SentinelOne Singularity Identity Reviews

I primarily use the solution for endpoints. I can monitor if any situations develop.

It's really more of an assurance. We don't need it to solve any issues. We can look at various threats or agents and items of that nature. It helps increase our security posture. 

The product saves us a lot of time so that we can focus on other things.

It gives us a lot of flexibility in terms of agent usage for EDR. I can decommission agents and put them somewhere else. It also gives us deep visibility. 

The incident and threat logs are great. I might have to restart an agent. I might have to decommission an agent. To be able to do that very quickly saves me a lot of time. The product gives me a lot of deep visibility.

The solution provides a good unified view. I do know exactly where I need to go. The layout is good. 

It's extremely easy to handle the management console. I can see what is up and cross-correlate easily.

The product's ability to protect identities from exploitation is good. It does a fair job. I'm not saying it's the best, however, it does a fair job. Vulnerabilities are detected every day.

We do get visibility into our attack surface risk. It is decent. There are other solutions out there that do a little better job. However, it's okay.

Its ability to detect and prevent threats is pretty good. Sometimes we do get a lot of false positives. We'll have to go through it and see things on a deeper level. It's fairly good.

The product has helped reduce our mean time to detect. It has definitely saved us a good couple of hours for a week for sure.

Dealing with customer support, if we do have an issue can take time. In one case, a couple of agents weren't working and we didn't know why. We needed more response customer service. 

Sometimes I get kicked out of the console. I don't know why.

Other than that, the solution is good and there are no missing features. 

I've used the solution for one year and eight months.

The stability is very good.

The solution has good scalability.

Given how fast our industry works, if we could get a response within 24 hours, that would be great. Often, support will refer us to an article. That's great, yet not helpful. We've had situations where we submitted three or four tickets and had to get someone on the phone. We had to go through three levels and in the meantime, we still had the issue with some of our agents. They need to offer a quicker response.

Neutral

I was not involved in deployment.

The solution saves us time and money and therefore we have witnessed a positive ROI.

The pricing is a bit higher than what we expected. However, we were recommended this solution.

We did evaluate other options. 

I'm an end-user.

Windows Defender is great, however, if a company is looking for deeper visibility, this is a good solution. 

I'd rate the solution seven out of ten. 

The product will be different for everybody. People need to go in with their eyes wide open.

We use SentinelOne Singularity Identity as our Extended Detection and Response solution. I engage with it daily since it's essentially one of my routine tasks. I access the platform to monitor our environment, check for any incidents, and address any related matters.

We began utilizing the solution primarily to manage response to detections, mainly for threat detection.

SentinelOne Singularity Identity has assisted our organization in reducing manual workload and providing alerts when issues arise in our environment.

It Identity provides a unified view.

Managing our environment using SentinelOne Singularity Identity console is easy. It is extremely easy to push agent updates using the console.

It does a great job protecting identities from exploitation.

Singularity Identity does a good job of providing us with visibility into our attack surface risk and where we should be looking.

SentinelOne does a good job of detecting and preventing threats.

SentinelOne Singularity Identity has helped reduce our MTTD by hours because we have moved from manual identification to automated.

All the features within the XDR are valuable as a whole for our organization.

The first-level support has room for improvement. We are consistently having to request escalations, particularly when we need to add exclusions for false positive readings. Their typical response is that we can create exclusions, but we disagree. For instance, if a manufacturer installs rpc.net or a similar locating device on our external laptop, that should be an exclusion handled on the SentinelOne side. It shouldn't be our responsibility. This is just one example. Additionally, SentinelOne often claims that their first-level support provides a dedicated exclusion, but we usually disagree with this assessment and push back.

I have been using SentinelOne Singularity Identity for three and a half years.

I give the stability of SentinelOne Singularity Identity a ten out of ten.

I give the scalability of SentinelOne Singularity Identity a ten out of ten.

The first-level support needs improvement but the other levels are great.

Positive

We have seen a return on investment.

The cost of SentinelOne Singularity Identity is better than CrowdStrike.

We also evaluated CrowdStrike but  SentinelOne Singularity Identity was a better fit for our environment.

I would rate SentinelOne Singularity Identity a nine out of ten. I recommend using SentinelOne Singularity Identity as an additional layer of security, which also aids in reducing manual workload.

