SentinelOne Singularity Endpoint Reviews

I am using only the XDR part of SentinelOne Singularity Endpoint. There are multiple use cases for SentinelOne Singularity Endpoint. From a deep visibility perspective, I need the XDR license. Whether I want to create a STAR custom rule or check multiple processes and multiple source process storylines, I need that XDR. I am looking for hop-to-hop malware detection, which requires XDR. If I am looking for any destination IP address and what is running in my organization for any ports that are open, perhaps the particular event type, there are multiple URL actions and categories to consider.

There are two or three things I would like to highlight about SentinelOne Singularity Endpoint. The first is the application inventory part. Many endpoint solutions do not provide inventory and the risk of the application, such as the severity in the endpoint machine. For that, we need to enable the policy, which is a different part. The application management is valuable because there are multiple applications running on endpoints. Without SentinelOne, I would need to purchase a new OEM or a new security tool to know the inventory of the machine. In SentinelOne Singularity Endpoint, apart from endpoint security from malware and other threats, we have the application management.

The second thing I appreciate the most is Purple AI. As a security analyst, there are many things I would rely on, perhaps on SentinelOne pre-sales or a security technical person to know after initial deployment. With Purple AI, I can search for what I need. If I want to create any block policy, create any specific allow rule, or do the whitelisting part, I can do it from there. Purple AI is overall the best thing I can highlight.

However, there are many things Purple AI cannot do. I do not know what relevance Purple AI is using in the backend. There is one module in SentinelOne called STAR custom rule. If I want to block AnyDesk or any other application on my endpoint, I need to run an SQL query for that. To run that query, I need to create it. If I am relying totally on Purple AI, I am not able to get the correct query to run. If I want to block any application, I may be relying on another head security analyst or I can do it on my own. I may need to create multiple queries. I do not think the STAR rule query in Purple AI is that efficient and not running as expected.

For maintenance of SentinelOne Singularity Endpoint, there are two things. If I need to create any maintenance or upgrade policy, that is a different matter. The customer is looking for the maintenance window and wants the upgrade part mainly on Sunday or Saturday, the weekend part. They do not want the auto-upgrade whenever SentinelOne pushes from the backend.

If I am looking at the impact of Purple AI on amplifying team knowledge, there are multiple things. If I am looking at how many endpoints are in my organization, how many endpoints have this application, and how many endpoints have multiple threats and alerts, I want to know how to reduce them. If I am asking particularly how to reduce the threat count, I do not think Purple AI can give this answer because AI is not particularly for this enterprise account. Purple AI is something I can rely on for multiple things, such as if I need to know how to create tags, policies, blocklists, exclusions, network control, device control, how to enable the firewall, and how to create a block policy with the hash. There are many things. If I need to install any agent on a particular Windows machine, whether it is 64 or 32-bit, or a Mac machine, or a Linux machine, or any other machine, how I need to add the token, and how I need to download the package are all considerations. Additionally, how to ensure that the agent is connected with my management plane is important.

I have been using this product in my career for more than two years.

As a user interface, I am more comfortable with SentinelOne Singularity Endpoint. When talking about overall security, as far as I am concerned, there is no threat leaked, as I have seen in SentinelOne as well as in CrowdStrike. As a user interface and as a security analyst, I am much more comfortable with SentinelOne Singularity Endpoint.

I have not experienced that much difficulty because I think two years back, there was no reduction I could see. However, nowadays, I think there is minimal reduction in changes. This is because two years back, the customer size was very different. Now SentinelOne is globally present, and in India, there are many customers using this. There are many data centers, which is why I think the reduction is possible.

Because I have done many deployments for SentinelOne, starting from 500 to 3,000 and 4,000 user customers, I can say that for the deployment perspective, SentinelOne Singularity Endpoint deployment is far more easy and very smooth. I have given the prerequisite document that is publicly available to the customer with all the things I already told them, such as what needs to be bypassed from the firewall. After that, for a 500-user deployment, I accomplished it in one day with the policy making.

I have contacted the technical support and customer support of SentinelOne Singularity Endpoint.

I can tell you the complete story of my last case regarding the quality and speed of the support. I was taking up a query for the STAR custom rule. If I want to block AnyDesk for one of the customers, and the customer requirement is to block AnyDesk, there are multiple queries I can get from SentinelOne SEs, but the query is not working in my environment. My team raised a support ticket with SentinelOne, and the first thing they asked for is the logs. If I need only the query and do not have any problem with my endpoint, then there is no point to add a log. Without logs, communication is not possible. I need to collect logs from my machine, which is totally wasteful. I need to upload them, and then they will revert from SentinelOne support.

