Sold by: SentinelOne
Deployed on AWS
Vendor Insights
Unlock enterprise-wide security for your AWS environment with SentinelOne Singularity Platform. This AI-powered solution provides real-time threat detection and automated response across your infrastructure, ensuring continuous protection at infinite scale. By autonomously securing endpoints, cloud workloads, and identity, SentinelOne delivers total visibility while eliminating security silos. Integrate seamlessly with AWS and leverage our unified data lake and Purple AI to accelerate investigations and gain deeper insights. Secure your AWS cloud and focus on innovation with the speed and efficiency of AI.
4.6
Overview
The SentinelOne Singularity Platform is the industry's first AI-powered security solution for the modern enterprise, offering a unified defense across your entire infrastructure from endpoints and cloud workloads to identity. As cloud adoption accelerates, traditional, siloed security tools create complexity and leave gaps in protection. Our platform consolidates multiple security capabilities into a single, intelligent solution, providing AWS customers with real-time visibility and autonomous protection to simplify security operations and reduce risk.
Core Capabilities & Benefits
Autonomous Protection: Singularity Platform is designed for customers seeking enterprise-wide protection, detection, and response capabilities, augmented by the intelligence and speed of advanced AI and automation. SentinelOne's Singularity Platform protects thousands of customer environments, including Amazon cloud workloads, across the globe.
Unified Visibility: Break down data silos and security tool sprawl. Using patented Storyline™ technology, the platform automatically correlates and contextually groups related events into a single attack story, providing a consolidated view for faster investigation and response within our unified data lake.
Extended Detection & Response (XDR): Gain a complete, correlated view of the full attack story across endpoints, identities, and cloud workloads. Our XDR solution provides the context needed to understand and respond to threats at machine speed.
Cloud Workload Protection Platform (CWPP): Secure your AWS compute resources from runtime threats. Our Singularity Cloud Workload Security delivers real-time, AI-powered threat detection and response for Amazon EC2 instances, EKS clusters, and AWS Fargate. It provides deep visibility into vulnerabilities and configuration risk while autonomously blocking malware, ransomware, and fileless attacks without disrupting production performance.
Identity Threat Detection & Response (ITDR): Proactively defend against credential theft, privilege escalation, and lateral movement attacks across hybrid environments. Our solution provides continuous monitoring and protection for Active Directory and leading cloud identity providers, including Entra ID, Okta, Ping, SecureAuth, and Duo, ensuring identity infrastructure remains secure.
Accelerated Incident Response with Generative AI: Purple AI, our generative AI security analyst, acts as a force multiplier for your security team. It automates threat hunting, provides instant summaries of complex incidents, and accelerates investigations, allowing your team to focus on strategic initiatives.
Seamless Integration with AWS Services
The SentinelOne Singularity Platform is designed for seamless integration into your existing AWS environment. We provide bidirectional integrations for AWS Security Hub and Amazon CloudWatch, ensuring your security findings are centralized and actionable. Additionally, our AI-powered malware scanning for Amazon S3 protects sensitive data while maintaining compliance, helping you maximize your AWS investment and enhance your overall security posture.
How to Get Started
Secure your AWS cloud and focus on innovation with the SentinelOne Singularity Platform. Simply click on the Request private offer button at the top of this page to begin your procurement process.
Highlights
- 338% three-year ROI for SentinelOne customers using Purple AI, included with SentinelOne Singularity Platform Complete
- 96% of Gartner Peer Insights™ EDR reviewers recommend SentinelOne Singularity
- 5-Consecutive Year Gartner® Magic Quadrant™ Leader for Endpoint Protection Platforms
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Access real-time vendor security and compliance information through their Trust Center powered by Drata or Vanta. Review certifications and security standards before purchase.
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(1)
FedRAMP
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/month |
|---|---|---|
Custom Pricing and Packaging | Contact SentinelOne for custom pricing and packaging including Private Offers | $10,000.00 |
Vendor refund policy
Refunds available as required by law.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
Multiple support options available. Email support available: support@sentinelone.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By SentinelOne
By Trellix
By Vectra AI
Top
10
In Generative AI, Security Observability
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
AI-Powered Threat Detection and Response
Real-time threat detection and automated response capabilities augmented by advanced AI and automation across endpoints, cloud workloads, and identity infrastructure.
