No more typing reviews! Try our Samantha, our new voice AI agent.
Senior Vice President IT at AS IT Consulting Pvt. Ltd.
Reseller
Top 5
Jan 20, 2026
Security correlations have boosted compliance operations and improve user productivity
Pros and Cons
  • "The main benefits the end-user gets from Singularity Platform are, first, the program itself being very small, and then we get better output from applications running on their systems."
  • "In my opinion, the real-time monitoring capabilities in Singularity Platform sometimes work and sometimes they don't, because there are a lot of false positives and people use unsigned applications which get deleted or quarantined by the product."

What is our primary use case?

My main use cases for Singularity Platform are compliance and security operations.

What is most valuable?

I have found the correlations in Singularity Platform to be the most valuable. The main benefits the end-user gets from Singularity Platform are, first, the program itself being very small, and then we get better output from applications running on their systems. The output of the users has gone up 50%, although I don't remember other benefits at this time.

What needs improvement?

There are a lot of false positives in that, which is why I'm not working with it. The use of the fraud detection feature in financial services in Singularity Platform depends on the compliances that are applicable to the organization, so it may be useful for some and may not be useful for others. I did that by myself, not with the help of Singularity Platform. In my opinion, the real-time monitoring capabilities in Singularity Platform sometimes work and sometimes they don't, because there are a lot of false positives and people use unsigned applications which get deleted or quarantined by the product. It's not a 100% foolproof solution.

A point for improvement for SentinelOne is that the false positives are huge since people in India, at least, are using homegrown applications which get blocked. Right now, Singularity Platform is working fine, but people have concerns about enhancements like website monitoring that can be done through Singularity Platform itself, so they don't need to buy any SASE products for people working from home to control their browsing. If that feature can be included, it will be a big advantage.

For how long have I used the solution?

I have been working with Singularity Platform for almost two years now.

Buyer's Guide
SentinelOne Singularity Endpoint
June 2026
Learn what your peers think about SentinelOne Singularity Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
904,680 professionals have used our research since 2012.

What do I think about the stability of the solution?

I had some issues with that.

What do I think about the scalability of the solution?

I would rate the scalability a nine.

How are customer service and support?

Technical support will always be between six and seven.

How was the initial setup?

The initial setup for Singularity Platform is very simple; the dashboard is quite simple, and the agents' installations are very simple, like one click, I would say.

What's my experience with pricing, setup cost, and licensing?

For pricing, I would say it's a six. It could be cheaper, as I understand.

Which other solutions did I evaluate?

The main competitor for Singularity Platform is CrowdStrike at number one, and the second is Trellix, which is coming up very fast. The leader on the market is still SentinelOne, but if they don't add some add-ons to their product like Trellix and CrowdStrike have, they may lag very soon. If we do only apple-to-apple comparison on Singularity Platform, then I'll give it ten marks.

What other advice do I have?

Singularity Platform functions as a security information and event management solution, and that is an inbuilt part of it. I believe in the correlations that I get because we work on it, but we don't use the Purple AI part of it. I'm not able to get clarity regarding the real-time personalization feature in Singularity Platform. I do not use the real-time personalization feature in Singularity Platform. It is a matter of false positives when people use it in my area.

Regarding the impact of Singularity Platform on supply chain processes, I don't have much on it, but it's a good product and the tracking is better with the log capturing and the data that we get from it. The customer does require customizations on the dashboards as per the requirement of their organizations; if it's manufacturing, medical, or financial institution or banking, then they will have different requirements for their dashboards, which are yet not available, so we have to actually build up those dashboards for them. I can recommend Singularity Platform to other users. I have provided this review a rating of 9.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer. reseller
Last updated: Jan 20, 2026
Flag as inappropriate
PeerSpot user
reviewer1964085 - PeerSpot reviewer
President at a tech services company with 1-10 employees
Real User
Top 10
Jul 31, 2025
prevention of ransomware attacks shows reliability and effectiveness in business environments
Pros and Cons
  • "It recently stopped a ransomware attack at one of my clients, proving its reliability."
  • "I don't think there is real-time threat intelligence within SentinelOne Singularity Complete, and if there is, I'm not using it."

What is our primary use case?

I typically deploy it into typical business environments such as law offices, doctors' offices, and marketing companies. I have clients of all walks of life, including accountants, attorneys, doctors, and veterinarians. I work in a very simple environment and am not dealing with high security, such as CIA-level security. For example, I use it in a doctor's office where it does a good job staying HIPAA compliant.

How has it helped my organization?

The best aspects of SentinelOne Singularity Complete for these clients are its ability to detect malicious activity. While there are sometimes false positives, they are minimal, making it quite effective. It recently stopped a ransomware attack at one of my clients, proving its reliability. The clients do not see immediate efficiency gains or significant time savings.

What needs improvement?

I haven't done any integrations, as I'm just in the beginning stage of ramping up the product implementation and mastering the product. I don't qualify myself as a master in the use of SentinelOne Singularity Complete, so I cannot offer great insight on this.

For how long have I used the solution?

I have dealt with SentinelOne Singularity Complete for less than a year.

What do I think about the stability of the solution?

The stability of SentinelOne Singularity Complete is demonstrated through its ability to detect malicious activity. While there are sometimes false positives, they are minimal. It recently stopped a ransomware attack at one of my clients, proving its reliability.

What do I think about the scalability of the solution?

My clients are mostly small, and my largest client has about thirty computers. I do the deployment myself, and it's not a huge effort. It's not comparable to dealing with a company that has three thousand computers.

Which solution did I use previously and why did I switch?

In the past, I used another product that malfunctioned and caused high processor activity which required stopping and reinstalling it. However, this hasn't happened with SentinelOne Singularity Complete. I used to have many false positives with other products that would block good programs, but I haven't experienced that with SentinelOne Singularity Complete, making it more quiet and efficient.

