Listing Thumbnail

    SentinelOne Singularity Platform

     Info
    Sold by: SentinelOne 
    Deployed on AWS
    Vendor Insights
    Unlock enterprise-wide security for your AWS environment with SentinelOne Singularity Platform. This AI-powered solution provides real-time threat detection and automated response across your infrastructure, ensuring continuous protection at infinite scale. By autonomously securing endpoints, cloud workloads, and identity, SentinelOne delivers total visibility while eliminating security silos. Integrate seamlessly with AWS and leverage our unified data lake and Purple AI to accelerate investigations and gain deeper insights. Secure your AWS cloud and focus on innovation with the speed and efficiency of AI.
    4.6

    Overview

    Play video

    The SentinelOne Singularity Platform is the industry's first AI-powered security solution for the modern enterprise, offering a unified defense across your entire infrastructure from endpoints and cloud workloads to identity. As cloud adoption accelerates, traditional, siloed security tools create complexity and leave gaps in protection. Our platform consolidates multiple security capabilities into a single, intelligent solution, providing AWS customers with real-time visibility and autonomous protection to simplify security operations and reduce risk.

    Core Capabilities & Benefits

    Autonomous Protection: Singularity Platform is designed for customers seeking enterprise-wide protection, detection, and response capabilities, augmented by the intelligence and speed of advanced AI and automation. SentinelOne's Singularity Platform protects thousands of customer environments, including Amazon cloud workloads, across the globe.

    Unified Visibility: Break down data silos and security tool sprawl. Using patented Storyline™ technology, the platform automatically correlates and contextually groups related events into a single attack story, providing a consolidated view for faster investigation and response within our unified data lake.

    Extended Detection & Response (XDR): Gain a complete, correlated view of the full attack story across endpoints, identities, and cloud workloads. Our XDR solution provides the context needed to understand and respond to threats at machine speed.

    Cloud Workload Protection Platform (CWPP): Secure your AWS compute resources from runtime threats. Our Singularity Cloud Workload Security delivers real-time, AI-powered threat detection and response for Amazon EC2 instances, EKS clusters, and AWS Fargate. It provides deep visibility into vulnerabilities and configuration risk while autonomously blocking malware, ransomware, and fileless attacks without disrupting production performance.

    Identity Threat Detection & Response (ITDR): Proactively defend against credential theft, privilege escalation, and lateral movement attacks across hybrid environments. Our solution provides continuous monitoring and protection for Active Directory and leading cloud identity providers, including Entra ID, Okta, Ping, SecureAuth, and Duo, ensuring identity infrastructure remains secure.

    Accelerated Incident Response with Generative AI: Purple AI, our generative AI security analyst, acts as a force multiplier for your security team. It automates threat hunting, provides instant summaries of complex incidents, and accelerates investigations, allowing your team to focus on strategic initiatives.

    Seamless Integration with AWS Services

    The SentinelOne Singularity Platform is designed for seamless integration into your existing AWS environment. We provide bidirectional integrations for AWS Security Hub and Amazon CloudWatch, ensuring your security findings are centralized and actionable. Additionally, our AI-powered malware scanning for Amazon S3 protects sensitive data while maintaining compliance, helping you maximize your AWS investment and enhance your overall security posture.

    How to Get Started

    Secure your AWS cloud and focus on innovation with the SentinelOne Singularity Platform. Simply click on the Request private offer button at the top of this page to begin your procurement process.

    Highlights

    • 338% three-year ROI for SentinelOne customers using Purple AI, included with SentinelOne Singularity Platform Complete
    • 96% of Gartner Peer Insights™ EDR reviewers recommend SentinelOne Singularity
    • 5-Consecutive Year Gartner® Magic Quadrant™ Leader for Endpoint Protection Platforms

    Details

    Delivery method

    Deployed on AWS
    New

    Introducing multi-product solutions

    You can now purchase comprehensive solutions tailored to use cases and industries.

    Multi-product solutions

    Features and programs

    Trust Center

    Trust Center
    Access real-time vendor security and compliance information through their Trust Center powered by Drata or Vanta. Review certifications and security standards before purchase.

    Buyer guide

    Gain valuable insights from real users who purchased this product, powered by PeerSpot.
    Buyer guide

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Vendor Insights

     Info
    Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
    Security credentials achieved
    (1)

    Pricing

    SentinelOne Singularity Platform

     Info
    Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    1-month contract (1)

     Info
    Dimension
    Description
    Cost/month
    Custom Pricing and Packaging
    Contact SentinelOne for custom pricing and packaging including Private Offers
    $10,000.00

    Vendor refund policy

    Refunds available as required by law.