I also recommend that those who are evaluating the solution ensure they complete their work on the front end so that the rest of the deployment proceeds smoothly.

We have deployed SentinelOne Singularity Identity across 3,000 endpoints spanning multiple clouds, departments, and users. 

We utilize SentinelOne Singularity Identity to prevent malware and to monitor for any ongoing malicious activities. Another use case that we've recently adopted is the extraction of vulnerability data. We are beginning to incorporate this data into our vulnerability management program.

Our goal was to transition from using a signature-based antivirus to a next-generation antivirus that relies on behavioral analysis. This was the main motivating factor behind our decision. While we were inclined to make this change, our cyber insurance provider also exerted pressure on us to adopt the NexGen antivirus. They even offered a significant discount on our insurance premiums if we implemented it. This played another important role in our decision-making process. We were specifically seeking a solution that could effectively combat ransomware. Unlike other antivirus and signature-based solutions, which don't effectively tackle ransomware, SentinelOne provides warranty coverage for ransomware incidents, making it an appealing choice. To date, we have been fortunate enough not to have experienced any ransomware attacks. SentinelOne advertises that we won't receive ransomware, and indeed, we haven't received any. Last year, we acquired an automated penetration testing program separate from SentinelOne. This program collaborates with SentinelOne to simulate malicious activities within our environment. Essentially, it tests SentinelOne's capability to detect and prevent ransomware. The results from this tool confirm the effectiveness of SentinelOne.

We're quite satisfied with the layout of the console. I have a security analyst who works under me, and he mentioned that out of all the antiviruses he has ever used, SentinelOne is the most intuitive. I agree with him. It's quite simple to use. However, simplicity can be a bit challenging at times because if it's overly simple, it might lack features that are necessary for complex environments. Yet, I believe it strikes a good balance between simplicity and complexity. It certainly offers flexibility. One helpful feature is the ability to create different groups, assign custom names to these groups, and then place endpoints into these groups and apply distinct policies to them. This functionality works exceptionally well.

Managing the environment from the console is straightforward. However, we do need to periodically deploy updates to the agents. While I personally would prefer this process to be automated and not require manual intervention, the current process is relatively simple. Although it can be a bit time-consuming, it hasn't posed a significant burden. It would be preferable if this manual step could be eliminated. Overall, the management process is user-friendly. A particularly valuable feature is the audit section, which allows us to track all activities. This is especially useful due to the involvement of multiple groups within our IT department, each performing various tasks. Without the audit history, it's challenging to monitor these activities and understand what actions individuals are taking. Therefore, the ability to retrospectively review the audit history is essential.

SentinelOne Singularity Identity functions effectively in safeguarding identities from exploitation. We have not encountered any incidents where it seemed that malware had infiltrated the system and remained undetected. Another aspect that contributes to our validation is the penetration testing tool we acquired, which actively executes exploits on the machines. Often, we do not expect ongoing active attacks within our environment. Consequently, it becomes challenging to accurately assess their operational effectiveness due to the absence of such attacks. This penetration testing tool plays a crucial role in illuminating our tools' capability to withstand robust attacks that we may not currently be experiencing. Through this tool, we simulate these attack scenarios, which provides us with an understanding of how well we can endure an attack on a larger scale. Upon reviewing the penetration testing reports, they consistently indicate that the tool's activities are blocked at various stages. Based on this, I would rate it highly. In all honesty, I don't believe I could ask for more.

SentinelOne Singularity Identity demonstrates a high capability in detecting and preventing threats. The solution effectively identifies and thwarts threats across all areas; we have even tested it in real attack scenarios. Occasionally, there might be false positives, but their occurrence hasn't been significantly problematic. For instance, there was an issue with resumes where the system consistently flagged them as viruses for some reason. This was somewhat frustrating; however, it didn't persist. We raised a support ticket, and they promptly resolved the problem. False positives are common in any antivirus solution, but the rate of false positives with SentinelOne Singularity Identity is quite low, which is good.

The most valuable feature of SentinelOne Singularity Identity is its ability to detect based on behavior rather than just static signatures. It's dynamic. 