How was the initial setup?

The initial setup was very simple; deployment is straightforward. Fine-tuning it is a bit more involved, but overall, it's a very simple product to get started with.

What about the implementation team?

I was a part of the setup and deployment process.

What was our ROI?

The return on investment for my clients isn't visible until there is an incident or an attack that gets stopped. Then they realize the value of prevention. The challenge with security products is that ROI isn't apparent until an incident demonstrates the potential for loss. Clients often think they are immune, especially small ones, believing they're too small to be attacked. They don't realize that the cost of an attack could be a hundred thousand dollars, while they perceive the likelihood as very low.

What's my experience with pricing, setup cost, and licensing?

The pricing for SentinelOne Singularity Complete is good. There are other products that are less expensive, but I tell my clients that in security, they cannot cut corners or look for the cheapest solution. If they want security, looking for the cheapest solution means they have the wrong approach, because good products are not cheap.

What other advice do I have?

I don't have hands-on experience with CrowdStrike, Cisco, or Palo Alto products, but I know the companies. I do not have experience with AI features or AI analytics yet. I don't think there is real-time threat intelligence within SentinelOne Singularity Complete, and if there is, I'm not using it. I'm just getting to learn the product, so I cannot offer any deep insightful opinion. On a scale of one to ten, I would rate it a nine or a ten, as I'm very happy with it currently.

Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
Buyer's Guide
SentinelOne Singularity Endpoint
June 2026
Learn what your peers think about SentinelOne Singularity Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
904,680 professionals have used our research since 2012.
reviewer2846475 - PeerSpot reviewer
Senior Security Engineer at a consultancy with 1-10 employees
Real User
Top 20
Jun 3, 2026
Automated protection has minimized threats and reduced detection and response times dramatically
Pros and Cons
    • "It would be nice if they improved the user interface."

    What is our primary use case?

    My main use case for SentinelOne Singularity Endpoint is endpoint detection and monitoring as well as monitoring devices. An example of how I use SentinelOne Singularity Endpoint for endpoint detection is monitoring the device to see if there is any suspicious activity.

    SentinelOne Singularity Endpoint has a very quick detection capability, so we managed to detect a virus and quarantine it during a recent situation.

    What is most valuable?

    The best features SentinelOne Singularity Endpoint offers are the fact that it quarantines any malicious activity very quickly and it detects by hashes. When threats such as ransomware or malware are detected, it alerts me quickly and quarantines the file.

    SentinelOne Singularity Endpoint's scalability is very easy to scale because it just takes adding devices since the main server is already set up. SentinelOne Singularity Endpoint is deployed in my organization on-premises via agents that are installed on each device. SentinelOne Singularity Endpoint has impacted my organization positively as we have been able to minimize threats, and it is automated.

    What needs improvement?

    It is very difficult to say how SentinelOne Singularity Endpoint can be improved as it is such a great product. It would be nice if they improved the user interface. I wish it was easier to navigate the dashboard and that it was more user-friendly.

    For how long have I used the solution?

    I have been using SentinelOne Singularity Endpoint for three years in total.

    What do I think about the stability of the solution?

    SentinelOne Singularity Endpoint is stable.

    What do I think about the scalability of the solution?

    SentinelOne Singularity Endpoint's scalability is very easy to scale because it just takes adding devices since the main server is already set up.

    How are customer service and support?

    The customer support is great and very easy.

    I would rate the customer support on a scale of 1 to 10 as a 10, and I would give customer support a 9 from 1 to 10.

    Which solution did I use previously and why did I switch?

    I previously used Microsoft Defender. I switched because SentinelOne Singularity Endpoint has a lot more AI capabilities and is much easier to use and has a better detection procedure.

    How was the initial setup?

    My experience with pricing, setup cost, and licensing was very easy and simple.

    What about the implementation team?

    Singularity Complete has helped me consolidate my security solutions, as I was able to get rid of a lot of unnecessary software.

    What was our ROI?

    I have seen no return on investment as I do not deal with finances.

    What's my experience with pricing, setup cost, and licensing?

    My experience with pricing, setup cost, and licensing was very easy and simple.

    Which other solutions did I evaluate?

    I evaluated other options such as Microsoft Defender as well as Kaspersky before choosing SentinelOne Singularity Endpoint.

    What other advice do I have?

    SentinelOne Singularity Endpoint has helped reduce my organization's mean time to detect, or MTTD, by 56 percent. SentinelOne Singularity Endpoint has helped reduce my organization's mean time to respond, or MTTR, by 50 percent.

    My advice to others looking into using SentinelOne Singularity Endpoint is that they should evaluate the product and run a proof of concept to see if it is well-suited for the organization.

    Regarding SentinelOne Singularity Endpoint's AI capabilities, I believe it has a lot of governance and security features that are built-in, which I am very impressed with. It is very accurate in terms of its detection regarding SentinelOne Singularity Endpoint's AI capabilities in terms of accuracy and reliability of its output.

    I am very impressed with SentinelOne Singularity Endpoint's ability to ingest and correlate across my security solutions because the solution is able to do its own thing with very little interaction with anything else.

    Singularity Complete has helped reduce alerts by 56 percent as it was able to mitigate false positives. Singularity Complete has saved my staff a couple of hours every day as less human intervention is required and they are able to release the devices. I would rate this solution overall a 10.

    Which deployment model are you using for this solution?

    On-premises

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
    Last updated: Jun 3, 2026
    Flag as inappropriate
    PeerSpot user
    Greg Hansen - PeerSpot reviewer
    Director, Information Technology at Lenovo
    Video Review
    Real User
    Top 5
    Oct 30, 2024
    Our security analysts can efficiently manage incidents and investigations with its succinct interface
    Pros and Cons
    • "We are freeing up our resources and our security analysts' time to focus on the most critical threats to our landscape by not having to chase down false positives."
    • "SentinelOne can continue to make the presentation of relevant and timely data to the analysts as succinct and clear as possible. It will allow analysts to execute remediation or resolution with the least amount of clicks."

