We have been using SentinelOne Singularity Endpoint for our customers. They requested next-gen antivirus, EDR solution, and XDR solutions. We are working with use cases that involve features such as behavioral AI detection for ransomware and zero-day exploit protection.
Technical Support Team Leader at Safezone Secure Solutions Private Limited
Endpoint protection has delivered fast AI-driven ransomware defense and rapid incident response
Pros and Cons
- "This is a very good solution because we can easily correlate the logs from the gateway and SentinelOne Singularity Endpoint, easily find out and get visibility on where the attack happened, how the virus came in, whether it is from mail or firewall or anything else, and easily monitor everything in SentinelOne Singularity Endpoint."
- "However, competitors such as Trellix and Trend Micro have features for web protection with category-based web protection for web security."
What is our primary use case?
What is most valuable?
We have the VSS feature, which is the Windows Shadow Copy. This is one of the very good features of SentinelOne Singularity Endpoint. If a file gets corrupted or is affected with a virus, we can restore it within the previous four hours. The malware protection has been providing an AI-based NDR solution that is working effectively, and it is a lightweight agent that is not utilizing more CPU and does not impact customer system performance.
Other security solutions can easily correlate and integrate with our gateway solutions such as firewalls and mail security. The SIEM solution can be easily integrated, and we can monitor and correlate the logs. This is a very good solution because we can easily correlate the logs from the gateway and SentinelOne Singularity Endpoint. We can easily find out and get visibility on where the attack happened, how the virus came in, whether it is from mail or firewall or anything else. We can easily monitor everything in SentinelOne Singularity Endpoint.
What needs improvement?
Everything has been fine from my side. We are getting feedback from customers who are expecting web protection. The malware and Singularity capabilities are working fine with no problems. It can detect virus and spyware effectively. However, competitors such as Trellix and Trend Micro have features for web protection with category-based web protection for web security. This option is not available in SentinelOne Singularity Endpoint. We can block a particular URL, but we need to manually add the URL in SentinelOne Singularity Endpoint. Competitors such as Trellix and Trend Micro have category-based options such as social networking and search engines. If SentinelOne Singularity Endpoint provides this kind of feature in the future, it will be easier to approach our customers, and we can easily transition our existing customers from Trend Micro and Trellix.
For how long have I used the solution?
I have been working with SentinelOne Singularity Endpoint for five years.
Buyer's Guide
SentinelOne Singularity Endpoint
June 2026
Learn what your peers think about SentinelOne Singularity Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
904,680 professionals have used our research since 2012.
What do I think about the stability of the solution?
SentinelOne Singularity Endpoint is very stable. I would rate it at nine points.
What do I think about the scalability of the solution?
Scalability is very good. I would rate it at ten.
How are customer service and support?
Customer support is good. If we create a ticket, we are getting a response within four hours, so we can get support without any problems on the customer side.
I would rate the customer support at seven points.
Which other solutions did I evaluate?
When I checked the price, almost everything has been equal. For the single agent when I compared SentinelOne Singularity Endpoint with Trend Micro and Trellix EDR solutions, they have almost similar pricing. There is no significant variant. From customer feedback, the only difference is that SentinelOne Singularity Endpoint requires manual URL addition for web protection, whereas Trend Micro and Trellix have category-based options.
What other advice do I have?
We can configure malware alerts, ransomware alerts, and email notification alerts. We can configure daily basis alerts and infected file notifications. Malware detection, virus detection, spyware detection, and ransomware protection can all be configured. We have also created AI-based alerts so that any suspicious or abnormal activity can be configured with a playbook to trigger on that activity.
Regarding mean time to respond, we are able to respond and communicate at the solution level. The productivity timing shows approximately ten minutes of saving on average. This is the mean time to respond.
The process of configuration is very easy and not complicated in SentinelOne Singularity Endpoint.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer. Integrator
Last updated: Jul 15, 2026
Flag as inappropriateEdr Analyst at Softcell Technologies Limited
Automated threat response has reduced incident impact and gives teams faster attack visibility
Pros and Cons
- "What I appreciate most about SentinelOne Singularity Endpoint is its automation features such as automated threat detection and responses, which can detect malicious activity, isolate devices, and even automatically roll back ransomware damage."
- "I believe SentinelOne Singularity Endpoint is a strong security platform, but areas for improvement include reporting and dashboard customization, as well as providing more advanced threat hunting queries and easier navigation for new users, which would enhance the overall experience."
What is our primary use case?
My use case for SentinelOne Singularity Endpoint is that it is basically an EDR XDR platform that detects, investigates, and responds to cyber threats on endpoints, while also providing real-time visibility, automated threat detection, ransomware protection, and incident responses, thereby helping security teams protect the system from advanced attacks.
What is most valuable?
What I appreciate most about SentinelOne Singularity Endpoint is its automation features such as automated threat detection and responses, which can detect malicious activity, isolate devices, and even automatically roll back ransomware damage. It reduces response times and workload, making it the best feature in my view.
We correlate SentinelOne Singularity Endpoint with multiple device types, making it easy to respond to any triggered alerts, enabling us to link related security events and create a complete view of an attacker. This helps us analyze and understand how a threat spreads and impacts our systems, thus improving investigation speed and reducing false positive alerts for faster incident responses.
What needs improvement?
I believe SentinelOne Singularity Endpoint is a strong security platform, but areas for improvement include reporting and dashboard customization, as well as providing more advanced threat hunting queries and easier navigation for new users, which would enhance the overall experience.
For how long have I used the solution?
I have been using SentinelOne Singularity Endpoint for more than two to three years.
What do I think about the stability of the solution?
