SentinelOne Singularity Platform

My usual use cases for SentinelOne Singularity Complete  revolve around EDR and XDR , focusing on protecting end machines, including servers, particularly for users with critical applications running on endpoints. It is crucial for them to know how to protect those systems. If at any point phishing or an attack happens, I can provide data protection and restoration to my customers. Those are the primary use cases.

The feature I find most valuable in this solution is its rollback feature.

The rollback feature is incredibly valuable because if my organization gets hacked, I can restore complete data from up to half an hour back by clicking a one-click rollback option available in SentinelOne Singularity Complete .

SentinelOne Singularity Complete's ability to ingest and correlate across my security solutions is significant. It correlates with all other services, for instance with Netskope  or Forcepoint. It also correlates with Proofpoint and many other endpoint machines like CyberArk, which is PIM /PAM, along with Netskope , Forcepoint, and Proofpoint, which involve DLP .

SentinelOne Singularity Complete helps me consolidate my security solutions overall, though the consolidation only happens at the endpoint level, not at all levels.

My impression of the Ranger functionality in SentinelOne is that it is a good product that is helpful for my AD environment. It effectively protects my AD machines in that environment.

In my experience, SentinelOne Singularity Complete helps reduce alerts significantly. If any machine comes up, I will receive a notification. So in a day, I might get a thousand emails or alerts. What Singularity  does is filter those alerts and provide me with the top 10 or top 15 threats to understand and mitigate the risk. That is a lot of help from Singularity . The reduction in alerts has been around 60 to 70%.

SentinelOne is definitely improving, with a lot of new versions coming out and patches happening on a regular basis. They are acquiring a lot of AI companies and conducting R&D backend work, which is ongoing. By the end of this year, I believe a fully-fledged product will be available. One area needing enhancement is on the commercial front, especially considering the major competition with CrowdStrike. Hence, we must address some challenges, at least for the Indian market.

My experience with SentinelOne Singularity Complete spans four years.

I can rate how stable and reliable SentinelOne Singularity Complete is as a 9.

I can rate the scalability of SentinelOne Singularity Complete as a 10. Whether it is 50, 5,000, or 5 lakh endpoints, it remains scalable.

I do not often communicate directly with the technical support of SentinelOne, but my technical team does.

I would rate SentinelOne's technical support as an 8. Sometimes I get a response from them, but at times they may not have answers and defer to the engineering team, which can prolong the resolution time beyond expectations for customer satisfaction. Overall, it takes a couple of days longer than desired, but the rest of the service is good.

Before my experience with SentinelOne Singularity Complete, we worked with different technologies such as Trellix and Trend Micro.

I usually participate in the initial setup and deployment of SentinelOne Singularity Complete.

I can describe the initial setup process, but I am not deeply involved in the technical details because my technical team takes care of that. I am mainly focused on the business side.

From my perspective, the initial setup is straightforward. During a demo POC, they showcase the complete process, and the presentation along with the dashboard walkthrough helps the customer partner understand everything. It is not that complex.

SentinelOne Singularity Complete has positively impacted my company by being hassle-free. It provides good ROI, which stands for return on investment. It gives the best security, ensuring that if anything happens, I can utilize the rollback feature. Moreover, it offers a lot of integration scope with other solutions. The agent is so lightweight that it does not cause any system slowness when in use, making everything good.

The ROI I have experienced is straightforward. If I want to buy it for one year or three years, safeguarding it for three or five years down the line means my investment reduces. That is nothing but the ROI. Additionally, if I engage five engineers for this project and implement SentinelOne, then only one resource is needed to manage the dashboard and criticality alerts. This is how ROI materializes in my organization.

The decision to switch from the previous solutions was primarily driven by customer base comfort, customer adoption, and market responsiveness. Since SentinelOne is relatively new in India, having been around for five years, the customer adoption rate and ease of use made it easier for many customers to agree to replace Trellix, Trend Micro, and others. This led to a significant switch on their part.

SentinelOne Singularity Complete has definitely helped free up employees for other projects and tasks, both for me and for my customers.

SentinelOne Singularity Complete has greatly aided in reducing my mean time to detect. It is actually very fast because the agent works as an AI agent. It detects any kind of malicious activity or threat in a pretty fast way. It is very fast, and as it is an AI agent, it runs automatically, ensuring rapid detection.

Regarding the mean time to respond, my time is getting reduced by 80, 85, or even 90 percent, which is good.

When considering stability and reliability, if CrowdStrike can replace Trend Micro, then similarly, if SentinelOne can replace Trend Micro and Trellix, the same way CrowdStrike could potentially replace SentinelOne, indicating that the market remains highly flexible.

Based on everything I have described, I rate SentinelOne Singularity Complete as a 10 because I have to promote it, so I present it as my best product.

