Sold by: SentinelOne
Deployed on AWS
Vendor Insights
Unlock enterprise-wide security for your AWS environment with SentinelOne Singularity Platform. This AI-powered solution provides real-time threat detection and automated response across your infrastructure, ensuring continuous protection at infinite scale. By autonomously securing endpoints, cloud workloads, and identity, SentinelOne delivers total visibility while eliminating security silos. Integrate seamlessly with AWS and leverage our unified data lake and Purple AI to accelerate investigations and gain deeper insights. Secure your AWS cloud and focus on innovation with the speed and efficiency of AI.
4.6
Overview
The SentinelOne Singularity Platform is the industry's first AI-powered security solution for the modern enterprise, offering a unified defense across your entire infrastructure from endpoints and cloud workloads to identity. As cloud adoption accelerates, traditional, siloed security tools create complexity and leave gaps in protection. Our platform consolidates multiple security capabilities into a single, intelligent solution, providing AWS customers with real-time visibility and autonomous protection to simplify security operations and reduce risk.
Core Capabilities & Benefits
Autonomous Protection: Singularity Platform is designed for customers seeking enterprise-wide protection, detection, and response capabilities, augmented by the intelligence and speed of advanced AI and automation. SentinelOne's Singularity Platform protects thousands of customer environments, including Amazon cloud workloads, across the globe.
Unified Visibility: Break down data silos and security tool sprawl. Using patented Storyline™ technology, the platform automatically correlates and contextually groups related events into a single attack story, providing a consolidated view for faster investigation and response within our unified data lake.
Extended Detection & Response (XDR): Gain a complete, correlated view of the full attack story across endpoints, identities, and cloud workloads. Our XDR solution provides the context needed to understand and respond to threats at machine speed.
Cloud Workload Protection Platform (CWPP): Secure your AWS compute resources from runtime threats. Our Singularity Cloud Workload Security delivers real-time, AI-powered threat detection and response for Amazon EC2 instances, EKS clusters, and AWS Fargate. It provides deep visibility into vulnerabilities and configuration risk while autonomously blocking malware, ransomware, and fileless attacks without disrupting production performance.
Identity Threat Detection & Response (ITDR): Proactively defend against credential theft, privilege escalation, and lateral movement attacks across hybrid environments. Our solution provides continuous monitoring and protection for Active Directory and leading cloud identity providers, including Entra ID, Okta, Ping, SecureAuth, and Duo, ensuring identity infrastructure remains secure.
Accelerated Incident Response with Generative AI: Purple AI, our generative AI security analyst, acts as a force multiplier for your security team. It automates threat hunting, provides instant summaries of complex incidents, and accelerates investigations, allowing your team to focus on strategic initiatives.
Seamless Integration with AWS Services
The SentinelOne Singularity Platform is designed for seamless integration into your existing AWS environment. We provide bidirectional integrations for AWS Security Hub and Amazon CloudWatch, ensuring your security findings are centralized and actionable. Additionally, our AI-powered malware scanning for Amazon S3 protects sensitive data while maintaining compliance, helping you maximize your AWS investment and enhance your overall security posture.
How to Get Started
Secure your AWS cloud and focus on innovation with the SentinelOne Singularity Platform. Simply click on the Request private offer button at the top of this page to begin your procurement process.
Highlights
- 338% three-year ROI for SentinelOne customers using Purple AI, included with SentinelOne Singularity Platform Complete
- 96% of Gartner Peer Insights™ EDR reviewers recommend SentinelOne Singularity
- 5-Consecutive Year Gartner® Magic Quadrant™ Leader for Endpoint Protection Platforms
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Access real-time vendor security and compliance information through their Trust Center powered by Drata. Review certifications and security standards before purchase.
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(1)
FedRAMP
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/month |
|---|---|---|
Custom Pricing and Packaging | Contact SentinelOne for custom pricing and packaging including Private Offers | $10,000.00 |
Vendor refund policy
Refunds available as required by law.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
Multiple support options available. Email support available: support@sentinelone.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By SentinelOne
By Trellix
By Vectra AI
Top
10
In Generative AI, Security Observability
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
AI-Powered Threat Detection and Response
Real-time threat detection and automated response capabilities augmented by advanced AI and automation across endpoints, cloud workloads, and identity infrastructure.
Cloud Workload Protection
Runtime threat protection for Amazon EC2 instances, EKS clusters, and AWS Fargate with autonomous blocking of malware, ransomware, and fileless attacks.