SentinelOne Singularity Endpoint is a stable and reliable platform that delivers continuous endpoint protection with minimal performance impact, efficiently handling large environments and providing consistent security monitoring and response capabilities without any observed lagging or downtime.
What do I think about the scalability of the solution?
The scalability of SentinelOne Singularity Endpoint is excellent as it is highly suitable for both small and large organizations, capable of protecting thousands of endpoints while maintaining good performance, making it a smart choice for growing businesses.
How are customer service and support?
I have contacted technical support several times and found them to be excellent as they respond quickly to my queries, providing dedicated support with knowledge-based documentation and training resources that assist engineers in troubleshooting, deploying policies, configurations, and threat investigations, helping our organization maintain smooth operations and resolve security issues quickly.
The quality and speed of support are excellent. Whenever I raise critical alerts or incidents that could impact business, the response is usually within ten to fifteen minutes, allowing them to troubleshoot and suggest actionable steps very quickly.
Which solution did I use previously and why did I switch?
I have used CrowdStrike for two to three months, along with other tools including QRadar and Splunk.
When comparing CrowdStrike to SentinelOne Singularity Endpoint, I prefer SentinelOne Singularity Endpoint more because it is more autonomous and AI-driven in its responses. It can automatically detect, kill, quarantine, remediate threats and roll back, including features such as asset discovery and ransomware recoveries, as well as providing strong offline protections. On the other hand, CrowdStrike offers excellent threat intelligence and managed threat hunting, utilizing a cloud-native architecture with lightweight agents and offering visibility and threat detection through the Falcon platform, which is widely adopted by large enterprises.
How was the initial setup?
The initial deployment of SentinelOne Singularity Endpoint was straightforward as I integrated it with multiple types of tools including threat intelligence platforms, cloud servers, firewalls, and ticketing tools, improving visibility and automating workflows to enhance overall security operations.
What about the implementation team?
I reviewed SentinelOne Singularity Endpoint, which is called Endpoint Detection and Response.
What was our ROI?
Regarding the pricing for SentinelOne Singularity Endpoint, I think although it requires investment, it helps reduce security risks and ransomware attacks while lowering operational costs through automation, providing excellent value and return on investment due to its strong protection and rapid response capabilities.
What's my experience with pricing, setup cost, and licensing?
SentinelOne Singularity Endpoint requires minimal maintenance because it offers cloud-based management and automated updates, allowing security teams to manage policies, monitor threats, and maintain endpoint security from a centralized console.
Which other solutions did I evaluate?
I have used the Ranger feature, which provides network visibility and asset discovery by automatically identifying unmanaged devices connected to the network, including laptops, servers, and printers, helping security teams find unknown assets and reduce blind spots to improve overall security visibility without requiring additional hardware.
I have used Purple AI, which is designed for incident analytics, enabling me to ask questions such as showing all devices affected by specific threats. It quickly provides insights into incidents and recommends actions for investigations.
What other advice do I have?
Purple AI is designed with data privacy and security in mind, ensuring that customer data is processed according to compliance requirements, which allows organizations to maintain control over their data while using AI-powered assistance for threat investigations and analysis. My overall rating for this product is eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer. MSSP
Last updated: Jun 30, 2026
Flag as inappropriateBuyer's Guide
SentinelOne Singularity Endpoint
June 2026
Learn what your peers think about SentinelOne Singularity Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
904,680 professionals have used our research since 2012.
Technical Support at Softcell Technologies Limited
Automation has reduced detection time and has simplified ransomware recovery with reliable rollback
Pros and Cons
- "Overall, SentinelOne Singularity Complete helps me consolidate my security solutions, as it provides strong automation, reliable support, and valuable rollback capabilities."
- "I would like to see improvements in the hashes function, particularly in the hashes tab, as multiple hashes are difficult to add in the correct format in SentinelOne Singularity Complete for Windows, Linux, and Mac."
What is our primary use case?
I work with Purple AI and utilize it in SentinelOne.
In my day-to-day activities, SentinelOne Singularity Complete detects malicious activity or dynamic or static activity very quickly within the console.
What is most valuable?
I have been working with SentinelOne Singularity Complete, which is scalable and easy to deploy for the solution and has strong automation.
The main features of SentinelOne Singularity Complete that positively impact my organization are the useful rollback features, the anti-tampering mode, and automated local version upgrades or downgrades.
The rollback features represent the most usable feature of SentinelOne Singularity Complete. When a machine is infected, I can optionally roll back to the earliest date, providing ransomware protection.
Apart from the rollback feature, the most valuable features include the Ranger functionality, which provides network and asset visibility or endpoint visibility. It ingests logs from network sources and captures any threats, including the IOCs.
Overall, SentinelOne Singularity Complete helps me consolidate my security solutions, as it provides strong automation, reliable support, and valuable rollback capabilities.
What needs improvement?
I would like to see improvements in the hashes function, particularly in the hashes tab, as multiple hashes are difficult to add in the correct format in SentinelOne Singularity Complete for Windows, Linux, and Mac.
I would like to see included SIEM functionality, with enhancement in log collection capabilities in SentinelOne Singularity Complete.
For how long have I used the solution?
I have been working with SentinelOne Singularity Complete for the last 2.5 years.
What do I think about the stability of the solution?
In terms of stability, I believe it is not prone to downtime; it is a stable solution.
What do I think about the scalability of the solution?
I find it easy to scale up when necessary.
How are customer service and support?
I evaluate the customer service and technical support of SentinelOne Singularity Complete as very supportive, with fast response times.
I have seen improvements in meantime to detect and respond, with detection times being very good, less than 15 minutes or even less than 10 minutes.