Cloud Workload Protection
Runtime threat protection for Amazon EC2 instances, EKS clusters, and AWS Fargate with autonomous blocking of malware, ransomware, and fileless attacks.
Extended Detection and Response
Correlated view of full attack stories across endpoints, identities, and cloud workloads using patented Storyline technology to automatically correlate and contextually group related events.
Identity Threat Detection and Response
Continuous monitoring and protection against credential theft, privilege escalation, and lateral movement attacks across Active Directory and cloud identity providers including Entra ID, Okta, Ping, SecureAuth, and Duo.
Generative AI Security Analysis
Generative AI security analyst that automates threat hunting, provides incident summaries, and accelerates investigations through machine-speed analysis.
Multi-Source Threat Data Integration
Correlates security events from Trellix Security Platform and over 500 third-party tools including 13 AWS integrations to create unified threat visibility across the security stack.
AI-Driven Alert Triage and Prioritization
Applies artificial intelligence-driven analytics to perform 100% alert triage, prioritize threats, and provide GenAI-powered insights for threat investigation and remediation guidance.
No-Code Automation for Investigation and Response
Provides UI-driven, point-and-click automation capabilities to offload repetitive security operations tasks and accelerate investigation and response workflows.
Pre-Built Analytics and Correlation Rules
Ingests data from multiple sources and correlates events using pre-built analytics and rules to reconstruct complete attack narratives and reduce manual investigation pivots.
Multi-Deployment Architecture Support
Supports cloud, hybrid, and air-gapped deployment models with an open integration ecosystem for flexible security infrastructure configurations.
Multi-Domain Attack Detection
AI-powered detections that expose attacker activity across network, identity, and cloud environments including data centers, campuses, remote work, IoT/OT, AWS, Microsoft Active Directory, Microsoft Entra ID, Microsoft Azure, and Microsoft 365.
Automated Alert Triage and Correlation
AI agents that automatically triage, stitch, and prioritize attacks in real time, removing up to 99% of alert noise and reducing manual task time by up to 50%.
Unified Investigation and Response Interface
Centralized response user experience that enables discovery, hunting, detection, investigation, and automated response capabilities with aggregated and contextualized views of attack progression across network, identity, and cloud.
Network Detection and Response
Dedicated network detection and response (NDR) module for monitoring and detecting malicious activity across network infrastructure.
Multi-Cloud and Identity Platform Coverage
Modular architecture supporting AWS, Microsoft Azure, Microsoft 365, Microsoft Active Directory, and Microsoft Entra ID with configurable metadata retention periods ranging from 14 to 90 days.
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
-
-
-
-
-
No security profile
No security profile
Standard contract
No
No
No
Customer reviews
Ravishankar KumarPatel
Holistic security monitoring has reduced detection time and streamlines incident response
Reviewed on Jun 18, 2026
Review from a verified AWS customer
What is our primary use case?
I work with SentinelOne Singularity Endpoint 's complete Singularity Lake, which includes XDR , SIM, and everything integrated together.
I normally use SentinelOne Singularity Endpoint for endpoint management, with the EDR setup to get data from my endpoints. As an MSSP , I receive alerts and incidents and work on securing endpoints.
For mean time to detect, we promise less than 15 minutes for critical activity as an MSSP . This obviously depends on how good the platform is, and we commit to less than two hours for resolution. Obviously, this depends on many factors beyond what you can do from the platform. As an MSSP, you need to be very mindful that there are company resources which make the final call on whether to block something or not, whether it's malicious but still needed for that particular environment. So I normally commit to 15 minutes for MTTD and less than two hours for MTTR.
What is most valuable?
I think over the last one and a half years they have been improving significantly. Prior to that, they were also a very good product. In the market, there are hardly three products I can name: SentinelOne, CrowdStrike, Defender for Endpoint, and a bit of Cortex , but I am not that impressed with that product. These are the three major products that are doing very well in terms of their active EDR engine where you get the storyline correct—what exactly has happened, the parent process, child process, command line arguments. You get everything in a single fetch. Now with Purple AI , I think you get everything. Even an L1 engineer does not need to do anything complex. They can just write in natural language and get the details they need.
