No more typing reviews! Try our Samantha, our new voice AI agent.
Sagar-Patel - PeerSpot reviewer
Security Engineer at a marketing services firm with 11-50 employees
Real User
Jul 15, 2026
Deep visibility has transformed threat hunting and now cuts incident response from hours to seconds
Pros and Cons
  • "Singularity Endpoint has completed my security solutions; during the six pillars of zero trust architecture, I can implement all pillars—identity, application, endpoints, infrastructure, network, and cloud—through the Singularity platform."
  • "SentinelOne Singularity Endpoint can be improved by implementing more XDR in the network connections and connectivity."

What is our primary use case?

My main use case for SentinelOne Singularity Endpoint involves EDR, deep visibility, and threat hunting.

For EDR or threat hunting in my day-to-day work, I use SentinelOne Singularity Endpoint primarily for incident management and for daily threat hunting, where I run queries, XDR queries, EDR, and power queries for hunting.

In addition to my main use cases, I also use SentinelOne Singularity Endpoint for application management, inventory management, and identity management for all users, along with vulnerability recommendation and vulnerability development management.

What is most valuable?

SentinelOne Singularity Endpoint offers excellent features that include threat visibility, deep visibility, and threat hunting.

What stands out to me with SentinelOne Singularity Endpoint's threat visibility and threat hunting features is that deep visibility gives us a 360-degree angle view of cloud, endpoint, identity, and network data to assess any possible threat hunting or risky activities, which is a good feature.

SentinelOne Singularity Endpoint has positively impacted my organization with its Purple AI feature.

Purple AI has made a positive impact by saving time because it provides a summary glimpse of the incident, allowing me to get an overview of what happened, and then I can check the particular identity or asset, which helps in checking everything in the incident or particular device or organization.

SentinelOne Singularity Endpoint has helped me see the connections between different security events or alerts, and it integrates easily.

Singularity Endpoint has completed my security solutions; during the six pillars of zero trust architecture, I can implement all pillars—identity, application, endpoints, infrastructure, network, and cloud—through the Singularity platform.

Singularity Complete has helped reduce false positive alerts; by creating star rules or alert rules for valid files allowed in the network, we are getting fewer incidents from the beginning.

Singularity Endpoint has freed up my staff for other projects and tasks, saving us one to two days per week to focus on other things.

It has reduced the mean time to respond, MTTR, by shrinking the incident response and forensic science analysis cycles from hours to seconds.

What needs improvement?

SentinelOne Singularity Endpoint can be improved by implementing more XDR in the network connections and connectivity.

Regarding needed improvements, the device connectivity management feature is very good and is working effortlessly and connecting well, though if we could improve some Purple AI features such as providing direct results to queries, that would be a valuable enhancement.

For how long have I used the solution?

I have been using SentinelOne Singularity Endpoint for two years.

Buyer's Guide
SentinelOne Singularity Endpoint
June 2026
Learn what your peers think about SentinelOne Singularity Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
904,680 professionals have used our research since 2012.

What do I think about the stability of the solution?

SentinelOne Singularity Endpoint is stable.

What do I think about the scalability of the solution?

Its scalability is impressive as it delivers horizontal scalability to a single agent and supports SaaS services, on-premises, and hybrid environments.

How are customer service and support?

Customer support is good, and the service is good.

Which solution did I use previously and why did I switch?

We previously used Microsoft Defender XDR, but we have SentinelOne Singularity Endpoint as a backup EDR solution.

How was the initial setup?

When we previously used Microsoft Defender XDR, the setup has been stable.

What was our ROI?

I do not have any metrics regarding return on investment, as I am part of the group and did not implement it.

What's my experience with pricing, setup cost, and licensing?

I am part of the group but do not have hands-on experience with the pricing, setup cost, and licensing.

Which other solutions did I evaluate?

Before choosing SentinelOne Singularity Endpoint, we did not evaluate any other options; one customer provided feedback indicating they use SentinelOne Singularity Endpoint, so we decided to go with it.

What other advice do I have?

My company acts as a service provider, MSSP, in our relationship with this vendor. I would rate this review a 9 overall.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company has a business relationship with this vendor other than being a customer. MSP
Last updated: Jul 15, 2026
Flag as inappropriate
PeerSpot user
reviewer2842140 - PeerSpot reviewer
Security Engineer at a comms service provider with 11-50 employees
Real User
Top 10
May 28, 2026
Endpoint protection has reduced response times and now frees my team for deeper investigations
Pros and Cons
  • "My favorite feature about it is the full visibility into telemetry."
  • "It's easy to deploy, but the documentation about the Linux part could be better because it's a little complicated only on the Linux part, specifically on Ubuntu; it could be clearer and simpler."

What is our primary use case?

I use SentinelOne Singularity Endpoint as HDR, as the product is designed.

What is most valuable?

My favorite feature about it is the full visibility into telemetry.

SentinelOne Singularity Endpoint has helped reduce alerts, but false positives could be less.

It has helped me in my investigation to free up my staff for other projects.

I have seen a reduction in mean time to respond.

What needs improvement?

I think the visibility on Storyline could be better.

I could not comment on the Ranger functionality because I don't use it.

I have seen a reduction in mean time to respond and it has helped me in investigations to free up my staff for other projects.

I tried using the Purple AI feature.

I think it's great and it's working very well and has helped reduce the mean time to respond. The description is great; it's not too specific and not too much reduced. The long summary is excellent; it provides a great summary.

For how long have I used the solution?

I have been working with SentinelOne Singularity Endpoint for eight months.

What do I think about the stability of the solution?

The stability of SentinelOne Singularity Endpoint is great and I would rate it 10.