Extended Detection and Response
Correlated view of full attack stories across endpoints, identities, and cloud workloads using patented Storyline technology to automatically correlate and contextually group related events.
Identity Threat Detection and Response
Continuous monitoring and protection against credential theft, privilege escalation, and lateral movement attacks across Active Directory and cloud identity providers including Entra ID, Okta, Ping, SecureAuth, and Duo.
Generative AI Security Analysis
Generative AI security analyst that automates threat hunting, provides incident summaries, and accelerates investigations through machine-speed analysis.
Multi-Source Threat Data Integration
Correlates security events from Trellix Security Platform and over 500 third-party tools including 13 AWS integrations to create unified threat visibility across the security stack.
AI-Driven Alert Triage and Prioritization
Applies artificial intelligence-driven analytics to perform 100% alert triage, prioritize threats, and provide GenAI-powered insights for threat investigation and remediation guidance.
No-Code Automation for Investigation and Response
Provides UI-driven, point-and-click automation capabilities to offload repetitive security operations tasks and accelerate investigation and response workflows.
Pre-Built Analytics and Correlation Rules
Ingests data from multiple sources and correlates events using pre-built analytics and rules to reconstruct complete attack narratives and reduce manual investigation pivots.
Multi-Deployment Architecture Support
Supports cloud, hybrid, and air-gapped deployment models with an open integration ecosystem for flexible security infrastructure configurations.
Multi-Domain Attack Detection
AI-powered detections that expose attacker activity across network, identity, and cloud environments including data centers, campuses, remote work, IoT/OT, AWS, Microsoft Active Directory, Microsoft Entra ID, Microsoft Azure, and Microsoft 365.
Automated Alert Triage and Correlation
AI agents that automatically triage, stitch, and prioritize attacks in real time, removing up to 99% of alert noise and reducing manual task time by up to 50%.
Unified Investigation and Response Interface
Centralized response user experience that enables discovery, hunting, detection, investigation, and automated response capabilities with aggregated and contextualized views of attack progression across network, identity, and cloud.
Network Detection and Response
Dedicated network detection and response (NDR) module for monitoring and detecting malicious activity across network infrastructure.
Multi-Cloud and Identity Platform Coverage
Modular architecture supporting AWS, Microsoft Azure, Microsoft 365, Microsoft Active Directory, and Microsoft Entra ID with configurable metadata retention periods ranging from 14 to 90 days.
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
-
-
-
-
-
No security profile
No security profile
Standard contract
No
No
No
Customer reviews
Chetan Gaonkar
Endpoint protection has cut alerts and detection time while streamlining ransomware response
Reviewed on Apr 30, 2026
Review provided by PeerSpot
What is our primary use case?
SentinelOne Singularity Endpoint 's main use case is that it includes EDR, XDR , and NGSM. SentinelOne Singularity Complete has the ability to ingest and correlate across security solutions extensively. It functions as an EDR, XDR , and MDR mix with Purple AI and NGSM real-time monitoring tools.
Ranger functionality is a network discovery and control feature. Its primary role is to identify and manage unmanaged devices on the network. It detects devices in our network, ingests logs from network sources, and captures threat metrics, including IOCs. Ranger functionality is effective for identifying rogue devices in our network.
What is most valuable?
What I appreciate most about SentinelOne Singularity Endpoint is the fastest response of EDR and the rollback VSS capability. The rollback feature is my top preference, followed by the fastest response from the EDR side.
SentinelOne has helped reduce alerts for us by almost 50%. Before implementing SentinelOne Singularity, my colleague told me that we were using an AV, but I do not have knowledge about which AV we were using. After using SentinelOne Singularity platform, the time has reduced by 50%.
There is up to 30 to 40% mean time reduction in MTTD.
For mean time to resolve, whenever we get the alert from the console, we integrate SentinelOne Singularity with a sub-console, so it raises the alert within five minutes.
What needs improvement?
For SentinelOne Singularity Endpoint, the first issue I dislike is the high CPU utilization, and the second is a very high number of false positive alerts from the EDR.
Data security is very important in today's organizations when using Purple AI with endpoints in the SentinelOne Singularity network and applications everywhere. However, SentinelOne Singularity does not have strong features for data security. Purple AI is used to find IOCs, hashes, zero-day vulnerabilities, or CVEs found in the network. We use it for that purpose only. From a data security perspective, SentinelOne Singularity does not have a major role. With Purple AI, we ask questions about an IOC or provide a query and receive answers from Purple AI, but that is the extent of its functionality.