Which solution did I use previously and why did I switch?
I previously worked with Trend Micro for EDR, XDR, and endpoint solutions.
The key differences between SentinelOne Singularity Complete and Trend Micro include the biggest benefit of automation, where most functions are automated, including threat detection and auto-remediation rules.
How was the initial setup?
The initial setup of SentinelOne Singularity Complete was straightforward.
What was our ROI?
I have seen a return on investment with SentinelOne Singularity Complete solution, as it is very easy to understand and functions through one unified agent managing the cloud, SIEM, and EDR solutions.
What's my experience with pricing, setup cost, and licensing?
I find the licensing cost to be very cheap, and implementation is easy, making it so easy to deploy for customers.
What other advice do I have?
SentinelOne Singularity Complete has helped reduce my organization's meantime to detect by minimizing false positives, especially for hashes and IOC blocklist functions.
It is the best method for reducing alerts through the exclusion method in SentinelOne Singularity Complete.
I use the SentinelOne Singularity Complete Ranger functionality.
Ranger in SentinelOne Singularity Complete reduces alerts by capturing different telemetry from the network devices, which is important for my organization as customers mainly use it for both public and private networks.
I don't have specific data to share, but it helps through exclusion and performance-based interoperability to reduce alerts.
Regarding time saving, I find that SentinelOne Singularity Complete helps free up my staff for other projects and tasks as it is a very good product compared to other solutions.
My recommendation for organizations considering SentinelOne Singularity Complete is particularly on the hash part, especially for Linux.
Overall, I would recommend SentinelOne Singularity Complete to others, as I find the solution very good and easy to understand. I have given this review a rating of 9.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Last updated: Mar 25, 2026
Flag as inappropriateTechnical Specialist at Softcell Technologies Pvt. Ltd.
Custom rules have strengthened endpoint protection and reduced false positives for my team
Pros and Cons
- "Overall, SentinelOne Singularity Complete helps me consolidate my security solutions, being the best in endpoint, cloud, and identity."
- "In the SIEM solution, I would like to see improvements in the data injection process, as it is very fast, and the log collector option is very nice. However, there are issues in blocking the hash, which is complicated due to different segregation for Windows, Linux, and macOS, so I ask for an improvement in this hash blocking function and the manual generation of how many VSS snapshots."
What is our primary use case?
I create policies based on the regarding policy, which means I created custom rules regarding the use case and customer use case.
Most of my use cases are related to the event ID and the process event, so it is easy to use.
What is most valuable?
My impressions of SentinelOne Singularity Complete's ability to ingest data and correlate across the security solutions is that it is better for blocking the hash value and generating the rules manually. It is easy to use.
Overall, SentinelOne Singularity Complete helps me consolidate my security solutions, being the best in endpoint, cloud, and identity.
The best features in SentinelOne Singularity Complete are in the SIEM solution, including the block list in hash value block list and anti-tampering mode.
The best part of the Ranger functionality is that it helps find known and unknown devices, locate IoT devices, and determine how many agents have not been installed in SentinelOne, making it easy to count how many machines are not installed and find IoT devices.
SentinelOne Singularity Complete has helped reduce alerts for me, with the best part being the exclusion, as it has already marked most of the alerts in the cloud as false positives.
SentinelOne Singularity Complete has helped free up my staff for other projects and tasks.
What needs improvement?
In the SIEM solution, I would like to see improvements in the data injection process, as it is very fast, and the log collector option is very nice. However, there are issues in blocking the hash, which is complicated due to different segregation for Windows, Linux, and macOS, so I ask for an improvement in this hash blocking function and the manual generation of how many VSS snapshots.
For how long have I used the solution?
I have been working with SentinelOne Singularity Complete for the last two years.
What do I think about the stability of the solution?
The performance issue with SentinelOne Singularity Complete is very good, but the hash blocking remains complicated and generating many snapshots manually is a recurring challenge.
What do I think about the scalability of the solution?
I work with the Ranger functionality in SentinelOne Singularity Complete, which is used to identify known and unknown devices both in and out of networks.
How are customer service and support?
I evaluate the customer support team of SentinelOne Singularity Complete highly, stating that they provide good support with 24/7 availability.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I decided to switch to SentinelOne Singularity Complete because it offers a single solution for the endpoint SIEM and singularity purpose, and the console is very easy to handle.
How was the initial setup?
There were challenges during the setup, particularly with the custom rule as the customer asked for application-level blocking that I did not fully understand.
What was our ROI?
The project time is not the means full completely solution but it saves up to 40 days.
What other advice do I have?
Apart from the escalation matrix, I have seen improvement in the mean time to respond, with critical alerts raised below up to 15 minutes and false positive alerts raised in up to one hour.
I mostly use the custom rule and small things for the event type, event query, and searching in event query, focusing on endpoint based solutions in SentinelOne Singularity Complete and the SIEM solution.
I would rate the technical support of SentinelOne Singularity Complete a nine.
I have no recommendations for improvement regarding SentinelOne Singularity Complete as a product or solution.
I rate this review a nine overall.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Feb 25, 2026
Flag as inappropriateAssociate Vice President at Novac Technology Solutions
Endpoint protection has delivered full visibility and has strengthened zero-day attack defense
Pros and Cons
- "I believe Singularity Platform is perfectly fine overall."
- "From an operational perspective, the customizable dashboards are easy to use, but I face concerns with the alerts from the email ticketing system."
What is our primary use case?
We bought the product for endpoint protection and platform use, where we have two environments: one is the endpoint with laptops, desktops, and VDI environment, and the other is our server environment. We are using CrowdStrike for the server environment, while for the desktops and VDI environment, we are using SentinelOne, Singularity Platform.