When I write that I need a query for AnyDesk blocking, they say again that this is not part of their job. It is part of SentinelOne SE or a product deployment team. I have two or three queries, and when I send them, there is no good response from their side. There may be a very long delay from getting answers.

Apart from SentinelOne Singularity Endpoint, I am working on the EDR of CrowdStrike. The endpoint security is the same, but their approach and persona is very different to cater to customers. SentinelOne customers are totally different.

In the initial deployment, the customer is facing many threats in the incident windows. From my experience, I can say that this is largely because in the backend, SentinelOne AI confidence level and the analyst's verdict are undefined. This is because it depends on whether the customer is taking the MDR or not. If the customer is relying on their threat analysis or on my analysis, there are many applications which are allowed in the organization, but by default, SentinelOne is blocking them because they are executable files. For decreasing the threats, I need to allow the hash value or I can directly go to the threats and allow it because there is a production thing which is needed in the enterprise. Initially, the flow is from 500 to 1,000 alerts in a day. Day by day, I think the analyst's verdict is what I need to refine. There are many false positives and true positives, and suspicious items. As an analyst, I may not be capable of knowing whether something is a real threat or not. I need to check the hash value for that on public security websites. If anything is publicly available, the hash is publicly available. I can directly rely on other public websites. If I enter the hash value, I can know whether it is part of something that another organization has faced. I can also take the verdict that it is a suspicious and true positive. I can mark it as the true positive.

For the overall SentinelOne Singularity Endpoint, I would give a score of eight for the whole product. Regarding the price point of SentinelOne Singularity Endpoint, I do not know the exact number, but I have come from the community and attended many events. As far as the cost is concerned, before the CrowdStrike blue screen attack, CrowdStrike pricing was far more increased rather than SentinelOne. After the CrowdStrike shares decreased due to the blue screen attack, they are very competitive with SentinelOne nowadays.

The impact of Purple AI on investigations ultimately depends on what incident I got. I do not think the analyst should rely completely on Purple AI because there are many hashes or threats that are not publicly available. If things are not publicly available or not learned by the AI, I do not think I should rely completely on Purple AI. If I have any sort of data and see any pattern from my analyst's perspective, I can completely tell Purple AI that I think it can demonstrate the storyline that I am right. Based on that, I can take a decision, but I should not rely on the decision solely on Purple AI. My overall rating for this product is eight out of ten.

In my previous office, we used SentinelOne Singularity Endpoint for endpoint detection and response purposes. We deployed the SentinelOne Singularity Endpoint agent on our clients, client servers, desktops, laptops, and all other endpoints. We deployed those for monitoring and compliance purposes to secure those endpoints for security purposes.

In SentinelOne Singularity Endpoint, the fast response and detection it offers are what I appreciate the most. The biggest benefit I feel as a customer is that it is fully automated with threat detection capabilities. We just have to deploy the agents and we are good to go. There are already default use cases included with the product, so we do not have to customize the use cases every time in SentinelOne Singularity Endpoint. We just deploy the agent and as it is fully automated, we are good to go for threat detection.

Although it is a disadvantage, the false positive alerts generated by SentinelOne Singularity Endpoint is substantial, but if it is handled properly and the use cases are properly mapped with MITRE techniques and tactics, then I feel that the false positive alerts can be reduced to more true positive alerts.

SentinelOne Singularity Endpoint detects alerts in real-time. It has both static and dynamic types of detection. We do not have to wait for detection. It is much more secure because it is detecting alerts in real-time scenarios and does not take any extra time so that the SLA of our client can remain valid. Because it detects in real-time, it is much more secure.

As a user, I personally feel that in SentinelOne Singularity Endpoint, the customized dashboard could be improved. We were not able to create a customized dashboard in it. The default dashboards were only present and we were not able to customize anything. I think that could be improved. The resource consumption, such as high CPU and disk usage, can also be a downward factor.

Ranger functionality was present for SentinelOne Singularity Endpoint, but in our organization, that Ranger functionality was disabled.

I have never seen any downtime in SentinelOne Singularity Endpoint.

SentinelOne Singularity Endpoint is scalable. We can scale up and scale down the number of endpoints we need depending upon the requirement. It is very scalable-friendly.

