Sold by: SentinelOne
Deployed on AWS
Vendor Insights
Unlock enterprise-wide security for your AWS environment with SentinelOne Singularity Platform. This AI-powered solution provides real-time threat detection and automated response across your infrastructure, ensuring continuous protection at infinite scale. By autonomously securing endpoints, cloud workloads, and identity, SentinelOne delivers total visibility while eliminating security silos. Integrate seamlessly with AWS and leverage our unified data lake and Purple AI to accelerate investigations and gain deeper insights. Secure your AWS cloud and focus on innovation with the speed and efficiency of AI.
4.6
Overview
The SentinelOne Singularity Platform is the industry's first AI-powered security solution for the modern enterprise, offering a unified defense across your entire infrastructure from endpoints and cloud workloads to identity. As cloud adoption accelerates, traditional, siloed security tools create complexity and leave gaps in protection. Our platform consolidates multiple security capabilities into a single, intelligent solution, providing AWS customers with real-time visibility and autonomous protection to simplify security operations and reduce risk.
Core Capabilities & Benefits
Autonomous Protection: Singularity Platform is designed for customers seeking enterprise-wide protection, detection, and response capabilities, augmented by the intelligence and speed of advanced AI and automation. SentinelOne's Singularity Platform protects thousands of customer environments, including Amazon cloud workloads, across the globe.
Unified Visibility: Break down data silos and security tool sprawl. Using patented Storyline™ technology, the platform automatically correlates and contextually groups related events into a single attack story, providing a consolidated view for faster investigation and response within our unified data lake.
Extended Detection & Response (XDR): Gain a complete, correlated view of the full attack story across endpoints, identities, and cloud workloads. Our XDR solution provides the context needed to understand and respond to threats at machine speed.
Cloud Workload Protection Platform (CWPP): Secure your AWS compute resources from runtime threats. Our Singularity Cloud Workload Security delivers real-time, AI-powered threat detection and response for Amazon EC2 instances, EKS clusters, and AWS Fargate. It provides deep visibility into vulnerabilities and configuration risk while autonomously blocking malware, ransomware, and fileless attacks without disrupting production performance.
Identity Threat Detection & Response (ITDR): Proactively defend against credential theft, privilege escalation, and lateral movement attacks across hybrid environments. Our solution provides continuous monitoring and protection for Active Directory and leading cloud identity providers, including Entra ID, Okta, Ping, SecureAuth, and Duo, ensuring identity infrastructure remains secure.
Accelerated Incident Response with Generative AI: Purple AI, our generative AI security analyst, acts as a force multiplier for your security team. It automates threat hunting, provides instant summaries of complex incidents, and accelerates investigations, allowing your team to focus on strategic initiatives.
Seamless Integration with AWS Services
The SentinelOne Singularity Platform is designed for seamless integration into your existing AWS environment. We provide bidirectional integrations for AWS Security Hub and Amazon CloudWatch, ensuring your security findings are centralized and actionable. Additionally, our AI-powered malware scanning for Amazon S3 protects sensitive data while maintaining compliance, helping you maximize your AWS investment and enhance your overall security posture.
How to Get Started
Secure your AWS cloud and focus on innovation with the SentinelOne Singularity Platform. Simply click on the Request private offer button at the top of this page to begin your procurement process.
Highlights
- 338% three-year ROI for SentinelOne customers using Purple AI, included with SentinelOne Singularity Platform Complete
- 96% of Gartner Peer Insights™ EDR reviewers recommend SentinelOne Singularity
- 5-Consecutive Year Gartner® Magic Quadrant™ Leader for Endpoint Protection Platforms
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Access real-time vendor security and compliance information through their Trust Center powered by Drata. Review certifications and security standards before purchase.
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(1)
FedRAMP
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/month |
|---|---|---|
Custom Pricing and Packaging | Contact SentinelOne for custom pricing and packaging including Private Offers | $10,000.00 |
Vendor refund policy
Refunds available as required by law.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
Multiple support options available. Email support available: support@sentinelone.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By SentinelOne
By Trellix
By Vectra AI
Top
10
In Generative AI, Security Observability
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
AI-Powered Threat Detection and Response
Real-time threat detection and automated response capabilities augmented by advanced AI and automation across endpoints, cloud workloads, and identity infrastructure.
Cloud Workload Protection
Runtime threat protection for Amazon EC2 instances, EKS clusters, and AWS Fargate with autonomous blocking of malware, ransomware, and fileless attacks.
Extended Detection and Response
Correlated view of full attack stories across endpoints, identities, and cloud workloads using patented Storyline technology to automatically correlate and contextually group related events.
