SentinelOne Singularity Platform

My main use case for SentinelOne Singularity Endpoint  includes ransomware attacks, server management, disk scans, anti-attacks, and reviewing threats or events generated by some attack.

I consider the best features that SentinelOne Singularity Endpoint  offers to include its robust protection and the very detailed breakdown of all the events generated on devices, as well as how fast and effective its method of action is—whether that's blocking, deleting, or rolling back to a previous version from before the threat appeared. That makes it very flexible and very robust for protecting sensitive machines such as servers, databases, and AD, among others.

Singularity  Complete has helped me free up time for my staff, allowing them to focus on other projects or tasks; it has saved a lot of time, because normally, when you do checks in a standard console for another solution, SentinelOne Singularity Endpoint reduces review time by about 50–60% of the tasks, since it's such a robust tool and at the same time has such an easy-to-understand interface. That makes it much easier to understand, reviews are much faster, and with fewer alerts, there are fewer alert reviews on devices.

I think SentinelOne Singularity Endpoint could be improved; I have seen that SentinelOne Singularity Endpoint has an artificial intelligence feature, but so far I haven't been able to apply it. I don't know if it's enabled for all consoles. At the moment, in my company, I manage around five consoles and so far I haven't seen an AI, or I haven't seen details on how to use the AI to improve event analysis. Even though SentinelOne Singularity Endpoint outputs all the events in a very detailed way, it's understandable that it's a huge amount of data, and you can't easily detect a pattern with the human eye, maybe across one or several machines. A specific guide on how to use that AI in these cases would be beneficial.

Regarding necessary improvements for support, there have been cases where support doesn't fully understand what I'm saying or sometimes what I request ends up being very redundant, because even though I manage many clients, when a case is opened for the same issue, they ask me for the same information even though it's already been handled before. This generates frustration both for me and my staff and for the end client, because what we're looking for is a quick response. Additionally, sometimes the response time is quite long for certain incidents—response time can be two to four hours, based on my experience. Response times or attention could certainly be improved, at least for cases that are already known.

I give it a nine because even though the tool is very robust, it still lacks an AI component, as I mentioned earlier. We're in the AI boom right now, and it's really necessary for companies given the amount of information they handle. Since SentinelOne Singularity Endpoint gives you a very detailed breakdown, it would be good to have AI as an additional tool for response and information extraction. Also, what's missing to reach 10 is support and response time, because while sometimes they respond, other times they take too long or don't fully understand what you're trying to say, and that makes things difficult. Since I'm primarily a Spanish-speaker and not so fluent in English, there are also some communication issues. The tool itself, as an antivirus solution, seems very good to me.

I've also seen that SentinelOne Singularity Endpoint only keeps an account active for 90 days of inactivity and then removes it. If no one logs into the organization, then nobody has access and you have to open a case with the vendor. Sometimes that's really annoying. Ideally, there should be an account without an expiration date so you don't lose all console management. I've had two clients where this happened. The 90 days don't always fully pass, but after 40 or 50 days, nobody can log in and you have to open a case with the vendor. Sometimes they have to run checks, so an improvement would be to add a primary account or maybe two primary accounts if a third party is the one that contracts SentinelOne Singularity Endpoint, so that you don't lose overall management and have to open a case with the vendor. That often takes a long time and depends on who purchased it, under whose name it's registered, and that creates frustration on both sides.

My impression of SentinelOne Singularity Endpoint's ability to ingest and correlate information across my different security solutions is very good, because we associate it with a SIEM , but even then the SIEM  gives us almost the same information. We use SentinelOne Singularity Endpoint itself to correlate information and we do see a big difference compared to other endpoint security solutions. Its capability as an antivirus and incident response tool is very extensive. I think, of all the solutions I've seen, SentinelOne Singularity Endpoint would be first, then Cortex , then Kaspersky, and so on.

I have used other solutions before SentinelOne Singularity Endpoint; we've actually used a lot of technologies. In this case, we haven't strictly replaced an antivirus. For workstation machines, more general technologies are used, like Cortex , Kaspersky, and Trend Micro. However, for sensitive machines with very sensitive information or that are highly exposed to attacks, we've used SentinelOne Singularity Endpoint. Because we know it's a more robust technology, it allows us to have better analysis and better security on those more sensitive devices. Since the number of such devices isn't very large, we focus on providing better security there.

I have seen a return on investment from implementing SentinelOne Singularity Endpoint; we've seen time optimization and fewer staff needed. Since our company provides services, analysts can dedicate themselves to other requests, because with clients that have SentinelOne Singularity Endpoint, we almost never have to deal with incidents, as SentinelOne Singularity Endpoint itself blocks them. Most of the time what they contact us for is account enablement.