SentinelOne Singularity Complete  is an XDR  solution for endpoint protection and EDR. I am an integrator and reseller of both their SIEM  and XDR  platform.

SentinelOne also has an AI SIEM  that operates as a different solution on top of the XDR platform, which is very useful especially for organizations that do not have any SIEM but already have the XDR platform. With the XDR platform, I am able to correlate data from other solutions.

Their AI SIEM consolidates everything under one platform. The way it is very easy is that one agent does everything. Whether it is cloud, on-prem, or endpoints, one agent handles that part. If you have the SIEM as well, you can ingest logs from your cloud workloads, from your on-prem devices, whether it is a security device or other devices like your network switches and applications. It is able to ingest data from all platforms.

SentinelOne Singularity Complete  is your endpoint platform that covers everything. It covers Linux, Mac, and Windows environments as well as your cloud workloads and Kubernetes  workloads. If you are looking to integrate other solutions or devices, you need the AI SIEM, which will take care of third-party solutions, firewalls, identity access, PAM, and other integrations. If you want to bring those feeds onto that platform, you need the AI SIEM part for it. In terms of XDR, it covers the major platforms including Linux, Windows, and Mac.

The Ranger functionality is good, though I believe they have renamed it recently. If you want to do network discovery on your network to know what is running on it, Ranger is very good.

Purple AI  is built into SentinelOne Singularity Complete platform. Purple AI  helps engineers perform threat hunting without requiring SOC analyst experience. You are able to threat hunt and respond to threats using normal language conversation.

Because you are able to converse with it using natural language, you are able to build out responses using Purple AI that it will enact autonomously.

It is priced by endpoint device, making it one of the well-priced solutions. It is not too expensive and is a very good enterprise solution.

The most valuable feature is rollback on ransomware and malware because it is one of the only solutions that can do real-time rollback on ransomware and malware.

With SentinelOne Singularity Complete, you have virtually 99.9% zero false positives, which means when it is doing its detection, it is very good at it.

Because the detection engine can be fully autonomous and AI-based, the IT team is not bogged down looking for threats or hunting for threats. Most of the threats will be detected and remediated autonomously, which makes it very useful.

Because of the false positives and the detection engine that it uses, it vastly reduces the detection time because it is AI-based.

Because it is autonomous, you have more or less instant response if it detects a threat.

It is doing most of the work currently. The only thing that would help complete the solution is the ability to execute and perform patching from the system since it is able to discover vulnerabilities and CVEs on the system. That is the one improvement that I have had from clients.

Five years plus.

I have not had any issues personally. I do not know everyone's experience, but I have not experienced any yet.

It is extremely scalable, so it is very good. I would rate it a ten out of ten. You can use it for very small organizations all the way to extremely large organizations.

I have not had to contact them for troubleshooting. When we are doing proof of concept, I speak with the SentinelOne team. In terms of them having to come in and troubleshoot something, that has not happened yet.

The material is readily available for anyone, and mostly they have what I need. I do not need to refer anywhere else.

The only new solution that I have added is SentinelOne, not any other.

The setup is very straightforward and not difficult to do. All you need to do is deploy the agent onto the endpoint machines and then configure the detection and response policies. Other than that, it is not much and is very easy.

Setup is normally done by SentinelOne, but deployment is handled by us. The setup is an online setup unless it is on-prem. For on-prem, I am involved, but most users will not get on-prem deployments. Cloud deployment is done by SentinelOne themselves, and then we come in to do the deployment.

SentinelOne Singularity Complete is being used comprehensively for all capabilities. It is being used for endpoint detection and response, and for XDR purposes. For example, Entra data is being ingested into the platform to get a more complete picture, and also for non-incident-based threat hunting.

The ability to ingest and correlate across various security solutions is impressive. It could be a bit more widespread, but fortunately it is using OCP, and the built-in Purple AI understands more and more of it. On a scale of one to ten, I would rate this a seven to eight.

SentinelOne Singularity Complete has helped me and my clients consolidate security solutions absolutely. I have clients who are no longer using old school SIEMs and they have moved everything into SentinelOne. It has been replacing old AV or non-performative EDR solutions.

The best features in SentinelOne Singularity Complete have to be Purple AI. SentinelOne has not been doing AI for only the past three years, but they have done it since they started. They do have a more realistic grasp on their technology. Using Purple AI, it is very easy to quickly get a grasp on your data, to get the data that you want, and get it properly formatted.

Writing the parsers for data ingestion can be a bit annoying in SentinelOne Singularity Complete. When you do not have a native integration, parsing to OCP or OCF can be a bit tedious. Nothing major aside from that data ingestion aspect.

I have been using SentinelOne Singularity Complete since 2020.

I would rate the technical support for SentinelOne Singularity Complete a nine.