    Custom pricing options

    Request a private offer to receive a custom quote.

    How can we make this page better?

    Tell us how we can improve this page, or report an issue with this product.
    Tell us how we can improve this page, or report an issue with this product.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Support

    Vendor support

    Multiple support options available. Email support available: support@sentinelone.com 

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Product comparison

     Info
    Updated weekly

    Accolades

     Info
    Top
    10
    In Generative AI, Security Observability

    Customer reviews

     Info
    Sentiment is AI generated from actual customer reviews on AWS and G2
    Reviews
    Functionality
    Ease of use
    Customer service
    Cost effectiveness
    4 reviews
    Insufficient data
    Positive reviews
    Mixed reviews
    Negative reviews

    Overview

     Info
    AI generated from product descriptions
    AI-Powered Threat Detection and Response
    Real-time threat detection and automated response capabilities augmented by advanced AI and automation across endpoints, cloud workloads, and identity infrastructure.
    Cloud Workload Protection
    Runtime threat protection for Amazon EC2 instances, EKS clusters, and AWS Fargate with autonomous blocking of malware, ransomware, and fileless attacks.
    Extended Detection and Response
    Correlated view of full attack stories across endpoints, identities, and cloud workloads using patented Storyline technology to automatically correlate and contextually group related events.
    Identity Threat Detection and Response
    Continuous monitoring and protection against credential theft, privilege escalation, and lateral movement attacks across Active Directory and cloud identity providers including Entra ID, Okta, Ping, SecureAuth, and Duo.
    Generative AI Security Analysis
    Generative AI security analyst that automates threat hunting, provides incident summaries, and accelerates investigations through machine-speed analysis.
    Multi-Source Threat Data Integration
    Correlates security events from Trellix Security Platform and over 500 third-party tools including 13 AWS integrations to create unified threat visibility across the security stack.
    AI-Driven Alert Triage and Prioritization
    Applies artificial intelligence-driven analytics to perform 100% alert triage, prioritize threats, and provide GenAI-powered insights for threat investigation and remediation guidance.
    No-Code Automation for Investigation and Response
    Provides UI-driven, point-and-click automation capabilities to offload repetitive security operations tasks and accelerate investigation and response workflows.
    Pre-Built Analytics and Correlation Rules
    Ingests data from multiple sources and correlates events using pre-built analytics and rules to reconstruct complete attack narratives and reduce manual investigation pivots.
    Multi-Deployment Architecture Support
    Supports cloud, hybrid, and air-gapped deployment models with an open integration ecosystem for flexible security infrastructure configurations.
    Multi-Domain Attack Detection
    AI-powered detections that expose attacker activity across network, identity, and cloud environments including data centers, campuses, remote work, IoT/OT, AWS, Microsoft Active Directory, Microsoft Entra ID, Microsoft Azure, and Microsoft 365.
    Automated Alert Triage and Correlation
    AI agents that automatically triage, stitch, and prioritize attacks in real time, removing up to 99% of alert noise and reducing manual task time by up to 50%.
    Unified Investigation and Response Interface
    Centralized response user experience that enables discovery, hunting, detection, investigation, and automated response capabilities with aggregated and contextualized views of attack progression across network, identity, and cloud.
    Network Detection and Response
    Dedicated network detection and response (NDR) module for monitoring and detecting malicious activity across network infrastructure.
    Multi-Cloud and Identity Platform Coverage
    Modular architecture supporting AWS, Microsoft Azure, Microsoft 365, Microsoft Active Directory, and Microsoft Entra ID with configurable metadata retention periods ranging from 14 to 90 days.

    Security credentials

     Info
    Validated by AWS Marketplace
    FedRAMP
    GDPR
    HIPAA
    ISO/IEC 27001
    PCI DSS
    SOC 2 Type 2
    -
    -
    -
    -
    -
    No security profile
    No security profile

    Contract

     Info
    Standard contract
    No
    No
    No

    Customer reviews

    Ratings and reviews

     Info
    4.6
    384 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    76%
    21%
    1%
    1%
    1%
    40 AWS reviews
    |
    344 external reviews
    External reviews are from G2  and PeerSpot .
    Karsh Trivedi

    Automation has reduced alert overhead and speeds up endpoint investigations for my team

    Reviewed on Jul 09, 2026
    Review provided by PeerSpot

    What is our primary use case?