Our infrastructure team is dissatisfied with SentinelOne Singularity Identity. They would prefer to explore alternative solutions. The primary reason for this discontent is that we frequently encounter performance issues with our servers. These performance issues are quite challenging to trace and address, making it difficult to identify their root cause. Often, the culprit behind these problems is the SentinelOne agent on the server. However, pinpointing and resolving this issue takes a considerable amount of time, adding to the challenge. The team is not particularly satisfied with this situation. Nevertheless, the team eventually manages to identify instances where the solution is overly meticulous, leading to unnecessary scrutiny. To resolve this, they implement exclusions, which alleviates the problem. So, it's not that they lack a solution; rather, the process of reaching a solution through exclusion is laborious, especially considering the known impact on performance.

SentinelOne Singularity Identity promotes in their documentation that their agents operate within defined processing power limits. Despite this claim, we've observed instances where these limits are exceeded. As an area for improvement, we have previously requested a feature that would allow us to set a cap on CPU utilization percentages for servers. This way, we could establish that, based on our configuration, the CPU usage cannot surpass a specified threshold, such as ten or twenty percent. This feature would be highly valuable, along with potential enhancements in their administration console that reduce its impact on servers or endpoints and offer greater transparency in this regard. Although their support is helpful, as they assist us when we suspect issues and can interpret the logs we send them, these logs are often cryptic. It would be preferable if we could manage a significant portion of this analysis independently, without needing their assistance.

I have been using SentinelOne Singularity Identity for almost three years.

SentinelOne Singularity Identity is stable. We have not had any stability issues.

SentinelOne Singularity Identity is highly scalable.

The technical support is responsive. We're grappling with an issue that is somewhat frustrating, but it's not really the fault of the support. It's a very specific problem where a crucial file on the server's machine is being closely examined by the antivirus, causing a slow login process for the users. Consequently, we had to exclude this file, even though it's an executable that SentinelOne doesn't recommend excluding. As a result, we're currently engaged in a somewhat controversial back-and-forth issue. However, they are providing us with feedback and suggestions that we can implement to try and address the issue. They're persistent and are trying various approaches. I find their response time reasonable. Overall, it has been a good experience.

Positive

Before SentinelOne Singularity Identity we were using Microsoft Defender but it was not as effective in detecting and preventing malware attacks.

The initial setup is straightforward. In fact, we implemented it in phases. In the first phase, we deployed it only to our servers. In the following year, we expanded it in another phase to include all of our workstations, of which we have a larger number compared to servers. The first phase went really quickly. We even adopted a more aggressive approach, reducing the number of exclusions initially and adding exclusions as we encountered issues.

Subsequently, our cyber insurance provided us with a discount the following year to encourage us to deploy it to all workstations. This compressed our deployment timeline, and despite the time constraints, we succeeded. We managed to extend it to the rest of the workstations within approximately a month from the decision point. I would describe the deployment process as very smooth. There was even a point during the rollout when I was on vacation and slightly concerned about it. However, we encountered no issues.

The implementation was completed in-house with some support from SentinelOne.

SentinelOne seemed to offer more while being priced lower than its competitors. At times, they would distinguish what they refer to as an EDR functionality, providing us with more in-depth information about the activities on the machine. This was one aspect. Comparing this to Cybereason, obtaining this functionality incurred a slightly higher cost. However, SentinelOne included certain elements of this functionality as part of their base package. Although not as extensive as Cybereason, it was still enticing as we didn't have to pay extra for it, unlike Cybereason, which positioned SentinelOne at a more appealing price point. Therefore, our decision to go with SentinelOne was driven by the perception of receiving more features for a better value.

We assessed Microsoft ATP, Cybereason, and CrowdStrike. SentinelOne Singularity Identity had a rollback feature that was absent in Cybereason or ATP. The cost of SentinelOne was also reasonable; they offered a competitive price point better than any of the others. While CrowdStrike is the most popular option, their price compared to SentinelOne was significantly higher, making it feel overpriced.

I would rate SentinelOne Singularity Identity a nine out of ten.

What we don't engage in is threat hunting, as this requires an additional module that we haven't acquired.