For SentinelOne Singularity Endpoint, we get in touch with technical support because there have been multiple scenarios when we have to stay connected when we have no clue what we need to do. As the client has multiple requests, there are times when we just raise the query to customer support and they respond to us very quickly. There have been no issues, I feel. We have always been in touch with customer support and they reply to us on the same day. I have noticed this multiple times. Whenever we feel we do not know what to do, what to respond to the client, or how to do a particular thing, then customer support does help us multiple times.

The support of SentinelOne Singularity Endpoint deserves a rating of ten out of ten.

We have used multiple alternatives. We have used CrowdStrike as well for XDR. Let me talk about other environments. We have used the same platforms and other platforms such as Splunk as well. For XDR, I have used CrowdStrike and SentinelOne Singularity Endpoint.

I have not worked on integration, but I do know that the initial setup of SentinelOne Singularity Endpoint is very straightforward and very easy to do. All we need to do is set up the tenant, create the page file, and once we install it, it automatically connects within an hour. We just have to deploy the agent on whatever the server, desktop, laptop, or whatever the endpoint is.

We worked as an MSSP, so we worked as a service provider. We provide services to multiple clients. Clients come and they go. The integration part happens, then we have to decommission it. There are several factors related to whether SentinelOne Singularity Endpoint was already deployed or when it was deployed.

For maintenance in SentinelOne Singularity Endpoint, we have to stay connected with the OEM in perspective of the version upgrade to stay up to date. The only thing is version updates. If there is any new update, then we have to stay updated.

I cannot say exactly, but I can guess the pricing model for SentinelOne Singularity Endpoint. We have heard about the pricing model. While we were working on a client, our manager sent a proposed email to the client at that time. We saw how they were costing. They were costing on a per-device basis. Based on how many endpoints the client needs, they were charging per endpoint.

Comparing SentinelOne Singularty Endpoint with other XDR solutions, the first thing is that it is easier to understand with a user-friendly interface. When we log in as a user, it is very user-friendly with sections for Threat, Incident, and Admin. The UI is very user-friendly. SentinelOne Singularity Endpoint is reliable and can be relied upon for security purposes to secure our systems. That would be a major factor comparing it with other products.

I have used the Purple AI feature in SentinelOne Singularity Endpoint for quite some time.

I feel data security is a very big factor when we talk about reliability and trust issues in terms of Purple AI. Nowadays, there are different LLMs such as Claude and ChatGPT, but reliability is the most competing factor. The Purple AI feature in SentinelOne Singularity Endpoint makes it reliable because we do not have to search for IOCs outside our environment by going to other large language models. Through Purple AI only, we can get recent IOCs and vulnerabilities circulating around. Purple AI does help us for reliability and integrity of our data.

I would rate this product nine out of ten overall.

My use case is for EDR purposes.

According to me, the best feature of SentinelOne Singularity Endpoint is the Deep Visibility. I think it is easy to check what a user is doing and what command is run. You can track this with the help of Deep Visibility.

SentinelOne Singularity Endpoint's ability to ingest and correlate across my security solutions is interesting. First is the Deep Visibility. The second one is a real-time threat you can detect in SentinelOne Singularity Endpoint. Then you can raise the alert to the client within a short period. Another one is Purple AI, which is the best, according to me.

Purple AI helps with my data privacy and security by providing a feature called Star Custom Rules. You can create a Star Custom Rule, and Purple AI is similar to ChatGPT, but it only gives answers specific to SentinelOne Singularity Endpoint. For example, you can create any rule and ask Purple AI, 'Please give me this type of alert query.' Then Purple AI will create a query according to your needs. There are many types of use cases already stored in Purple AI that you can use for your monitoring, and it is better for both your client's environment and our environment as well.

Purple AI plays a crucial role in my team's knowledge by allowing us to create rules that are not created in SentinelOne Singularity Endpoint by default, and it helps to create many types of alerts. For example, you can block any RDP tool such as Anydesk, and you can create such types of rules with the help of Purple AI.

Regarding how much SentinelOne Singularity Endpoint has reduced my alerts, we can say that on a daily basis, we have 8,000 to 9,000 endpoints from multiple clients, and we have triggered 10 to 15 alerts. When you start a full disk scan, the Sentinel scan runs on your machine, and during that time, alerts that are usually not triggered in SentinelOne Singularity Endpoint can be triggered.