    My usual use cases for SentinelOne Singularity Endpoint  are to manage and deploy it on the endpoints across my organization. I also use it for automations, which represents my primary use case.

    I use SentinelOne Singularity Endpoint  mostly with my EDR. I am not heavily focused on cloud at this time as I am still in the development and learning phase of cloud deployment and cloud telemetry collection. Seeing alerts on a single pane of glass and resolving incidents has helped me significantly. It provides a better ecosystem with the AI team and all the capabilities already included.

    What is most valuable?

    The EDR feature of SentinelOne Singularity Endpoint and their detection features are excellent. They perform very well at endpoint detection and resolution. Their automated response capability is equally strong. There is also granular control over endpoint detection policies, which is valuable.

    I have integrated SentinelOne Singularity Endpoint with Splunk, and the ingestion and correlation of logs and telemetry from endpoints is strong. It provides a good perspective on what exactly happened. This really helps me as a SOC analyst to investigate what has occurred on an endpoint if there is malware or a malfunction on that particular endpoint.

    SentinelOne Singularity Endpoint has reduced the overhead of my alerts with the enhanced telemetry provided. I do not have a precise count, but it has had a significant impact. I estimate that I experience approximately twenty to thirty percent less alert overhead as they are automatically enriched and resolved.

    SentinelOne Singularity Endpoint has helped reduce my team's time in analyzing alerts and determining what is wrong with endpoints. It also makes investigations easier without disrupting users. Mean time to detect and mean time to respond are metrics where I cannot provide exact numbers, but I can say that SentinelOne Singularity Endpoint has had a noticeable positive impact, making detection and response much faster than the very manual and tedious process we had before.

    The positive benefits from using SentinelOne Singularity Endpoint include reduced effort required to interact with users during critical investigations. It has provided automation capabilities and advanced telemetry from endpoints to investigate any issues that arise. My team interacts less directly with users, so the impact to user business is minimized when cyber incidents occur and investigations are needed.

    What needs improvement?

    They could still work on optimizing their agent. Additionally, they do not appear to provide a free trial. If they could provide a free trial for one or two endpoints, it would be a better option for testing.

    For how long have I used the solution?

    I worked with SentinelOne Singularity Endpoint at Infosys for two years and have continued using it recently, for a total of approximately three years.

    What do I think about the stability of the solution?

    SentinelOne Singularity Endpoint is reliable and stable. It does not create many issues.

    I measure the stability and reliability of SentinelOne Singularity Endpoint based on how well it detects threats and how stably it performs in user environments. I do not want an EDR tool or agent to consume excessive resources from the endpoint. SentinelOne Singularity Endpoint manages this well. It would be better if it were more optimized, but overall it performs well.

    What do I think about the scalability of the solution?

    SentinelOne Singularity Endpoint is scalable and easy to scale. We simply deploy it and it scales itself.

    Scaling out might be a concern, but I have not had a need to scale down, so this has not been an issue.

    How are customer service and support?

    I am not currently in touch with technical support for SentinelOne Singularity Endpoint as I am in the early deployment phase and am learning and brushing up on the platform myself. My peers have had interactions with technical support, and they have reported that it is excellent. Technical support is overall very strong, and though I do not have direct contact with them, the feedback I have received has been positive.

    Which solution did I use previously and why did I switch?

    I previously used Quick Heal Endpoint and Quick Heal EPS, which were not sufficient for our advanced threat protection needs. We switched to SentinelOne Singularity Endpoint because of these limitations.

    How was the initial setup?

    SentinelOne Singularity Endpoint is fairly straightforward to set up and has an intuitive user interface. A clear vision of your security policies is necessary, and a phased rollout is recommended. You cannot roll out the solution to everyone at once as it might impact many people simultaneously. A phased approach with policies tailored to your organization works best.

    What's my experience with pricing, setup cost, and licensing?

    The cost of SentinelOne Singularity Endpoint is reasonable and appropriate for the features it provides. It is not too expensive or cumbersome. However, it would be beneficial if they could provide a free trial at some point.

    Which other solutions did I evaluate?

    I was considering Trend Micro Vision One  as an alternative option, but SentinelOne Singularity Endpoint stood out.

