SentinelOne Singularity Endpoint Reviews

SentinelOne Singularity Complete is an XDR solution for endpoint protection and EDR. I am an integrator and reseller of both their SIEM and XDR platform.

SentinelOne also has an AI SIEM that operates as a different solution on top of the XDR platform, which is very useful especially for organizations that do not have any SIEM but already have the XDR platform. With the XDR platform, I am able to correlate data from other solutions.

Their AI SIEM consolidates everything under one platform. The way it is very easy is that one agent does everything. Whether it is cloud, on-prem, or endpoints, one agent handles that part. If you have the SIEM as well, you can ingest logs from your cloud workloads, from your on-prem devices, whether it is a security device or other devices like your network switches and applications. It is able to ingest data from all platforms.

SentinelOne Singularity Complete is your endpoint platform that covers everything. It covers Linux, Mac, and Windows environments as well as your cloud workloads and Kubernetes workloads. If you are looking to integrate other solutions or devices, you need the AI SIEM, which will take care of third-party solutions, firewalls, identity access, PAM, and other integrations. If you want to bring those feeds onto that platform, you need the AI SIEM part for it. In terms of XDR, it covers the major platforms including Linux, Windows, and Mac.

The Ranger functionality is good, though I believe they have renamed it recently. If you want to do network discovery on your network to know what is running on it, Ranger is very good.

Purple AI is built into SentinelOne Singularity Complete platform. Purple AI helps engineers perform threat hunting without requiring SOC analyst experience. You are able to threat hunt and respond to threats using normal language conversation.

Because you are able to converse with it using natural language, you are able to build out responses using Purple AI that it will enact autonomously.

It is priced by endpoint device, making it one of the well-priced solutions. It is not too expensive and is a very good enterprise solution.

The most valuable feature is rollback on ransomware and malware because it is one of the only solutions that can do real-time rollback on ransomware and malware.

With SentinelOne Singularity Complete, you have virtually 99.9% zero false positives, which means when it is doing its detection, it is very good at it.

Because the detection engine can be fully autonomous and AI-based, the IT team is not bogged down looking for threats or hunting for threats. Most of the threats will be detected and remediated autonomously, which makes it very useful.

Because of the false positives and the detection engine that it uses, it vastly reduces the detection time because it is AI-based.

Because it is autonomous, you have more or less instant response if it detects a threat.

It is doing most of the work currently. The only thing that would help complete the solution is the ability to execute and perform patching from the system since it is able to discover vulnerabilities and CVEs on the system. That is the one improvement that I have had from clients.

Five years plus.

I have not had any issues personally. I do not know everyone's experience, but I have not experienced any yet.

It is extremely scalable, so it is very good. I would rate it a ten out of ten. You can use it for very small organizations all the way to extremely large organizations.

I have not had to contact them for troubleshooting. When we are doing proof of concept, I speak with the SentinelOne team. In terms of them having to come in and troubleshoot something, that has not happened yet.

The material is readily available for anyone, and mostly they have what I need. I do not need to refer anywhere else.

The only new solution that I have added is SentinelOne, not any other.

The setup is very straightforward and not difficult to do. All you need to do is deploy the agent onto the endpoint machines and then configure the detection and response policies. Other than that, it is not much and is very easy.

Setup is normally done by SentinelOne, but deployment is handled by us. The setup is an online setup unless it is on-prem. For on-prem, I am involved, but most users will not get on-prem deployments. Cloud deployment is done by SentinelOne themselves, and then we come in to do the deployment.

SentinelOne Singularity Complete has allowed me to perform multiple functions. It enables asset ingestion, and I have been able to identify other machines that don't have the endpoint agent installed. We've caught some malware. SentinelOne has internal reporting features and Ranger features that search the subnets where SentinelOne agents are located for other devices that may not be protected with the agent. The platform itself allows me to visualize my entire environment.

SentinelOne Singularity Complete has allowed me to perform multiple functions. It enables asset ingestion, and I have been able to identify other machines that don't have the endpoint agent installed. We've caught some malware. SentinelOne has internal reporting features and Ranger features that search the subnets where SentinelOne agents are located for other devices that may not be protected with the agent. The platform itself allows me to visualize my entire environment.