The deployment process for SentinelOne Singularity Complete is easy. The documentation for it is really well-made. I might have overengineered it a bit to always automatically deploy the latest version via the API, making it perhaps more complicated than it needs to be, but once you have it set up, you do not need to worry about it again.

The initial deployment for SentinelOne Singularity Complete depends on the size of the customer, but usually half a day for full deployment is very doable.

I still work with SentinelOne Singularity Complete as well. I am partnered with SentinelOne.

I absolutely use SentinelOne Singularity Complete's Ranger functionality. It is awesome to get a quick grasp on shadow IT, to know what you really have in your environment and what you perhaps do not even know about, what is covered, and what is not covered. The quick rollout feature or the deployment feature via Ranger is differentiated. In my opinion, when you see a device not having SentinelOne Singularity Complete in the Ranger overview, that indicates an issue with the process. You can use the band-aid by quickly deploying it, but in my opinion, that is a band-aid and you need to look at the process first.

It is hard to put into numbers how much SentinelOne Singularity Complete has helped reduce alerts. If it was just a percentage, I would have to say 90% and above. SentinelOne Singularity Complete correlates alerts. If something is happening in the same general incident, it is added to that incident rather than being a new alert. I remember being in the rollout for a larger client and they had another solution still in place at the time. They were running simultaneously for a while. In their old solution, they got hundreds and hundreds of alerts for a single occurrence, 99% of which were false positives. In SentinelOne Singularity Complete, we had a single notification, a single alert, making it much easier to quickly work through and finish.

Regarding my false positive rate reduction, I would say roughly 80%.

SentinelOne Singularity Complete absolutely saves time for me and my clients.

In numbers, I would say 80%. It is a lot of automation, and you can trust in the product to pretty much work. After you have set it up, you can essentially leave it running until you get an alert. That can mean you can leave it alone for a couple of weeks, and that is completely fine.

I would say roughly 70% for how much it has helped reduce my mean time to respond. Getting the alert is only half the benefit. Being able to quickly get all the information you need and then make an appropriate decision is simplified so much. Going back to the topic of XDR, because you can integrate pretty much any data you want into the console. You do not have to have 20 different tabs open. You can have SentinelOne Singularity Complete open and that is it. You can have all the information right there, even within the threat page itself. That simplifies things so much.

So 70% for detection and 70% for response.

Regarding Purple AI, data privacy and security when utilizing AI are important, and it meets my requirements and needs. Every time I interact with someone who is not from Germany, it is always the topic of data security and privacy for Germans. I think Germans are a bit different on that topic. Purple really does meet all the criteria for that. There has never been a single complaint.

With Purple AI, I would assess the capabilities in providing synthesized threat intelligence or contextual insight at six to seven out of 10. There is room for improvement. In a lot of cases, it might just be seeing issues where there potentially are none. If you look at a single event, for example, it may give you the information that this might be threat-related, but when you look into the data, it might also not be. Generally, it does perform really well and if there is something definitely malicious in an event, it will tell you. There is room for improvement.

SentinelOne Singularity Complete helps streamline threat investigations by making it so easy. It is actually unbelievable. Anyone can get started. For example, I recently introduced a new apprentice to the threat hunting capabilities via Purple AI, and that same day he was able to use it because the barrier to entry is so low. You do not need to learn a new query language. You do not need to learn the syntax. You can get right to it and get started.

In my thoughts on pricing for SentinelOne Singularity Complete, it is cost-efficient, definitely. Being pretty much solely on the technical side, I am a bit removed from that.

I would compare SentinelOne Singularity Complete favorably with other solutions or other vendors. It is easy to set up. It is easy to administrate. As with all solutions, you do need to put some effort into the initial deployment. That is going back to the whole beauty of it. It is easy. It takes a workload away from your team. You do not need to worry about so many things after you have it deployed.

My clients have mainly deployed SentinelOne Singularity Complete in the cloud, on-premises, and hybrid models.

I deploy SentinelOne Singularity Complete for myself and for my clients using the cloud for the console, but the agents on all the endpoints.

It is super easy to maintain SentinelOne Singularity Complete. When there is a new agent version, I do ring testing, for example, I do an internal deployment first before I roll it out to my clients. New versions come out every couple months. Beyond that, if there is an arising issue, if a client starts using new software, that also may come up if there are issues in interoperability with SentinelOne. In banking software for example, that is a common thing. Beyond that, it is super easy to maintain.

My advice to those looking into SentinelOne Singularity Complete is to do a proof of concept. Do a small-scale deployment across all your departments. See how it performs and see if there are any issues.

This is an Umbrella  platform that provides endpoint security as well as cloud security and provides ingestion like identity and network protection. These are the use cases we work with our clients as per managed security services. It provides great endpoint and cloud security services.