What do I think about the scalability of the solution?

SentinelOne Singularity Endpoint is very scalable and I would rate it 10.

How are customer service and support?

I have had to contact technical support and it worked well.

I think the quality of their support is 10 and the speed could be nine.

If I were to put together an overall score for the support, I would give them nine.

Which solution did I use previously and why did I switch?

I have used many products as alternatives to SentinelOne Singularity Endpoint.

How was the initial setup?

I am involved in the initial deployment and it's working great.

It's easy to deploy, but the documentation about the Linux part could be better because it's a little complicated only on the Linux part, specifically on Ubuntu; it could be clearer and simpler.

SentinelOne Singularity Endpoint requires a little bit of maintenance on the agent upgrade, so a feature to auto-deliver updates month by month would be great.

What about the implementation team?

SentinelOne Singularity Endpoint consolidated the environment.

What was our ROI?

I can give 30% as a number for the reduction.

Which other solutions did I evaluate?

The product closest in terms of quality and features to SentinelOne Singularity Endpoint is CrowdStrike.

I prefer CrowdStrike over SentinelOne Singularity Endpoint.

I prefer CrowdStrike because I could see a lot more information in the detection part and the false positives are reduced.

What other advice do I have?

Data privacy and security are very important for us when using Purple AI because we work with some Italian government companies or government-related companies, so privacy and European regulation are very important.

SentinelOne Singularity Endpoint consolidated the environment.

Endpoint protection solutions were consolidated now that I don't need them.

I would rate this review 9 overall.

Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
Last updated: May 28, 2026
Flag as inappropriate
PeerSpot user
Buyer's Guide
SentinelOne Singularity Endpoint
June 2026
Learn what your peers think about SentinelOne Singularity Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
904,680 professionals have used our research since 2012.
reviewer2848893 - PeerSpot reviewer
Head of Security at a consultancy with 51-200 employees
Real User
Top 10
Jul 15, 2026
Behavioral detection has transformed endpoint investigations and now improves incident response
Pros and Cons
  • "SentinelOne Singularity Endpoint has positively impacted my organization by being one of the primary tools keeping us secure against modern security issues, with faster threat detection and investigation through better endpoint visibility which has greatly helped our team, resulting in improved incident response and reduced reliance on manual monitoring."
  • "SentinelOne Singularity Endpoint would benefit from broader security ecosystem integration, including deeper native integrations across identity access and other security domains, which would make it more competitive with larger security platforms."

What is our primary use case?

My main use case for SentinelOne Singularity Endpoint is primarily for endpoint detection and response, EDR, focusing on endpoint protection.

SentinelOne Singularity Endpoint is being used for behavioral threat detection, malware and ransomware protection, security investigations, response activities, and also to isolate endpoints where required.

How has it helped my organization?

SentinelOne Singularity Endpoint has positively impacted my organization by being one of the primary tools keeping us secure against modern security issues, with faster threat detection and investigation through better endpoint visibility which has greatly helped our team, resulting in improved incident response and reduced reliance on manual monitoring.

Regarding metrics on how it has improved incident response, I do not have any specific data to share.

What is most valuable?

The best features SentinelOne Singularity Endpoint offers include behavior-based detection, which can identify suspicious activity based on behavior patterns and has very few false positives, as well as autonomous prevention and response, where the agent can automatically block malicious activity. It also has strong investigation capabilities, and the process traceability along with endpoint activity context makes it very easy to understand what happened during an alert, and it includes ransomware protection and rollback capabilities, along with very low operational overhead.

From all the features I mentioned, I find myself relying most on behavior-based detection with endpoint investigation visibility because it allows our security team to quickly understand suspicious activity beyond simple malware alerts, helping analysts validate incidents faster and make better decisions.

What needs improvement?

SentinelOne Singularity Endpoint would benefit from broader security ecosystem integration, including deeper native integrations across identity access and other security domains, which would make it more competitive with larger security platforms.

I chose nine out of ten because I usually do not give out tens to be honest, but it is mainly due to areas outside its core endpoint security, as while it is very strong in EDR, there is still room for improvement around broader security platform capabilities and deeper cloud-native security coverage.

For how long have I used the solution?

I have been using SentinelOne Singularity Endpoint for more than a year.

What do I think about the stability of the solution?

SentinelOne Singularity Endpoint is stable.

What do I think about the scalability of the solution?

I am happy with the scalability of SentinelOne Singularity Endpoint.

How are customer service and support?

We pay for premium support for SentinelOne Singularity Endpoint, which is good, but they are charging us money.

Which solution did I use previously and why did I switch?

SentinelOne was already in this environment, so I did not previously use a different solution.

What was our ROI?

I have seen a return on investment, which is primarily on the improved SOC efficiency and reduced manual effort, along with the time saved during investigations and faster response actions. For example, a capability such as endpoint isolation helped reduce the time required to contain a suspicious activity, but I do not have numbers to present.

What's my experience with pricing, setup cost, and licensing?

I was involved in the decision-making regarding my experience with pricing, setup cost, and licensing.

Which other solutions did I evaluate?

Before choosing SentinelOne Singularity Endpoint, I did not evaluate other options, as we acquired it from an acquisition.

What other advice do I have?

Singularity Complete has not significantly consolidated our security solutions, as we are primarily relying on this for EDR.

To some extent, Singularity Complete has helped reduce alerts, with the main improvement being the platform's ability to automatically identify and prevent certain behaviors, but I do not have a number.

To some extent, Singularity Complete has helped free up my staff for other projects and tasks, primarily with its autonomous prevention capabilities, allowing analysts to spend less time collecting information manually and more time focusing on higher-value security activities.