For how long have I used the solution?
I have been working with this solution for eight months.
What do I think about the stability of the solution?
SentinelOne Singularity Endpoint protection runs continuously. I heard news about one or two years ago that CrowdStrike had a blue screen issue, but I have not heard any news about SentinelOne lagging or crashing. I have been using it for the last eight months with no issues from the Singularity application.
What do I think about the scalability of the solution?
Scalability with SentinelOne depends on your organization and how many licenses you have. I am a co-worker of Softcell, and we have a license for 7,000 to 8,000 endpoints. Currently, we have only 6,000 endpoints implemented for our customers and for our use only. Scalability-wise, it is very scalable and depends on how many licenses your organization has purchased from SentinelOne.
How are customer service and support?
Support is very important for SentinelOne Singularity Endpoint. Because it is a SaaS product, whenever we get stuck, we require a TAC team or support team. For instance, two days ago, one of our customers was hit by a ransomware attack. We required the support team to help us with root cause analysis to find out why the ransomware entered our client's organization. The support team helped us all night, standing with our customer while providing support to us. Support is very important for SentinelOne, and the TAC team is essential.
If I were to rate the support on a scale from one to ten, I would give it a nine. Support is important for us.
Which solution did I use previously and why did I switch?
Before SentinelOne Singularity Endpoint, I used an AV, but I do not have knowledge about which AV it was.
How was the initial setup?
SentinelOne Singularity Endpoint's initial deployment is very easy. I have eight months of experience with it and take on some admin responsibilities. We have to set up the tenant, though I do not have access to do so. I am downloading the packages during our initial deployment. Downloading the packages and installing them is very easy. We just require the site token from the management console. For our organization's pilot deployment, I downloaded some SentinelOne Singularity Endpoint packages on laptops. With eight months of experience as a fresher, I can install the endpoints on laptops. The initial setup is very straightforward.
Which other solutions did I evaluate?
I have not used any alternatives to SentinelOne Singularity Endpoint. I have knowledge of other solutions, but I am using SentinelOne for the first time. Before this company, I was a college student, so this is my first company and my first tool.
What other advice do I have?
SentinelOne Singularity Endpoint has helped reduce alerts for us by almost 50%. Before implementing it, my colleague told me that we were using an AV, but I do not have knowledge about which AV it was. After using SentinelOne Singularity platform, the time has reduced by 50%.
There is up to 30 to 40% mean time reduction in MTTD.
For mean time to resolve, whenever we get the alert from the console, we integrate SentinelOne Singularity with a sub-console, so it raises the alert within five minutes.
I would rate this solution a 9 out of 10 overall.
SameerJadhav
Automated defenses have reduced alert noise and enable rapid rollback from ransomware attacks
Reviewed on Apr 30, 2026
Review from a verified AWS customer
What is our primary use case?
My use case for SentinelOne Singularity Endpoint is endpoint security to detect, prevent, and respond to cyber threats in real time using AI, which includes Purple AI , behavior analysis, and additionally, NG-SIEM, EDR, and XDR , which is a combination of EDR and XDR .
What is most valuable?
The best feature of SentinelOne Singularity Endpoint that I appreciate the most is the rollback feature, because just yesterday, we had a ransomware incident for one customer, and we were able to protect our customer through the rollback feature.
Another aspect of SentinelOne Singularity Endpoint that I appreciate is the automation; they have added Purple AI and created a new dashboard for XDR that works very well with Purple AI and NG-SIEM. SentinelOne Singularity Endpoint consolidates security features effectively through the rollback feature.
SentinelOne Singularity Endpoint helps reduce alerts by approximately 40%, as it streamlines the analysis process for alerts we receive. It helps free up about 70 to 80% of our time when managing alerts.
The mean time to respond with SentinelOne Singularity Endpoint is reduced by about 30%. When we receive alerts, we can raise them within 10 minutes, and the SLA from our side is one hour.
Purple AI helps with data privacy and security by efficiently retrieving IOCs in our organization and network, allowing us to quickly query and identify vulnerabilities. Regarding threat investigations, Purple AI significantly aids in our forensic processes; for instance, it recently helped us track down a ransomware attack to its source in a customer's network.
What needs improvement?
In terms of improvements for SentinelOne Singularity Endpoint, the dashboard is complex for new users, and there are a lot of false positive alerts, particularly from genuine EXE files.