I think SentinelOne Singularity Endpoint presents a very holistic picture of an alert. Their enrichment layer is quite great. Once you get an alert, you get the complete process around it: how the parent process has started, which child process it has enabled, what kind of command line arguments or modifications have been done, what kind of scheduled task has been created, what kind of network connection you have, and what kind of file activity has occurred. You get everything in a single view.
In terms of their XDR , the consolidation is quite good. They have their own SIM and everything as well. The consolidation point has improved a lot, and you get everything under a single umbrella. This makes life much easier for MSSPs like me to manage a particular customer.
I think a few things are the confidence level you get in an alert. You get that very straightforward, so it is easier and you do not need to worry about it. The second thing is the automation level within the platform. Your alerts lifecycle has false positives reduced dramatically. You get all these features, and they help a lot. Also, the biggest factor is when I am opening SentinelOne Singularity Endpoint and presenting to a customer, the question is whether I can get a complete story of what has happened. That is where the most fatigue happens. When an alert occurs, people have to reach out to multiple sources to find out what exactly has happened. I think the story completeness is quite great with SentinelOne Singularity Endpoint.
The biggest problem for any organization is their L1 layer. That is where you spend more time when you get an alert, determining what exactly happened and whether it should be converted to an incident or whether it is a false positive or a true positive. Now with Purple AI and their LLM module, it is quite easier for the L1 engineers. The fatigue is quite low, and the alert to incident ratio has improved quite a bit. You know what is coming and what is not, and the L1 can add more value than they normally did before. Your load becomes easier on the L1 engineer, and obviously you can cut your costs there as well because one person can do more work. You do not need to teach any new language to manage SentinelOne Singularity Endpoint. As an MSSP, we can utilize the same L1 for multiple providers.
Since the enrichment layer is great and we get the data properly with deep visibility and the storyline is complete, the dashboarding is quite decent. You can make the call quite faster, and resolution time has decreased significantly.
The Purple AI features are notable. One of the most notable features is that you get a complete summarized alert. This works for someone who is not a great security L1 professional who has just joined from college or even for a more experienced professional who wants to see much data. You also get your AI verdict, indicating whether something is a true positive or false positive, so you get validation from AI. You get community verdict as well. If someone else has seen those alerts, you also see if there are similar alerts happening 1000 plus times, 10,000 plus times, or even just twice, or if it is only a standalone alert. Apart from that, you get a complete summary of what has happened, where it has happened, and why it has happened. You get complete details about what exactly has happened in a single click. So I think this makes life much easier for a respondent.
The two things that are top of my mind are Purple AI and the consolidation. What you get is detailed reporting and detailed RCA as well from them. The third thing is the storyline and complete visibility of what has happened and the complete flow of a particular attack vector. You get that very properly in SentinelOne Singularity Endpoint.
In terms of advantages, I think I will still use the AI visibility and the storyline. Most of the EDR providers use the same capabilities. Everyone has similar feature sets and everyone has been rated by ISG or other organizations. The end of the story that matters for every end customer or a provider like me is how well I can use it without getting too complicated. I have multiple stacks that I manage in my day-to-day, so how well their dashboard is, how well they are able to tell me the story around it, what exactly has happened, how exactly it happened, and how well they let me customize it matters. I think that is where SentinelOne Singularity Endpoint stands out. They are doing quite great there. At the same time, the Purple AI feature is much better. Imagine going for Copilot, which is a generic AI platform not specific to security. You may need to train it and work around it to get the exact responses you want. Apart from that, you pay for it, and you have to integrate it with your XDR or SentinelOne Singularity Endpoint, which creates lots of complications. When you get SentinelOne Singularity Endpoint, it is easier. Purple AI is already built into it, so you do not have to worry about it. You just buy it and can use it from day one.
What needs improvement?
I think they are doing pretty decent. The only thing is that once you are competing with someone like Microsoft and CrowdStrike, I think the investment should be slightly more in terms of a holistic view. Their threat feed is also limited. You get a very vast threat feed, but again it is not as mature as you get from a CrowdStrike or Microsoft stack. I think that is where they can look at it. Threat hunting is also something they do, so I think they can improve there as well. I think everyone is almost similar in that regard, so I think the rest of everything looks fine.
In terms of pricing, SentinelOne is slightly cheaper than CrowdStrike and Microsoft from what I have seen. Obviously, it is costlier than Sophos and a few other providers, but cheaper than those two. Deployment-wise I think it is there. I think the only thing is that Microsoft offers some free deployments to their customers with ECF funding and other options. I think that is something which Microsoft, being a bigger partner, has. Otherwise, I think they are doing good.