The ransomware rollback feature is the best aspect of SentinelOne Singularity Complete that stands out the most. We haven't had to use it yet, but it allowed me to demonstrate to our insurance providers that I had a recovery mechanism for the rollback.

SentinelOne Singularity Complete has positively impacted my organization by helping with trust amongst the organization. There is no longer any doubt that we are protecting the endpoints. Also, with USB exclusions and other features, it has helped with data loss prevention. I am now able to measure DLP attacks.

My impression of SentinelOne Singularity Complete's ability to ingest and correlate across my security solutions is phenomenal. It's great to have that central location. With SentinelOne Singularity Complete, I have been able to remove three additional products from the environment.

I use SentinelOne Singularity Complete's Ranger functionality, and it's one of the most important things I have.

There really aren't any areas for improvement in SentinelOne Singularity Complete. I'm excited to watch the continuous improvement to the storyline.

SentinelOne Singularity Complete is stable in my experience.

SentinelOne Singularity Complete's scalability is extremely easy to achieve as new endpoints and new detection points come on board.

The customer support for SentinelOne Singularity Complete is phenomenal.

I would rate the customer support a ten on a scale of one to ten.

Positive

We were a new company, and we picked SentinelOne Singularity Complete first without using a different solution before.

SentinelOne Singularity Complete has helped free up my staff for other projects and tasks by saving us multiple hours a day because we can now get the visibility and the automation.

SentinelOne Singularity Complete has helped reduce my organization's mean time to detect by fifty percent.

SentinelOne Singularity Complete has helped reduce my organization's mean time to respond by eighty percent.

My experience with pricing, setup cost, and licensing for SentinelOne Singularity Complete was flawless while working with my account manager. For the first time in a long time, I enjoyed the process.

I did not evaluate other options before choosing SentinelOne Singularity Complete.

The advice I would give to others looking into using SentinelOne Singularity Complete is to have your inventory counts available, document your ingestion points, and proceed with the implementation. I think it's a great product. I would rate this review a ten on a scale of one to ten.

I use SentinelOne Singularity Endpoint like an endpoint EDR solution.

The best features of SentinelOne Singularity Endpoint include real-time alerts regarding threats and multiple alerts being triggered in the real-time console. These features are most important, and SentinelOne stands out as better than other EDR tools.

I can check the real-time logs of user activities and track what we are monitoring on the EDR. These are the best features in SentinelOne.

The unified platform experience helps me streamline security operations for real-time threat hunting because multiple alerts are triggered on the client side, allowing me to handle malware and other types of viruses effectively. Additionally, I can perform actions such as quarantine, making the customer experience secure.

I have used Purple AI with SentinelOne Singularity Endpoint, which provides deep visibility. This is one of the best features, enabling me to track multiple user logs and determine whether sites are malicious. The decoder option allows me to paste the code to check specific user activities. Purple AI helps greatly in tracking any users.

Purple AI assists with threat investigations by providing step-by-step answers regarding generated alerts and the actions to take, including whether something is affected or not. This feature allows me to understand what needs to be done, such as quarantine or kill processes, making it ideal for our investigation needs.

In terms of improvement areas for SentinelOne Singularity Endpoint, I think there are a couple of features that are improving, particularly the dashboard such as creating a multi-function dashboard. There is one loophole that needs addressing, but it is still better overall.

I have been using SentinelOne Singularity Endpoint for five to six months.

For the stability of SentinelOne Singularity Endpoint, I would give it a 10 out of 10.

Regarding scalability, it also receives a high score from me.

I would rate the technical support for SentinelOne Singularity Endpoint a perfect 10 out of 10 because, in my opinion, it is the best among various EDRs that we have checked.

Comparing SentinelOne Singularity Endpoint with other solutions, we have used CrowdStrike for a few months. According to me, SentinelOne is the best because it triggers alerts in real-time, which is faster than both EDR tools in action. Moreover, SentinelOne features are more compact, making it easier to understand, even for newcomers.

SentinelOne Singularity Endpoint was purchased through an MSP portal, which allows us to provide customer licenses for the agents.

In our organization, roughly 10,000 to 12,000 customers utilize SentinelOne Singularity Endpoint, with 10,000 to 12,000 agents installed on client-side endpoints. We also have about 30 to 40 people working with SentinelOne Singularity Endpoint.