    I was evaluating Trend Micro Vision One  and determined that SentinelOne Singularity Endpoint was the better option for my use case with one of my particular clients. As a consultant at a service-based firm, my role is to advise organizations on what will suit them best. For that particular client, this was the optimal choice, though other clients might benefit from different options. SentinelOne Singularity Endpoint was one of my top considerations for endpoint security along with Microsoft Defender for Endpoint  for Windows-only environments.

    What other advice do I have?

    SentinelOne Singularity Endpoint is a SaaS-based platform that I deployed on-premises. I would rate this solution a ten out of ten.

    ABUZAR KHAN

    Automated detection and response have reduced investigations and protect endpoints in real time

    Reviewed on Jul 07, 2026
    Review provided by PeerSpot

    What is our primary use case?

    My main use cases for SentinelOne Singularity Endpoint  are endpoint detection and response, real-time threat prevention, and incident investigations. It helps us protect laptops, desktops, and servers from malware, ransomware, and other advanced threats while providing centralized visibility into endpoints and their activity. I also use its automated remediation capabilities to quickly isolate infected devices, roll back ransomware where applicable, and reduce the manual response effort.

    I can provide a specific example of how my team used SentinelOne Singularity Endpoint  in a real situation. We received an alert from SentinelOne Singularity Endpoint indicating suspicious PowerShell activity on an employee's laptop. The platform correlated the behavior with a malicious Office document that had launched the script attempting to download additional payloads. SentinelOne automatically killed the malicious process, quarantined the file, and isolated the endpoint from the network to prevent lateral movement. Using the process timeline, the security team quickly identified the root cause, confirmed that no other endpoints were affected, removed the malicious document, and returned the device to service. The entire incident was contained within minutes without any ransomware encryption or data loss.

    I have many use cases for SentinelOne Singularity Endpoint.

    How has it helped my organization?

    Since deploying SentinelOne Singularity Endpoint, I have seen faster threat detection and response, better visibility across our endpoints, and less time spent investigating security incidents. The automated containment and remediation features have reduced manual work for our security teams, and the centralized console has made it easier to monitor endpoint health and respond to threats.

    I have seen faster detection with better context. Keeping our most critical security incidents in mind, the biggest improvement has been reduced investigation time thanks to the storyline features and automated remediation, allowing analysts to focus on the higher-priority security alerts.

    What is most valuable?

    The best features SentinelOne Singularity Endpoint offers that stand out to me the most are its behavioral AI detection, automated response capabilities, and detailed incident visibility. The storyline features, in particular, give a response timeline, while the process storyline makes it much easier to investigate the incident and understand exactly what happened.

    SentinelOne Singularity Endpoint has behavioral AI detection, automated remediation and ransomware rollback, network isolations, storyline technology, threat hunting, remote response, and centralized management as the main features.

    What needs improvement?

    SentinelOne Singularity Endpoint can be improved in some areas. The management console can be complex for new users, and some advanced features require a learning curve to use effectively. Organizations with large environments may also want more flexible reporting and dashboard customization. While false positives are generally low, behavioral detection can still require analyst review and tuning to reduce unnecessary alerts.

    I would like to see more customizable dashboards for executive reporting, simpler policy management and reduced false positives, faster support response times, deeper native integrations, more granular permissions, and easier onboarding and training.

    For how long have I used the solution?

    I have been working in my current field for the last one year.

    I have been using SentinelOne Singularity Endpoint for one year.

    What do I think about the stability of the solution?

    SentinelOne Singularity Endpoint is generally stable and reliable.

    What do I think about the scalability of the solution?

    SentinelOne Singularity Endpoint has good scalability, ranging from small deployments to large enterprise environments. The cloud-based management model makes it easier to onboard, manage, and monitor large numbers of endpoints without needing additional backend infrastructure.

    How are customer service and support?

    Customer support for SentinelOne is generally good, with knowledgeable technical teams and useful resources for troubleshooting and deployment questions.

    Which solution did I use previously and why did I switch?

    I previously used another endpoint security solution and switched to SentinelOne Singularity Endpoint because I needed stronger behavior detection, faster incident response, and better automations. The previous solution provided basic endpoint protection.

    What was our ROI?

    I have seen a return on investment from SentinelOne Singularity Endpoint. The main value has come from reducing manual security operations, improved incident response time, and consolidating multiple endpoint security tools into one platform.

    What's my experience with pricing, setup cost, and licensing?