My experience with licensing costs, pricing, and configuration of SentinelOne Singularity Endpoint is that I haven't really seen the licensing prices. I have seen the configuration side, and it's very quick to implement. At least in the implementations I've been involved in, I haven't had many problems—almost never. I don't know about pricing, because I'm in support and analysis, not in sales or pre-sales.

Before choosing SentinelOne Singularity Endpoint, I did evaluate other options; the other options we consider are: if the machines are sensitive, like servers or databases, SentinelOne Singularity Endpoint is the primary choice. If not, we go to Cortex; if not, to Kaspersky, Trend Micro, and so on. The main ones are SentinelOne Singularity Endpoint and Cortex.

There was another case when there was a ransomware attack on a machine that didn't have any security solution, no antivirus installed, and a ransomware attack was detected. I installed SentinelOne Singularity Endpoint on it, and when I completed the installation and the disk auto-scan ran, it detected a threat that was active there. I isolated the server in that case and let SentinelOne Singularity Endpoint keep running to see if there were any other threats. Because there was already a vulnerability and I installed SentinelOne Singularity Endpoint afterward, I couldn't do much more, so based on what SentinelOne Singularity Endpoint showed me about that threat, I also carried out checks on the other servers. Fortunately, thanks to that detection SentinelOne Singularity Endpoint made, I was able to find several servers that had no security components installed, which was due to an oversight by that company's security staff. I installed SentinelOne Singularity Endpoint on the other servers, ran a full disk scan, and from there reviewed the detailed events for everything that's generated, because SentinelOne Singularity Endpoint shows you every event that's detected. Based on that, I was able to detect some anomalous patterns or port connections to devices and queries. Based on that, I implemented best practices on both the firewall and the endpoint.

The advice I would give to other professionals who are considering implementing SentinelOne Singularity Endpoint is first to review the company's budget for endpoint implementation across the whole organization. If there are many devices and they can afford SentinelOne Singularity Endpoint, they should go for it. If not, they should opt for a lower-tier, more economical technology, and focus on using SentinelOne Singularity Endpoint specifically on the most vulnerable or sensitive devices—in this case, servers and databases. While SentinelOne Singularity Endpoint is somewhat expensive, as far as I know, it's very good in terms of protection. If they can't afford SentinelOne Singularity Endpoint for the entire company, they should deploy a cheaper technology for workstations and focus on acquiring at least SentinelOne Singularity Endpoint for, say, 100–120 licenses for servers and sensitive devices. That will help a lot in mitigating many threats and service availability issues that are critical for the company. It's better to spend a bit more money protecting your sensitive machines than protecting them with something cheaper and having potential problems, outages, or impacts. I give the tool a rating of 9 out of 10.

I am using SentinelOne Singularity Endpoint  basically for endpoint protection, and some customers have requirements for USB control and network control as well.

When it comes to the favorite features of the customers, they appreciate the additional management opportunities that SentinelOne Singularity Endpoint  provides. For example, remote shell execution, rebooting, restarting, and pushing messages to the endpoint are the most favorite features that customers are requesting.

It has saved considerable time. For example, I can take device control and control all device control features and device control permissions through SentinelOne Singularity Endpoint. Otherwise, I would have to depend on a different solution to achieve that. Using SentinelOne Singularity Endpoint, I can achieve that as well.

When it comes to SentinelOne Singularity Endpoint, most of the complaints I am getting are related to the connectivity between the endpoint and the cloud console. It disconnects from time to time without proper reasons. Also, when I compare it to other next-generation antivirus or next-generation endpoints such as CrowdStrike, SentinelOne Singularity Endpoint has many dependencies on Windows. That is the most disliked aspect coming from the customers I work with.

Other than Windows, when it comes to Linux and Kubernetes , SentinelOne Singularity Endpoint is great. However, when it comes to Windows, there are a lot of dependencies.

There are some issues with collecting crash reports and crash logs on the endpoint. They are not visible over the console. Sometimes, the PC's hard disk and its available space is consumed by the SentinelOne Singularity Endpoint agent. I have to attend manually and clear the crash data. I can do it on the SentinelOne Singularity Endpoint management console as well, but I have to go with a restart. For critical servers, it is a huge headache for the end users.

I have been working with SentinelOne Singularity Endpoint for about two and a half years.

SentinelOne Singularity Endpoint scales well and is scalable.

SentinelOne Singularity Endpoint provides pretty good support to their end customers.

There are some improvements needed. When it comes to some troubleshooting, such as technical troubleshooting, I have to do some follow-ups in order to get relevant feedback from them.

Most of the customers in Sri Lanka are currently migrating from SentinelOne Singularity Endpoint to CrowdStrike. CrowdStrike is the main alternative product in the market at the moment for SentinelOne Singularity Endpoint.