It has definitely helped reduce my organization's mean time to detect, MTTD, but we have not measured the specific reduction percentage.

Mean time to response, MTTR, is primarily handled by humans.

The pricing for SentinelOne Singularity Endpoint is good compared to other industry vendors, and organizations should definitely focus on proper policy tuning and make use of the behavioral capabilities. I would rate this product nine out of ten overall.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Jul 15, 2026
Flag as inappropriate
PeerSpot user
Olive Kusumbara - PeerSpot reviewer
Consultant at a tech services company with 1,001-5,000 employees
MSP
Top 5
Nov 4, 2025
Has improved threat detection and streamlined integrations through strong XDR and forensic capabilities
Pros and Cons
  • "I've seen a lot of improvements and simplifications, and Google SecOps has recently moved into Gartner's as the highest one for visionaries."
  • "A weakness seen with one large customer was that the detections were too intrusive, blocking many applications that should have been working, which led to many false positives."

What is our primary use case?

I'm only dealing with Google SecOps right now, not other Google Cloud products. On a limited scale, I think we use Microsoft Defender for one particular customer; for the others, we are using SentinelOne Singularity Complete and Palo Alto Cortex.

What is most valuable?

I've seen a lot of improvements and simplifications, and Google SecOps has recently moved into Gartner's as the highest one for visionaries. The AI, agentic AI, integration with SOARs, and simplified SKUs and pricing are noteworthy. Most customers who have various platforms for cybersecurity do not choose Azure Defender unless they are on a Microsoft stack right now. SentinelOne Singularity Complete is the most capable in terms of detection and response, and I use it quite extensively for forensic capabilities.

SentinelOne Singularity Complete can be quite intrusive, but it has strong detection capabilities. The Ranger functionality of SentinelOne Singularity Complete for the EDR is extensively used for customers. Microsoft Defender has recently upgraded to XDR capabilities.

What needs improvement?

For Azure Sentinel, the main issue that needs improvement is the pricing; it's quite unpredictable right now in terms of cost. The use of many components within Azure itself is confusing, especially with the recent move in terms of the console from Azure Sentinel to the Defenders. The highlight is more into the pricing; it is too expensive and unpredictable right now.

For Google SecOps, the only improvement I suggest is in terms of the reporting, especially for out-of-the-box reporting that seems very lacking right now. There aren't too many useful reports coming from out-of-the-box; we have to develop them ourselves right now.

SentinelOne Singularity Complete needs to work more on increasing true positive detections to make it closer to 10. A weakness seen with one large customer was that the detections were too intrusive, blocking many applications that should have been working, which led to many false positives.

How are customer service and support?

I think technical support is quite good; we have been in contact quite occasionally, and they provide expected answers.

How would you rate customer service and support?

Positive

How was the initial setup?

I find the initial setup quite straightforward for SentinelOne Singularity Complete.

Which other solutions did I evaluate?

SentinelOne Singularity Complete can be quite intrusive; that's one of the drawbacks. It's also the first thing that we recommend right now. We prefer to use other EDR platforms such as SentinelOne Singularity Complete and Palo Alto Cortex right now.

What other advice do I have?

I'm using Google SecOps. If you want, I can leave my opinion on Google SecOps.

While the others will be on the cyber threat intelligence, the primary is Google SecOps, and I think the other one is Azure Sentinel.

There is room for improvement for these solutions. It's mostly SIEM and MDR for SentinelOne Singularity Complete. I haven't used Vigilance MDR; I only know the name.

We mainly focus on SentinelOne Singularity Complete and Cortex, while the other EDRs that we have managed are less significant. It's almost similar since both SentinelOne Singularity Complete and Cortex have EDR and XDR capabilities.

In terms of non-locked XDR platforms, the best one is SentinelOne Singularity Complete right now for their XDR capabilities. Other ones such as Palo Alto Cortex or even CrowdStrike are locked into their own ecosystem right now since they have many products within that ecosystem. In terms of integration, even though it looks quite open, some are tightly coupled into their own ecosystem, especially for Palo Alto Cortex.

We haven't had that in-depth experience in terms of ingesting and correlating for SentinelOne Singularity Complete; we mainly use it right now for their EDR capabilities. Since we provide the MDR services, we mainly integrate those with Google SecOps right now for the overall SOC services. I think they are the most capable in terms of detection and response.

We only tried Purple AI but haven't used it quite extensively. I find the pricing very reasonable, especially right now compared to other top-tier EDR platforms at the same level. I usually recommend the product for both smaller and bigger organizations. My overall rating for this review is 9.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Last updated: Nov 4, 2025
Flag as inappropriate
PeerSpot user
Chetan Gaonkar - PeerSpot reviewer
Soc Analyst at Softcell Technologies Limited
Real User
Top 10
Apr 30, 2026
Endpoint protection has cut alerts and detection time while streamlining ransomware response
Pros and Cons
  • "SentinelOne Singularity Endpoint has helped reduce alerts for us by almost 50%."
  • "For SentinelOne Singularity Endpoint, the first issue I dislike is the high CPU utilization, and the second is a very high number of false positive alerts from the EDR."

What is our primary use case?

SentinelOne Singularity Endpoint's main use case is that it includes EDR, XDR, and NGSM. SentinelOne Singularity Complete has the ability to ingest and correlate across security solutions extensively. It functions as an EDR, XDR, and MDR mix with Purple AI and NGSM real-time monitoring tools.

Ranger functionality is a network discovery and control feature. Its primary role is to identify and manage unmanaged devices on the network. It detects devices in our network, ingests logs from network sources, and captures threat metrics, including IOCs. Ranger functionality is effective for identifying rogue devices in our network.