    What is our primary use case?

    We have the Singularity Endpoint Detection platform along with the MDR service. We are using their Singularity Enterprise offering along with Vigilance Pro.

    We are currently in the process of deploying it. We started with the deployment earlier this calendar year with a goal of reaching 30,000 endpoints this year. We have deployed to about 25,000 endpoints to date. Our end goal is 100,000, but that will be phased in over the next year.

    How has it helped my organization?

    Our deployment experience has been excellent. We have received a ton of support from their customer success team. We are using this initial deployment to tune the product to make sure it is not causing performance issues on our endpoints. We are going about it in a very methodical fashion.

    It has helped us achieve business goals in a few areas. Even though we are early in our adoption, there are a few areas where I have seen benefits. One is around the technology, the solution itself. It provides our security analysts with a very succinct and usable interface that they can use to effectively and efficiently manage incidents and investigations. 

    The second area is around the MDR. This has been a huge benefit to us compared to our prior solution. We used to get a lot of false positives. That took up the time of our security analysts, which then took away time from addressing real problems.

    The risk management at Lenovo has improved greatly over our prior toolset. We have identified risks that we would not have otherwise identified with our prior implementation.

    Our analysts' efficiency has gone up tremendously. We are not chasing false positives. The tool provides timely and relevant information to our analysts so that they can address the events with confidence. They know they are working on the right activities, and then along with the managed service, they are not chasing rudimentary incidents. Those are being resolved before they can get to our team.

    It has definitely helped us reduce noise. In the prior platform, which we are phasing out, the false positive rate was tremendously high. That caused a huge amount of inefficiency in the team.

    It has helped us increase our incident response because we are working as a team. We not only have an improved platform for detecting and managing incidents; we are also partnering with SentinelOne on the MDR and the managed service aspect of it.

    It has helped us improve our mean time to respond from a perspective of seeing what is happening. I do not have any metrics related to the percentage of that improvement.

    It has highlighted the risk of insider threats, and we have found that on multiple occasions. It is hard to compare if they would have been caught in our prior solution, but we have increased visibility into what is going on across our network and the machines that are connected to it.

    SentinelOne is an integral part of our AI strategy. We have recently got a chief AI officer in our organization. He happened to be our chief security officer, so we take AI very seriously. There are two things that AI can impact. We can leverage SentinelOne to help us protect the AI models that we develop and use, but we can also leverage AI for endpoint protection in the product itself. We can utilize the AI offering to improve our response rate and mean time to respond.

    What is most valuable?

    We are freeing up our resources and our security analysts' time to focus on the most critical threats to our landscape by not having to chase down false positives. In conjunction with the MDR, many of those incidents and events are mitigated and resolved without any intervention from our team.

    What needs improvement?

    SentinelOne can continue to make the presentation of relevant and timely data to the analysts as succinct and clear as possible. It will allow analysts to execute remediation or resolution with the least amount of clicks.

    For how long have I used the solution?

    We started with the deployment earlier this calendar year.

    How are customer service and support?

    The support from SentinelOne has been second to none, exceeding expectations. Maybe we are in the honeymoon period, but they have definitely exceeded expectations. I have been part of many deployments, not just of cybersecurity platforms but also of other platforms, and SentinelOne, in comparison, has been second to none.

    How would you rate customer service and support?

    Positive

    What's my experience with pricing, setup cost, and licensing?

    We purchase it through CDW.

    Which other solutions did I evaluate?

    One of the primary considerations in evaluating EDR and identity security vendors was around the effectiveness of the detection and the ability to tune the solution to fit our needs. The presentation of the data to our analysts and the ability to detect events and threats that were not detected by our prior platform played a big role in that. We also were able to test out the MDR service as part of our proof of concept. That pushed it over the edge from anything we experienced with other vendors.

    Earlier, we had a high false positive rate coming in, which would take up our analysts' time. In addition to that, our prior vendors or other vendors would report threats and incidents to our team but not what action to take to resolve them. The huge difference that we have seen is that we are now getting feedback from SentinelOne and the MDR team, and it is coming back completely resolved and completed. We are more on an information basis, and we do not have to spend any time on resolution or investigation.

    What other advice do I have?

    Anyone considering changing their endpoint detection or SIEM solution should consider SentinelOne. It offers benefits in the product and technology aspect, service aspect, and partnership, allowing us to influence the roadmap and plan our cyber defenses.

    Even though we are early on in our adoption, we have had a direct line of contact with the product team. We have been able to provide feature requests. We are not simply a customer of SentinelOne. We view it as a partnership. We can influence the roadmap. Likewise, SentinelOne is providing us a vision of their roadmap, and we can plan accordingly how to steer our cyber defenses.

    As it stands today, I would rate SentinelOne Singularity Complete a nine out of ten simply because we are so early in our adoption that we are not taking full advantage of all the aspects of the solution. We will continue to grow and mature alongside the product.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    PeerSpot user
    reviewer2687556 - PeerSpot reviewer
    Cyber Consultant at a consultancy with 11-50 employees
    Consultant
    Top 10
    Apr 13, 2025
    User-friendly interface and policy customization helps with server protection
    Pros and Cons
    • "The interface of SentinelOne Singularity Complete is user-friendly, and we can quickly find what we need."
    • "Overall, I would rate SentinelOne Singularity Complete a nine out of ten because nothing is perfect, but it is close."
    • "SentinelOne Singularity Complete is the best EDR in the market, but it will evolve, though I have concerns about using US partners in Europe due to the geopolitical context. It is better to work with European companies."
    • "The main issue with SentinelOne Singularity Complete was the process memory used for Linux servers, which generated a lot of tickets and incidents due to the high load of disk consumption and memory."