The time to detect in SentinelOne Singularity Endpoint is around 15 to 20 minutes, which is when we raise an alert to the client and get confirmation. These alerts involve various EXE types, and we inform the client about these alerts triggered in their machines, allowing them to confirm if it is genuine or not.

One area that has room for improvement in SentinelOne Singularity Endpoint is the inability to create a custom dashboard. You cannot create any dashboard according to your needs, which limits alert triggers across different countries. If they improve this feature to allow for custom dashboards, it would greatly benefit our customers.

I have been using SentinelOne Singularity Endpoint for the last two years and one month.

I rate the stability of SentinelOne Singularity Endpoint as 10 out of 10.

I rate the scalability of SentinelOne Singularity Endpoint as 10 out of 10.

I give SentinelOne technical support a 10 out of 10 because it is the best EDR tool.

I have not used any other EDR, but according to me, SentinelOne Singularity Endpoint is the best. We have used CrowdStrike, but only for one and a half months. While CrowdStrike has more functions, it cannot provide visibility the way SentinelOne Singularity Endpoint does. SentinelOne Singularity Endpoint offers many options in a compact format, and its use is better than other EDR tools.

I would recommend SentinelOne Singularity Endpoint to other users because its threat detection and alerting are very quick. We have used CrowdStrike for one and a half months, but SentinelOne Singularity Endpoint triggers alerts much faster. Its compact features allow us to check seven to eight features effectively, and its pricing is lower than other EDR products.

SentinelOne Singularity Endpoint has better pricing compared to other endpoints. CrowdStrike has a high value, but SentinelOne Singularity Endpoint's pricing is easier for any organization to handle.

Regarding maintenance, there is no need for maintenance according to me.

I give this product an overall rating of 10 out of 10.

My use cases include protecting my cloud security and endpoint security workloads with SentinelOne Singularity Complete.

The biggest benefit I get from SentinelOne Singularity Complete is that it protects my cloud security workloads and my on-premises server workloads against ransomware attacks and zero-day attacks.

SentinelOne Singularity Complete has a legacy API integration to connect my existing log management tool and my endpoint protection tool to interconnect my SOAR and SIEM platforms. This ability to ingest and correlate across my security solutions has been valuable.

SentinelOne Singularity Complete helps with the consolidation of security solutions. Previously, we used multiple products such as Trend Micro and McAfee, and we have consolidated into a single platform with SentinelOne Singularity Complete.

SentinelOne Singularity Complete definitely helps reduce alerts in my case because it has AI functionality that investigates and detects threats. This detect and investigate capability from AI has helped us reduce alerts by almost twenty-five to thirty percent.

SentinelOne Singularity Complete helps reduce mean time to detection as it has an important feature called auto-remediation, which is a one-click rollback that allows us to restore identified files. This feature also helps on the false positive front.

SentinelOne Singularity Complete reduces my mean time to respond and protects my environment, thereby reducing the workload of my engineers and security analysts by at least thirty-five percent.

SentinelOne Singularity Complete helps free up my staff for other projects and tasks because it is easily scalable and managed with a single platform, allowing us to concentrate more on DevSecOps and providing visibility across endpoint, cloud workload protection, and my server environment in one platform.

Purple AI in SentinelOne Singularity Complete is important for data privacy and security as it provides granular level information on where I need to go and fix issues, which helps accelerate my operations for better performance.

The contextual intelligence feature of Purple AI in SentinelOne Singularity Complete helps me get the threat intelligence platform across my environment and allows me to share the advisories with my other platforms as well.

Purple AI amplifies team knowledge as I can use it in the manner of a managed detection and response service, allowing me to create a use case with my existing security analyst in response to alerts or triggering information. This provides me complete visibility across my security landscape.

Purple AI impacts SecOps workflows by providing complete end-to-end visibility across my channels and reducing manpower. The agentic workflows created by AI allow my analysts to have an easier job.

I have encountered an issue related to the alerting mechanism in SentinelOne Singularity Complete. Sometimes I need to depend on one more module to get alert visibility. The alerting mechanism shows alerts on a single page, but I have to navigate to another page to get detailed visibility, which could be improved in the user interface.

I have been using SentinelOne Singularity Complete for two years.

I have never seen any issues such as glitches, downtime, or latency with SentinelOne Singularity Complete.

I do not face any scalability issues with SentinelOne Singularity Complete since it is a SaaS platform.