What is most valuable?

What I appreciate most about SentinelOne Singularity Endpoint is the fastest response of EDR and the rollback VSS capability. The rollback feature is my top preference, followed by the fastest response from the EDR side.

SentinelOne has helped reduce alerts for us by almost 50%. Before implementing SentinelOne Singularity, my colleague told me that we were using an AV, but I do not have knowledge about which AV we were using. After using SentinelOne Singularity platform, the time has reduced by 50%.

There is up to 30 to 40% mean time reduction in MTTD.

For mean time to resolve, whenever we get the alert from the console, we integrate SentinelOne Singularity with a sub-console, so it raises the alert within five minutes.

What needs improvement?

For SentinelOne Singularity Endpoint, the first issue I dislike is the high CPU utilization, and the second is a very high number of false positive alerts from the EDR.

Data security is very important in today's organizations when using Purple AI with endpoints in the SentinelOne Singularity network and applications everywhere. However, SentinelOne Singularity does not have strong features for data security. Purple AI is used to find IOCs, hashes, zero-day vulnerabilities, or CVEs found in the network. We use it for that purpose only. From a data security perspective, SentinelOne Singularity does not have a major role. With Purple AI, we ask questions about an IOC or provide a query and receive answers from Purple AI, but that is the extent of its functionality.

For how long have I used the solution?

I have been working with this solution for eight months.

What do I think about the stability of the solution?

SentinelOne Singularity Endpoint protection runs continuously. I heard news about one or two years ago that CrowdStrike had a blue screen issue, but I have not heard any news about SentinelOne lagging or crashing. I have been using it for the last eight months with no issues from the Singularity application.

What do I think about the scalability of the solution?

Scalability with SentinelOne depends on your organization and how many licenses you have. I am a co-worker of Softcell, and we have a license for 7,000 to 8,000 endpoints. Currently, we have only 6,000 endpoints implemented for our customers and for our use only. Scalability-wise, it is very scalable and depends on how many licenses your organization has purchased from SentinelOne.

How are customer service and support?

Support is very important for SentinelOne Singularity Endpoint. Because it is a SaaS product, whenever we get stuck, we require a TAC team or support team. For instance, two days ago, one of our customers was hit by a ransomware attack. We required the support team to help us with root cause analysis to find out why the ransomware entered our client's organization. The support team helped us all night, standing with our customer while providing support to us. Support is very important for SentinelOne, and the TAC team is essential.

If I were to rate the support on a scale from one to ten, I would give it a nine. Support is important for us.

Which solution did I use previously and why did I switch?

Before SentinelOne Singularity Endpoint, I used an AV, but I do not have knowledge about which AV it was.

How was the initial setup?

SentinelOne Singularity Endpoint's initial deployment is very easy. I have eight months of experience with it and take on some admin responsibilities. We have to set up the tenant, though I do not have access to do so. I am downloading the packages during our initial deployment. Downloading the packages and installing them is very easy. We just require the site token from the management console. For our organization's pilot deployment, I downloaded some SentinelOne Singularity Endpoint packages on laptops. With eight months of experience as a fresher, I can install the endpoints on laptops. The initial setup is very straightforward.

Which other solutions did I evaluate?

I have not used any alternatives to SentinelOne Singularity Endpoint. I have knowledge of other solutions, but I am using SentinelOne for the first time. Before this company, I was a college student, so this is my first company and my first tool.

What other advice do I have?

SentinelOne Singularity Endpoint has helped reduce alerts for us by almost 50%. Before implementing it, my colleague told me that we were using an AV, but I do not have knowledge about which AV it was. After using SentinelOne Singularity platform, the time has reduced by 50%.

There is up to 30 to 40% mean time reduction in MTTD.

For mean time to resolve, whenever we get the alert from the console, we integrate SentinelOne Singularity with a sub-console, so it raises the alert within five minutes.

I would rate this solution a 9 out of 10 overall.

Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Last updated: Apr 30, 2026
Flag as inappropriate
PeerSpot user
Prathamesh Samant - PeerSpot reviewer
Presales Manager at a manufacturing company with 201-500 employees
Reseller
Top 5Leaderboard
Feb 15, 2026
Ransomware rollback has protected endpoints and real-time monitoring now reduces investigation time
Pros and Cons
  • "Singularity Platform's functionality for ransomware rollback is quite useful because if you have a ransomware attack, most EDR solutions do not have the feature to do a rollback and bring the system to its earlier state, but that is one of the unique features that Singularity Platform has which can be a game changer for customers."
  • "Technical support from SentinelOne is somewhat dependent on the engineer you are assigned. Some TAC cases are solved in a good time, but some cases faced challenges because the engineer was not competent or was not able to understand the issue or take it to its logical conclusion."

What is our primary use case?

Our customers are primarily seeking an XDR platform with Singularity Platform, which combines their EDR, next-gen antivirus, vulnerability management, and integration with their existing security portfolio. Singularity Platform is used for XDR requirements, extended detection and response, for their EDR, next-gen antivirus, vulnerability management, and the requirement to integrate with their existing security solutions like their firewalls and proxies from an XDR perspective.

From an overall security perspective, it is not related to supply chain processes as specific to the supply chain process. When customers have interactions or business relationships with their vendors or the third parties that they use as part of their business, Singularity Platform can be used to scan the internet traffic or through their XDR functionalities to determine what kind of data they are sending, if any vulnerabilities exist in their systems, and whether those vulnerabilities are exploitable or not. Those kinds of features can be mapped to a supply chain from Singularity Platform's perspective.

What is most valuable?