    What is our primary use case?

    Our main use case is to protect all the Linux servers. We use it only for servers, not for users.

    How has it helped my organization?

    SentinelOne Singularity Complete is one of the most mature solutions available. It shows great benefits over time.

    We can install filters to analyze every alert, and make some whitelists, blacklists, and exceptions, thus helping reduce alerts.

    It can reduce the organization's risk. It gives better control to our limited team resources.

    It already has AI capabilities, which is one of their advantages.

    What is most valuable?

    When you select a policy for a type of server, such as an Active Directory, we can apply a dedicated policy. We can have a dedicated policy for Exchange Server and a dedicated policy for MS SQL, Oracle server, etc.

    The interface of SentinelOne Singularity Complete is user-friendly, and we can quickly find what we need.

    What needs improvement?

    The main issue with SentinelOne Singularity Complete was the process memory used for Linux servers, which generated a lot of tickets and incidents due to the high load of disk consumption and memory. The problem was on all systems, but especially on Linux servers. It might have already been fixed.

    SentinelOne Singularity Complete is the best EDR in the market, but it will evolve, though I have concerns about using US partners in Europe due to the geopolitical context. It is better to work with European companies.

    For how long have I used the solution?

    I have been using SentinelOne Singularity Complete for approximately four years.

    What do I think about the stability of the solution?

    For stability, I would rate it a nine, as I have experienced only the issue of overload.

    How are customer service and support?

    The technical support from SentinelOne Singularity Complete is very active and good, with a strong knowledge base available online. The response time of technical support is satisfactory and acceptable.

    I would rate their support a nine out of ten based on reactivity and the solutions they provide; this is based on my team's interactions, not mine.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    For Windows servers, we are using Defender. SentinelOne Singularity Complete is only used for Linux servers. 

    How was the initial setup?

    The initial setup was not really complex; we only needed one on-premise management server to deploy to different servers. It took about two months for about 300 servers.

    What about the implementation team?

    I am the third party assisting in the deployment.

    What's my experience with pricing, setup cost, and licensing?

    I don't know about the licensing model. It seems easy, but it's not my area of expertise. I don't have information on how it compares to its competitors, but the pricing is per device.

    Which other solutions did I evaluate?

    We conducted some PoCs between SentinelOne Singularity Complete, Defender, and Carbon Black, and we decided to go with SentinelOne Singularity Complete based on usability. 

    What other advice do I have?

    It is unclear if it has helped reduce our organization's mean time to detect or respond because we have a platform with four people, and we are using SOC as well. Our main activities are done by four people, and we don't have much time to conduct thorough investigations.

    I cannot assess SentinelOne Singularity Complete's ability to be innovative because we stayed with it after choosing it and never compared it with others.

    Overall, I would rate SentinelOne Singularity Complete a nine out of ten because nothing is perfect, but it is close.

    Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
    PeerSpot user
    Jai Prakash Sharma - PeerSpot reviewer
    Executive Vice President Technology at InfoEdge India Ltd
    Real User
    Top 5Leaderboard
    Sep 19, 2024
    Provides centralized management but doesn't work very well with Linux endpoints
    Pros and Cons
    • "Whether our endpoints are running on Windows, Mac, Linux, or any flavor of operating systems, and even mobile devices, we can have a central dashboard through which we can do complete user management and policy management. We can have a complete security posture organization-wise, department-wise, or business-wise."
    • "We ran into production issues related to CPU utilization on Linux endpoints. Our production environment's performance got degraded like anything."

    What is our primary use case?

    We used it only for six months. Initially, it turned out to be a good product, but then we had an issue, so we stopped using it. We are now using CrowdStrike.

    From an endpoint perspective, we have a heterogeneous environment. We have Windows, we have Mac, and we have Linux endpoints. We deployed it on all the endpoints, all different operating systems, and cloud instances as well. Our AD was also integrated along with the identity solution, but the issues specifically get reported on the endpoints for open-source or Linux. That is why we decided not to move forward with it.

    By implementing SentinelOne Singularity Complete, we wanted security for our endpoints. After COVID, endpoint security became even more critical because our perimeter was more exposed. It was expanding wherever the end users were, so endpoint security became much more critical. Previously, in terms of endpoint security, the traditional antivirus, anti-malware, and endpoint protection were disconnected systems. We did not have any offline correlation, log collection, or policy management, whereas SentinelOne, as well as CrowdStrike, come with a central console. For compliance requirements, such as ISO, SOC 2, or PCI, we have to provide evidence in terms of the status of the endpoint patches and security posture. That is possible through the central console. That was the motivation for us to move to one of these products. SentinelOne was our first choice, but we ran into a specific issue.

    We had not specifically signed up for any risk management, but we were also looking to expand that to a completely managed SOC where we do the log correlation as well. When we initially started, we only started with the endpoint, identity, and cloud.

    How has it helped my organization?

    The main reason for getting this solution was that it was a new-gen endpoint solution for having an organization-wide view of security vulnerabilities or abnormal behavior. That was the main reason we got started with SentinelOne Singularity Complete. It gave us a lot of that information. It also helped us with compliance requirements. In the case of any specific instance or any abnormal behavior, its reports certainly helped us with the root cause analysis and collection of logs. It helped us in providing or collecting the evidence that we could use in our compliance reports to ensure proper reporting for relevant legal entities.

    The ranger product helped us to do discovery of endpoints. We could identify our rogue devices.