Regarding pricing for SentinelOne Singularity Endpoint, it is not the cheapest or most cost-efficient option; it is a medium price. Anyone can purchase it easily because it suits various organizations.

We also use the Offensive Security Engine feature, which helps us check what types of users are installing SentinelOne Singularity Endpoint agents on various endpoints such as phones, laptops, and servers while also maintaining an asset inventory.

With SentinelOne Singularity Endpoint, we have detected incidents that triggered alerts, and we can raise them within a maximum time of 10 to 15 minutes later. I recommend blocking the connection and taking other necessary actions.

The importance of the Secret Scanning feature in SentinelOne Singularity Endpoint is significant because it scans newly engaged endpoints for malicious activities. It detects harmful EXE files or suspicious abnormal behaviors, ensuring the health of our endpoints is maintained.

I recommend implementing SentinelOne Singularity Endpoint because the integration part is very simple and suited for small organizations. It is reasonably priced, and the installation of the endpoint on the client side takes only two to three minutes. I can also explain how it compares with other endpoints and the types of alerts generated, making it suitable for potential clients.

Deep visibility, full disk scan, and rollback features are impressive, especially in cases of ransomware attacks. The rollback feature helps easily revert to a safe state prior to attacks, while the full disk scan ensures that all machines are scanned for threats, thus maintaining endpoint health.

I use SentinelOne Singularity Endpoint for endpoint protection. I utilize it for different companies and different purposes. It is effective for endpoint detections and remediation of the detections. Additionally, I use it for new endpoint discovery within the company intranet. Overall, I use SentinelOne for incident response activities.

The best features in SentinelOne Singularity Endpoint are the Sentinels and the features provided within the Sentinel module, which include machine identification and machine details. I can accomplish everything within the endpoint using these features. Endpoint Sentinel is a good detection rule, and if I can create or already have created rules, these are good working rules that protect my organization and make the endpoints more secure.

Ranger is also a cool feature that provides visibility of new endpoints that have been attached or connected within my infrastructure that do not have SentinelOne Singularity Endpoint agent installed on them.

Before using SentinelOne Singularity Endpoint, I used different products, including CrowdStrike. In the space where SentinelOne Singularity Endpoint is working, it is an awesome product. However, I believe the vulnerability management is currently in pilot. If it can mature into good production where the vulnerability management module is working well within Singularity Complete edition, that would be an awesome step. The vulnerability assessment is available, but application vulnerability assessment or other endpoint vulnerability assessment is not as good as what other products are providing.

Singularity Complete is a good product in its area and, obviously, when comparing to other organizations or companies providing endpoint detection solutions, it is an end-to-end solution for antimalware and XDR. This has been working fine for me so far. I am using it in small, medium, and enterprise organizations, and it is good. However, as I mentioned for the vulnerability assessment, along with the specification of handling core, detailed forensics, there could be more details I would add. However, if I recall correctly, there is a specific module within SentinelOne Singularity Endpoint to check all details of the functions that happened within the target machine. I am currently unable to recall the name of that module, but it exists. However, there is room for improvement where more details of the solution or from the target can be added, and this would help me more easily identify the impact or the root cause that impacts the endpoint. This would be more helpful for end users. Currently, if there is an impacted endpoint, I click on the endpoint, and it gives me insights about what happened with this endpoint. However, when I need to go into the details, there is some limitation to viewing those details for the target machine. It would be awesome if this module could be integrated into the normal Sentinels. This would be more helpful for engineers working on core identification of root causes.

I have been working with SentinelOne Singularity Endpoint for more than two or three years.

It is working fine for me. In the majority of cases where files have been detected as malware or virus within the organization on the target machine, they are quarantined. This is good functionality from XDR, as I mentioned earlier.

For me, it is good, but I believe SentinelOne Singularity Endpoint does not directly engage with customers who have fewer than one thousand nodes. I have to engage through SentinelOne's partners. This is an impact based on market or company strategy. The pricing is not too bad; it is good. If I directly engage the organization or company, the pricing is different and obviously better. Additionally, when I go directly within the company, they provide visibility or vigilance services to customers at the same price. When I go into the partner channel, my account is within the partner's umbrella, and they provide limited support for visibility and further incident investigations. This is a limitation for small and medium organizations. However, for large organizations that can directly engage SentinelOne Singularity Endpoint, this is a positive point, but there is a lag when I go into the partner channel. The partners engage with customers in their own way, and that is how it works.