What is most valuable?
The benefits from the product include that Singularity Platform provides complete end-to-end visibility on our malware protection and our ransomware protection across our desktops, endpoints, and thin clients and VDI environments, allowing us to control zero-day protection across our environment. There is no need to do any signature patch or anything; we only updated the sensor and fine-tuned the policy here and there during the implementation. We focus on prevention and detection instead of only detection, and we do quarantining as well, leading to complete end-to-end protection across our desktops, laptops, and thin clients and VDI environments.
The real-time personalization feature provides protection against zero-day attacks. Real-time monitoring is very much available in Singularity Platform because once the agent is up to date, it protects critical assets across our network against malicious attacks. Malicious attacks pose a big challenge as if someone downloads malicious files, we face risks. Once an EXE file with vulnerabilities is detected during installation, it will be quarantined, indicating how effective real-time functions are in those scenarios.
What needs improvement?
From an operational perspective, the customizable dashboards are easy to use, but I face concerns with the alerts from the email ticketing system. We receive alerts for every event, such as USB access attempts, which can create unnecessary noise. We fine-tuned the alert mechanism after implementing the solution to reduce this noise.
The alerting mechanism could be improved in Singularity Platform as I want to fine-tune the alerts based on the specific environment. Each environment has different requirements, such as IoT or manufacturing, and we must adapt our policies accordingly.
For how long have I used the solution?
I have been using the product for the past two years.
What do I think about the stability of the solution?
I see no particular areas of improvement for the product because, having used both SentinelOne and CrowdStrike, I find SentinelOne to be good as it performs its functions without requiring much manpower after deployment. The automation helps a lot, and once implemented, we face no further issues regarding stability or scalability; everything works absolutely fine.
What do I think about the scalability of the solution?
Singularity Platform is scalable and stable, with no issues on that part.
How are customer service and support?
The tech support from SentinelOne is great.
How would you rate customer service and support?
Positive
How was the initial setup?
The installation process is quite easy, with no significant issues encountered.
What was our ROI?
We can achieve ROI in about nine months rather than one year. We save approximately 20%.
What's my experience with pricing, setup cost, and licensing?
Singularity Platform is very affordable compared to other options.
Which other solutions did I evaluate?
I would say both SentinelOne and CrowdStrike are equally good, at a 50/50 assessment between them.
What other advice do I have?
The impact of Singularity Platform on our supply chain processes is significant, as supply chain processes are a real headache for the complete organization. Whenever we face any supply chain challenges, we ensure that all end-user and end patch management are updated. We must ensure that particular patches do not have zero-day vulnerabilities or critical vulnerabilities. Ensuring proper IT hygiene is a challenge as well, as some users may not be using the latest patches or may have to stick to legacy applications that prevent upgrades. Protecting our networks and systems is crucial, especially when considering that older operating system versions may not be supported. The challenge in supply chain management is significant.
We use the fraud detection feature for financial services, where we provide financial applications and solutions to our customers. It helps with risk management as it comes with a complete structured approach whenever we implement Singularity Platform. We must ensure that the systems or agents are properly implemented in a tested environment. We first identify risks and then respond. Sometimes we only detect malware files, and depending on the use case, we do our risk assessment and develop a risk methodology to put policies in place based on whether we are using Windows, Linux, or legacy systems.
Regarding the implementation issue, moving from traditional signature-based antivirus solutions to an EDR solution means the new solution must do complete scanning on the initial implementation. However, EDR functions only when incidents occur, which is a change from the previous method used by typical antivirus solutions that scan all files. It is a challenge to explain this shift in expectations, but EDR only reacts when necessary, unlike traditional tools.
I believe Singularity Platform is perfectly fine overall. Some issues with report functionalities and latency are present in other solutions, but not here. The moment we implemented it, everything was clear. It is an excellent, robust tool for protecting our endpoints.
One small example of a challenge I faced is related to connecting my log management part, specifically SIEM. I encountered some issues with parsing when connecting SentinelOne to QRadar for log management.
I would rate this review a 9.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Feb 4, 2026
Flag as inappropriateAssistant Manager Cyber Security Engineer at a tech services company with 51-200 employees
Automated threat detection has reduced response times and has restored critical files from attacks
Pros and Cons
- "We can manage multiple tools including next-gen SIEM, identity security, cloud security, EDR, and XDR in a single platform with a single agent, so we do not need to manage multiple products."
- "Sometimes the firewall policy and device control policies are not working properly, so they need to work on this part."
What is our primary use case?
My main use case for SentinelOne Singularity Endpoint is to use the VSS Shadow Copies, which help us regain access to files that are deleted or modified by threats.
Once in our network, there was an attack, something similar to ransomware, which affected files in our endpoints. VSS stores the shadows of every file and takes a backup every four hours. I used the ShadowExplorer app to re-export those files and gain access to those deleted, quarantined, or modified files.
What is most valuable?
SentinelOne Singularity Endpoint is very useful because it has lightweight agents and a single agent works on multiple platforms including Identity, EDR, XDR, DLP, firewall control, and device control.
It has the capability to showcase the telemetries gathered from all the endpoints or devices in the network and shows every attack chain in the XDR dashboard.
Normal detection does not show which back-end process or child process is malicious. By using the telemetry and the attack chains in the graph, I can explore more about how the attack is progressing in our environment, from which application to which process, which registry changes, which domains, or hosted IPs are working in the back end.