    SentinelOne Singularity Complete helped to reduce alerts. It groups the alerts. If you have similar alerts coming from the same server or a couple of servers at a similar time frame, it groups them and sends a single alert along with the device ID. This way, you have less number of alerts for the team to work on. If the agent itself is not in the running state or does not have the latest signatures available, it basically groups the alerts and tries to create a single alert. You have all the endpoints listed out, and you can take action against that particular issue rather than the same issue being reported from thousands of machines together. It is hard to provide the metrics, but generally, it helped quite a bit. I had around 8,000 endpoint licenses, and if 20% of the services started reporting the same issue, there would have been 1,500 to 1,600 alerts in a minute. It merges them into a single alert. We can also define a real-time action. A single alert helps our backend team to take action easily. The same is applicable to the SentinelOne support as well. If certain patches or certain actions are required to mitigate an issue, their team can do the mitigation in one shot and the fixes get pushed to all the servers that were reporting that particular issue. In one shot, you can automate and orchestrate your mitigation.

    SentinelOne Singularity Complete helped reduce the mean time to detect and the mean time to resolution. There was at least a 10% reduction.

    SentinelOne Singularity Complete did not help us save any direct costs, but there is an opportunity in terms of manhours saved in the backend because of having all these features integrated. There were indirect cost benefits. We saved a lot of hours because our engineers did not have to keep an eye on all the alerts. They could automate certain actions. That was an indirect cost benefit. I cannot list any direct cost benefits. These are costly products.

    SentinelOne Singularity Complete absolutely helped reduce organizational risk. It is meant for that. We had different levels of reporting available. We could have an executive view. We could view the standards or framework that we were using. We could see the level of compliance to various standards in terms of percentage. We could also define the actions by accepting something as a risk or mitigating that by orchestrating.

    What is most valuable?

    There is centralized reporting and view. We can have role-based access management where technical people or monitoring people can have a central dashboard with a single view of all the endpoints. Whether our endpoints are running on Windows, Mac, Linux, or any flavor of operating systems, and even mobile devices, we can have a central dashboard through which we can do complete user management and policy management. We can have a complete security posture organization-wise, department-wise, or business-wise.

    They have a good data lake kind of feature where you can ingest all the security logs. They can be from your endpoint, your identity management system, or your cloud. They can be from any of those services, so you get to do log analytics. That is one of the features that I liked about it. The same capability is also available with CrowdStrike which we are now exploring because of the issue with SentinelOne. However, at the time, with SentinelOne Singularity Complete, because of log analytics, we could do threat intel or sandboxing or have custom logic written for any specific kind of reaction. Those kinds of things were quite easy.

    Log analytics and a couple of other things were also pretty good.

    What needs improvement?

    We ran into production issues related to CPU utilization on Linux endpoints. Our production environment's performance got degraded like anything. After a lot of debugging, we figured out that because it consumed a big percentage of the CPU and memory. Some of the applications were restarting automatically or randomly. We had an auto-healing infrastructure, so if the system memory was available, the application would restart on its own. When this issue got prolonged, we could see a lot of service failures because of being out of memory. This issue started hitting us wherever we had persistence connection requirements. Because existing connections were breaking completely, any transaction that somebody was doing online got terminated, and that was a big issue.

    They should improve it for the open-source or Linux endpoints. They can provide customizations where we can limit the on-access CPU utilization or memory utilization. It should honor the specified limit and use only a limited percentage of CPU and memory rather than utilizing all the CPU or memory available on a system. 

    Other than that, I do not have any input. There is a lot of potential. There are a lot of possibilities for orchestration and sandboxing. Because we hit one particular issue, we were not able to continue using it, but I see a lot of opportunities there.

    For how long have I used the solution?

    With SentinelOne Singularity Complete, we did not work for a long time. We gave away this product within six months. There were some problems or issues reported, and that is why we discontinued using this product. We stopped using it nine to ten months ago. We have now migrated completely to CrowdStrike.

    What do I think about the stability of the solution?

    I discarded this product within six months. I would rate its stability a five out of ten.

    What do I think about the scalability of the solution?

    Its scalability is fine. I would rate it a nine out of ten for scalability. 

    We used it in a heterogeneous environment. We had about 8,000 endpoint licenses.

    How are customer service and support?

    I would rate their support a six out of ten because the issues that I had reported were not resolved.

    As a strategic partner, SentinelOne is pretty good. They are very proactive.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    Prior to SentinelOne Singularity Complete, we had multiple pieces. We did not have one single product for everything. For endpoint security, we had McAfee as an antivirus and anti-malware. For identity, there was a different application altogether. For SIEM, there was a completely different solution, and for log correlation, we had a different log management server. Dashboarding solutions were completely different. EPO was the tool that we had to orchestrate some of the endpoint and antivirus-related policies.

    We were having some challenges with SentinelOne Singularity Complete, so we migrated to CrowdStrike. We are now also exploring CrowdStrike's SIEM solution.

    From a maturity standpoint, both SentinelOne Singularity Complete and CrowdStrike are mature products.

    How was the initial setup?

    We deployed it on-prem and on the cloud. Its deployment was straightforward. It was orchestrated via my backend tool.

    It does not require much maintenance. The maintenance required is similar to an endpoint. One or two people are sufficient for 8,000 to 9,000 licenses because they need to just monitor the status. In case they find a rogue device, then only they have to take action. Otherwise, once they have a complete deployment done, they just need to automate reports and tasks. Those kinds of things certainly help.

    What's my experience with pricing, setup cost, and licensing?

    It is expensive. There is no doubt about it. If one of the functions does not work, it becomes very difficult for any CIO to justify the cost.

    I would not be able to share the exact price, but we had almost 8,000 endpoint licenses, and it was a huge cost.

    CrowdStrike is not cheaper than SentinelOne. Both products go neck to neck. Both are costly products. 

    What other advice do I have?

    I would advise going for this solution only if you have a clear use case.

    I have only one recommendation. If anybody wants to use such a solution to its potential, they need to be very clear about their use case. They need to know whether they want to go for the complete solution or they are just focusing on the endpoint solution. If you have a complete use case that requires EDR, identity, cloud, and log analytics, then SentinelOne or CrowdStrike makes sense. If you only have an endpoint use case, then these solutions do not make sense. It would not be a cost-effective deal.