    My experience with pricing, setup cost, and licensing is that the licensing model was relatively straightforward and cost-effective compared to my past solutions.

    Which other solutions did I evaluate?

    Before choosing SentinelOne Singularity Endpoint, I evaluated several endpoint security solutions including Microsoft Defender for Endpoint  and CrowdStrike.

    What other advice do I have?

    My advice to others looking into using SentinelOne Singularity Endpoint would be to clearly define your security goals and how SentinelOne Singularity Endpoint would fit into your existing security operations and deployment. I would rate this product a 9 out of 10.

    reviewer2869185

    Automated threat detection has reduced response times and has restored critical files from attacks

    Reviewed on Jul 07, 2026
    Review from a verified AWS customer

    What is our primary use case?

    My main use case for SentinelOne Singularity Endpoint  is to use the VSS Shadow Copies, which help us regain access to files that are deleted or modified by threats.

    Once in our network, there was an attack, something similar to ransomware, which affected files in our endpoints. VSS stores the shadows of every file and takes a backup every four hours. I used the ShadowExplorer app to re-export those files and gain access to those deleted, quarantined, or modified files.

    What is most valuable?

    SentinelOne Singularity Endpoint  is very useful because it has lightweight agents and a single agent works on multiple platforms including Identity, EDR, XDR , DLP , firewall control, and device control.

    It has the capability to showcase the telemetries gathered from all the endpoints or devices in the network and shows every attack chain in the XDR  dashboard.

    Normal detection does not show which back-end process or child process is malicious. By using the telemetry and the attack chains in the graph, I can explore more about how the attack is progressing in our environment, from which application to which process, which registry changes, which domains, or hosted IPs are working in the back end.

    Singularity  Endpoint's AI capabilities help us detect more advanced threats in our environment, and it helps us gain less time to respond to those attacks. I use Purple AI  to create multiple reports and can ask anything to generate reports or logs.

    It provides mostly accurate results.

    SentinelOne Singularity Endpoint is deployed in our organization in a public cloud. It can integrate with multiple third-party solutions which help us gain multiple logs from across the network, including firewall and SIEM . It helps us detect faster and hidden threats.

    It did help us consolidate our security solutions. We can manage multiple tools including next-gen SIEM , identity security, cloud security, EDR, and XDR in a single platform with a single agent, so we do not need to manage multiple products.

    I use the Ranger functionality in SentinelOne. It provides full visibility of both unprotected and protected devices. It also helps push the agent directly to unprotected devices, which is very important.

    Singularity  Complete has helped reduce alerts.

    It saved much more time because we can take action on multiple solutions from a single management console.

    Mean Time to Detect is reduced by fifty percent.

    Mean Time to Respond is reduced by forty percent.

    SentinelOne Singularity is used mostly for its detection models, AI engines, and machine learning engines, and it has the capability to run multiple tools in a single platform.

    What needs improvement?

    Its agent gets offline multiple times, mostly in Windows 7 which has legacy versions.

    I chose nine out of ten for SentinelOne Singularity Endpoint because the endpoint is getting offline multiple times. Sometimes the firewall policy and device control policies are not working properly, so they need to work on this part.

    For how long have I used the solution?

    I have been using SentinelOne Singularity Endpoint for four years.

    What do I think about the stability of the solution?

    SentinelOne Singularity Endpoint is a stable tool.

    How are customer service and support?

    Customer support is good.

    Which solution did I use previously and why did I switch?

    I used Trend Micro Endpoint Security , which is very complex to use in the management console.

    After changing from Trend Micro, we are observing fewer attacks.

    There are multiple positive changes. Trend Micro's agent is very heavy and consumes more CPU, RAM, and storage. SentinelOne has a lightweight agent that also helps us regain the quarantined or modified files affected by viruses. Trend Micro does not have that feature.

    What was our ROI?

    I have seen a return on investment.

    What's my experience with pricing, setup cost, and licensing?

    The pricing and setup costs are not high but in the medium range.

    Which other solutions did I evaluate?

    I evaluated other options, which are CrowdStrike and Cortex XDR .

    What other advice do I have?

    I gave this product a review rating of nine out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Likhith Varma

    Centralized threat hunting has improved incident response and now reduces investigation time

    Reviewed on Jul 01, 2026
    Review from a verified AWS customer

    What is our primary use case?