The technical support for SentinelOne is good. I would give them eight points for support on a scale from zero to ten. To reach ten points, they could improve on threat intelligence and provide faster responses.

Positive

SentinelOne Singularity Complete has helped with the consolidation of security solutions. Previously, we used multiple products such as Trend Micro and McAfee, and we have consolidated into a single platform with SentinelOne Singularity Complete.

I find the installation and deployment of SentinelOne Singularity Complete very easy.

The deployment of SentinelOne Singularity Complete was done with a partner.

In terms of return on investment for SentinelOne Singularity Complete, I find it better since I am using the AI platform to reduce manpower costs, which helps with the return on investment.

SentinelOne Singularity Complete is less costly compared to CrowdStrike. From a technical side, I do not see much difference between SentinelOne Singularity Complete and other vendors.

SentinelOne Singularity Endpoint serves as my primary tool for Endpoint Detection and Response (EDR). I do not use the XDR function of SentinelOne Singularity Endpoint. I use it exclusively as an EDR, and this EDR integrates seamlessly with our SIEM solutions. We have SIEM tools in place such as Splunk and QRadar, and SentinelOne Singularity Endpoint integrates with both of them perfectly, providing valuable inputs. The metadata that it fetches is useful for our security operations.

I find the functions and features in SentinelOne Singularity Endpoint very useful; their detections are precise. They are very accurate and do not produce a lot of false positives, which we experience from other EDR tools. That is their unique selling proposition. Furthermore, I believe SentinelOne Singularity Endpoint is the only EDR that provides on-premise deployment. Even CrowdStrike and Microsoft are entirely SaaS-based and cloud-based.

SentinelOne Singularity Endpoint helps reduce the number of alerts. As I mentioned earlier, it generates precise alerts with very few false positives, if any, so the number of alerts it generates has actually reduced the load on our SOC analysts.

SentinelOne Singularity Endpoint does help free up my staff. I support approximately 18,000 to 20,000 endpoints with only two EDR engineers. This is a significant reduction from when we had multiple EDR admins. SentinelOne Singularity Endpoint is very easy to manage from an administration and maintenance perspective. Management is straightforward and simple.

SentinelOne Singularity Endpoint helps reduce mean time to detect (MTTD).

We are not working with SentinelOne Complete to consolidate our security solutions in one place.

If SentinelOne could localize the Purple AI and other features for larger environments such as ours, which has around 20,000 endpoints, that would be an improvement. If they could provide a local LLM that can be installed on-premise, it would be easier for us. Otherwise, we need to obtain government permissions, which is quite complex and can take years. A local version of the LLMs for Purple AI would be beneficial.

I believe that SentinelOne's technical support needs to improve slightly. They are quite slow, and while I understand they might be busy, I would rate them at a seven out of ten.

I have been using SentinelOne Singularity Endpoint for more than two years.

For the stability of SentinelOne Singularity Endpoint, I would rate it at eight or even nine because I have not experienced any downtime.

I would rate the scalability of SentinelOne Singularity Endpoint at nine.

In comparison to products such as Splunk and QRadar, their support is swift and quick.

Previously, we had solutions that were inferior to SentinelOne Singularity Endpoint, which demonstrates an improvement, but they can still do better.

SentinelOne Singularity Endpoint has a simple and straightforward initial setup process.

We purchase our licenses for SentinelOne Singularity Endpoint from a local distributor, not through the marketplaces or directly from SentinelOne.

SentinelOne Singularity Endpoint provides benefits such as saving money as it is very light on the endpoint. It uses between 150 to 250 MB of RAM when booted up and drops down to 100-150 MB. It is not resource-hungry, and the laptops work fine. We do not have to upgrade the RAM of all employee laptops. In comparison, other EDRs such as Microsoft Defender are quite resource-hungry, and employees often complain about laptop speed, but we do not face those issues.

I would rate the pricing for SentinelOne Singularity Endpoint at around four out of ten.

If I could choose between CrowdStrike and SentinelOne Singularity Endpoint without considering pricing, I would still choose SentinelOne Singularity Endpoint because I have not had a negative experience with them. In contrast, CrowdStrike has a reputation for causing issues.

I do recommend SentinelOne Singularity Endpoint to other users as part of my day-to-day responsibilities. I have given this review an overall rating of eight out of ten.

SentinelOne Singularity Complete is being used comprehensively for all capabilities. It is being used for endpoint detection and response, and for XDR purposes. For example, Entra data is being ingested into the platform to get a more complete picture, and also for non-incident-based threat hunting.