    After the complete endpoint deployment, you have complete asset visibility. We never used the life cycle management piece. We were just using the EDR feature.

    SentinelOne Singularity Complete did not help free up the time of our staff for other projects and tasks. It has a lot of potential to do that, but we used it for a very short duration. Because of the issue we had, we did not continue using this solution. However, it has a lot of potential.

    I would rate SentinelOne Singularity Complete a six out of ten. After they improve the product and their support, I may increase the rating. At this time, I cannot rate it more than six.

    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    PeerSpot user
    reviewer2676195 - PeerSpot reviewer
    IT Infrastructure Manager at a training & coaching company with 11-50 employees
    Real User
    Top 20
    Mar 18, 2025
    Simplifies operations with good UI and centralization
    Pros and Cons
    • "The web portal has a really good web UI, and all the things are well integrated."
    • "Singularity Complete has helped reduce alerts."
    • "The basic functionalities should be up and running even during maintenance windows. I understand that it is a software-as-a-service model, but it becomes a problem if I cannot do anything when issues occur during maintenance."
    • "The maintenance window can be improved because once it happened that I had multiple laptops, and the maintenance window caused a lot of laptops to get stuck in the portal, blocking access."

    How has it helped my organization?

    Singularity Complete has helped reduce alerts. We have one place to go to check them, and there is also a reduction in false alerts.

    Singularity Complete helped free up our staff for other projects and tasks. I do not have the metrics, but it saves a lot of time compared to what I have used at other companies.

    Singularity Complete has helped reduce our mean time to detect. We only have to look at the portal. We can quickly isolate the user or the device, which also stops the virus from spreading. It also reduces our mean time to respond.

    What is most valuable?

    The web portal has a really good web UI, and all the things are well integrated. It is easy for us to increase the number of users because it is pretty simple.

    What needs improvement?

    The maintenance window can be improved because once it happened that I had multiple laptops, and the maintenance window caused a lot of laptops to get stuck in the portal, blocking access. This is important to address. The basic functionalities should be up and running even during maintenance windows. I understand that it is a software-as-a-service model, but it becomes a problem if I cannot do anything when issues occur during maintenance.

    They could make it simple to have a SIEM integrated with their solution so that we can send logs to their server and then analyze them.

    For how long have I used the solution?

    I have been using SentinelOne Singularity Complete for almost one year.

    What do I think about the stability of the solution?

    It is stable.

    What do I think about the scalability of the solution?

    It is scalable. We have 50 users in our company. We have three administrators. We also have a consultant.

    How are customer service and support?

    I did not have the opportunity to contact them because I had almost no issues.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    We were probably using Webroot. I was not there when they made the decision to switch.

    How was the initial setup?

    I did not participate in the initial setup, but our new onboarding process for laptops is really straightforward. You just join the domain, and the software gets installed automatically. It is bound to our site, making it very easy.

    What was our ROI?

    It is difficult to measure ROI, but since we started using it, we have not had any problems related to security. We have not experienced any breaches or issues so far.

    It has absolutely helped reduce our organizational risk.

    What's my experience with pricing, setup cost, and licensing?

    Overall, it was a good experience. It is pretty easy for us to increase the number.

    What other advice do I have?

    SentinelOne is focused on this solution. This is evident in the GUI. The GUI is well done compared to solutions like Microsoft Defender which I have been trying to get into, but it almost repels me. SentinelOne Singularity Complete is very stable and mature. It is one of the best solutions that one can choose.

    I would rate SentinelOne Singularity Complete a nine out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    PeerSpot user
    Magdy Ali - PeerSpot reviewer
    Network & Security Section Head/Digital Transformation at a government with 201-500 employees
    Real User
    Top 5Leaderboard
    Mar 2, 2025
    Automation has freed up our team, streamlining quick actions and restoration capabilities
    Pros and Cons
    • "The most valuable features are the quick action and restoration capabilities."
    • "The stability is just okay."

    What is our primary use case?

    First, budget-wise, and for the quick actions I take in automation, certainly AI plays a crucial role.

    What is most valuable?

    The most valuable features are the quick action and restoration capabilities. I can catch any behavior and restore everything for the last two changes. There's also automation that gives my team free time, preventing them from having to look for every alert. As a result, we don't need their action on some emails.

    What needs improvement?

    Integration with the firewalls is needed because there is no integration with Forti as a FortiAnalyzer. It is currently integrated with FortiManager and the Forti box, but if I have an analyzer, it doesn’t integrate with them. It would be better if there were direct integration with FortiAnalyzer.

    For how long have I used the solution?

    I have used the solution for two years.

    What do I think about the stability of the solution?

    The stability is just okay.

    What do I think about the scalability of the solution?

    The scalability is good at more than ninety percent.

    How are customer service and support?

    I would rate the customer service at an eight.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I tried, when busy, CrowdStrike, and as an endpoint, I work with FortiClient.

    How was the initial setup?

    The setup is complex related to the XDR because there are more logs, and the queries need someone expert for that. I should create a guide.

    What about the implementation team?

    The deployment has been done in-house by my team.

    What was our ROI?

    If I compare prices between SentinelOne and another solution, I have already conducted this exercise, and SentinelOne is cheaper by more than sixteen percent.

    What's my experience with pricing, setup cost, and licensing?

    It’s cheaper than other competitors.

    What other advice do I have?

    I will recommend it to other clients. The quality is good for us based on our operations. We don't have a huge amount of transactions, but it’s good for us. The solution meets our needs. It’s good. Overall product rating is eight out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    PeerSpot user
    Eddie Drachenberg - PeerSpot reviewer
    Global Network and Infrastructure Manager at Bettcher Industries
    Real User
    Aug 31, 2023
    Provides peace of mind and is good at ingesting data and correlating
    Pros and Cons
    • "The solution has helped reduce our alerts."
    • "One thing I don't like is the exportable report. They're they're not as useful as I'd hoped they would be."