Regional availability is there, and I do know they are in most locations. In terms of compliance, there are some locations where I have seen them saying they still host on the US or EMEA region. I think the regional maturity is something they need to improve. I think otherwise, everything they are doing is quite good.
For how long have I used the solution?
I have been using SentinelOne Singularity Endpoint for three to four years now.
What do I think about the stability of the solution?
I have not experienced any stability issues.
What do I think about the scalability of the solution?
It is a very scalable environment. We have some large deployments on SentinelOne Singularity Endpoint, so the environment is very stable.
How are customer service and support?
As a service provider, we manage most of the discussion in-house. Whenever we reach out to them, we get a very good response from them.
Which solution did I use previously and why did I switch?
I think SentinelOne Singularity Endpoint is quite straightforward. They have been in the market, so the deployment and initial setup is quite easy. It is not a very tricky task and is very mature.
How was the initial setup?
I think SentinelOne Singularity Endpoint is quite straightforward. They have been in the market, so the deployment and initial setup is quite easy. It is not a very tricky task and is very mature.
What about the implementation team?
We purchased directly from SentinelOne.
What was our ROI?
As an architect, I do not work directly on ROI, but I think it is understood.
What's my experience with pricing, setup cost, and licensing?
Which other solutions did I evaluate?
SentinelOne Singularity Endpoint sells on a SaaS model. For us, it does not matter whether it is AWS or Azure, but we work with Azure, AWS, and everything.
What other advice do I have?
The ask is always simple from a customer standpoint. What exactly do you want to achieve, and what exactly is your problem base? Take a call in terms of what makes your life easier rather than having a very fancy-looking product and still having to learn a new technology or hire a new set of people. I think that is the concern most companies have. So just go for a genuine product which does serve the purpose and at the same time gets you out of the situations. I would rate this product and experience a 9 out of 10.
Madugundu Ravi
Real-time behavioral protection has reduced false positives and cuts response from hours to minutes
Reviewed on Jun 17, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for SentinelOne Singularity Endpoint is managing threats and other security measures day-to-day.
Basically, the extensions that I am working on are focused on threat level and investigation level with SentinelOne detection response.
Regarding my main use case with SentinelOne Singularity Endpoint , I have many options to take control from SentinelOne Singularity Endpoint such as disconnecting for troubleshooting.
What is most valuable?
In my experience, the best features SentinelOne Singularity Endpoint offers are designed to protect.
What stands out to me regarding its real-time threat detection, automated response, or ease of use is that we have truly real-time protections, which we can call behavioral threat protection.
The behavioral detection helps my team in day-to-day operations by enabling us to take immediate action.
Another feature I think is worth mentioning is a new feature called VSS snapshot.
SentinelOne Singularity Endpoint has impacted our organization positively, mainly through cost savings compared to other endpoints.
Regarding cost savings, we can compare SentinelOne with other EDR solutions, and I find that SentinelOne is less costly while also having a higher security level for endpoints.
What needs improvement?
For improvement, I could say that there is a report level which needs to be improved at the endpoint level.
Regarding SentinelOne Singularity Endpoint's AI capabilities, I think it would be very good if we have more AI capability for endpoint level governance, which we currently possess.
The accuracy and reliability of SentinelOne Singularity Endpoint's AI output provide quick information about threats and their management, making it reliable very often for us.
For how long have I used the solution?
I have been working for almost nine years in cybersecurity.
What do I think about the stability of the solution?
SentinelOne Singularity Endpoint has been stable in my experience.
What do I think about the scalability of the solution?
Its scalability is very good; it has been easy to manage.
How are customer service and support?
Customer support for SentinelOne Singularity Endpoint is very good, but I think there needs to be more improvement in the support level to ensure proper responses for customers, especially during session requests.
Which solution did I use previously and why did I switch?
Previously, we used McAfee, and we wanted to switch to SentinelOne to see how it would protect our endpoint.
How was the initial setup?
Based on my experience so far, I believe it is fine now, as I already mentioned regarding improvements needed.
What about the implementation team?
I purchased SentinelOne Singularity Endpoint through the AWS Marketplace .
What was our ROI?