For me as an end user, the setup process was not difficult because everything was set up from the partner's side. I may not be the right person to answer for all aspects. For the end user, it is very easy. The partner set up the whole environment within a week or two. After creating the whole setup, as an end user, I would just have to install SentinelOne Singularity Endpoint agent into my end user devices or servers. It is easy to do that. Once I do this and the environment has been set up with all Sentinels collecting data from end user devices or servers, everything is there and the environment has been set up. It is easy for end users, but obviously for those creating the environment, the whole environment, creation of security rules, detection rules, and those kinds of things may be challenging, especially for beginners. That would be the challenging part, and I did not do it earlier, so I cannot comment on it fully.

It is comparative to other products and is cost-efficient.

This is a competitive market with competitive solutions that have core good products and features within them. If I am looking for an endpoint protection solution, this is a good product because I always compare SentinelOne Singularity Endpoint with CrowdStrike and Microsoft Defender. Based on that comparison, if SentinelOne Singularity Endpoint had good vulnerability assessment capabilities, because currently the vulnerability assessment is based on the application, not the operating system, it would be a good point from the perspective of cost-efficiency along with the features within the product. SentinelOne Singularity Endpoint has Ranger, Sentinels, and visibility where I can go in and have detailed knowledge about every detection along with every happening on the target machine. This is good, but SentinelOne Singularity Endpoint is still lagging under the vulnerability assessment module.

SentinelOne Singularity Endpoint provides alerting into the dashboard, but I did not configure it correctly and never received alerts over emails. If such a feature exists within the product, that would be awesome, and I could incorporate and configure it. Currently, I do not have visibility on it. Once I log into SentinelOne Singularity Endpoint, it provides visibility within the dashboard showing how many endpoints have been detected as infected, how many endpoints are impacted, and how many endpoints have been identified as malware where SentinelOne Singularity Endpoint has quarantined those files, and I can do analysis and further processing. However, currently, I did not configure it if it is available, but I am unable to navigate it. I do not have visibility on whether any endpoints or target machines have been impacted so that I receive email notifications or SMS notifications alerting me that a machine has been impacted and needs to be worked on urgently. This is a critical function I need to perform right now. If this would be configurable or is available in SentinelOne Singularity Endpoint, that is awesome. If not, then the alerting mechanism needs to be improved to get alerts over emails or SMS for at minimum critical assets.

I can say that I currently did not implement it in such a way because for what I am using SentinelOne Singularity Endpoint for, it is the on-premises infrastructure for some organizations and just for endpoints in other organizations. In that case, I believe for SaaS products, I am currently not utilizing it for such things. My question is whether SentinelOne Singularity Endpoint is an agent-based solution that I can only utilize on endpoints or servers or where the operating system is Linux or different flavors where the operating system is running. However, for the serverless environment, SentinelOne Singularity Endpoint cannot work. Is that the right expectation?

Obviously, the core concern is about data protection and privacy. There is something I have to adopt with AI. If I do not adopt it, I am not running with the market and chasing new goals. The thing is I have to implement frameworks such as ISO 42001 to manage data and contain my data's confidentiality and privacy. This is core importance for me in my job role. I take care of this all the time, and obviously if I am integrating solutions that utilize AI-based features into their product, I do have vendor management or vendor risk management to perform with vendors. I currently look into AI standards or framework implementation within organizations if they are providing me with full core data security. This is the point I engage in with existing and onboarding vendors. Additionally, I am currently utilizing AI and making AI models within my organizations. I implement security standards and maintain the whole implementation and operationalization of data protections within AI models and machine learning models.

This is the function that can be adopted, and if it is in the product, obviously this is a positive point and I do encourage that utilization of AI models within products. As I mentioned, if I got email alerts or SMS alerts for critical systems and if AI has been engaged into threat modeling with well-known algorithms that identify what threats, viruses, or malicious insights have been identified in the system, and if AI can guess that certain operating systems, files, or things are critical to my organization and can do this on a real-time basis, that would be a positive point. Obviously, as I mentioned, if I want to run with the market, I have to integrate those AI threat modeling or AI remediations within my organization. I have to do that. I give this review an overall rating of eight out of ten.