With the AI-based capabilities and the high detection rate, the mean time to detect and mean time to resolve the complete dwell time is less on that particular point. This really directly helps in that area.

The feedback is very good. Detection time and mean time detection, all the security metrics like mean time to detect and dwell times, make SentinelOne Singularity Complete  great from the Sentinel  point of view. It also provides the MITRE ATT&CK metrics on the dashboard, which helps us to understand tactics and techniques.

There are multiple features such as network controls and device control. We can manage the device as well as detect any unprotected or rogue identity and rogue endpoints across the enterprise. All of these are great features from SentinelOne Singularity Complete .

It reduces the manual intervention time. It reduces the alert noise and now has the AI capabilities to drill down that particular event or incident.

In terms of enhancement, SentinelOne Singularity Complete may increase to include some agent for email protection.

I have demo experience, not production work on the AI Purple where we can take the data from multiple vendors or from Sentinel , and it will provide the enhanced observability and visibility. I have a couple of demo level experiences because that product we are not using right now.

Scalability is also a nine.

Technical support is also good. I would rate it around nine. When we have any escalation or something, it is very helpful in that area.

It is a simple process.

We are the managed service provider, so we help our clients. Sometimes it requires some advanced level of configuration or implementation.

CrowdStrike is the main competitor, along with Palo Alto Cortex  and Microsoft Sentinel . These are the three main competitors for the product range from SentinelOne.

It is very hard to compare on this point until we have any kind of detailed one-to-one comparison. It actually depends on the use case on how we are implementing and which services we are opting. SentinelOne provides MDR and EDR detection, so it is a very great portfolio when compared. However, every peer competitor is also evolving day by day, so it is very hard to tell on that point.

It is helpful because it provides the data ingestion from other vendors also. SentinelOne Singularity Complete, from the end user perspective, provides the complete security protection, which is the first thing we are looking for. It has very few false positives. With device control, we can manage the device inventory as well as compliance as per the standard working. These are the features which SentinelOne Singularity Complete provides.

SentinelOne Singularity Complete is a very great product. Network discovery and device control and these features are very helpful for administrators and cybersecurity analysts to help the cybersecurity portfolio correctly.

I would rate this review a nine overall.

I create policies based on the regarding policy, which means I created custom rules regarding the use case and customer use case.

Most of my use cases are related to the event ID and the process event, so it is easy to use.

My impressions of SentinelOne Singularity Complete 's ability to ingest data and correlate across the security solutions is that it is better for blocking the hash value and generating the rules manually. It is easy to use.

Overall, SentinelOne Singularity Complete  helps me consolidate my security solutions, being the best in endpoint, cloud, and identity.

The best features in SentinelOne Singularity Complete are in the SIEM  solution, including the block list in hash value block list and anti-tampering mode.

The best part of the Ranger functionality is that it helps find known and unknown devices, locate IoT devices, and determine how many agents have not been installed in SentinelOne, making it easy to count how many machines are not installed and find IoT devices.

SentinelOne Singularity Complete has helped reduce alerts for me, with the best part being the exclusion, as it has already marked most of the alerts in the cloud as false positives.

SentinelOne Singularity Complete has helped free up my staff for other projects and tasks.

In the SIEM  solution, I would like to see improvements in the data injection process, as it is very fast, and the log collector option is very nice. However, there are issues in blocking the hash, which is complicated due to different segregation for Windows, Linux, and macOS, so I ask for an improvement in this hash blocking function and the manual generation of how many VSS snapshots.

I have been working with SentinelOne Singularity Complete for the last two years.

The performance issue with SentinelOne Singularity Complete is very good, but the hash blocking remains complicated and generating many snapshots manually is a recurring challenge.

I work with the Ranger functionality in SentinelOne Singularity Complete, which is used to identify known and unknown devices both in and out of networks.

I evaluate the customer support team of SentinelOne Singularity Complete highly, stating that they provide good support with 24/7 availability.

I decided to switch to SentinelOne Singularity Complete because it offers a single solution for the endpoint SIEM and singularity purpose, and the console is very easy to handle.

There were challenges during the setup, particularly with the custom rule as the customer asked for application-level blocking that I did not fully understand.

The project time is not the means full completely solution but it saves up to 40 days.

Apart from the escalation matrix, I have seen improvement in the mean time to respond, with critical alerts raised below up to 15 minutes and false positive alerts raised in up to one hour.

I mostly use the custom rule and small things for the event type, event query, and searching in event query, focusing on endpoint based solutions in SentinelOne Singularity Complete and the SIEM solution.

I would rate the technical support of SentinelOne Singularity Complete a nine.

I have no recommendations for improvement regarding SentinelOne Singularity Complete as a product or solution.

I rate this review a nine overall.