I have seen a return on investment in terms of money saved as well as time saved.
It has saved a lot of time for us, allowing us to reduce the time previously spent by our team, which was two to three hours.
SentinelOne Singularity Endpoint has completely reduced our Mean Time to Detect (MTTD), which has changed from the usual eight hours down to two to three hours.
It has improved our Mean Time to Respond (MTTR) significantly; while we used to take two to three hours, SentinelOne Singularity Endpoint can manage it within minutes, hardly ten to fifteen minutes.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing has been good, and I feel it is very much fine compared to other EDR solutions.
Which other solutions did I evaluate?
Before choosing SentinelOne Singularity Endpoint, I evaluated other options, including CrowdStrike.
What other advice do I have?
The advice I would give to others looking into using SentinelOne Singularity Endpoint is that it saves money and enhances the protection level; it is also very good for saving time on analysis tasks.
Singularity Complete has helped us consolidate our security solutions and it has been completely secured at the endpoint level, which is very good for us.
We use SentinelOne Singularity Endpoint's Ranger functionality for asset visibility, which is important for our endpoint protection level and to assess the health and status of security.
Singularity Complete has reduced alerts significantly; we used to get many alerts but now we are getting very few, and those are true positives only while previously we experienced many false positives.
I would rate this solution nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Onkar Yenare
Autonomous threat detection has reduced alert fatigue and improves endpoint protection
Reviewed on Jun 10, 2026
Review provided by PeerSpot
What is our primary use case?
I deploy SentinelOne Singularity Endpoint agents on my client's servers and other endpoints to secure those systems.
What is most valuable?
SentinelOne Singularity Endpoint offers the best features in the market at an affordable rate, providing a secure solution. The easy-to-understand user interface and Purple AI are standout features.
Correlation is important, and I have correlated SentinelOne Singularity Endpoint with other types of devices and created several correlation use cases, making it feasible to create multiple correlating use cases.
It helps secure my infrastructure because it has a very fast response. The moment it detects a vulnerability or any threat malware on any file, it creates an alert and quarantines that file automatically, proving very reliable and saving significant time.
It does help reduce alerts. Although it generates many false positive alerts initially, when managed properly by deploying custom use cases, it detects only the required alerts, saving considerable time by marking only true positive alerts.
SentinelOne Singularity Endpoint is a fully AI-based model, negating manual tasks and allowing me to save considerable time to manage other priorities.
It saves a lot of time by detecting alerts in real-time and automatically quarantining malicious files.
It does help reduce my organization's mean time to detect.
I have used the Purple AI feature that SentinelOne Singularity Endpoint provides quite extensively.
I have used Purple AI for identifying IOCs on my client infrastructure. Regarding data privacy, I do not rely on external LLMs like ChatGPT or Claude due to potential misuse of my valuable data. Purple AI, being SentinelOne Singularity Endpoint's in-house automated intelligence, is much more reliable from a data privacy perspective.
Purple AI has been very effective for my team, providing various features including the Copilot feature, which allows me to identify many non-present IOCs quickly and retrieve information in a very fast manner, saving considerable time.
It provides IOCs, which are a form of threat intelligence. By utilizing Purple AI, I am effectively preventing my clients from various forms of threats.
For Security Operations, it saves considerable time by performing quarantine automatically whenever a threat is detected.
The biggest benefit SentinelOne Singularity Endpoint brings to my particular customer is its fully autonomous capabilities, automating threat detection and auto-remediation rules, making it efficient.
What needs improvement?
I feel that the custom dashboard feature is absent in SentinelOne Singularity Endpoint, as I can only use a default dashboard. Additionally, for clients with large infrastructures of over a thousand endpoints, resource consumption can become high, which could be improved.
For how long have I used the solution?
I have been using SentinelOne Singularity Endpoint for more than a year.
What do I think about the stability of the solution?
There have not been any issues regarding stability. It is fully scalable, allowing me to scale up or down as needed.
What do I think about the scalability of the solution?
Regarding performance, I have faced some resource consumption issues for one particular client with a huge infrastructure. However, customer support resolves issues within the day, so I do not worry much about finding solutions.
How are customer service and support?
The customer support team is very good at responding to queries on the same day. I would rate them ten out of ten in customer support.
How was the initial setup?