I prefer CrowdStrike because it is easier to manage. When it comes to SentinelOne Singularity Endpoint, after the agent is pushed to the endpoint and the installation is done, I have to do a reboot to establish the connection and turn on the engines. With CrowdStrike, I do not need to do any restart upon installing the agent on the new device.

SentinelOne Singularity Endpoint is easy to set up. It does not have any deployment mechanism, so I either have to install it one by one on the PC manually or I can use third-party tools to do the deployment. For example, I can do remote deployment through Active Directory. When it comes to deployment, it is not that difficult. It follows the same procedure as other vendors.

Since I work in post-sales, prices are not revealed to me, but to my knowledge, SentinelOne Singularity Endpoint is a bit cheaper than other products in the market. For example, when I compare CrowdStrike with SentinelOne Singularity Endpoint, SentinelOne Singularity Endpoint is a bit cheaper. Since I work in post-sales, I do not get exact price information. Based on my understanding, that is the basic pricing.

Ranger functionality is used to detect the agents.

Asset discovery is an important feature. As far as my understanding goes, once I enable the Ranger function in the console, I can initiate a network scan through the available agent. By doing that, I can identify what IoT devices and other devices are available in my network infrastructure. I can get better visibility over the network, which devices have the SentinelOne Singularity Endpoint agent, which devices do not have the SentinelOne Singularity Endpoint agent, and so on.

SentinelOne Singularity Endpoint helps to reduce alerts because there are customizable options when it comes to the alerts. For example, if I get false-positive alerts over time, I can do exclusions for that particular alert. Similarly, I can reduce many alerts using SentinelOne Singularity Endpoint and the Singularity  platform. I gave this review a rating of 8.

SentinelOne Singularity Complete has helped customers consolidate their security stack by offering superb threat hunting, excellent incident response, and compliance monitoring in the EDR, with ransomware protection being exceptionally well supported by the Rollback feature. The behavior analytics in the tools are outstanding, providing granular reports and identifying abnormal users and activities while detecting previously undetected threats. This functionality is excellent in both the EDR and XDR  of Singularity  throughout the year.

The Ranger functionality of SentinelOne Singularity Endpoint is valuable for understanding your environment, but I would want something integrated comparable to Mythos with all the features associated with Mythos. I would appreciate improvements to the technical support. I would prefer to see faster response times and quicker resolution from the technical support team of SentinelOne Singularity Endpoint.

Regarding overall security, it is about managing the attack surface, securing data, brand, and organizations, as everything relates to compliance in data security. Overall security with tools including SASE , SOAR , SIEM , threat intelligence, and integrations with EDR and XDR is excellent. SentinelOne Singularity Endpoint has helped my customers reduce their organization's mean time to detect, as detection is a matter of seconds—improving from 40 seconds to 30 seconds in case of any attacks and altering mean time to respond depending on incident types such as P1, P2, P3, and P4.

Challenges can arise depending on the customer base, as the technical team must respond very quickly, especially since the post-sales team needs to have better quality than others to win the market. I participate in the initial setup of SentinelOne Singularity Endpoint as part of my regular tasks. I would rate this review a seven out of ten overall.

My usual use case is to employ Antivirus plus EDR plus automated incident response. This solution employs one single agent, and that is one of our key activities.

I appreciate the one-click rollback feature of SentinelOne Singularity Endpoint . In case of any issues, it will roll back and restore the system. Just yesterday, I was struggling with a ransomware incident where clients were using SentinelOne Singularity Endpoint. They asked if they could restore it, and their backup systems are very strong. I said to go ahead and restore, and they restored it. It took some time as the number of servers was large. If the servers are fewer, we could handle it within 24 hours. We restored a mid-range company with around 16,000 employees within two days, but they lost about four hours of work. They have not opted for our RTO and RPO services for security. Now they are considering that.

One of the features we use normally is the ability to ingest and correlate across security solutions for triages, training, and customer demonstrations. We demonstrate that feature to customers, and they usually express interest in deploying the same solution in their system.

SentinelOne Singularity Endpoint helps to consolidate security solutions in general. My general view is that Singularity  Complete does help to save time and free up my staff for other projects and tasks. Significant time is saved through the use of the product.

Regarding Mean Time to Detect (MTTD), it is reduced with the help of SentinelOne Singularity Endpoint, and the same applies for Mean Time to Respond (MTTR); those numbers are comparable.

The Purple AI  part in SentinelOne is important for clients concerning data privacy and security. It meets customer needs well, as we call it SecOps for security operations, incorporating network, third-party tools, identity, cloud, and EDR aspects. Purple AI  amplifies team knowledge and is effective in the environment. It allows for threat hunting with natural language, and we used it in certain scenarios during the current ransomware incident. It features Auto Triage, which is very useful during high-risk incidents. Purple AI provides contextual insights, synthesizes threat intelligence, and includes autonomous responses, next-generation capabilities, device isolation, process killing, and remediation workflows— all key aspects on my mind.