For how long have I used the solution?
I have been using SentinelOne Singularity Endpoint for 2.6 years.
What do I think about the stability of the solution?
The stability of SentinelOne Singularity Endpoint is very high; I would rate it 9 to 10 for EDR.
What do I think about the scalability of the solution?
The scalability of SentinelOne Singularity Endpoint can be substantial, allowing for up to 15,000 to 20,000 endpoints for one management console, depending on the organization's relationship with customers. I rate the scalability of SentinelOne Singularity Endpoint as 9 out of 10.
How are customer service and support?
I rate the technical support for SentinelOne Singularity Endpoint as 8 out of 10.
Which solution did I use previously and why did I switch?
We work with SentinelOne and PingPlotter .
How was the initial setup?
The deployment of SentinelOne Singularity Endpoint is very easy, as we only need to create a tenant in our management console and can deploy endpoints to numerous devices within two to three days.
What about the implementation team?
We have about 30 to 40 people working with SentinelOne Singularity Endpoint in our SOC and MDR teams.
What was our ROI?
SentinelOne Singularity Endpoint helps reduce alerts by approximately 40%, as it streamlines the analysis process for alerts we receive. It helps free up about 70 to 80% of our time when managing alerts.
What's my experience with pricing, setup cost, and licensing?
Regarding pricing, I find SentinelOne Singularity Endpoint to be very affordable, at around $12 to $15, as indicated by my manager.
Which other solutions did I evaluate?
SentinelOne Singularity Endpoint seamlessly ingests logs from various other technologies besides SentinelOne EDR platform, integrating with server firewalls. As a SOAR analyst, I have integrated SentinelOne with Shuffle SOAR technology and Wazuh into Level 40's NG-SIEM.
What other advice do I have?
I do not have access to the Ranger functionality because our organization did not purchase it from SentinelOne, but we are planning to buy it next financial year.
I work with Purple AI for our internal use, not for customer use, as we have an NFR set up.
I do not have much knowledge about comparing SentinelOne Singularity Endpoint with other products or vendors since we have primarily used SentinelOne along with PingPlotter .
SentinelOne Singularity Endpoint does not require much maintenance; we just need to upgrade the agent to ensure we receive support from the TAC team.
I will definitely recommend SentinelOne Singularity Endpoint to other organizations, emphasizing the importance of training the SOC team and potential integrations for maximum effectiveness. Our clients using SentinelOne Singularity Endpoint are medium and enterprise businesses. I rate this review overall as a 9.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Viral S.
Autonomous Protection, Robust Security for Energy-Critical Systems
Reviewed on Apr 28, 2026
Review provided by G2
What do you like best about the product?
I really appreciate how autonomous and intuitive SentinelOne Singularity Endpoint is. It excels at detecting and responding to threats in real-time without the need for constant tuning or manual intervention. The storyline feature is fantastic, making investigations clear by showing exactly how events unfolded across an endpoint. The combination with MDR services feels like having an always-on extension of our security team that catches issues early, provides high-quality analysis, and gives us confidence that our critical energy sector systems are protected without adding unnecessary operational overhead. I also love how lightweight and stable the agent is across our environment. Even with a large number of endpoints, SentinelOne runs quietly in the background without causing performance issues.
What do you dislike about the product?
One area that could be improved with SentinelOne Singularity Endpoint is the overall usability and responsiveness of the management console, which can feel slow or occasionally unintuitive when navigating large data sets or drilling into detailed event timelines. Reporting is another place where there's room for enhancement. None of these are deal-breakers, but smoothing them out would make an already strong platform even more efficient for day to day operations.
What problems is the product solving and how is that benefiting you?
I depend on SentinelOne Singularity Endpoint for real-time, autonomous protection against threats. It streamlines investigations and reduces manual workload, helping secure systems without slowing day-to-day operations.
Shubham Tiwari
Automation has cut alert fatigue and response time while AI-driven analysis finds threats faster
Reviewed on Apr 27, 2026
Review from a verified AWS customer
What is our primary use case?
The main use case for SentinelOne Singularity Endpoint includes EDR, XDR , and ingest SIM, which means SentinelOne Singularity Endpoint has the ability to ingest and correlate across security solutions extensively. It is a real-time, AI-based behavior analysis tool.
How has it helped my organization?