    I am currently working with SentinelOne products, specifically SentinelOne EDR and AI SIEM  solutions. I have been working with SentinelOne Singularity Endpoint  for the past nine months.

    My use cases for SentinelOne Singularity Endpoint  involve integrating multiple log sources from clients into a centralized platform. The platform has predefined rules, and I write custom rules based on threat hunts we are conducting. I analyze threats and alerts triggered by the platform to understand and respond to security incidents.

    I work with the Ranger functionality for network and asset visibility in SentinelOne Singularity Endpoint.

    SentinelOne Singularity Endpoint helps consolidate my security solutions in a different way than other products on the market. It offers new perspectives regarding threat fingerprinting and handling certain aspects of security. There are some limitations, but it is a growing product, and the team has made significant improvements since I joined, with new features continuously being developed.

    What is most valuable?

    The best aspect of SentinelOne Singularity Endpoint is its integration with AI, which provides initial analysis of alerts. It gives an overview of what the alert or threat is about and provides insight into what is happening.

    SentinelOne Singularity Endpoint's ability to ingest and correlate across security solutions is valuable because it correlates data from the EDR module with custom rules I have defined. This correlation provides a complete overview of the incident and the overall capability.

    SentinelOne Singularity Endpoint has helped me reduce alerts by correlating multiple data sources and grouping related alerts. This grouping makes it easier to investigate multiple incidents simultaneously.

    SentinelOne Singularity Endpoint helps save time and free up my staff for other projects and tasks. It provides a brief description of each alert, which reduces investigation time so my team can focus on other priorities and increases overall productivity.

    SentinelOne Singularity Endpoint has reduced my average MTDD and MTTR. The platform detects threats quickly, lowering the Mean Time to Detect, and provides brief alert descriptions that help close incidents faster, improving overall MTTR.

    What needs improvement?

    When retrieving results for logs in the AI SIEM  of SentinelOne, there is a limitation where I can download up to 10,000 columns at a time, and the same constraint applies to vulnerability data. This product limitation needs improvement in future updates.

    I would like to see these limitations removed in SentinelOne Singularity Endpoint. Additionally, the device control feature needs improvement. The EDR is solid, but there are several areas where the quality of work could be enhanced.

    For how long have I used the solution?

    I have been using SentinelOne Singularity Endpoint for the past 9 months.

    What do I think about the stability of the solution?

    SentinelOne has not presented many stability issues. However, when searching for long-range queries, such as logs spanning three to four months, the platform sometimes takes extended time to retrieve the logs. Other than this, I have not encountered significant stability problems with the product.

    What do I think about the scalability of the solution?

    I find SentinelOne Singularity Endpoint scalable.

    How are customer service and support?

    I am aware of SentinelOne's tech support team. When I encounter agent issues, I create support cases, and the team usually provides a very good response with rapid turnaround. The support is available around the clock.

    Which solution did I use previously and why did I switch?

    I have used other tools apart from SentinelOne, including CrowdStrike, Microsoft Sentinel , Microsoft Defender, and Carbon Black.

    Having worked with tools like Defender and CrowdStrike, I can identify key differences in both pros and cons of SentinelOne. In Defender, you have limited information related to events, but in SentinelOne Singularity Endpoint, you have everything. When hunting on a specific device, you get all events including device events, network events, IP connections, and separate indicators to identify any indicators of compromise. SentinelOne has done significant work correlating these data points and keeping them separate so I can check each category independently while investigating alerts.

    How was the initial setup?

    I am not certain how SentinelOne Singularity Endpoint was initially set up because the organization had been using it for the past five or six years before I recently joined them.

    What about the implementation team?

    With new clients, I have not encountered many problems. From the EDR perspective, I did face some challenges related to SentinelOne Singularity AI SIEM  where I had to find new ways of integrating all log sources, but I experienced nothing from the EDR perspective.

    Which other solutions did I evaluate?

    Purple AI  plays a role in amplifying team knowledge and is quite effective in my environment. For example, when I receive an alert and want to see surrounding activities, if I am a person with no prior knowledge of SentinelOne Singularity Endpoint, building the query would be difficult to get new context and results. Purple AI  helps by allowing me to provide a normal query or prompt, and it generates the query along with the results.

    The key benefits from using SentinelOne Singularity Endpoint are that I have everything in a single platform. I have Ranger, the EDR module, AI SIEM, Purple AI to retrieve results, and vulnerability capabilities. I can correlate a single threat with all of these components to get a clear picture of what is happening in the environment.