Singularity Platform's functionality for ransomware rollback is quite useful because if you have a ransomware attack, most EDR solutions do not have the feature to do a rollback and bring the system to its earlier state, but that is one of the unique features that Singularity Platform has which can be a game changer for customers.

Singularity Platform's customization feature is also strong; we were able to customize the dashboards and reports based on the different compliances that the customer has. We have customers in BFSI, manufacturing, and pharma, so based on their requirements, because every customer or every business has a different set of requirements, the customization of dashboard and reporting perspective is good in Singularity Platform. From an analyst level to a C-level executive, we can have different sets of dashboards with a specific set of purposes aligned with what roles they play.

The real-time monitoring capabilities in Singularity Platform are good. Some enhancements that could be made are to make it more readable or understandable to the person who is monitoring those dashboards, because sometimes what happens is it becomes too verbose or too much data is displayed from the monitoring perspective, especially from the EDR perspective. Analysts have to make sense of what logs or what alerts they are monitoring; they have to go through a lot of data before they can take any decision on whether it's a false positive or an actual threat that they should look at. If they make it easier and more understandable for the analyst, they can make an informed decision quickly. Currently, what Singularity Platform has is a bit clunky, verbose, and has too much data that might be useful or might not be useful based on the analyst, so if they simplify it, it will be more effective.

From the end user perspective regarding Singularity Platform, the deployment is very easy, which makes life easy for the administrator. Implementation doesn't require a reboot or these kinds of things after installing the agent, which is one more advantage. Additionally, it doesn't use many system resources and doesn't make the system heavy, but still works in a good way, so you're not using much of the CPU or RAM. The detection ratio is good, and we haven't seen many false positives or many attacks at our customers where Singularity Platform has been deployed. This is one added advantage because you need to spend less time on alerts or incidents, allowing your administrators to focus on different jobs rather than spending time analyzing on Singularity Platform. The deployment and installation are easy, which saves time and money from bandwidth and network perspectives and from the time that an analyst or administrator spends on deploying or installing the agent.

What needs improvement?

I do not recall a real-time personalization kind of feature in Singularity Platform.

If ranking is applied, I would rank CrowdStrike as one, Singularity Platform as two, and Palo Alto's Cortex as three. The issues mentioned in Singularity Platform are well taken care of in CrowdStrike, and CrowdStrike now has a bigger portfolio in terms of data security, identity security, and AI security. The new-age integrations are better in CrowdStrike, and I'm sure Singularity Platform will catch up, but as of now, CrowdStrike has an added advantage.

From an XDR perspective, if Singularity Platform could expand their existing set of supported log sources, that would be better. As of now, they have a limited set of security solutions that can be integrated as part of their XDR platform, and if they increase that, it would be better because not all customers will have the set of supported log sources that they have. Additionally, they don't have a scheduled scan feature; you have to do it through a different mechanism. If they can bring it as part of the platform, the scheduled scan feature would improve usability. Apart from that, from an operations or overall security perspective, we haven't found any such issues with the platform.

For how long have I used the solution?

I have been working with Singularity Platform for three plus years.

What do I think about the stability of the solution?

I would rate stability for Singularity Platform as an eight from a better perspective.

What do I think about the scalability of the solution?

Scalability is not an issue for Singularity Platform because it is delivered as a SaaS service, so scalability is taken care of by SentinelOne. I would rate it as a nine.

How are customer service and support?

Technical support from SentinelOne is somewhat dependent on the engineer you are assigned. Some TAC cases are solved in a good time, but some cases faced challenges because the engineer was not competent or was not able to understand the issue or take it to its logical conclusion. I would rate it around six.

How would you rate customer service and support?

Positive

How was the initial setup?

From the end user perspective regarding Singularity Platform, the deployment is very easy, which makes life easy for the administrator. Implementation doesn't require a reboot or these kinds of things after installing the agent, which is one more advantage. Additionally, it doesn't use many system resources and doesn't make the system heavy, but still works in a good way, so you're not using much of the CPU or RAM. That is one more benefit; additionally, the detection ratio is good, and we haven't seen many false positives or many attacks at our customers where Singularity Platform has been deployed. This is one added advantage because you need to spend less time on alerts or incidents, allowing your administrators to focus on different jobs rather than spending time analyzing on Singularity Platform. The deployment and installation are easy, which save time and money from bandwidth and network perspectives and from the time that an analyst or administrator spends on deploying or installing the agent. That is where I see more of the benefits.

From an XDR perspective, if Singularity Platform could expand their existing set of supported log sources, that would be better. As of now, they have a limited set of security solutions that can be integrated as part of their XDR platform, and if they increase that, it would be better because not all customers will have the set of supported log sources that they have. Additionally, they don't have a scheduled scan feature; you have to do it through a different mechanism. If they can bring it as part of the platform, the scheduled scan feature would improve usability. Apart from that, from an operations or overall security perspective, we haven't found any such issues with the platform.

What about the implementation team?

It's a shadow process; they require our help during the initial implementation stage for Singularity Platform, but since it's quite easy to configure, it's a plug-and-play kind of thing. You just have to enable or disable the toggle buttons, and then you are good to go. From the deployment perspective or from the help perspective, at the initial level, they require our assistance. Once the training and handover process are done, they can easily manage it on their own.

Which other solutions did I evaluate?

I would compare Singularity Platform with CrowdStrike and Palo Alto's Cortex XDR.

What other advice do I have?