Identity Threat Detection and Response
Continuous monitoring and protection against credential theft, privilege escalation, and lateral movement attacks across Active Directory and cloud identity providers including Entra ID, Okta, Ping, SecureAuth, and Duo.
Generative AI Security Analysis
Generative AI security analyst that automates threat hunting, provides incident summaries, and accelerates investigations through machine-speed analysis.
Multi-Source Threat Data Integration
Correlates security events from Trellix Security Platform and over 500 third-party tools including 13 AWS integrations to create unified threat visibility across the security stack.
AI-Driven Alert Triage and Prioritization
Applies artificial intelligence-driven analytics to perform 100% alert triage, prioritize threats, and provide GenAI-powered insights for threat investigation and remediation guidance.
No-Code Automation for Investigation and Response
Provides UI-driven, point-and-click automation capabilities to offload repetitive security operations tasks and accelerate investigation and response workflows.
Pre-Built Analytics and Correlation Rules
Ingests data from multiple sources and correlates events using pre-built analytics and rules to reconstruct complete attack narratives and reduce manual investigation pivots.
Multi-Deployment Architecture Support
Supports cloud, hybrid, and air-gapped deployment models with an open integration ecosystem for flexible security infrastructure configurations.
Multi-Domain Attack Detection
AI-powered detections that expose attacker activity across network, identity, and cloud environments including data centers, campuses, remote work, IoT/OT, AWS, Microsoft Active Directory, Microsoft Entra ID, Microsoft Azure, and Microsoft 365.
Automated Alert Triage and Correlation
AI agents that automatically triage, stitch, and prioritize attacks in real time, removing up to 99% of alert noise and reducing manual task time by up to 50%.
Unified Investigation and Response Interface
Centralized response user experience that enables discovery, hunting, detection, investigation, and automated response capabilities with aggregated and contextualized views of attack progression across network, identity, and cloud.
Network Detection and Response
Dedicated network detection and response (NDR) module for monitoring and detecting malicious activity across network infrastructure.
Multi-Cloud and Identity Platform Coverage
Modular architecture supporting AWS, Microsoft Azure, Microsoft 365, Microsoft Active Directory, and Microsoft Entra ID with configurable metadata retention periods ranging from 14 to 90 days.
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
-
-
-
-
-
No security profile
No security profile
Standard contract
No
No
No
Customer reviews
Raj Borge
Automated threat response has reduced alerts and protected endpoints with rapid rollback recovery
Reviewed on Apr 16, 2026
Review provided by PeerSpot
What is our primary use case?
SentinelOne Singularity Endpoint is used for endpoint security to detect, prevent, and respond to cyber threats in real time. Using AI-based behavior analysis, it helps the SOC team to investigate incidents, automate responses and actions, and protect systems from malware and ransomware. SentinelOne Singularity Endpoint includes EDR, XDR , and NGAV.
What is most valuable?
A favorite feature of mine about SentinelOne Singularity Endpoint is the VSS rollback feature, which is most valuable. If a laptop is infected with any malware, there is an option to rollback files and recover them from before the attack happened.
Using SentinelOne Singularity Endpoint has helped me reduce alerts because it is integrated with FortiSIEM , one of the leading SIEM tools, and with SOAR technology. Whenever alerts come on SentinelOne Singularity Endpoint, they are directly raised to SOAR technology automatically. This is an automatic tool, so manual interaction is not required. All work is done by SentinelOne Singularity Endpoint, and I only have to take action on the analyst's verdict to determine if it is a true positive or false positive and investigate accordingly.
What needs improvement?
Dislikes include high false-positive alerts and resource consumption issues with CPU and disk usage.
Ranger functionality is for network discovery and control features. Its primary role is to identify and manage unmanaged devices on the network by detecting rogue devices in detections. It ingests logs from network sources and captures threat metrics, including IOCs. However, I cannot confirm if SentinelOne Singularity Endpoint releases the alert through Ranger, as I have not worked heavily on this feature because the Ranger functionality license is not available. SentinelOne Singularity Endpoint captures different telemetry from network devices.
For how long have I used the solution?
I have been using SentinelOne Singularity Endpoint for 2.3 years in my career.
What do I think about the stability of the solution?
Everything is perfect with SentinelOne Singularity Endpoint. There are no stability problems, and the system is very reliable and hands-on.
What do I think about the scalability of the solution?
SentinelOne Singularity Endpoint is very good in scalability. Scalability is extremely easy to achieve as new endpoints and new detection points come on board. The system can scale any number of times, and only the license for each endpoint is needed.
How are customer service and support?