I feel it is very easy to install SentinelOne Singularity Endpoint on any endpoint, as it just takes a few seconds to deploy and install the agent.
What's my experience with pricing, setup cost, and licensing?
I am aware of the pricing module for SentinelOne Singularity Endpoint, although I am not the person handling it directly.
The cost for SentinelOne Singularity Endpoint depends on a per-device basis, charging around eight to ten dollars per month per device, which can be multiplied by the number of devices I want to deploy.
It is very cost-effective compared to other solutions, as SentinelOne Singularity Complete is not that expensive and has an aggressive price point.
What other advice do I have?
I feel that in a week, for a particular client, five to seven alerts are generated. Out of those, if I estimate seven alerts, three would be suspicious, two false positives, and the remaining two or three would be true positives. I feel that twenty to twenty-five percent of alerts are false positives.
I would recommend that organizations choose SentinelOne Singularity Endpoint due to its impactfulness and low price, as I believe no other product offers what it does. My overall review rating for SentinelOne Singularity Endpoint is eight out of ten.
Kathiravan S
Advanced endpoint protection has prevented ransomware spread and supports precise threat triage
Reviewed on Jun 09, 2026
Review from a verified AWS customer
What is our primary use case?
I use SentinelOne Singularity Endpoint for threat analysis and threat detections on endpoint devices. Since Barracuda has the XDR product, that provides additional support for SentinelOne Singularity Endpoint . The product is primarily used for endpoint protection to identify threats, malicious payloads, unauthorized access, or accessing malicious websites. This is used for all endpoint level detections.
While troubleshooting with one of the customers in the previous organization, they experienced a ransomware execution attack. The ransomware was changing file names and file properties while encrypting files. The customer called us to triage those particular incidents. I checked the endpoint to see which file was flagged. SentinelOne Singularity Endpoint had clear indications of a file with a hash that appeared to be malicious. It triggered an alert and blocked that particular file. I was able to identify which user clicked on this particular file, preventing the ransomware behavior. I contained that particular user using SentinelOne Singularity Endpoint and captured information about the ransomware attack. Additionally, SentinelOne Singularity Endpoint provides USB detection; if an endpoint device has a USB plugged in that contains something malicious, I can block it. It provides a very clean UI that allows me to control the entire endpoint with the options provided by SentinelOne Singularity Endpoint. I have many options along with user roles and can specifically give permissions to specific users. It has proven to be a very helpful platform for endpoint devices.
I primarily use SentinelOne Singularity Endpoint for detection and threat analysis, containing that particular endpoint from the attacking surface. I also utilize it for whitelisting and blocklisting IPs, malicious hash values, or specific URLs. That is something I usually do while handling whitelist and blocklist tasks. It is a pretty easy task because SentinelOne Singularity Endpoint provides an option to upload text files with those parameters and indicators. The main use case is for threat analysis and triaging the incidents caused by a particular endpoint in an attacking way.
SentinelOne Singularity Endpoint relates to ransomware attack cases and other incidents involving malicious file executions. In all those cases, it achieves specific outcomes, saves time, and prevents users from being exposed. It achieves these goals, although I do not remember a specific use case.
What is most valuable?
The best features SentinelOne Singularity Endpoint offers are clear fingerprints, malicious fingerprints, and the patterns they use to detect malicious files or activities. That fingerprint database is very unique and captures most threats. The fingerprint database is a particular feature I really appreciate, which captures almost every single malicious activity.
The fingerprint database definitely helps me day-to-day, making my job easier and saving time. Most of the threats and malicious activities are flagged with those fingerprints. It makes me trust the software because when SentinelOne Singularity Endpoint flags something as malicious, it is most probably accurate. If it is not malicious, I can easily whitelist it. It helps in both ways, making my job easier as well as saving time on predefined threats. I do not need to check every time whether something is malicious; SentinelOne Singularity Endpoint has that feature, flagging it as malicious with proper notes and giving me trust that it has something to do with that.
SentinelOne Singularity Endpoint positively impacts my organization based on the user experience I provide. Users mostly give good feedback about SentinelOne, which is a primary reason I support SentinelOne to assist customers. Most customers provide positive feedback since I support them on SentinelOne Singularity Endpoint regarding how endpoint detection works. I really appreciate using SentinelOne Singularity Endpoint to provide good support to customers using it.
