features from SentinelOne, I will be able to cut the antivirus that we are paying for.

We also use DnA-IT for support. If necessary, they open a ticket with SentinelOne.

It's cost-effective. The price of 100 licenses that I need in the cloud is cheaper than one Bitcoin I would need to pay in the case of ransomware. It's already paying for itself.

The pricing is very fair for the solution they provide.

Aside from the standard licensing fee, the only other costs are for the hardware, because we use Hyper-V on-premises.

I don't remember the names of the other solutions we tested because it was more than two years ago. At that time, SentinelOne was a very young, small, Israeli company with a new product. We were using another startup on our OT network and I asked them if they knew of a good EDR company and they told me there's a little company like ours, our friends, check them out. We also checked two other companies.

We did a penetration test on some solutions. A company that we work with on pen testing planted malware in Excel files, in a macro. We tested how each of the solutions alerted us on the macro and about what it was doing. SentinelOne alerted us at the moment I clicked on the mouse. When I got the popup alert from SentinelOne, I said, "That's it."

In the other software that we checked, there was a little delay because the software got the file, transferred it to the cloud, waited for the cloud to handle the file, and then got the answer back. It took about half a minute or a minute. But in half a minute or a minute, an attack can destroy half of the network. In fact, one of the others didn't detect it at all.

My advice is check out SentinelOne. See how the system works in a real-time attack. Only when you see how it works in real life, in real time, will you understand the ROI of the system. Simulate an attack, simulate a file, simulate that file changing something, and see how it works. I can say to my manager, "I have McAfee installed on my system, I'm safe," and they'll check the checkbox and move on, without understanding what they are doing. I need to sleep well at home and I can do so by knowing I have a system that has my back. That is what SentinelOne is.