Disclosure: My company has a business relationship with this vendor other than being a customer. reseller
Last updated: Feb 15, 2026
Flag as inappropriate
PeerSpot user
Director, Information Technology at Premier Realty Group
Real User
Top 5
Dec 22, 2024
Secures our environment with reduced alerts but better threat notifications needed
Pros and Cons
  • "The security aspect is the most valuable feature for me."
  • "We have noticed a reduction in alerts since implementing SentinelOne Singularity Complete."
  • "The solution could improve its notifications and communications."
  • "The only thing that prevented the attack from succeeding was a free version of Malwarebytes that was running on the session, which effectively protected against it. The MSP confirmed that SentinelOne failed to detect the threat."

What is our primary use case?

I use SentinelOne Singularity Complete on our servers, specifically in our remote desktop services environment. I also use it alongside ESET for our workstations. Our environment isn't huge, with about 30 people, although we've had up to 50 users. I mostly use it as a security solution.

How has it helped my organization?

We have noticed a reduction in alerts since implementing SentinelOne Singularity Complete. 

What is most valuable?

The security aspect is the most valuable feature for me. Although SentinelOne Singularity Complete is marketed as providing superior blocking capabilities, my experience has varied. It has helped reduce alerts compared to other security solutions, which can be a positive feature since constant alerts tend to be overwhelming. However, this also leads to uncertainty about whether the solution is doing its job effectively.

What needs improvement?

The solution could improve its notifications and communications. For example, I don't receive much information about what threats have been blocked. A weekly report logging blocked threats would be helpful. Additionally, there should be a balance between too many notifications and no notifications at all, as neither product I'm familiar with strikes a comfortable medium.

An agent of ours clicked a link in an email that initiated what appeared to be a ransomware attack. The only thing that prevented the attack from succeeding was a free version of Malwarebytes that was running on the session, which effectively protected against it. The MSP confirmed that SentinelOne failed to detect the threat, but the free Malwarebytes version ultimately prevented it from impacting or compromising our systems.

Singularity Complete's interoperability with other SentinelOne solutions works well, but it doesn't work well with other third-party tools. Initially, it conflicted with the ESET we use on our workstations and the staff computers, and then they had to set up a white list for that.

For how long have I used the solution?

I have a year and a half of experience with SentinelOne Singularity Complete.

What do I think about the stability of the solution?

SentinelOne Singularity Complete sometimes conflicts with third-party solutions. Initially, it conflicted with ESET on my workstations, requiring a whitelist setup. This indicates room for improvement in stability when interacting with other solutions.

What do I think about the scalability of the solution?

My deployment is relatively small, and SentinelOne Singularity Complete works within those constraints. However, it is more of an add-on than a tool for consolidating security solutions within my organization.

How are customer service and support?

My experience with SentinelOne's customer support has been mixed. We were performing a software upgrade for our Office Suite, which required temporarily disabling SentinelOne on the server. This was necessary because we were removing and reinstalling software. However, we couldn't simply request that our MSP disable it immediately. SentinelOne's policy required the MSP to contact their company and schedule the deactivation at least 24 hours before. Although we notified the MSP 12 hours before our intended start time, we could still not proceed as planned. Consequently, we had to postpone the project by an additional 24 hours.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We previously used ESET on our servers, but our managed service provider recommended switching to SentinelOne Singularity Complete. ESET provided more frequent notifications, alerting us when it blocked something, which was helpful, although sometimes a bit excessive, similar to Norton products. While not quite as intrusive, finding a comfortable balance between ESET's transparency and Singularity Complete's lack of communication is challenging. Neither product offers the ideal middle ground; it's either an overwhelming number of notifications or none at all.

How was the initial setup?

The initial setup was handled by the MSP, and I was somewhat against it from the start because I had heard rumours about it being a significant resource hog. My only concern was that I didn't want anything that would negatively impact the environment and slow it down, as the agents don't have time for that. Unfortunately, right from the start, we experienced the very impact I feared. Agent logins, which usually took around ten seconds, took six to seven minutes.

The deployment was completed in one day.

What about the implementation team?

My implementation involved three people: myself, the marketing VP, and a former IT staff member. I had to reboot the servers, which caused minimal downtime.

What was our ROI?

Other than some delays initially with the agents and then during a software upgrade, there hasn't been any significant impact on ROI.

What's my experience with pricing, setup cost, and licensing?

I did not notice a significant increase in cost after adding SentinelOne. It was close to the previous year's cost, which could be an annual increase unrelated to SentinelOne.

What other advice do I have?

I rate SentinelOne Singularity Complete seven out of ten.

When we first deployed SentinelOne Singularity Complete with remote desktop services on our RDS server, we encountered problems. The software was running multiple instances of itself, one for each user session, in addition to the instance running on the actual server hardware. This caused the server to run extremely slowly, with users experiencing login times of six to seven minutes before reaching their desktops. To fix this issue, the MSP changed it to where it wasn't running independent sessions. It would just run on the server itself. It took the MSP half a day to make the changes.

SentinelOne Singularity Complete can be a decent solution for environments with newer hardware that can handle the overhead. It has a reputation for being secure, but its impact on performance was not suitable for my environment.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Asim Naeem - PeerSpot reviewer
Principal IT Security & Compliance at IBEX Holdings Ltd
Real User
Top 5Leaderboard
Aug 15, 2024
It integrates well with other platforms, is user-friendly, and is stable
Pros and Cons
  • "Unlike other endpoint solutions like Kaspersky or Trend Micro, SentinelOne's agents are exceptionally lightweight, updating seamlessly without consuming significant network or system resources."
  • "When SentinelOne Singularity Complete is used as the central hub for viewing alerts from all integrated security solutions, it is challenging to identify the specific solution that triggered each alert."

What is our primary use case?

As a company with 30,000 employees and 26,000 endpoints worldwide, we have diverse operational needs that SentinelOne Singularity Complete effectively addresses.