SentinelOne Singularity Endpoint operates with Ranger, which connects with network and asset visibility.

On the negative side, I find that SentinelOne is expensive compared to some other options like Orca Security , which is cheaper. Cost reduction could be a consideration since the pricing is not competitive compared to Check Point  or Palo Alto; however, it is more expensive compared to Orca Security  or Fortinet.

I would say there could be added features in the future for SentinelOne, such as a CNAPP  version of Singularity , which would nicely incorporate all-in-one offline security features onto a single dashboard.

I have been working on SentinelOne Singularity Endpoint  for the last five years.

I have not heard any complaints from my clients regarding stability. There has been no problem at all.

SentinelOne Singularity Endpoint is obviously scalable since we only receive the agent; we are not limited as everything is pushed through group policy or from third-party tools.

Regarding technical support from the vendor, CrowdStrike is number one. SentinelOne support is adequate, but compared to CrowdStrike, no other vendors seem as strong. I would rate their support at eight out of ten.

None of my customers are using Check Point . We are using a different solution that I have forgotten the name of at this time.

In terms of deployment for SentinelOne Singularity Endpoint, it is quite straightforward. All setups are external, and the vendor provides the main setup. They give us the agent, which we push, and they write some code, XML, JSON, or similar that we patch. For the client, deployment is not tough at all— it is very easy across all companies.

I do not work with SentinelOne as a reseller, as only resellers do not make money in India. I work with resellers and integrators instead.

Technically, if you compare SentinelOne Singularity Endpoint to competitors like Orca , CrowdStrike is more advanced. They operate in a completely different manner from Singularity, and I can appreciate Microsoft Defender for Cloud  as a good product as well, personally. CrowdStrike is the market leader due to their lightweight agents that sit in every machine and utilize AI for automating triages, investigations, and their 24/7 managed threat intelligence and threat hunting services like Overwatch, which would have helped manage a ransomware attack more effectively.

Check Point is part of my portfolio, and specifically, we use Email Security . Before it was called Harmony Email & Collaboration, which is the Harmony solution.

Today, I manage some XDR  and EDR products as I am a CISO. I have to work on everything, but since all these things are already there, Palo Alto is not involved anymore because it is already there. It is only the SIEM  team and the SOC team taking care of it.

In terms of XDR , I am working with Trend AI or SentinelOne.

The deployment model depends on the customers, as some may prefer EDR, which requires local deployment and policy configuration, while others might opt for XDR or MDR solutions that take less time. I give this review a rating of eight out of ten.

I use SentinelOne Singularity Endpoint  as HDR, as the product is designed.

My favorite feature about it is the full visibility into telemetry.

SentinelOne Singularity Endpoint  has helped reduce alerts, but false positives could be less.

It has helped me in my investigation to free up my staff for other projects.

I have seen a reduction in mean time to respond.

I think the visibility on Storyline could be better.

I could not comment on the Ranger functionality because I don't use it.

I have seen a reduction in mean time to respond and it has helped me in investigations to free up my staff for other projects.

I tried using the Purple AI  feature.

I think it's great and it's working very well and has helped reduce the mean time to respond. The description is great; it's not too specific and not too much reduced. The long summary is excellent; it provides a great summary.

I have been working with SentinelOne Singularity Endpoint for eight months.

The stability of SentinelOne Singularity Endpoint is great and I would rate it 10.

SentinelOne Singularity Endpoint is very scalable and I would rate it 10.

I have had to contact technical support and it worked well.

I think the quality of their support is 10 and the speed could be nine.

If I were to put together an overall score for the support, I would give them nine.

I have used many products as alternatives to SentinelOne Singularity Endpoint.

I am involved in the initial deployment and it's working great.

It's easy to deploy, but the documentation about the Linux part could be better because it's a little complicated only on the Linux part, specifically on Ubuntu ; it could be clearer and simpler.

SentinelOne Singularity Endpoint requires a little bit of maintenance on the agent upgrade, so a feature to auto-deliver updates month by month would be great.

SentinelOne Singularity Endpoint consolidated the environment.

I can give 30% as a number for the reduction.

The product closest in terms of quality and features to SentinelOne Singularity Endpoint is CrowdStrike.

I prefer CrowdStrike over SentinelOne Singularity Endpoint.

I prefer CrowdStrike because I could see a lot more information in the detection part and the false positives are reduced.

Data privacy and security are very important for us when using Purple AI  because we work with some Italian government companies or government-related companies, so privacy and European regulation are very important.

SentinelOne Singularity Endpoint consolidated the environment.

Endpoint protection solutions were consolidated now that I don't need them.

I would rate this review 9 overall.