Singularity Endpoint's AI capabilities help us detect more advanced threats in our environment, and it helps us gain less time to respond to those attacks. I use Purple AI to create multiple reports and can ask anything to generate reports or logs.
It provides mostly accurate results.
SentinelOne Singularity Endpoint is deployed in our organization in a public cloud. It can integrate with multiple third-party solutions which help us gain multiple logs from across the network, including firewall and SIEM. It helps us detect faster and hidden threats.
It did help us consolidate our security solutions. We can manage multiple tools including next-gen SIEM, identity security, cloud security, EDR, and XDR in a single platform with a single agent, so we do not need to manage multiple products.
I use the Ranger functionality in SentinelOne. It provides full visibility of both unprotected and protected devices. It also helps push the agent directly to unprotected devices, which is very important.
Singularity Complete has helped reduce alerts.
It saved much more time because we can take action on multiple solutions from a single management console.
Mean Time to Detect is reduced by fifty percent.
Mean Time to Respond is reduced by forty percent.
SentinelOne Singularity is used mostly for its detection models, AI engines, and machine learning engines, and it has the capability to run multiple tools in a single platform.
What needs improvement?
Its agent gets offline multiple times, mostly in Windows 7 which has legacy versions.
I chose nine out of ten for SentinelOne Singularity Endpoint because the endpoint is getting offline multiple times. Sometimes the firewall policy and device control policies are not working properly, so they need to work on this part.
For how long have I used the solution?
I have been using SentinelOne Singularity Endpoint for four years.
What do I think about the stability of the solution?
SentinelOne Singularity Endpoint is a stable tool.
How are customer service and support?
Customer support is good.
Which solution did I use previously and why did I switch?
I used Trend Micro Endpoint Security, which is very complex to use in the management console.
After changing from Trend Micro, we are observing fewer attacks.
There are multiple positive changes. Trend Micro's agent is very heavy and consumes more CPU, RAM, and storage. SentinelOne has a lightweight agent that also helps us regain the quarantined or modified files affected by viruses. Trend Micro does not have that feature.
What was our ROI?
I have seen a return on investment.
What's my experience with pricing, setup cost, and licensing?
The pricing and setup costs are not high but in the medium range.
Which other solutions did I evaluate?
I evaluated other options, which are CrowdStrike and Cortex XDR.
What other advice do I have?
I gave this product a review rating of nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Last updated: Jul 7, 2026
Flag as inappropriateSecurity Analyst at a media company with 501-1,000 employees
Automated threat response has freed our security team to focus on high‑value client projects
Pros and Cons
- "In my opinion, the main benefits that SentinelOne Singularity Endpoint provides are many, and the foremost thing you are getting is the best that anyone can offer at such a low price."
- "Regarding potential areas for improvement for SentinelOne Singularity Endpoint, as I mentioned earlier, I felt that it was generating a very high number of false-positive alerts initially."
What is our primary use case?
My use case with SentinelOne Singularity Endpoint is primarily for security purposes, to secure our clients from different malware. If they download any suspicious file onto their desktop which creates a problem afterwards, then for that purpose, we are basically using this. We are basically an MSSP, providing services to our clients.
What is most valuable?
The features and functions in SentinelOne Singularity Endpoint that I have found most valuable include its fully autonomous nature. We don't have to put manual effort into that. Basically, mostly everything is automated, and also the threat detection feature, the rule remediation feature, and the rollback as I mentioned earlier. If anything comes out to be clean and genuine, then we can just do the rollback so that everything gets back to normal and keeps on running. I feel that is the foremost thing I appreciate: having a fast response and rollback capability.
Singularity Complete has helped me reduce the number of alerts. Although I would say that it is a depreciating factor when it comes to false-positive alerts. Initially, it generates a very high number of false-positive alerts, but by using it accordingly, very prominently, we can control the false-positive alerts by deploying only the necessary use cases that our clients need to detect only true-positive alerts rather than false-positive noises.
Singularity Complete helps my clients free up staff for other projects. I also mentioned earlier that it is fully autonomous. Every feature is automated. It does its work on its own by doing the quarantine. Any malicious thing it detects, its rule engine, which is obviously a behavioral AI. Because everything is automated, it decreases our manual effort. Rather than typing a manual email to a client, which obviously takes fifteen to twenty minutes extra, we are just taking action directly from the SentinelOne Singularity Endpoint user interface. So it reduces our manual effort and time overall.
What needs improvement?
Regarding potential areas for improvement for SentinelOne Singularity Endpoint, as I mentioned earlier, I felt that it was generating a very high number of false-positive alerts initially. Although by making a few changes, we reduced that. The first thing is the false-positive alerts. Also, I've felt that a few of our clients have a very high number of endpoints integrated, such as more than one thousand endpoints have been deployed for those particular clients. For those kinds of clients, I've felt that the resource consumption, including high CPU and disk utilization, is a factor. The utilization sometimes gets very high, so we have to keep it in control and monitor it from time to time. One more thing is creating a customized dashboard, which is not a feature in SentinelOne Singularity Endpoint. We can only view their existing dashboard. No custom dashboard feature is present in SentinelOne Singularity Endpoint, so that's also something that can be brought up in the future.
For how long have I used the solution?
I've been working with SentinelOne Singularity Endpoint product for about a year.
What do I think about the stability of the solution?
Stability-wise, I would rate SentinelOne Singularity Endpoint a nine out of ten.
What do I think about the scalability of the solution?
I would say ten out of ten for the scalability of SentinelOne Singularity Endpoint because we can scale up and scale down as per requirement. We can increase or decrease the number of endpoints, whatever suits perfectly at that particular time.
How are customer service and support?