I find SentinelOne Singularity Endpoint to be a really good platform for ingesting and correlating across our security solutions. The correlation use case captures where the requests are coming from, who is making them, and who clicked them. All event logs, including Windows event logs, are captured from multiple devices, and it correlates event times from multiple systems to identify whether the execution affects the entire organization or just specific computers. I really appreciate that capability because when a ransomware attack happens, it executes almost simultaneously across 10 or 20 devices. This allows me to determine how many devices executed that particular file based on event time, enabling me to correlate and isolate all those devices.
SentinelOne Singularity Endpoint has helped consolidate our security solutions. The same example I just provided helps prevent ransomware attacks and allows me to take appropriate actions immediately.
What needs improvement?
Although it has been almost six and a half months, I do not have many features in mind that I find necessary. However, I really appreciate how I can specify scanning folders or areas in the system. Since it is endpoint detection, I can specify which areas to always check for scanning. It has exclusions as well; for example, if I want to scan everything in a system but exclude particular folders or extensions, I can specify that in SentinelOne Singularity Endpoint. That provides me with more granular control over what needs to be scanned and what does not, helping me avoid many false positives and making the systems more reliable in alert conditions. The results become more accurate.
I do not feel anything needs to be flagged for improvement, but everything requires some enhancements. While using SentinelOne Singularity Endpoint, I do not feel anything needs to be added as a feature or improved. Most of its functions work well.
I cannot think of anything at this moment regarding needed improvements.
For how long have I used the solution?
I was using SentinelOne Singularity Endpoint for two and a half years until I worked at Barracuda Networks six months ago.
What other advice do I have?
I primarily use the AI capabilities in SentinelOne Singularity Endpoint for endpoint detections, threat analysis, and threat hunting.
I have not extensively used the AI capabilities, so I do not have much experience to share or feedback regarding its accuracy and reliability.
My review rating for this product is 8.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Hussain Nogama
Endpoint protection has blocked unknown threats and has improved incident response speed
Reviewed on Jun 04, 2026
Review provided by PeerSpot
What is our primary use case?
SentinelOne Singularity Endpoint is used in my company as we are a client of Sentinel . The primary use cases are for endpoint security, policies, and other features.
What is most valuable?
The most valuable features I find in SentinelOne Singularity Endpoint are the EDR, lateral movement feature, and machine learning feature, which I find impressive.
I am using the Ranger functionality in Singularity .
SentinelOne Singularity Endpoint does provide network and asset visibility, but in Singularity , you do not have the complete feature. If you want more EDR and want to know from where the attack happened and what it does, you have to purchase the EDR. When I purchased Sentinel , it had three products: SentinelOne Core, Control, and Complete. We are using Core. If you want full visibility on an EDR, there is one more add-on that you have to purchase. As a product, I think most of the features remain the same. It does not allow the machine to work if it finds any unknown activity; it immediately blocks the machine from the network and isolates it completely. Regardless of the location or where you are, if your machine is connected to the internet, you will get an alert that this machine has been isolated. It does not allow you to work at all.
What needs improvement?
There are certain things that need to be improved, such as the roll-up things because not every upgrade or update is useful. They have to do more work on the configuration side, which I believe they are already working on.
I would appreciate improvements in the patches. If I have Windows patches or application patches, it would be excellent if they could cover that on the same portal so I could go straight in and do it. It shows the vulnerability but does not provide the package to resolve that vulnerability. For example, if my Windows is outdated and Sentinel finds that there is an update that is not installed, there should be an option to install the Windows update from the portal itself.
The additional features I would appreciate in the future are already present in the Complete feature of SentinelOne Singularity Endpoint. Since I am using Core, whatever features are lacking in Core are already in Complete, so if customers want those features, they can upgrade their product.
For how long have I used the solution?
I have been working with SentinelOne Singularity Endpoint for more than four years.
How are customer service and support?
The response is excellent from them; the moment I submit a ticket, I can expect their response within 15 minutes, less than 15 minutes.
For technical support, I would rate them 9.5.
What other advice do I have?
For security solutions, we are also using different types of products, but I have never done the correlation across our different solutions.
Regarding Purple AI , we have recently done that with ManageEngine.
We have not integrated SentinelOne Singularity Endpoint with third-party solutions.
My overall review rating for SentinelOne Singularity Endpoint is 9.5.