    What other advice do I have?

    I am using the SaaS deployment model for SentinelOne.

    Ranger is important because it gives me visibility into how many devices in my network are unprotected. It provides security posture information showing how many detections exist, how many devices are protected, and how many are not. It gives an overview of what devices need protection and allows me to review why certain devices are not protected and identify any limitations.

    The company name is SentinelOne.

    I use Purple AI in SentinelOne.

    Purple AI is an AI developed by SentinelOne that helps me correlate or build queries for those who have not used SentinelOne Singularity Endpoint before. It also provides information about the product without sharing confidential information. SentinelOne has a policy ensuring that all data and queries are kept internally and not shared with any third party.

    Regarding workflow, Purple AI helps overall in my day-to-day operations by assisting with how alerts are triggered, retrieving results for alerts, providing alert descriptions from connected devices, and helping mitigate threats. I gave this review a rating of 8 out of 10.

    Dinesh Yadav

    Security monitoring has improved and current endpoint deployments run smoothly for customers

    Reviewed on Jun 26, 2026
    Review provided by PeerSpot

    What is our primary use case?

    I use SentinelOne Singularity Endpoint  for my customers.

    I help our customers implement SentinelOne Singularity Endpoint  because its initial setup is straightforward and not complicated. However, there are cases where they are not integrated with Active Directory, so I assist them by sending the link or email to the end user so they can download the agent, and the rest can be done through the console.

    My customers purchase SentinelOne Singularity Endpoint from us. I place the order with SentinelOne distributors because local support is more important for customers, and they want to be locally supported by resellers or vendors. If you buy from AWS , then there will not be any support.

    What is most valuable?

    My experience working with SentinelOne Singularity Endpoint has been fantastic.

    The most valuable features I have found in SentinelOne Singularity Endpoint are MITRE ATT&CK, continuous monitoring, and threat vectors.

    What needs improvement?

    The drawbacks I have identified with SentinelOne Singularity Endpoint are that they should work on being more responsive than CrowdStrike. CrowdStrike has a very strong team here in the Middle East and they are very frequently available to discuss any kind of issues or challenges. In comparison to these, they are a bit slow.

    I think in the next release of SentinelOne Singularity Endpoint, they should be working on a SIEM  solution so that customers can have data logs for 30 days or 90 days.

    SentinelOne Singularity Endpoint's R&D team should learn from CrowdStrike's approach, looking at the technologies that protect endpoints, customer protection, and providing extra features that customers can utilize and be loyal to them. For example, CrowdStrike gives seven days data retrieval for end users in the SIEM  without any charges. If SentinelOne does something similar, they might gain more loyalty and more customers.

    For how long have I used the solution?

    I have been dealing with SentinelOne Singularity Endpoint for more than five to six years.

    What do I think about the stability of the solution?

    When it comes to functionalities and performance, SentinelOne Singularity Endpoint is fine, and there are not many issues with SentinelOne Singularity Endpoint products once deployed.

    How are customer service and support?

    I would rate their technical support around a nine out of ten. Every solution has some kind of drawback, but it is a pretty good score.

    How was the initial setup?

    Its initial setup is straightforward and not complicated. However, there are cases where they are not integrated with Active Directory, so I have to assist them by sending the link or email to the end user so they can download the agent, and the rest can be done through the console.

    What's my experience with pricing, setup cost, and licensing?

    I find SentinelOne Singularity Endpoint's pricing to be competitive because if I look at the pricing of CrowdStrike, they are competitive to CrowdStrike.

    Which other solutions did I evaluate?

    I cannot say SentinelOne Singularity Endpoint is the best option on the market at the moment, but I can say it is the second best. If I look at CrowdStrike, they have many other features and come with various other solutions including identity protection, SIEM, data protection, and firewall management. In terms of technology, SentinelOne is doing good and very competitive in the market, but CrowdStrike is still ahead of them.

    What other advice do I have?

    I have not gone through SentinelOne Singularity Endpoint's Purple AI  that much. I believe it is an AI feature. It is similar to all other AIs where you can ask questions about technical issues or challenges through the portal and it can access security, indicating if any configuration is missing or if there are any attacks or vectors, or if some users are inactive for longer periods. This can help them keep track of users in case some are offline for longer days or if their agent has not been updated. I would rate this review an eight out of ten.

    View all reviews