I would rate SentinelOne's technical support ten out of ten. There have been a number of times when we get in contact with their OEM, the customer support. Their response is very quick. Within a day, we get a response from them. There are a number of times we get stuck in creating a use case or doing whitelisting, blacklisting, or deploying rules. At that particular time, we contact customer support, and we get their response very quickly.
How was the initial setup?
The initial setup for SentinelOne Singularity Endpoint is much simpler, although I have not been a part of the integration team. First, we have to allow SentinelOne Singularity Endpoint on a desktop, then we have to install its endpoint on the desktop or laptop.
Which other solutions did I evaluate?
The main competitor on the market for SentinelOne Singularity Endpoint can be CrowdStrike Falcon. I have not used that product, but I do know that the price range SentinelOne is offering is the best, as Falcon CrowdStrike is much more expensive.
What other advice do I have?
My experience with SentinelOne Singularity Endpoint's ability to ingest and correlate data across security solutions is great because we personally have integrated SentinelOne Singularity Endpoint with a different product and deployed a few correlation use cases. By doing that, we strengthen our use cases, correlating it with different email security solutions. It's been great doing that correlation.
The Mean Time To Respond automatically decreases because everything has been already completed by the AI engine running in the background.
I have limited experience with Purple AI, but I have used some of the features, including identifying IOCs (Indicators of Compromise) in Purple AI and a few other features as well.
Regarding Purple AI's capabilities in threat intelligence for detecting threats, IOCs are utilized for that purpose. By using the copilot feature in Purple AI, where I can use the pull-down menu on the left-hand side, from there I can get the IOCs present on my client's endpoint. By doing that, I can gather threat intelligence on our clients' endpoints.
In my opinion, the main benefits that SentinelOne Singularity Endpoint provides are many. I would say it's already a valuable security device. I can literally line up different things that SentinelOne is offering. Obviously, the foremost thing is for security purposes. You are securing your own desktop, laptop, or whatever server it is. And also, what you are getting at such a low price, I would say. The foremost thing you are getting is the best that anyone can offer. So that's what I would say about SentinelOne Singularity Endpoint.
I have not personally used the Ranger functionality because it has been blocked in our environment, but I am aware of the Ranger functionality that SentinelOne is providing for network security purposes.
Regarding Mean Time To Detect (MTTD), if I compare it with other SIEM solutions, what does that SIEM solution do? It just detects an alert and gives a pop-up that the threat is detected in an environment. But comparing it with SentinelOne Singularity Endpoint, it is doing its work on its own. So, it's very useful compared to other solutions.
I will recommend SentinelOne Singularity Endpoint to other users. I would rate this product ten out of ten overall.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Last updated: Jun 24, 2026
Flag as inappropriateCSO at TechnoCentic
Security operations have become more efficient and detection is improving across endpoints
Pros and Cons
- "As a reseller and user, I would say that SentinelOne Singularity Complete is better than its competition; I have evaluated Palo Alto, Trellix, and CrowdStrike as well, and SentinelOne EDR is much better than all of them as the capability and technical capabilities are superior with efficient and faster detection."
- "For ingestion and correlation across security solutions, the agent is quite heavier when compared to other competition."
What is our primary use case?
For the major use cases for the client, I would mention EDR.
I have worked and implemented Purple AI. While we were in India, it is more about data privacy as a protection law which has been implemented. Purple AI is collecting all the information which needs to be evaluated and correlate this entire data and segregate and disseminate into different roles and privileges. We have utilized that. These are the mechanisms which are very new into the Indian market and customers and their team members created it and accepted it as well. That is one of the major reasons to sell SentinelOne Singularity Complete.
However, we have not implemented the SecOps feature in major installation as of now.
What is most valuable?
SentinelOne Singularity Complete helps to reduce alerts by almost fifteen to twenty percent. The false alert activation is much more effective in SentinelOne Singularity Complete in competition with all the comparative tools.
It helps to free up my people and staff for other projects. It depends on a project-to-project and team-to-team basis, but it really helps. I would estimate between thirty to fifty percent.
SentinelOne Singularity Complete helps to reduce MTTD by about twenty to thirty percent.
For MTTR, it is almost another way for between fifteen to twenty percent.
As a reseller and user, I would say that SentinelOne Singularity Complete is better than its competition. I have evaluated Palo Alto, Trellix, and CrowdStrike as well. SentinelOne EDR is much better than all of them. The capability and technical capabilities are superior. It is efficient and faster detection.
What needs improvement?
For ingestion and correlation across security solutions, the agent is quite heavier when compared to other competition. The agent has to be light-weighted. That is one of the drawbacks for the competition. They have to work quite a lot.
For how long have I used the solution?
I have been selling the product for three and a half years.
What do I think about the stability of the solution?
As for stability, there are no issues. It is stable.
What do I think about the scalability of the solution?
As for scalability, it is acceptable. The scalability depends entirely on how much security is required for it. It is easy to scale that.
How are customer service and support?
I would say technical support from SentinelOne is excellent. Everyone in SentinelOne is known to us for the last many years.
I would rate support eight point five out of ten. One point five has been removed just because many times it has been delayed or the support has not been available due to vacation. That should be a challenge. Ten out of ten would not even be given to AWS.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
SentinelOne stands out and is the best product among those, especially in India. There was a recent strike incident with Microsoft, and SentinelOne's approach is much better and much more effective.
How was the initial setup?
It is easy to deploy. The deployment model depends on the type of organization. If it is government, then it has to be on-premises. If it is more like an enterprise and BFSI, that can be over the cloud. In India, it has to be done with the intent. It can be into the SentinelOne cloud with an instance in India, or whether it has to be AWS or Azure, they are acceptable in any format.