SentinelOne Singularity Endpoint has been reducing the alerts from our side, basically reducing our time to raise the alert to the client because we are an MSSP provider. We are Softcell technology, an MSSP provider. We have integrated SentinelOne Singularity Endpoint with SOAR technology, and whenever an alert comes, the alert is raised directly through SOAR technology within five seconds. The SLA is within five minutes for raising the alerts.
The time saved is around 30%. For the mean time to detect, it is around 20%. For the mean time to respond, it is around 50%.
What is most valuable?
The first best feature is the fast response and automated response, and the second one is the rollback capability that VSS in Windows. Those are the two best features I can say I like.
SentinelOne Singularity Endpoint seamlessly ingests the logs from various other technologies besides the SentinelOne Singularity Endpoint EDR platform. We have integrated various firewalls, and we also integrate with AWS and GCP , which is seamless. There are other solutions we can integrate with SentinelOne Singularity Endpoint, including Shuffle SOAR technology, Wazir Sentinel and FortiSIEM .
I cannot confirm because I do not have that access as I am an L1 analyst with only read-only access. However, Ranger in SentinelOne Singularity Endpoint is the network discovery and control feature, and its primary role is to identify and manage unmanaged devices, such as identifying the rogue devices in our network. It ingests the logs from network sources and captures any threat metrics, including IOC.
What needs improvement?
The first improvement is the dashboard because it is very complex. As a beginner-friendly SOC analyst or MDR analyst, the dashboard is a bit complex, so the dashboard needs to be more user-friendly. The second improvement is the VSS rollback feature, which is useful only for Windows laptops and servers, not for macOS and Linux. The third improvement is the policy management complexity; the policy is very complex in SentinelOne Singularity Endpoint, and we have to apply each and every policy for each endpoint. We have to create different groups for different policies, such as USB-based and Bluetooth-based.
For how long have I used the solution?
I have been using SentinelOne Singularity Endpoint for one year.
What do I think about the stability of the solution?
SentinelOne Singularity Endpoint is continuously running whenever our laptop is on or the server is on. It is continuously working, and I do not find any disturbance while using SentinelOne Singularity Endpoint. Unlike in CrowdStrike, we see blue screen issues, but I do not see any such issues in SentinelOne Singularity Endpoint. Stability-wise, it is good for us. I would give it 10 out of 10 for stability.
What do I think about the scalability of the solution?
SentinelOne Singularity Endpoint can be scalable up to 10,000 or 15,000 endpoints, depending on your organization. We have already scaled to over 6,000 endpoints in one management console, so it depends on your organization how much you want to scale.
How are customer service and support?
My rating for technical support is 9 out of 10.
Which solution did I use previously and why did I switch?
We have been using CrowdStrike for the last month. Compared to CrowdStrike, Charter AI, and the Purple AI , SentinelOne Singularity Endpoint is very easy. I just have to put the question in SentinelOne Singularity Endpoint; I want that IOC or that event ID. I can input the event ID and search for any Windows issue or find any malicious file using Purple AI compared to CrowdStrike. For someone who is a beginner, I would recommend SentinelOne Singularity Endpoint over CrowdStrike.
Compared to other vendors, SentinelOne Singularity Endpoint is not very expensive and it is good. I do not have extensive knowledge about other vendors, but just a month ago we were using CrowdStrike also. After comparing both CrowdStrike and SentinelOne Singularity Endpoint, SentinelOne Singularity Endpoint is better because the UI and dashboard in CrowdStrike are very complex. For a beginner, SentinelOne Singularity Endpoint is very beneficial.
How was the initial setup?
We actually deploy it on the cloud; we deploy on public cloud because we have a partnership with Amazon Web Service, AWS , so we have implemented it on the public cloud. The deployment is very easy. We just have to create a tenant, create, and download the package file. The setup is straightforward, and I can also do that setup because I can handle admin tasks.
What about the implementation team?
Two weeks is enough for deployment because we have over 6,000 endpoints as an MSSP provider. Two weeks is sufficient for deploying to every customer. It is very easy.
What was our ROI?
We do not have to calculate the investment because the major factor is to save our organization and our customer organization. I can say just go for SentinelOne Singularity Endpoint, it is the best investment, so do not look at the price and go for it.
What's my experience with pricing, setup cost, and licensing?
It will be moderate, compared to CrowdStrike. Based on my knowledge about our organization, it is costing around 11 to 12 dollars per endpoint for our customers, so compared to CrowdStrike, it is moderate or cheap for us.
What other advice do I have?