Whenever I get stuck on any alert with SentinelOne Singularity Endpoint and do not understand it, or when I face any admin task challenges, I manually open a ticket with the customer team. Every time they help regarding the case. Each day, if I get stuck anywhere in SentinelOne Singularity Endpoint, whether with any admin task or threat hunting, the tech team or support team will surely help.
For the support team of SentinelOne Singularity Endpoint, I would rate them nine out of ten because there is a human voice there, so they are listening and responsive.
Which solution did I use previously and why did I switch?
For the first two years in my organization, I used Symantec AV. After that, I changed my domain to SentinelOne Singularity Endpoint.
How was the initial setup?
The initial deployment of SentinelOne Singularity Endpoint is easy and very straightforward. All that is needed is to set up a tenant and create a package file. Once installed, it automatically connects to the management console, and the entire system can be set up in one or two hours.
What about the implementation team?
For one customer of SentinelOne Singularity Endpoint, one to two people are enough for deployment. Because we are a partner with SentinelOne and have many customers, one to two members are sufficient for each customer deployment.
What's my experience with pricing, setup cost, and licensing?
I do not have knowledge about the pricing of SentinelOne Singularity Endpoint, as the sales team handles that. However, based on my knowledge, SentinelOne Singularity Endpoint is very flexible in its pricing range at approximately $9 to $10 per endpoint. We have 5,000+ endpoints because we are an MSSP provider, making it cost-effective.
Which other solutions did I evaluate?
I would choose SentinelOne Singularity Endpoint. In Symantec AV, there is only signature-based and behavior-based threat detection, whereas SentinelOne Singularity Endpoint has advanced behavior AI and pre-static AI. In Symantec AV, alerts must be manually raised and actions taken on the endpoint, but SentinelOne Singularity Endpoint has fully automated AI. The use cases are moderate in Symantec AV, but SentinelOne Singularity Endpoint is very easy with a modern UI. I prefer SentinelOne Singularity Endpoint because I have worked with both.
What other advice do I have?
The mean time to detect with SentinelOne Singularity Endpoint is very low. The mean time to respond for SentinelOne Singularity Endpoint is approximately two to three minutes since it is integrated with SOAR, and alerts are raised within that timeframe. From endpoint to console, alerts are received in real time with no lagging. SentinelOne Singularity Endpoint requires no maintenance. Since we have a partnership with the SentinelOne Singularity Endpoint team and are an MSSP provider, no maintenance is required. My overall rating for this review is eight out of ten.
Pavan Ingaleshwar
Advanced endpoint protection has reduced MTTR and continuously streamlines threat investigations
Reviewed on Apr 14, 2026
Review provided by PeerSpot
What is our primary use case?
My main use case for SentinelOne Singularity Endpoint is endpoint protection, threat detection, incident response, and visibility across user systems and servers. I primarily use it for malware and ransomware detection, suspicious process monitoring, automated remediations, endpoint isolations, threat hunting, and root cause analysis using Storyline. SentinelOne Singularity Endpoint has AI-powered EPP and EDR with autonomous responses, making these the best use cases that I have used day-to-day for the past two years.
The endpoint isolation and threat hunting capabilities of SentinelOne Singularity Endpoint stand out as the most valuable for my team because we rely on them the most on a daily basis.
How has it helped my organization?
SentinelOne Singularity Endpoint has positively impacted my organization by helping us achieve faster containment of endpoint threats, better visibility during investigations, and reducing reliance on traditional antivirus tools. It has improved the MTTR for endpoint cases, reducing it by around 30 to 40 percent. Alert fatigue has decreased by around 25 to 30 percent, and manual remediation efforts have reduced significantly.
Reducing MTTR by 30 to 40 percent has helped my team significantly. Earlier, analysts had to manually collect logs from multiple tools and verify affected endpoints, which took considerable coordination and time. The coordinated isolation with SentinelOne Singularity Endpoint's process tree, file activity, network connections, and threat details already available in the alert saves a lot of investigation and containment time. Alert triage has become faster by around 25 to 30 percent due to clear alert prioritization with severity, Storyline context, and behavior integration, helping analysts quickly identify true positives and focus on higher-risk incidents.
What is most valuable?
SentinelOne Singularity Endpoint offers Storyline, which provides process visibility that is one of its strongest features. It helps me understand what happened before and after detection.
The detailed process visibility and Storyline in SentinelOne Singularity Endpoint are very strong features that help in understanding what happened before and after detection, making process visibility the best feature I have noticed.