SentinelOne Singularity Complete effectively addresses numerous challenges. As a cloud-based SaaS solution, it seamlessly protects office and remote workers, safeguarding laptops and other devices. Its comprehensive coverage extends to cloud infrastructure across multiple operating systems like iOS, Linux, and Windows, including Kubernetes environments. This versatility, coupled with its ability to fulfill various use cases, has made SentinelOne Singularity Complete our trusted security solution for the past four years.

How has it helped my organization?

SentinelOne Singularity Complete integrates with our other security solutions, correlating data from NDR, ADR, SIEM, and XDR tools. All this information is consolidated within SentinelOne, providing a centralized access point.

SentinelOne Singularity Complete has helped us streamline our security operations by consolidating multiple solutions into a single platform. We are currently in the process of acquiring a threat intelligence platform to complete our security stack.

We use Ranger to monitor our network and track connected devices. This is crucial because it helps us quickly identify unauthorized machines connected to our infrastructure, including personal devices. We have additional security measures in place, but Ranger provides an extra layer of protection. It also alerts us if the SentinelOne Singularity Complete agent is missing from any new or existing machines, allowing us to take appropriate action.

SentinelOne Ranger's agentless and hardware-independent nature is crucial for our environment with 26,000 endpoints, as manual management of such a large number would be extremely challenging.

Ranger uses a multi-layered approach to prevent vulnerable devices from being compromised. We employ scanners, network configurations, and a risk scanner to assess devices, endpoints, servers, and cloud infrastructures. Vulnerability reports and timelines for remediation are shared with device owners or custodians. This proactive strategy enables us to address vulnerabilities efficiently and secure our infrastructure.

SentinelOne Singularity Complete has significantly enhanced our security posture. While no system is impenetrable, this solution has brought us closer to achieving a high level of protection, ensuring we maintain at least a 90 percent security level.

Our team is dedicated to refining alerts and eliminating false positives from our solutions. Additionally, a team is responsible for identifying and excluding alerts from the solution. We can manually expedite this process by reviewing these elements and utilizing our security tools. We have been able to reduce the alert volume by 20 percent.

Our 30-member Security Operations Center team has been able to redirect their focus to other tasks due to the time saved after implementing SentinelOne Singularity Complete.

SentinelOne Singularity Complete has helped us improve our mean time to detect threats, which we accomplish using the Vigilance service for detection and response.

SentinelOne Singularity Complete has helped us decrease our organizational risk. We utilize the Security Scorecard to manage our security posture, which has remained steady at 90 percent.

What is most valuable?

Unlike other endpoint solutions like Kaspersky or Trend Micro, SentinelOne's agents are exceptionally lightweight, updating seamlessly without consuming significant network or system resources. This ensures smooth operation and user-friendly control. Moreover, SentinelOne's support team is highly competent, providing timely assistance and going the extra mile to resolve any issues.

What needs improvement?

When SentinelOne Singularity Complete is used as the central hub for viewing alerts from all integrated security solutions, it is challenging to identify the specific solution that triggered each alert.

For how long have I used the solution?

I have been using SentinelOne Singularity Complete for almost four years.

What do I think about the stability of the solution?

SentinelOne Singularity Complete is stable.

How are customer service and support?

The technical support team is quick to respond to and resolve our issues.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Our hybrid environment has raised security concerns for management, leading them to seek an all-in-one solution. After conducting multiple proof-of-concept tests for endpoint security, they determined that Kaspersky was insufficient for their needs due to inadequate functionality and management complexity. As a result, they transitioned to SentinelOne Singularity Complete.

SentinelOne is actively developing new innovations and introducing additional integration platforms.

What other advice do I have?

I would rate SentinelOne Singularity Complete nine out of ten.

SentinelOne Singularity Complete offers comprehensive endpoint security by automatically updating without impacting bandwidth. Unlike traditional signature-based solutions, it employs a behavior-based approach to detect and immediately address malicious or suspicious files and processes.

We are 100 percent confident with SentinelOne as a strategic security partner.

Maintenance has been seamless, and while SentinelOne does notify us in advance of any required downtime, I haven't experienced any interruptions in the past year and a half.

With 30,000 employees and 26,000 endpoints worldwide, our organization has implemented SentinelOne Singularity Complete across all endpoints.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Dinesh Yadav - PeerSpot reviewer
Sales Director at CLOUD MIND
Reseller
Top 20
Jun 26, 2026
Security monitoring has improved and current endpoint deployments run smoothly for customers
Pros and Cons
  • "My experience working with SentinelOne Singularity Endpoint has been fantastic."
  • "The drawbacks I have identified with SentinelOne Singularity Endpoint are that they should work on being more responsive than CrowdStrike."

What is our primary use case?

I use SentinelOne Singularity Endpoint for my customers.

I help our customers implement SentinelOne Singularity Endpoint because its initial setup is straightforward and not complicated. However, there are cases where they are not integrated with Active Directory, so I assist them by sending the link or email to the end user so they can download the agent, and the rest can be done through the console.

My customers purchase SentinelOne Singularity Endpoint from us. I place the order with SentinelOne distributors because local support is more important for customers, and they want to be locally supported by resellers or vendors. If you buy from AWS, then there will not be any support.

What is most valuable?

My experience working with SentinelOne Singularity Endpoint has been fantastic.

The most valuable features I have found in SentinelOne Singularity Endpoint are MITRE ATT&CK, continuous monitoring, and threat vectors.

What needs improvement?

The drawbacks I have identified with SentinelOne Singularity Endpoint are that they should work on being more responsive than CrowdStrike. CrowdStrike has a very strong team here in the Middle East and they are very frequently available to discuss any kind of issues or challenges. In comparison to these, they are a bit slow.