What about the implementation team?
There is a chance to buy this product through AWS Marketplace, the CPPO. I did that previously.
What's my experience with pricing, setup cost, and licensing?
It is neither too costly, but definitely, it is one of the advantages that SentinelOne is quite adapted towards the pricing.
What other advice do I have?
I do sell SentinelOne Singularity Complete.
I am a Chief Security Officer for Technocentric.
I have been selling this product for the last three and a half years.
I have been involved in this domain for twenty-five years.
I would give SentinelOne Singularity Complete a rating of nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
Last updated: Jan 15, 2026
Flag as inappropriateCybersecurity Engineer at Gigabit Technologies Pvt Ltd
Automated detection and response have reduced investigations and protect endpoints in real time
Pros and Cons
- "Since deploying SentinelOne Singularity Endpoint, I have seen faster threat detection and response, better visibility across our endpoints, and less time spent investigating security incidents."
- "SentinelOne Singularity Endpoint can be improved in some areas."
What is our primary use case?
My main use cases for SentinelOne Singularity Endpoint are endpoint detection and response, real-time threat prevention, and incident investigations. It helps us protect laptops, desktops, and servers from malware, ransomware, and other advanced threats while providing centralized visibility into endpoints and their activity. I also use its automated remediation capabilities to quickly isolate infected devices, roll back ransomware where applicable, and reduce the manual response effort.
I can provide a specific example of how my team used SentinelOne Singularity Endpoint in a real situation. We received an alert from SentinelOne Singularity Endpoint indicating suspicious PowerShell activity on an employee's laptop. The platform correlated the behavior with a malicious Office document that had launched the script attempting to download additional payloads. SentinelOne automatically killed the malicious process, quarantined the file, and isolated the endpoint from the network to prevent lateral movement. Using the process timeline, the security team quickly identified the root cause, confirmed that no other endpoints were affected, removed the malicious document, and returned the device to service. The entire incident was contained within minutes without any ransomware encryption or data loss.
I have many use cases for SentinelOne Singularity Endpoint.
How has it helped my organization?
Since deploying SentinelOne Singularity Endpoint, I have seen faster threat detection and response, better visibility across our endpoints, and less time spent investigating security incidents. The automated containment and remediation features have reduced manual work for our security teams, and the centralized console has made it easier to monitor endpoint health and respond to threats.
I have seen faster detection with better context. Keeping our most critical security incidents in mind, the biggest improvement has been reduced investigation time thanks to the storyline features and automated remediation, allowing analysts to focus on the higher-priority security alerts.
What is most valuable?
The best features SentinelOne Singularity Endpoint offers that stand out to me the most are its behavioral AI detection, automated response capabilities, and detailed incident visibility. The storyline features, in particular, give a response timeline, while the process storyline makes it much easier to investigate the incident and understand exactly what happened.
SentinelOne Singularity Endpoint has behavioral AI detection, automated remediation and ransomware rollback, network isolations, storyline technology, threat hunting, remote response, and centralized management as the main features.
What needs improvement?
SentinelOne Singularity Endpoint can be improved in some areas. The management console can be complex for new users, and some advanced features require a learning curve to use effectively. Organizations with large environments may also want more flexible reporting and dashboard customization. While false positives are generally low, behavioral detection can still require analyst review and tuning to reduce unnecessary alerts.
I would like to see more customizable dashboards for executive reporting, simpler policy management and reduced false positives, faster support response times, deeper native integrations, more granular permissions, and easier onboarding and training.
For how long have I used the solution?
I have been working in my current field for the last one year.
I have been using SentinelOne Singularity Endpoint for one year.
What do I think about the stability of the solution?
SentinelOne Singularity Endpoint is generally stable and reliable.
What do I think about the scalability of the solution?
SentinelOne Singularity Endpoint has good scalability, ranging from small deployments to large enterprise environments. The cloud-based management model makes it easier to onboard, manage, and monitor large numbers of endpoints without needing additional backend infrastructure.
How are customer service and support?
Customer support for SentinelOne is generally good, with knowledgeable technical teams and useful resources for troubleshooting and deployment questions.
Which solution did I use previously and why did I switch?
I previously used another endpoint security solution and switched to SentinelOne Singularity Endpoint because I needed stronger behavior detection, faster incident response, and better automations. The previous solution provided basic endpoint protection.
What was our ROI?
I have seen a return on investment from SentinelOne Singularity Endpoint. The main value has come from reducing manual security operations, improved incident response time, and consolidating multiple endpoint security tools into one platform.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing is that the licensing model was relatively straightforward and cost-effective compared to my past solutions.
Which other solutions did I evaluate?
Before choosing SentinelOne Singularity Endpoint, I evaluated several endpoint security solutions including Microsoft Defender for Endpoint and CrowdStrike.
What other advice do I have?
My advice to others looking into using SentinelOne Singularity Endpoint would be to clearly define your security goals and how SentinelOne Singularity Endpoint would fit into your existing security operations and deployment. I would rate this product a 9 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Jul 7, 2026
Flag as inappropriateSecurity Engineer at a tech vendor with 11-50 employees
Intelligent threat detection has reduced investigation time and improves real-time decisions
Pros and Cons
- "Once it fully adapts to the environment, customers don't even need to monitor their endpoint protection landscape, as it can automatically learn and mitigate any threats or problems with minimal human interaction."
- "Regarding the pricing, Singularity Platform is very high compared to other platforms that have been worked with, such as CrowdStrike and other Sophos EDRs."
What is our primary use case?