Before making the switch, we conducted a penetration test against Defender. Our penetration tester managed to bypass it around 50 percent of the time. However, since implementing SentinelOne, we no longer face this issue. Thus, moving away from Defender was a beneficial decision. We were aware that Defender couldn't effectively handle more advanced attacks. Although it did result in additional costs – as Defender is included with our Microsoft license – the investment was justified. This is especially true considering we have insurance that provides a discount, given that having a next-generation antivirus in place is generally viewed positively by insurance providers. Overall, this move has provided us with greater peace of mind, knowing that we are better protected against the increasingly sophisticated malware landscape. I'm aware that Microsoft offers a more comprehensive package. They have their own version of a behavioral-based antivirus, which we can opt for at a higher cost. However, Defender doesn't provide that functionality. So, when comparing the two, it was quite obvious to us that we needed a more advanced solution.

SentinelOne Singularity Identity is a commendable product. In my opinion, individuals should evaluate it and form their own judgments. Conducting testing with actual simulations, particularly utilizing a penetration testing tool that runs malware simulations against the software, appears to be a prudent approach. This method allows for a well-informed assessment of the solution's efficacy. The challenge with antivirus software often lies in its opaqueness. We lack genuine insights into its actual performance. We tend to rely on marketing claims and trust that the software can effectively thwart necessary attacks. However, such claims are prevalent across the industry. Thus, the most reliable course of action is to ensure our chosen tool provides a sense of security by rigorously testing it with malware attempts and attempting to circumvent its defenses.

I use the solution in my company as an EDR product. In our company, we use it to protect our endpoints. The tool is pretty famous.

In terms of the most effective feature of the product when it comes to threat detection, I can say that it need not be connected to the management server as the agents work independently. The rollback feature offered by the product is good.

In the future releases of the product, it would be great if the solution allows the use of STAR Rules Engine during on-premises installations. Being able to use STAR custom rules would be wonderful. STAR Rules Engine is a feature that cannot be used during the tool's on-premises installations.

Agent connectivity can be improved, as it is one aspect of the product with certain shortcomings.

I have experience with SentinelOne Singularity Identity.

Stability-wise, I rate the solution an eight out of ten.

It is a scalable solution. Scalability-wise, I rate the solution a ten out of ten.

When it comes to SentinelOne Singularity Identity, I have designed it for multiple clients of our company. My company has clients with a range between 500 and 16,000 endpoints.

The solution's technical support is knowledgeable.

The product's initial setup phase is straightforward.

I am an architect, so I don't deploy any tools. I only design solutions.

The solution is deployed on an on-premises model.

There is a need to make yearly payments towards the licensing charges associated with the product. Whether the product is expensive or not is something that depends on what we need from it. SentinelOne offers multiple options. I think the prices associated with the product are okay and it is not too expensive.

Compared to the other solutions in the market, I can say that SentinelOne Singularity Identity does not work only based on signatures, and it works on API patterns and how a file or link behaves, it tends to catch zero-day attacks, the most advanced malware and ransomware attacks. The product has got less false positives, making it one of the better solutions.

I am an architect and not an administrator. I won't be able to provide details on how SentinelOne Singularity Identity's behavior-based detection impacted our company's response to an incident.

To those who plan to use the product, I would say that it is a straightforward and easy to use solution. Users of the product need to ensure that they maintain the connectivity with the agent.

The artificial intelligence feature in the product enhances the security capabilities very much because it provides alerts. The good part of the product is that our company gets treated as a part of its extended knowledge base, and so we get to know about the attacks that are happening elsewhere in the world.

Considering the agent connectivity keeps going offline, I rate the tool a nine out of ten.

We were using the solution more as an endpoint security. It protects against cyber threats and offers improved protection against particular cyber threats. It has SIM capabilities and XDR. We use the security based-incident management and the capabilities of XDR in terms of threat hunting and threat intelligence.

The XDR capabilities are very good. 

If you get attacks and need to cross-correlate across attacks, it's very helpful.

It offers quality threat intelligence. You can look into it very fast. 

If a threat has happened many times, we can automate remediation for that specific threat.

When it comes to security operations, we can show a complete integrated dashboard that shows risk, score, value, and threat status.

It provides us with a unified view. The cross-sectional correlation is good. That's technically what it is. It shows when attacks are happening or when attacks are happening. We can do comparisons and find resolutions or figure out a time to resolution. You can centralize it or use it from an endpoint. 