    What is our primary use case?

    We need to provide a form of antivirus for our cybersecurity insurance. The new term now is EDR or endpoint detection response. I tested out several vendors including CrowdStrike, SentinelOne, and Cisco. SentinelOne definitely stood out. My use case is pretty for much protecting all of my end-user devices and all of my servers on-premise and in our virtual environment.

    How has it helped my organization?

    We were trying to solve for visibility and license management. We used to use other products, and licensing became an issue. We would have issues where clients would not really be connected all the time. They would just randomly lose connection. And that was with McAfee. 

    ESET was another one that we used in the past, and we just kept running the issues with the physical server. So having a cloud-managed EDR solution, the agent-based, cloud-managed solution, has worked very well for a few years now at multiple companies. It's the first thing I bought when I came to my new company.

    What is most valuable?

    I really like Ranger. I like the deep dive of Ranger in an incident section. Diving into each incident and being able to see complete visibility of when the action was taken against something that it deemed a threat is valuable. Using those incidents in Ranger is definitely up there on my list of favorite features. I have multiple locations all across the globe. Being able to separate my devices, per location, is super helpful.

    It's good at ingesting data and correlating. It has zero issues with ingesting data with the agents installed. I've had no issues with that. Being able to go through and create exclusions for specific types of data, like SQL has been really tough in our environment. Being able to just go through and customize those exclusions and working with the support team is great. We also have Vigilance, which is another SOC that they offer. That's a fantastic service.

    Everywhere I have an agent, it sees everything, and it does so when I deep dive into a threat or a proposed threat. It does pick out host names, and IP addresses, and it just gives you a really clear picture where you can read it.

    I like that Ranger requires no new agents or hardware. Anytime you can keep it lightweight enough. If you add a function and you only pay for your yearly fee for an extra function without making changes in your environment, that's huge. 

    I love the reporting. The reporting definitely helps me see the entire network and find what open ports are out there. I can work with my network team to get those things closed, which is fantastic. I like the ease of looking at the graphs and the reports.

    The solution has helped reduce our alerts. Instead of waiting on a monthly basis and then executing a plan, I'm able to keep up with it all throughout and day to day. That granular control has left me very impressed.

    It gives me peace of mind. My staff isn't really using it. I know I have 24/7 eyes on it. 

    It has helped me reduce my mean time to detect. I would be lost without the tool. It definitely helps me figure things out really quickly. I can figure out the whole story very quickly. 

    It helps with my mean time to respond. It definitely helps with that. I get an alert in my email immediately, which lets me just know that something happened to my environment. That's something that I previously did not have in my old tool set.

    What needs improvement?

    I do want to see Vigilance reach out with that Identity. I don't have Identity, however, it's a very good tool. There is another tool that I use called Purple Knight that does very similar things. I'd like to see adding Vigilance to the visibility of Identity. 

    One thing I don't like is the exportable report. They're not as useful as I'd hoped they would be. I always feel like I have to finagle them a little bit before I can present them to the executive board. The reporting needs to be beefed up a bit more. Everything feels a little lacking. They're trying to keep it simple, yet it is a little oversimplified. 

    I really wish it could be an app on my phone. If I could open up an app on my phone and get all the alerts or look at my environment and see the health real quick, that would be ideal. It doesn't have to be a full feature.

    I'd like the ability to have text alerts, for example, if something gets quarantined. 

    The website, if you are trying to figure out what all the products are, it's kind of busy. I don't know what all the products are. The marketing is a little tough to follow. 

    For how long have I used the solution?

    I've been using the solution for three years.

    What do I think about the stability of the solution?

    I haven't experienced any stability issues. 

    What do I think about the scalability of the solution?

    The solution is extremely scalable. It's super easy to push out to thousands of clients if you really need to. I haven't had any issues. It scales very well.

    How are customer service and support?

    Usually, technical support is very good. They are very knowledgeable. It's usually 24 hours for a response. I've had a couple of phone conversations with them. Right now, we're going basically through email. They give me a ton of information. They're open to working with my third-party MSP. Right now, the MSP brought up a concern about a very specific function that needs a little bit more tending to in the exclusion arena. 

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We had Defender at this company before.

    How was the initial setup?

    I was involved in the initial setup.

    The deployment is very straightforward. It's super easy to just download your agent, and you get your site token, you install, and you push it out. We use the PDQ at my last company. Here, we use SCCM. We push it out with the MSI, with the site token pre-installed. I see it on my dashboard. It's easy.

    My last deployment was handled by myself.

    The solution does not require any maintenance anymore. It used to be kind of a headache to go through and have to update the agent. And just to remember to do it. Now I get the email. It tells me there's a new agent out there. I go read up on what the changes are, which is great. Then I go in there and set up the auto-install on the agents, and it just hits them on the schedule. You only have to really pay attention to it once in a blue moon when a new agent is installed or there's a general release.

    What about the implementation team?

    I installed the solution myself.

    What's my experience with pricing, setup cost, and licensing?

    I can pay, for my environment, between $30,000 and $40,000 a year, and that's a pretty good deal.

    What other advice do I have?

    I'm a customer and end-user.

    I haven't really done any third-party tools. I've looked into their Identity tool which is one of the newer offerings that they have. It's a very nice offering. It is rather expensive. That said, it is very nice to be able to see Active Directory all in one pane of glass. Honestly, the hardest thing about my job as a security professional is having all these different tools so the more I can see everything in one area, the better it is.

    The quality and maturity are important. The company is relatively new in the space, however, they are pretty mature in the market and pretty well-respected. 

    SentinelOne is a great strategic partner. I can't see myself doing security without them at this point. They are one of the backbones of my security platform. They were the first pieces even before I bought Cisco Duo or Meraki. 