Purple AI is a tool I have used because we have the analyst access. I had limited access to Purple AI, but I have used it for finding the IOC in our networks and our customers' networks. It is a co-pilot feature where I can use a pull-down menu to identify based on the present IOC. The retrieve time is very fast, and we get the answer within five to ten seconds. We have IOC, zero-day vulnerability, or any other hashes present in our network.
Because I am an L1 analyst, we have a forensic analyst team also, and they are using Purple AI. This tool is very helpful for our forensic team.
SentinelOne Singularity Endpoint is reducing our time because we do not have that access to Purple AI. SentinelOne Singularity Endpoint is reducing our time to find the IOC in the organization. I gave this review an overall rating of 10 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
PriyanshuSingh
Deep visibility and AI-driven rules have strengthened endpoint threat detection and response
Reviewed on Apr 27, 2026
Review from a verified AWS customer
What is our primary use case?
My use case is for EDR purposes.
What is most valuable?
According to me, the best feature of SentinelOne Singularity Endpoint is the Deep Visibility. I think it is easy to check what a user is doing and what command is run. You can track this with the help of Deep Visibility.
SentinelOne Singularity Endpoint 's ability to ingest and correlate across my security solutions is interesting. First is the Deep Visibility. The second one is a real-time threat you can detect in SentinelOne Singularity Endpoint. Then you can raise the alert to the client within a short period. Another one is Purple AI , which is the best, according to me.
Purple AI helps with my data privacy and security by providing a feature called Star Custom Rules. You can create a Star Custom Rule, and Purple AI is similar to ChatGPT, but it only gives answers specific to SentinelOne Singularity Endpoint. For example, you can create any rule and ask Purple AI, 'Please give me this type of alert query.' Then Purple AI will create a query according to your needs. There are many types of use cases already stored in Purple AI that you can use for your monitoring, and it is better for both your client's environment and our environment as well.
Purple AI plays a crucial role in my team's knowledge by allowing us to create rules that are not created in SentinelOne Singularity Endpoint by default, and it helps to create many types of alerts. For example, you can block any RDP tool such as Anydesk, and you can create such types of rules with the help of Purple AI.
Regarding how much SentinelOne Singularity Endpoint has reduced my alerts, we can say that on a daily basis, we have 8,000 to 9,000 endpoints from multiple clients, and we have triggered 10 to 15 alerts. When you start a full disk scan, the Sentinel scan runs on your machine, and during that time, alerts that are usually not triggered in SentinelOne Singularity Endpoint can be triggered.
The time to detect in SentinelOne Singularity Endpoint is around 15 to 20 minutes, which is when we raise an alert to the client and get confirmation. These alerts involve various EXE types, and we inform the client about these alerts triggered in their machines, allowing them to confirm if it is genuine or not.
What needs improvement?
One area that has room for improvement in SentinelOne Singularity Endpoint is the inability to create a custom dashboard. You cannot create any dashboard according to your needs, which limits alert triggers across different countries. If they improve this feature to allow for custom dashboards, it would greatly benefit our customers.
For how long have I used the solution?
I have been using SentinelOne Singularity Endpoint for the last two years and one month.
What do I think about the stability of the solution?
I rate the stability of SentinelOne Singularity Endpoint as 10 out of 10.
What do I think about the scalability of the solution?
I rate the scalability of SentinelOne Singularity Endpoint as 10 out of 10.
How are customer service and support?
I give SentinelOne technical support a 10 out of 10 because it is the best EDR tool.
Which solution did I use previously and why did I switch?
I have not used any other EDR, but according to me, SentinelOne Singularity Endpoint is the best. We have used CrowdStrike, but only for one and a half months. While CrowdStrike has more functions, it cannot provide visibility the way SentinelOne Singularity Endpoint does. SentinelOne Singularity Endpoint offers many options in a compact format, and its use is better than other EDR tools.
What other advice do I have?
I would recommend SentinelOne Singularity Endpoint to other users because its threat detection and alerting are very quick. We have used CrowdStrike for one and a half months, but SentinelOne Singularity Endpoint triggers alerts much faster. Its compact features allow us to check seven to eight features effectively, and its pricing is lower than other EDR products.
SentinelOne Singularity Endpoint has better pricing compared to other endpoints. CrowdStrike has a high value, but SentinelOne Singularity Endpoint's pricing is easier for any organization to handle.
Regarding maintenance, there is no need for maintenance according to me.
I give this product an overall rating of 10 out of 10.
Which deployment model are you using for this solution?
Public Cloud