Managing the environment is okay. You can't manage it with one singularity console. It doesn't have observability capability or event correlation. As part of a bigger solution, it does its job. However, you need to use multiple solutions for a holistic approach. It will improve the visibility of threats, however, to eliminate blind spots and help you understand threats better.

The threat detection, investigation, response, and hunting are good. It helps provide visibility across the stack. 

Whenever a threat is detected, it can quickly find a resolution with respect to MTTR. It looks into the entire history of the logs and coordinates with the source system. There will be a resolution to resolve the root cause. Then, you can automate it, so that, in the future, if there are any similar attacks, the solution will get triggered. This helps with our overall mean time to resolve. When you have an SLA< you'll need to have a resolution within the SLA. It helps us to ensure there's a workaround so we can get a resolution within 30 minutes. You can achieve 99% of issues if it's already a part of the attack vectors. 

The root cause of automation could be better. If you have a complex ecosystem, you need an automated threat response mechanism. We'd like an automated correlation of threats.

The SOC efficiency could be better. It would help improve the MTTR.

I've been using the solution for the last three or four years.

They still need to work on a fully integrated solution, which they are planning to build over time. 

The solution has been scalable for me. However, it depends on how it is interacting with security-based orchestration. If an organization keeps expanding, there needs to be scalability between vendors in the case of third-party integration. 

Technical support knows the product and its functionality. The problem is during practical scenarios when the product is integrated with third-party products. It's very easy for Microsoft to say it's not their particular problem or that they can't pinpoint the problem due to the third party.

Neutral

There are a lot of good solutions, such as Elastic, which is open-source. With the same agent, you'd get search, security, et cetera, so you won't need multiple licenses. 

Sumo is another good tool that's good for both SMBs and enterprises. It has correlation and search capabilities. The events are correlated, and alerts are separated and that's given to you out of the box.

There are Microsoft solutions that don't have as many tools out of the box. 

Doing a business case analysis, retooling is required for an end-to-end scenario if you use Microsoft. 

I validated the design and configuration. I wasn't hands-on with the implementation. 

If it is a Microsoft shop, it's a straightforward setup.

Integrations make the setup more complex. If the customer has a hybrid scenario, you need to have certain configurations. When you get into SOAR, you may run into issues. Out-of-box integrations will not be clear. 

When you write workflows, these workflows have a breakage, or you have siloed data streams. You don't have a mechanism for monitoring these. There has to be a mechanism for monitoring, otherwise, you won't know something is not working until it has broken down. Microsoft does not offer something like this out of the box. 

We have various people qualified to handle implementations. We have our own integrators. 

It's hard to break down the ROI on an individual product with fewer capabilities. 

If a company is a Microsoft shop, it makes sense to stick with Microsoft tools. It doesn't have mature SIEM capabilities or root cause analysis. It does not have a seamless integrated log management solution within various environments. Large enterprises might have Linux and Unix-based solutions. Then it makes sense to look for solutions that offer more end-to-end security options. Microsoft may look like a cheaper solution; however, when you break it down, it won't be less expensive. You'll need more tools. 

Windows Defender comes by default with Windows. When you are using Sentinel One on top, it depends on the firewall solution you are using in between. From an endpoint perspective, if these are going to your endpoints, you may have a choice of having separate antivirus solutions, and Defender may be disabled. Singularity still works as it's a centralized solution. 

I'd rate the solution six out of ten. 

We use SentinelOne Singularity Identity to end AD credential misuse when working from home. We wanted to make sure that our environment was secure and place any defection-based endpoints on lockdown. The solution ensured that we were able to detect AD attacks and steer attackers away. We also wanted to make sure we were hiding our local data.

We're a lot more secure with SentinelOne Singularity Identity. We're more confident that we're going to be on top of any threats, and we'll get alerted right away. Anytime a password expires, my coworker sets up a report. We're really on top of all our user AD accounts.

I was recently able to customize the UI, including the filters, based on my use case. Having high visibility into all of our network concerns and a customizable UI are the most valuable features. The solution only requires one reboot to finish the installation. The solution's real-time protection is also really beneficial for us.

The last time I called to receive support, it wasn't as fast as I wanted. The resolution turnaround from SentinelOne Singularity Identity's support should be improved.

I have been working with SentinelOne Singularity Identity since February 2022.