The ability to ingest and correlate across various security solutions is impressive. It could be a bit more widespread, but fortunately it is using OCP, and the built-in Purple AI understands more and more of it. On a scale of one to ten, I would rate this a seven to eight.

SentinelOne Singularity Complete has helped me and my clients consolidate security solutions absolutely. I have clients who are no longer using old school SIEMs and they have moved everything into SentinelOne. It has been replacing old AV or non-performative EDR solutions.

The best features in SentinelOne Singularity Complete have to be Purple AI. SentinelOne has not been doing AI for only the past three years, but they have done it since they started. They do have a more realistic grasp on their technology. Using Purple AI, it is very easy to quickly get a grasp on your data, to get the data that you want, and get it properly formatted.

Writing the parsers for data ingestion can be a bit annoying in SentinelOne Singularity Complete. When you do not have a native integration, parsing to OCP or OCF can be a bit tedious. Nothing major aside from that data ingestion aspect.

I have been using SentinelOne Singularity Complete since 2020.

I would rate the technical support for SentinelOne Singularity Complete a nine.

Positive

The deployment process for SentinelOne Singularity Complete is easy. The documentation for it is really well-made. I might have overengineered it a bit to always automatically deploy the latest version via the API, making it perhaps more complicated than it needs to be, but once you have it set up, you do not need to worry about it again.

The initial deployment for SentinelOne Singularity Complete depends on the size of the customer, but usually half a day for full deployment is very doable.

I still work with SentinelOne Singularity Complete as well. I am partnered with SentinelOne.

I absolutely use SentinelOne Singularity Complete's Ranger functionality. It is awesome to get a quick grasp on shadow IT, to know what you really have in your environment and what you perhaps do not even know about, what is covered, and what is not covered. The quick rollout feature or the deployment feature via Ranger is differentiated. In my opinion, when you see a device not having SentinelOne Singularity Complete in the Ranger overview, that indicates an issue with the process. You can use the band-aid by quickly deploying it, but in my opinion, that is a band-aid and you need to look at the process first.

It is hard to put into numbers how much SentinelOne Singularity Complete has helped reduce alerts. If it was just a percentage, I would have to say 90% and above. SentinelOne Singularity Complete correlates alerts. If something is happening in the same general incident, it is added to that incident rather than being a new alert. I remember being in the rollout for a larger client and they had another solution still in place at the time. They were running simultaneously for a while. In their old solution, they got hundreds and hundreds of alerts for a single occurrence, 99% of which were false positives. In SentinelOne Singularity Complete, we had a single notification, a single alert, making it much easier to quickly work through and finish.

Regarding my false positive rate reduction, I would say roughly 80%.

SentinelOne Singularity Complete absolutely saves time for me and my clients.

In numbers, I would say 80%. It is a lot of automation, and you can trust in the product to pretty much work. After you have set it up, you can essentially leave it running until you get an alert. That can mean you can leave it alone for a couple of weeks, and that is completely fine.

I would say roughly 70% for how much it has helped reduce my mean time to respond. Getting the alert is only half the benefit. Being able to quickly get all the information you need and then make an appropriate decision is simplified so much. Going back to the topic of XDR, because you can integrate pretty much any data you want into the console. You do not have to have 20 different tabs open. You can have SentinelOne Singularity Complete open and that is it. You can have all the information right there, even within the threat page itself. That simplifies things so much.

So 70% for detection and 70% for response.

Regarding Purple AI, data privacy and security when utilizing AI are important, and it meets my requirements and needs. Every time I interact with someone who is not from Germany, it is always the topic of data security and privacy for Germans. I think Germans are a bit different on that topic. Purple really does meet all the criteria for that. There has never been a single complaint.

With Purple AI, I would assess the capabilities in providing synthesized threat intelligence or contextual insight at six to seven out of 10. There is room for improvement. In a lot of cases, it might just be seeing issues where there potentially are none. If you look at a single event, for example, it may give you the information that this might be threat-related, but when you look into the data, it might also not be. Generally, it does perform really well and if there is something definitely malicious in an event, it will tell you. There is room for improvement.

SentinelOne Singularity Complete helps streamline threat investigations by making it so easy. It is actually unbelievable. Anyone can get started. For example, I recently introduced a new apprentice to the threat hunting capabilities via Purple AI, and that same day he was able to use it because the barrier to entry is so low. You do not need to learn a new query language. You do not need to learn the syntax. You can get right to it and get started.