I appreciate the autonomous response time in SentinelOne Singularity Endpoint. It can kill malicious processes, quarantine files, and isolate the system quickly. Additionally, behavior layer detection is not only signature-based, which is useful for known threats. The lightweight agent performs well on endpoints, resulting in better performance on endpoint systems.
What needs improvement?
One potential improvement for SentinelOne Singularity Endpoint could be enhancing the user interface during investigations, especially for SOC employees.
For how long have I used the solution?
I have been using SentinelOne Singularity Endpoint for more than two years, and it is part of my daily SOC operations.
Which solution did I use previously and why did I switch?
I have not used a different solution prior to SentinelOne Singularity Endpoint.
What was our ROI?
I have seen a return on investment with SentinelOne Singularity Endpoint, as it reduces incident impact, leads to faster responses and detections, reduces less manual remediation, and improves analyst productivity.
What other advice do I have?
SentinelOne Singularity Endpoint Complete has helped me consolidate my security solutions.
SentinelOne Singularity Endpoint Complete has helped free up my staff for other projects and tasks, saving around 25 to 40 percent of their time.
It has also helped reduce my organization's Mean Time to Respond by about 25 to 30 percent.
SentinelOne Singularity Endpoint Complete has helped reduce alerts by around 20 to 25 percent.
One real case I handled involved a suspicious PowerShell execution on a user endpoint. SentinelOne Singularity Endpoint generated a behavior alert because the script tried to download content and spawn an additional response. I checked the process tree, parent-child relationship, command line activity, and network behavior using the console. I isolated the machine immediately after removing the threat, and what I appreciated was how quickly the investigation proceeded because the most required details were already available in one place.
Based on my experience, SentinelOne Singularity Endpoint Complete easily reduces alert fatigue by reducing alerts by around 20 to 25 percent. I would rate this product at 8.5 out of 10.
Pavan Ingaleshwar
Behavioral detection has reduced threats and response automation streamlines endpoint investigations
Reviewed on Apr 11, 2026
Review provided by PeerSpot
What is our primary use case?
My main use case for SentinelOne Singularity Endpoint is to work in our environment mainly for endpoint protection, threat detection, response, monitoring and suspicious process, and investigating the alerts.
What is most valuable?
SentinelOne Singularity Endpoint offers behavior AI detection, which is not just a normal signature thing, real-time threat blocking, automatic endpoint isolation, detailed process visibility, and easy-to-use dashboards.
Using SentinelOne Singularity Endpoint has positively impacted my organization by significantly reducing malware infections, providing faster incident responses, and enhancing the state of our endpoints.
SentinelOne Singularity Endpoint has helped reduce my organization's mean time to detect (MTTD) by 30 to 40%.
SentinelOne Singularity Endpoint has improved my organization's mean time to respond (MTTR) by 30 to 40% due to its automated detection and response capabilities.
What needs improvement?
SentinelOne Singularity Endpoint sometimes generates false positives, which they can work on. Additionally, the user interface can be improved, and more detailed reports could help us further.
For how long have I used the solution?
I have been using SentinelOne Singularity Endpoint for around three years.
What do I think about the stability of the solution?
SentinelOne Singularity Endpoint is very stable.
What do I think about the scalability of the solution?
SentinelOne Singularity Endpoint performs very well in terms of scalability and is very good at scaling.
How are customer service and support?
The customer support for SentinelOne Singularity Endpoint is good, and the support team is very responsive.
Which solution did I use previously and why did I switch?
Before choosing SentinelOne Singularity Endpoint, I evaluated other options like Microsoft Defender for Endpoint and CrowdStrike Falcon . However, I selected SentinelOne mainly because of its strong behavioral AI-based detection and automated response.
What was our ROI?
SentinelOne Singularity Endpoint reduces the time of SOC employees, providing a return on investment.
SentinelOne Singularity Endpoint has freed up my staff for other projects and tasks, reducing their workload by about 40 to 60% due to its main detection and investigation capabilities.
What's my experience with pricing, setup cost, and licensing?
Regarding pricing, setup cost, and licensing for SentinelOne Singularity Endpoint, I find the pricing to be dependent on the licensing and how many endpoints we have, so I don't have exact details on how it is handled by them.
What other advice do I have?
I rate the customer support for SentinelOne Singularity Endpoint a perfect 10 out of 10.
If any organization is battling with strong endpoint security and seeking faster detection and response, SentinelOne is a very good choice.
SentinelOne Singularity Endpoint sometimes generates false positives, which they can work on. Additionally, the user interface can be improved, and more detailed reports could help further.
My overall review rating for SentinelOne Singularity Endpoint is 8.5 out of 10.
Jeevanandham R.