I create policies based on the regarding policy, which means I created custom rules regarding the use case and customer use case.

Most of my use cases are related to the event ID and the process event, so it is easy to use.

My impressions of SentinelOne Singularity Complete's ability to ingest data and correlate across the security solutions is that it is better for blocking the hash value and generating the rules manually. It is easy to use.

Overall, SentinelOne Singularity Complete helps me consolidate my security solutions, being the best in endpoint, cloud, and identity.

The best features in SentinelOne Singularity Complete are in the SIEM solution, including the block list in hash value block list and anti-tampering mode.

The best part of the Ranger functionality is that it helps find known and unknown devices, locate IoT devices, and determine how many agents have not been installed in SentinelOne, making it easy to count how many machines are not installed and find IoT devices.

SentinelOne Singularity Complete has helped reduce alerts for me, with the best part being the exclusion, as it has already marked most of the alerts in the cloud as false positives.

SentinelOne Singularity Complete has helped free up my staff for other projects and tasks.

In the SIEM solution, I would like to see improvements in the data injection process, as it is very fast, and the log collector option is very nice. However, there are issues in blocking the hash, which is complicated due to different segregation for Windows, Linux, and macOS, so I ask for an improvement in this hash blocking function and the manual generation of how many VSS snapshots.

I have been working with SentinelOne Singularity Complete for the last two years.

The performance issue with SentinelOne Singularity Complete is very good, but the hash blocking remains complicated and generating many snapshots manually is a recurring challenge.

I work with the Ranger functionality in SentinelOne Singularity Complete, which is used to identify known and unknown devices both in and out of networks.

I evaluate the customer support team of SentinelOne Singularity Complete highly, stating that they provide good support with 24/7 availability.

Positive

I decided to switch to SentinelOne Singularity Complete because it offers a single solution for the endpoint SIEM and singularity purpose, and the console is very easy to handle.

There were challenges during the setup, particularly with the custom rule as the customer asked for application-level blocking that I did not fully understand.

The project time is not the means full completely solution but it saves up to 40 days.

Apart from the escalation matrix, I have seen improvement in the mean time to respond, with critical alerts raised below up to 15 minutes and false positive alerts raised in up to one hour.

I mostly use the custom rule and small things for the event type, event query, and searching in event query, focusing on endpoint based solutions in SentinelOne Singularity Complete and the SIEM solution.

I would rate the technical support of SentinelOne Singularity Complete a nine.

I have no recommendations for improvement regarding SentinelOne Singularity Complete as a product or solution.

I rate this review a nine overall.

We bought the product for endpoint protection and platform use, where we have two environments: one is the endpoint with laptops, desktops, and VDI environment, and the other is our server environment. We are using CrowdStrike for the server environment, while for the desktops and VDI environment, we are using SentinelOne, Singularity Platform.

The benefits from the product include that Singularity Platform provides complete end-to-end visibility on our malware protection and our ransomware protection across our desktops, endpoints, and thin clients and VDI environments, allowing us to control zero-day protection across our environment. There is no need to do any signature patch or anything; we only updated the sensor and fine-tuned the policy here and there during the implementation. We focus on prevention and detection instead of only detection, and we do quarantining as well, leading to complete end-to-end protection across our desktops, laptops, and thin clients and VDI environments.

The real-time personalization feature provides protection against zero-day attacks. Real-time monitoring is very much available in Singularity Platform because once the agent is up to date, it protects critical assets across our network against malicious attacks. Malicious attacks pose a big challenge as if someone downloads malicious files, we face risks. Once an EXE file with vulnerabilities is detected during installation, it will be quarantined, indicating how effective real-time functions are in those scenarios.

From an operational perspective, the customizable dashboards are easy to use, but I face concerns with the alerts from the email ticketing system. We receive alerts for every event, such as USB access attempts, which can create unnecessary noise. We fine-tuned the alert mechanism after implementing the solution to reduce this noise.