In my thoughts on pricing for SentinelOne Singularity Complete, it is cost-efficient, definitely. Being pretty much solely on the technical side, I am a bit removed from that.

I would compare SentinelOne Singularity Complete favorably with other solutions or other vendors. It is easy to set up. It is easy to administrate. As with all solutions, you do need to put some effort into the initial deployment. That is going back to the whole beauty of it. It is easy. It takes a workload away from your team. You do not need to worry about so many things after you have it deployed.

My clients have mainly deployed SentinelOne Singularity Complete in the cloud, on-premises, and hybrid models.

I deploy SentinelOne Singularity Complete for myself and for my clients using the cloud for the console, but the agents on all the endpoints.

It is super easy to maintain SentinelOne Singularity Complete. When there is a new agent version, I do ring testing, for example, I do an internal deployment first before I roll it out to my clients. New versions come out every couple months. Beyond that, if there is an arising issue, if a client starts using new software, that also may come up if there are issues in interoperability with SentinelOne. In banking software for example, that is a common thing. Beyond that, it is super easy to maintain.

My advice to those looking into SentinelOne Singularity Complete is to do a proof of concept. Do a small-scale deployment across all your departments. See how it performs and see if there are any issues.

My use case working with Singularity Platform was to implement clients from the insurance business onto the platform.

Singularity Platform's best features are its scheduled reports and its automated end-of-day business capabilities, which allow any activities that occur projected or expected to come in overnight without manual intervention.

Concerning Singularity Platform's real-time monitoring capabilities, they are not truly real-time, as they were always a day behind, meaning they look at results from the prior T+1 business day. They are getting as much real-time information as they can, and depending on what the insurance team decides to do in terms of logistically buying and selling on a certain day, they can see their impacts on their current cash balances. This allows executives to determine if they have to liquefy any of their assets at a certain point in time, providing a great view in terms of risk management and current available cash balances while also considering the strategic direction in the next year or two where they plan on going with their cash balances.

I believe there is room for improvement in Singularity Platform regarding its product. First of all, with all automated systems, they need to have the capabilities to expand rather quickly. When I was there, I do not believe they had the ability to do that. In addition, they are very concentrated on certain clients which they have contractual obligations to meet.

As for other areas that could be improved in Singularity Platform, I believe there are a bunch of customer-facing uploads that need improvement. The communication between clients and the teams working internally with that client also needs enhancement. The automation itself has to be increased in terms of bandwidth or capability of the system. For example, there were times when there were severe lag problems on the system due to capacity issues. They may not have had enough servers. There was a lack of response time at times.

My experience with Singularity Platform is over three years.

I would rate the stability of Singularity Platform as a nine. Of course, you will sometimes have outages across certain regions; it just happens. However, during the amount of time I worked on it, I did not have any instances of an outage, although I cannot say everything is perfect.

Regarding scalability, I believe it deserves a seven out of ten, or a seven and a half. I believe that the system is scalable but it all goes back to personnel behind the scenes and the availability of those people, plus the knowledge they hold in terms of being able to bring larger clients onboard. I am not saying they are awful; they just need to ensure that they have the right personnel.

I would rate the technical support of Singularity Platform as a six.

The reason I rate it a six out of ten is because they have a lack of IT resources to be responsive in real-time, and they are very siloed in terms of knowledge. A lot of people have to reach out to one sole person who has basically developed the system, creating a bottleneck for responses and making it hard to know when you will get a reply or where it stands in terms of priority.

Positive

I believe that CAM and Clearwater are superior to Singularity Platform.

Overall, I believe that in any cloud-based platform there are challenges. However, in terms of implementation for Singularity Platform, the average implementation is about 90 days, which is pretty reasonable given the circumstances. I do not believe there is any advantage or disadvantage in moving from Singularity Platform to any other platform.

In terms of pricing for Singularity Platform, I believe they are competitive with the market. I do not believe they are cheap or expensive; I believe they try to be within a few basis points of other offerings. My philosophy is you pay for what you get, so if you decide to cheapen out on the cost of your platform, you are not going to get what you want.

If Singularity Platform is reasonably cheaper than Clearwater, then you could use it as it will still do what you want, though it may not be as comprehensive as Clearwater.