SentinelOne: Powerful Endpoint Security with Easy Threat Analysis
Reviewed on Apr 10, 2026
Review provided by G2
What do you like best about the product?
SentinelOne is a best end point security tool. Using this tool we can easily analyse which assets contains malicious softwares and antivirus. SentinelOne supports blocking USB port also.
What do you dislike about the product?
Initial stage of configuration takes huge amount of time and need a technical support also. Some times sentinelone sends a false positive informations also.
What problems is the product solving and how is that benefiting you?
Our end users install multiple software applications, so we need to analyze and protect their systems. That’s why we chose SentinelOne. After configuring SentinelOne, I can easily identify and remove malicious software.
Dev Reshwal
Endpoint protection has improved threat response and incident rollback across thousands of devices
Reviewed on Apr 03, 2026
Review from a verified AWS customer
What is our primary use case?
My use cases for SentinelOne Singularity Complete are mainly for endpoint security to detect, prevent, and respond to cyber threats in real time. SentinelOne Singularity Complete serves as the first use case for endpoint security.
Our organization does not have the Ranger functionality because our customer does not require it.
We have integrated SentinelOne Singularity Complete with Shuffle SOAR technology, which is a most powerful tool.
Our organization is an MSSP provider with 10+ customers for whom we are providing security. We have 8,000 endpoints installed for our customers, and we are a 24/7 team providing security to our clients.
We have applied the protect policy and take basic analysis, which takes a couple of minutes before we raise the alert.
Regarding Purple AI , we are using it to identify the IOC. We have limited access to Purple AI , but we are using it for threat hunting purposes to find the IOCs.
What is most valuable?
What I like the most about SentinelOne Singularity Complete is the rollback capability for Windows systems. The TAC team and VSS rollback are the two features I appreciate most about SentinelOne Singularity Complete.
The response of the TAC team is very good. If SentinelOne Singularity Complete did not have a TAC team or support team, I would say it would be very lacking. When we get stuck anywhere, whether in any admin task or any threat hunting or investigation path, they are very helpful because there is a human voice on the other side helping us.
What needs improvement?
What I dislike about SentinelOne Singularity Complete is the high number of false positive alerts we get because our client sends us mail within one week stating that the CPU is highly utilized and resource consumption is high.
Regarding data privacy and security when using Purple AI, I can say that security-wise, it is good, though anyone can exploit that one.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete for two years.
What do I think about the stability of the solution?
Stability-wise, SentinelOne Singularity Complete is very good. It runs continuously, and if our endpoint is online, it will protect our endpoint 100 percent.
What do I think about the scalability of the solution?
Regarding scalability, I heard that one of our competitor organizations deploys 15,000-plus endpoints for their customers. Scalability-wise, SentinelOne Singularity Complete is very good in that 15,000-plus endpoints are managed on one management console, which is double of our organization's deployment.
How are customer service and support?
I have contacted the technical support or customer support, and this is the most significant reason we are using SentinelOne Singularity Complete. They are very helpful because there is a human voice on the other side helping us.
If you compare with CrowdStrike, our organization has shifted to SentinelOne Singularity Complete only because of that TAC team or support team.
Which solution did I use previously and why did I switch?
We are using CrowdStrike, and in CrowdStrike, we are using Charlotte AI . If we raise a ticket on the community portal, within one or two hours, we get a reply from the team, and they are very helpful and can also come to the call. However, with CrowdStrike, I do not prefer it from my perspective as compared to SentinelOne Singularity Complete.
How was the initial setup?
For the initial deployment of SentinelOne Singularity Complete, I can say that it is very easy. We just need to create one tenant for the SentinelOne Singularity Complete platform. SentinelOne Singularity Complete setup is very easy.
What about the implementation team?
Maintenance is not actually required from my end because we are an MSSP provider, so no maintenance is necessary.
What was our ROI?
I can say that when an alert comes, we already have the protect policy and protect mode. After applying the protect policy, everything is taken care of by SentinelOne Singularity Complete.
What's my experience with pricing, setup cost, and licensing?
I do not have knowledge about the pricing for SentinelOne Singularity Complete because our sales team handles that. SentinelOne Singularity Complete is very valuable to me.
Which other solutions did I evaluate?
I would give SentinelOne Singularity Complete a rating of 10 out of 10 because you can compare it with CrowdStrike, and I can say that SentinelOne Singularity Complete is top tier.
What other advice do I have?
We are managing 7,000 to 8,000 endpoints for clients, and the setup is very easy. I have given SentinelOne Singularity Complete an overall review rating of 10 out of 10.
Which deployment model are you using for this solution?
On-premises