    I'm excited to see where this will be in the next ten years. I can just see this platform just going crazy. I would love to see maybe a little bit more focus. We have to deal with a lot of sensitive equipment that run specific jobs and I love how SentinelOne, and specifically Ranger, is very passive in its ability. It complements our OT. I would love to see some way of getting away from the super expensive platforms of Tenable and bringing in some of these functions that Tenable offers from a scanning platform fully into SentinelOne in the future.

    I'd rate the solution nine out of ten.

    This is a best-in-breed solution. If you're looking at anything in comparison, do your due diligence, do proof of concept between whatever companies you're looking into. However, SentinelOne is the best-in-breed.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Cyber Security Engineer at a leisure / travel company with 10,001+ employees
    Real User
    Top 20
    Sep 4, 2024
    Offers threat hunting, visibility, and malware protection in one console
    Pros and Cons
    • "I find the product very easy to maintain and troubleshoot. Their engineers are very helpful if you need additional assistance. It's one of the best products I've used. It's easy to use from my standpoint, both for troubleshooting and with the support we get from their team if necessary."
    • "It would be nice to be able to adjust the canned reports manually and choose the specific data we want to report on instead of being limited to their pre-set reports."

    What is our primary use case?

    We use the tool for malware protection and the XDR portion to track intrusions and possible exploitations.

    What is most valuable?

    I find the product very easy to maintain and troubleshoot. Their engineers are very helpful if you need additional assistance. It's one of the best products I've used. It's easy to use from my standpoint, both for troubleshooting and with the support we get from their team if necessary.

    I find its interoperability with other solutions very good. When there are issues, because everything eventually has issues, the team is very good about running logs and finding out what portion is having issues. We can either exclude a portion of it or make it work. They find a solution.

    We haven't had any issues with how we ingest or correlate data across security solutions. We use APIs and things like that to ingest data. For us, we haven't had any issues with the tools we use, but I can't speak for other organizations.

    We now have threat hunting, visibility, and malware protection in one console. There are other portions we don't leverage because we choose to keep them separate, like our firewall, but we could if we wanted to.

    The solution has helped us reduce false positives. We still get alerts, but I think they're more dynamic now. We have fewer issues with systems. It doesn't take as many resources, so we don't have outages caused by hijacking resources. We've probably reduced our issues with that by 90 percent from the previous program we were using.

    The tool has helped free up our team's time. Especially when it comes to upgrades, I went from taking several months with the previous software to getting it done in a week or two for 15,000 to 17,000 assets. It's freed up months.

    While I don't track mean time to detect specifically, I know it's very quick because of the way it detects intrusions. It's anomaly-based, not signature-based. It will flag something, review it, determine whether it's a false positive or actually malicious, and then quarantine it. It's pretty instantaneous. We've averted several ransomware attempts before they could infect anything.

    Our mean time to respond has decreased significantly. The response is much quicker now, especially since very little gets reverted to us for handling. The Vigilance AI portion usually takes care of most of it, determining the severity of something and whether it needs human attention.

    It has helped us save costs, particularly regarding fewer infections throughout the network. While I don't have exact numbers, we've had a reduction in costs associated with reimaging machines due to malware.

    What needs improvement?

    It would be nice to be able to adjust the canned reports manually and choose the specific data we want to report on instead of being limited to their pre-set reports.

    For how long have I used the solution?

    I have been using the product for three years. 

    What do I think about the stability of the solution?

    In terms of stability, we have no downtime from SentinelOne Singularity Complete. We may have some complications with interoperability when we deploy something new that didn't get tested, but that's usually not SentinelOne's fault. It's usually because a third party changed something that had already been whitelisted.

    What do I think about the scalability of the solution?

    We haven't had any issues with scalability. It scales very well from small to large. We're at 16,000 endpoints, and it's very easy to deploy and manage.

    How are customer service and support?

    I've contacted technical support myself. Their response time depends on the severity with which you submit the case. For low priority, it takes about a day or two. For high priority, it's within an hour or two, according to their SLA. They're very prompt.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We switched from Symantec to SentinelOne Singularity Complete mainly because of cost and technology changes. Symantec wasn't changing quickly enough as technology moved toward the cloud, and things were going faster. Broadcom was still using heavy, clunky on-premises agents that used a lot of resources. SentinelOne Singularity Complete was new, next-gen, smoother, and quicker with less downtime. They manage their end in the cloud, so we don't have to maintain our console.

    How was the initial setup?

    We saw the benefits immediately after deployment. The deployment was seamless, easy to learn, and easy to use—very intuitive. The initial deployment was pretty seamless and easy. It took us about six months to fully deploy, but that was because we did it in segments. We're a global organization with many different entities, so we had to do it segmented. It probably would have taken us a quarter if we had just set it out all at once.

    The only maintenance we require is keeping our agents up to date. We do this manually because we go through a change approval process to ensure we don't introduce anything that will harm the system. We then test and deploy.

    What about the implementation team?

    We used SentinelOne's guidance, but we did the deployment ourselves in-house.

    What other advice do I have?

    My impression of SentinelOne Singularity Complete as a strategic security partner is that it's state-of-the-art, easy, and uncomplicated. As an engineer, I find the product easy to deploy, maintain, and efficiently. I rate the overall solution a ten out of ten. 

    I advise new users to read the manual before they start using it. Understand all the different modules to utilize them as intended and get the best out of them. Also, use their support if you have questions before you deploy. Get a game plan and follow their recommendations.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Buyer's Guide
    Download our free SentinelOne Singularity Endpoint Report and get advice and tips from experienced pros sharing their opinions.
    Updated: June 2026
    Buyer's Guide
    Download our free SentinelOne Singularity Endpoint Report and get advice and tips from experienced pros sharing their opinions.