Regarding Singularity Platform's real-time personalization feature, it does help with my customer experience strategies because, in my personal experience, I have taken a role as Treasury Manager and I am dealing with investment accounts every day. To do all that work manually compared to any type of platform work is pretty painful, so I would say anything in an automated space for any investment, any company with a bunch of investments in a portfolio, Singularity Platform is an option.

Singularity Platform does help with fraud detection in the financial services as it has rules involved for risk management. If there was a purchase done, the way Singularity Platform works is it is fed in the custodian feeds as well as the bank feeds. There is no current trading platform associated with it, but there may be things in the works that will include a trading platform. I would say that there is a compliance module within Singularity Platform that helps clients determine if they want to remix their portfolio balances to stay compliant with whatever loan agreements they may have.

Regarding Singularity Platform's customizable dashboards, I believe they help optimize operational efficiency. Since my role was really behind the scenes, not as a developer but on the QA implementation side of things, I believe any platform that can customize for any client will actually help them in the long run. I believe that having reports that are unique to each individual client helps them in their own way, so whatever reduces the manual workload for the client, especially customizing UI, is a good idea.

I would absolutely recommend Singularity Platform to other users, but it depends on what their expectations are for the investment accounting software they plan to implement. For a smaller size insurance company, I believe that is fine. However, there are things that Singularity Platform cannot do that Clearwater does, and I am sure there are things that Clearwater does not do that Singularity Platform does. Therefore, it is hard to say definitively; it really depends on the client's needs. For a full-blown investment accounting and reporting system, I would still recommend Clearwater over SS&C. In terms of asset management and banking solutions, I cannot really respond because I believe SS&C and Clearwater probably have the same application capabilities.

I would rate this solution a seven out of ten overall.

We use SentinelOne Singularity because we didn't have a strong cybersecurity platform, and I wanted to make sure that my company wasn't going to be vulnerable to cyber-attacks. I also wanted to make sure that it was user-friendly, so it didn't have to have an end user that was managing everything. I saw that AI actually manages everything for you, so it's super user-friendly.

SentinelOne Singularity's interoperability with other solutions or third-party applications seems to flow nicely.

SentinelOne Singularity handles ingesting and correlating across the security solutions without me having any problems.

The most valuable feature of SentinelOne Singularity is that it's automated. The AI is constantly working in the background, tracking and blocking cybercriminals or bad actors.

SentinelOne Singularity saves me time every day that I use it, as it is easy to manage and easy to install.

SentinelOne Singularity has improved my organization overall by allowing us to get cybersecurity insurance, which I think is very hard to get. We have coupled SentinelOne Singularity with some other cyber platform, and now we are insured as well.

SentinelOne Singularity is super easy for scalability; we are constantly adding more computers and users, and it's compatible with everything else that we're using.

When sending out new updates, you have to figure out which one is the right one, so it would be easier if they committed to that, because when you're sitting out updates, there are different names and something different, making it tricky to figure out which one is compatible with your program or company.

I have been using SentinelOne Singularity for probably three years now.

I haven't had any issues with SentinelOne Singularity regarding stability, such as lagging, crashing, or downtime.

Their technical support is very responsive, helpful, and knowledgeable.

On a scale of one to ten, I would give their support a ten.

I have a very positive impression of SentinelOne Singularity as a strategic security partner, and I'm very happy with the product. I plan on keeping it because we had another product that wasn't easy or user-friendly, and we ended up not renewing that, while we plan on renewing SentinelOne Singularity every year.

In my opinion, it was super easy and straightforward.

We did the deployment all by ourselves in-house.

I was involved in the deployment.

The return on investment I've seen from SentinelOne Singularity is huge because we now have cyber insurance, and our workload is less. We don't have to pay the price we were paying for a whole IT company for computers and malware solutions since we are saving money ultimately.

I have never tried using Ranger.

My mean time to detect is eighty percent.

The meantime to respond is the same story.

My organizational risk has been reduced.

I am having a really good experience with SentinelOne Singularity, so I can't say there's anything they can improve because I'm not having any problems. Even if I have an issue, they're super responsive.

I think SentinelOne Singularity's pricing or licensing is very comparable and competitive.

SentinelOne Singularity requires maintenance on my end, such as making sure to send out any new agent updates quickly.

On a scale of one to ten, I would give SentinelOne Singularity an overall score of ten.

I would advise others evaluating SentinelOne Singularity that if they're looking for something simple, user-friendly, and that stays up to date with what's happening, this is the product for you.