I think in the next release of SentinelOne Singularity Endpoint, they should be working on a SIEM solution so that customers can have data logs for 30 days or 90 days.

SentinelOne Singularity Endpoint's R&D team should learn from CrowdStrike's approach, looking at the technologies that protect endpoints, customer protection, and providing extra features that customers can utilize and be loyal to them. For example, CrowdStrike gives seven days data retrieval for end users in the SIEM without any charges. If SentinelOne does something similar, they might gain more loyalty and more customers.

For how long have I used the solution?

I have been dealing with SentinelOne Singularity Endpoint for more than five to six years.

What do I think about the stability of the solution?

When it comes to functionalities and performance, SentinelOne Singularity Endpoint is fine, and there are not many issues with SentinelOne Singularity Endpoint products once deployed.

How are customer service and support?

I would rate their technical support around a nine out of ten. Every solution has some kind of drawback, but it is a pretty good score.

How was the initial setup?

Its initial setup is straightforward and not complicated. However, there are cases where they are not integrated with Active Directory, so I have to assist them by sending the link or email to the end user so they can download the agent, and the rest can be done through the console.

What's my experience with pricing, setup cost, and licensing?

I find SentinelOne Singularity Endpoint's pricing to be competitive because if I look at the pricing of CrowdStrike, they are competitive to CrowdStrike.

Which other solutions did I evaluate?

I cannot say SentinelOne Singularity Endpoint is the best option on the market at the moment, but I can say it is the second best. If I look at CrowdStrike, they have many other features and come with various other solutions including identity protection, SIEM, data protection, and firewall management. In terms of technology, SentinelOne is doing good and very competitive in the market, but CrowdStrike is still ahead of them.

What other advice do I have?

I have not gone through SentinelOne Singularity Endpoint's Purple AI that much. I believe it is an AI feature. It is similar to all other AIs where you can ask questions about technical issues or challenges through the portal and it can access security, indicating if any configuration is missing or if there are any attacks or vectors, or if some users are inactive for longer periods. This can help them keep track of users in case some are offline for longer days or if their agent has not been updated. I would rate this review an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
Last updated: Jun 26, 2026
Flag as inappropriate
PeerSpot user
Ankit Gupta. - PeerSpot reviewer
Senior Solution Architect Data Center & Cloud at a tech services company with 11-50 employees
Real User
Top 5Leaderboard
Feb 26, 2026
AI-driven protection has reduced detection time and now provides complete endpoint coverage
Pros and Cons
  • "SentinelOne Singularity Complete, from the end user perspective, provides the complete security protection, which is the first thing we are looking for."

    What is our primary use case?

    This is an Umbrella platform that provides endpoint security as well as cloud security and provides ingestion like identity and network protection. These are the use cases we work with our clients as per managed security services. It provides great endpoint and cloud security services.

    How has it helped my organization?

    With the AI-based capabilities and the high detection rate, the mean time to detect and mean time to resolve the complete dwell time is less on that particular point. This really directly helps in that area.

    What is most valuable?

    The feedback is very good. Detection time and mean time detection, all the security metrics like mean time to detect and dwell times, make SentinelOne Singularity Complete great from the Sentinel point of view. It also provides the MITRE ATT&CK metrics on the dashboard, which helps us to understand tactics and techniques.

    There are multiple features such as network controls and device control. We can manage the device as well as detect any unprotected or rogue identity and rogue endpoints across the enterprise. All of these are great features from SentinelOne Singularity Complete.

    It reduces the manual intervention time. It reduces the alert noise and now has the AI capabilities to drill down that particular event or incident.

    What needs improvement?

    In terms of enhancement, SentinelOne Singularity Complete may increase to include some agent for email protection.

    For how long have I used the solution?

    I have demo experience, not production work on the AI Purple where we can take the data from multiple vendors or from Sentinel, and it will provide the enhanced observability and visibility. I have a couple of demo level experiences because that product we are not using right now.

    What do I think about the scalability of the solution?

    Scalability is also a nine.

    How are customer service and support?

    Technical support is also good. I would rate it around nine. When we have any escalation or something, it is very helpful in that area.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    It is a simple process.

    What about the implementation team?

    We are the managed service provider, so we help our clients. Sometimes it requires some advanced level of configuration or implementation.

    Which other solutions did I evaluate?

    CrowdStrike is the main competitor, along with Palo Alto Cortex and Microsoft Sentinel. These are the three main competitors for the product range from SentinelOne.

    It is very hard to compare on this point until we have any kind of detailed one-to-one comparison. It actually depends on the use case on how we are implementing and which services we are opting. SentinelOne provides MDR and EDR detection, so it is a very great portfolio when compared. However, every peer competitor is also evolving day by day, so it is very hard to tell on that point.

    What other advice do I have?

    It is helpful because it provides the data ingestion from other vendors also. SentinelOne Singularity Complete, from the end user perspective, provides the complete security protection, which is the first thing we are looking for. It has very few false positives. With device control, we can manage the device inventory as well as compliance as per the standard working. These are the features which SentinelOne Singularity Complete provides.

    SentinelOne Singularity Complete is a very great product. Network discovery and device control and these features are very helpful for administrators and cybersecurity analysts to help the cybersecurity portfolio correctly.

    I would rate this review a nine overall.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    Last updated: Feb 26, 2026
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free SentinelOne Singularity Endpoint Report and get advice and tips from experienced pros sharing their opinions.
    Updated: June 2026
    Buyer's Guide
    Download our free SentinelOne Singularity Endpoint Report and get advice and tips from experienced pros sharing their opinions.