I found SentinelOne Singularity Identity a lot more friendly in terms of performance. The solution shows no lagging, and it works very well.

SentinelOne Singularity Identity has the ability to work with different operating systems devices.

I rate SentinelOne Singularity Identity's scalability an eight out of ten.

We raised a support case with the solution's technical support team. We called the support team and tried to get help to run a report to see which devices were actually utilizing SentinelOne. We also had another report question about how we could take a look at AD accounts with expired passwords.

The support agent on the other line didn't seem very familiar with the product, and that was pretty much it. When they told us they would get back to us with more information, it took a while. They got back to us three weeks later when we had already figured it out on our own.

Neutral

The solution's initial setup was very straightforward.

I was involved in the solution's deployment in our organization. The rest of our tier two team and I worked with the trainers, implementation coordinators, and agents at SentinelOne. They walked us through the setup, which took around three to four weeks. Since we deployed on the cloud, we didn't need to set up VMs for any SentinelOne servers. We just provided access to our AD and the information they needed, like our server names. We set them up with accounts with which they could get into our AD servers, and that was it.

We have seen a return on investment with SentinelOne Singularity Identity. The comfort level, the reports we get, and our confidence in the security of our AD accounts are definitely worth the investment in the solution.

The solution barely met the budget for this project. SentinelOne could find ways to help healthcare institutes by lowering the solution's cost for hospital implementations. The pricing is a bit high.

We didn't use a different solution before SentinelOne Singularity Identity, we just had an AD. One of the reasons why we chose to go with Singularity Identity is that we moved over our Outlook Mailbox 365 accounts to the cloud. Previously, we had on-site exchange servers with the mailboxes, and we moved all those mailboxes to the cloud.

Since they're all linked with the AD credentials, we needed something a lot more secure. We moved 800 mailboxes to the cloud, and Singularity Identity helped us with that transition. We never had a product like Singularity Identity just to monitor AD.

I would tell users to book a demo first. Then, if they do decide to implement SentinelOne Singularity Identity, they should work with support or even their vendor support for the network firewall.

We had to set up a lot of exclusions on our firewall and even Windows firewalls on our AD server to ensure we weren't blocking any network traffic when a rule was added or deleted. My advice to users would be to ensure they are careful with the network firewalls when deciding to move forward with implementation.

Singularity's console provides a unified view, which works very well. We're able to monitor all of the different areas in our infrastructure. We even have the ability to run reports where we're in touch with support and our trainers from SentinelOne. They ensure that we know how to use the product and show us how to make our infrastructure more visible.

This unified view is very important for our organization. We widened the net for compromised devices to include managed and unmanaged devices. Even if our server runs a different OS, we can get a lot of actionable information related to that asset. If I have a couple of MacBooks, it doesn't really matter what the OS is. I can store that information in Sentinel. The solution really allows us to have more functionality with an active directory.

SentinelOne Singularity Identity is doing a good job of protecting identities from exploitation. Identity-based threats are one of the biggest weaknesses of malicious attacks. We get a lot of spam emails, and at the end of the day, they're just trying to get AD credentials.

SentinelOne Singularity Identity really helps improve our identity security posture. We're able to provide the team and even the managers and IT director here with real-time alerting and deception capabilities. We really trust SentinelOne Singularity Identity.

We're really happy with Singularity Identity's ability to provide visibility into our attack surface risk. The amount of information the solution allows us to get and the real-time alerts are really helpful.

Singularity Identity helped reduce our mean time to detect identity-based attacks. We have reduced the time we take to jump into servers and then run reports on our own because we've got the dashboard on a monitor in our office. We have real-time alerts right on the monitor. Anytime we see a red alert, we're on top of it. It makes monitoring a lot easier.

I would tell someone researching SentinelOne Singularity Identity that they need to do a demo with SentinelOne. There, they will be able to see the solution's pros and cons. They can see for themselves how it's a much more effective tool than Windows Defender.

If they book a demo, they will be convinced to get hold of a SentinelOne agent to look at some cost agreements and implementation. The bottom line is that SentinelOne Singularity Identity is the best anti-malware. It is a lot better than Microsoft Defender, and they would be convinced after a demo.

Overall, I rate SentinelOne Singularity Identity an eight out of ten.