I mostly use Singularity Platform in incident response time, especially when there is a ransomware attack or when we want to recover any previous files. My other use case is when I have to investigate any files or EXE files that have been on the PC to deeply investigate what services they are using and what type of network connections they are establishing on the PC.
I use the Pro-detection feature in financial services, and it is a very good feature. There is no need to manage any complicated cases because the Pro-detection feature works by simply analyzing over time. It takes two to three days to investigate a specific issue thoroughly, and then it gives a conclusion based on that analysis, which helps determine the actions to take.
What is most valuable?
One of the likely features of Singularity Platform is that it is very user-friendly and easy to understand. The UI is indeed very user-friendly. Alerts and writing long queries are somewhat challenging. The predefined queries of SentinelOne can be very jargony to configure and hectic to write.
Singularity Platform's real-time personalization feature is a time-taking process and not a single setup process. It takes at least six to seven months to train the platform so it can be aware of the environment, after which there is some visibility over personalization setups.
The personalization feature has been good for customer experience strategies. People are very positive about that personalization feature because the machine learning offered by Singularity Platform is very good and easy to use. Once it fully adapts to the environment, customers don't even need to monitor their endpoint protection landscape, as it can automatically learn and mitigate any threats or problems with minimal human interaction.
Risk management efforts have improved significantly with Singularity Platform. Previously, a lot of time was spent investigating issues, but now this process has reduced investigation time from days to hours. The focus is on what type of recommendations and remediations to implement, which can be completed within an hour.
Singularity Platform's real-time monitoring capability has significantly improved decision-making. Previously, decision-making was more manual, but after integrating something called Purple AI, it doesn't hallucinate and provides accurate real-time decisions, pinpointing exact problems and suggesting what changes need to be made.
One of the main benefits from using Singularity Platform is that there are no over-alerts; there are very few false positives. Most triggers are by true positives, which helps manage alert fatigue effectively and allows focus on actual threats.
What needs improvement?
Singularity Platform could be improved by providing a more comprehensive analysis part, particularly on the threat dashboard. If automated analysis in simple terms could be received to explain to customers what exactly is happening, it would be a great addition to the product.
Regarding customizable dashboards, there are predefined dashboards that provide good visibility, but customized dashboards are not that helpful. I would not recommend using them as they can become messier.
My advice for organizations considering Singularity Platform is to encourage the addition of a threat analysis part that integrates with their Purple AI, allowing explanation of specific threats in a simpler way for customers.
For how long have I used the solution?
I have been using Singularity Platform for three years.
How are customer service and support?
Experience with customer service and technical support has been primarily with tech support because, during the initial configuration time, there were many doubts. Tech support was mostly used, while customer service has not needed to be contacted. Direct contacts for technical support were available.
On a scale of one to ten, the technical support of SentinelOne would be rated as an 8.5.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup process for Singularity Platform is straightforward across all three platforms—Mac, Linux, and Windows—and doesn't require any prerequisites. It is a very lightweight agent, and the setup is easy to handle.
What was our ROI?
Singularity Platform does bring a good return on investment. First, proofs of concept are shown for the two EDRs, comparing what they offer. Large enterprises that can afford it often choose SentinelOne for its ease of management compared to other platforms.
What's my experience with pricing, setup cost, and licensing?
Regarding the pricing, Singularity Platform is very high compared to other platforms that have been worked with, such as CrowdStrike and other Sophos EDRs. While it offers very good features at the enterprise level, it comes at a premium price. Licensing includes various tiers like Pro and Singularity, and while highly customizable, it is indeed expensive.
Which other solutions did I evaluate?
In comparison to other products, a key difference in Singularity Platform is the ability to push customizable scripts, which other platforms offer in their tiers. If detailed analysis were received instead of just a graph, showing a step-by-step explanation of each threat or process would enhance the digital forensics perspective.
What other advice do I have?
From a features perspective, there are no missing functionalities in Singularity Platform; the features are quite good for now. The overall review rating for Singularity Platform is 8.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Integrator
Last updated: Mar 18, 2026
Flag as inappropriateBuyer's Guide
Download our free SentinelOne Singularity Endpoint Report and get advice and tips from experienced pros
sharing their opinions.
Updated: June 2026
Product Categories
Endpoint Detection and Response (EDR) Endpoint Protection Platform (EPP) Anti-Malware Tools Extended Detection and Response (XDR) AI-Powered Cybersecurity Platforms AI ObservabilityPopular Comparisons
CrowdStrike Falcon
Cortex XDR by Palo Alto Networks
Microsoft Defender for Endpoint
IBM Security QRadar
Elastic Security
Huntress Managed EDR
Trellix Endpoint Security Platform
HP Wolf Security
WatchGuard Firebox
TrendAI Vision One
TrendAI Vision One – Cloud Security
Microsoft Defender XDR
Buyer's Guide
Download our free SentinelOne Singularity Endpoint Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the biggest difference between Carbon Black CB Defense, CrowdStrike, and SentinelOne?
- Which is better - SentinelOne or Darktrace?
- What do you recommend to choose when replacing Symantec EDR: SentinelOne or CrowdStirke Falcon?
- Cortex XDR by Palo Alto vs. Sentinel One
- Which solution do you prefer: CrowdStrike Falcon or SentinelOne Singularity Complete?
- Does SentinelOne have a Virtual Patching functionality?
- What is the biggest difference between EPP and EDR products?
- What is the difference between EDR and traditional antivirus?
- What is your recommendation for a 5-star EDR with low resource consumption for a financial services company?
- Which is the best EDR for a logistics company with 500-1000 employees?




