The alerting mechanism could be improved in Singularity Platform as I want to fine-tune the alerts based on the specific environment. Each environment has different requirements, such as IoT or manufacturing, and we must adapt our policies accordingly.

I have been using the product for the past two years.

I see no particular areas of improvement for the product because, having used both SentinelOne and CrowdStrike, I find SentinelOne to be good as it performs its functions without requiring much manpower after deployment. The automation helps a lot, and once implemented, we face no further issues regarding stability or scalability; everything works absolutely fine.

Singularity Platform is scalable and stable, with no issues on that part.

The tech support from SentinelOne is great.

Positive

The installation process is quite easy, with no significant issues encountered.

We can achieve ROI in about nine months rather than one year. We save approximately 20%.

Singularity Platform is very affordable compared to other options.

I would say both SentinelOne and CrowdStrike are equally good, at a 50/50 assessment between them.

The impact of Singularity Platform on our supply chain processes is significant, as supply chain processes are a real headache for the complete organization. Whenever we face any supply chain challenges, we ensure that all end-user and end patch management are updated. We must ensure that particular patches do not have zero-day vulnerabilities or critical vulnerabilities. Ensuring proper IT hygiene is a challenge as well, as some users may not be using the latest patches or may have to stick to legacy applications that prevent upgrades. Protecting our networks and systems is crucial, especially when considering that older operating system versions may not be supported. The challenge in supply chain management is significant.

We use the fraud detection feature for financial services, where we provide financial applications and solutions to our customers. It helps with risk management as it comes with a complete structured approach whenever we implement Singularity Platform. We must ensure that the systems or agents are properly implemented in a tested environment. We first identify risks and then respond. Sometimes we only detect malware files, and depending on the use case, we do our risk assessment and develop a risk methodology to put policies in place based on whether we are using Windows, Linux, or legacy systems.

Regarding the implementation issue, moving from traditional signature-based antivirus solutions to an EDR solution means the new solution must do complete scanning on the initial implementation. However, EDR functions only when incidents occur, which is a change from the previous method used by typical antivirus solutions that scan all files. It is a challenge to explain this shift in expectations, but EDR only reacts when necessary, unlike traditional tools.

I believe Singularity Platform is perfectly fine overall. Some issues with report functionalities and latency are present in other solutions, but not here. The moment we implemented it, everything was clear. It is an excellent, robust tool for protecting our endpoints.

One small example of a challenge I faced is related to connecting my log management part, specifically SIEM. I encountered some issues with parsing when connecting SentinelOne to QRadar for log management.

I would rate this review a 9.

I work with Purple AI and utilize it in SentinelOne.

In my day-to-day activities, SentinelOne Singularity Complete detects malicious activity or dynamic or static activity very quickly within the console.

I have been working with SentinelOne Singularity Complete, which is scalable and easy to deploy for the solution and has strong automation.

The main features of SentinelOne Singularity Complete that positively impact my organization are the useful rollback features, the anti-tampering mode, and automated local version upgrades or downgrades.

The rollback features represent the most usable feature of SentinelOne Singularity Complete. When a machine is infected, I can optionally roll back to the earliest date, providing ransomware protection.

Apart from the rollback feature, the most valuable features include the Ranger functionality, which provides network and asset visibility or endpoint visibility. It ingests logs from network sources and captures any threats, including the IOCs.

Overall, SentinelOne Singularity Complete helps me consolidate my security solutions, as it provides strong automation, reliable support, and valuable rollback capabilities.

I would like to see improvements in the hashes function, particularly in the hashes tab, as multiple hashes are difficult to add in the correct format in SentinelOne Singularity Complete for Windows, Linux, and Mac.

I would like to see included SIEM functionality, with enhancement in log collection capabilities in SentinelOne Singularity Complete.

I have been working with SentinelOne Singularity Complete for the last 2.5 years.

In terms of stability, I believe it is not prone to downtime; it is a stable solution.

I find it easy to scale up when necessary.

I evaluate the customer service and technical support of SentinelOne Singularity Complete as very supportive, with fast response times.

I have seen improvements in meantime to detect and respond, with detection times being very good, less than 15 minutes or even less than 10 minutes.

I previously worked with Trend Micro for EDR, XDR, and endpoint solutions.

The key differences between SentinelOne Singularity Complete and Trend Micro include the biggest benefit of automation, where most functions are automated, including threat detection and auto-remediation rules.

The initial setup of SentinelOne Singularity Complete was straightforward.

I have seen a return on investment with SentinelOne Singularity Complete solution, as it is very easy to understand and functions through one unified agent managing the cloud, SIEM, and EDR solutions.

I find the licensing cost to be very cheap, and implementation is easy, making it so easy to deploy for customers.

SentinelOne Singularity Complete has helped reduce my organization's meantime to detect by minimizing false positives, especially for hashes and IOC blocklist functions.

It is the best method for reducing alerts through the exclusion method in SentinelOne Singularity Complete.

I use the SentinelOne Singularity Complete Ranger functionality.

Ranger in SentinelOne Singularity Complete reduces alerts by capturing different telemetry from the network devices, which is important for my organization as customers mainly use it for both public and private networks.

I don't have specific data to share, but it helps through exclusion and performance-based interoperability to reduce alerts.

Regarding time saving, I find that SentinelOne Singularity Complete helps free up my staff for other projects and tasks as it is a very good product compared to other solutions.

My recommendation for organizations considering SentinelOne Singularity Complete is particularly on the hash part, especially for Linux.

Overall, I would recommend SentinelOne Singularity Complete to others, as I find the solution very good and easy to understand. I have given this review a rating of 9.

For the major use cases for the client, I would mention EDR.

I have worked and implemented Purple AI. While we were in India, it is more about data privacy as a protection law which has been implemented. Purple AI is collecting all the information which needs to be evaluated and correlate this entire data and segregate and disseminate into different roles and privileges. We have utilized that. These are the mechanisms which are very new into the Indian market and customers and their team members created it and accepted it as well. That is one of the major reasons to sell SentinelOne Singularity Complete.

However, we have not implemented the SecOps feature in major installation as of now.

SentinelOne Singularity Complete helps to reduce alerts by almost fifteen to twenty percent. The false alert activation is much more effective in SentinelOne Singularity Complete in competition with all the comparative tools.

It helps to free up my people and staff for other projects. It depends on a project-to-project and team-to-team basis, but it really helps. I would estimate between thirty to fifty percent.

SentinelOne Singularity Complete helps to reduce MTTD by about twenty to thirty percent.

For MTTR, it is almost another way for between fifteen to twenty percent.

As a reseller and user, I would say that SentinelOne Singularity Complete is better than its competition. I have evaluated Palo Alto, Trellix, and CrowdStrike as well. SentinelOne EDR is much better than all of them. The capability and technical capabilities are superior. It is efficient and faster detection.

For ingestion and correlation across security solutions, the agent is quite heavier when compared to other competition. The agent has to be light-weighted. That is one of the drawbacks for the competition. They have to work quite a lot.

I have been selling the product for three and a half years.

As for stability, there are no issues. It is stable.

As for scalability, it is acceptable. The scalability depends entirely on how much security is required for it. It is easy to scale that.

I would say technical support from SentinelOne is excellent. Everyone in SentinelOne is known to us for the last many years.

I would rate support eight point five out of ten. One point five has been removed just because many times it has been delayed or the support has not been available due to vacation. That should be a challenge. Ten out of ten would not even be given to AWS.

Positive

SentinelOne stands out and is the best product among those, especially in India. There was a recent strike incident with Microsoft, and SentinelOne's approach is much better and much more effective.

It is easy to deploy. The deployment model depends on the type of organization. If it is government, then it has to be on-premises. If it is more like an enterprise and BFSI, that can be over the cloud. In India, it has to be done with the intent. It can be into the SentinelOne cloud with an instance in India, or whether it has to be AWS or Azure, they are acceptable in any format.

There is a chance to buy this product through AWS Marketplace, the CPPO. I did that previously.

It is neither too costly, but definitely, it is one of the advantages that SentinelOne is quite adapted towards the pricing.

I do sell SentinelOne Singularity Complete.

I am a Chief Security Officer for Technocentric.

I have been selling this product for the last three and a half years.

I have been involved in this domain for twenty-five years.

I would give SentinelOne Singularity Complete a rating of nine out of ten.