Listing Thumbnail

    SentinelOne Singularity Platform

     Info
    Sold by: SentinelOne 
    Deployed on AWS
    Vendor Insights
    Unlock enterprise-wide security for your AWS environment with SentinelOne Singularity Platform. This AI-powered solution provides real-time threat detection and automated response across your infrastructure, ensuring continuous protection at infinite scale. By autonomously securing endpoints, cloud workloads, and identity, SentinelOne delivers total visibility while eliminating security silos. Integrate seamlessly with AWS and leverage our unified data lake and Purple AI to accelerate investigations and gain deeper insights. Secure your AWS cloud and focus on innovation with the speed and efficiency of AI.
    4.6

    Overview

    Play video

    The SentinelOne Singularity Platform is the industry's first AI-powered security solution for the modern enterprise, offering a unified defense across your entire infrastructure from endpoints and cloud workloads to identity. As cloud adoption accelerates, traditional, siloed security tools create complexity and leave gaps in protection. Our platform consolidates multiple security capabilities into a single, intelligent solution, providing AWS customers with real-time visibility and autonomous protection to simplify security operations and reduce risk.

    Core Capabilities & Benefits

    Autonomous Protection: Singularity Platform is designed for customers seeking enterprise-wide protection, detection, and response capabilities, augmented by the intelligence and speed of advanced AI and automation. SentinelOne's Singularity Platform protects thousands of customer environments, including Amazon cloud workloads, across the globe.

    Unified Visibility: Break down data silos and security tool sprawl. Using patented Storyline™ technology, the platform automatically correlates and contextually groups related events into a single attack story, providing a consolidated view for faster investigation and response within our unified data lake.

    Extended Detection & Response (XDR): Gain a complete, correlated view of the full attack story across endpoints, identities, and cloud workloads. Our XDR solution provides the context needed to understand and respond to threats at machine speed.

    Cloud Workload Protection Platform (CWPP): Secure your AWS compute resources from runtime threats. Our Singularity Cloud Workload Security delivers real-time, AI-powered threat detection and response for Amazon EC2 instances, EKS clusters, and AWS Fargate. It provides deep visibility into vulnerabilities and configuration risk while autonomously blocking malware, ransomware, and fileless attacks without disrupting production performance.

    Identity Threat Detection & Response (ITDR): Proactively defend against credential theft, privilege escalation, and lateral movement attacks across hybrid environments. Our solution provides continuous monitoring and protection for Active Directory and leading cloud identity providers, including Entra ID, Okta, Ping, SecureAuth, and Duo, ensuring identity infrastructure remains secure.

    Accelerated Incident Response with Generative AI: Purple AI, our generative AI security analyst, acts as a force multiplier for your security team. It automates threat hunting, provides instant summaries of complex incidents, and accelerates investigations, allowing your team to focus on strategic initiatives.

    Seamless Integration with AWS Services

    The SentinelOne Singularity Platform is designed for seamless integration into your existing AWS environment. We provide bidirectional integrations for AWS Security Hub and Amazon CloudWatch, ensuring your security findings are centralized and actionable. Additionally, our AI-powered malware scanning for Amazon S3 protects sensitive data while maintaining compliance, helping you maximize your AWS investment and enhance your overall security posture.

    How to Get Started

    Secure your AWS cloud and focus on innovation with the SentinelOne Singularity Platform. Simply click on the Request private offer button at the top of this page to begin your procurement process.

    Highlights

    • 338% three-year ROI for SentinelOne customers using Purple AI, included with SentinelOne Singularity Platform Complete
    • 96% of Gartner Peer Insights™ EDR reviewers recommend SentinelOne Singularity
    • 5-Consecutive Year Gartner® Magic Quadrant™ Leader for Endpoint Protection Platforms

    Details

    Delivery method

    Deployed on AWS
    New

    Introducing multi-product solutions

    You can now purchase comprehensive solutions tailored to use cases and industries.

    Multi-product solutions

    Features and programs

    Trust Center

    Trust Center
    Access real-time vendor security and compliance information through their Trust Center powered by Drata or Vanta. Review certifications and security standards before purchase.

    Buyer guide

    Gain valuable insights from real users who purchased this product, powered by PeerSpot.
    Buyer guide

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Vendor Insights

     Info
    Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
    Security credentials achieved
    (1)

    Pricing

    SentinelOne Singularity Platform

     Info
    Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    1-month contract (1)

     Info
    Dimension
    Description
    Cost/month
    Custom Pricing and Packaging
    Contact SentinelOne for custom pricing and packaging including Private Offers
    $10,000.00

    Vendor refund policy

    Refunds available as required by law.

    Custom pricing options

    Request a private offer to receive a custom quote.

    How can we make this page better?

    Tell us how we can improve this page, or report an issue with this product.
    Tell us how we can improve this page, or report an issue with this product.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Support

    Vendor support

    Multiple support options available. Email support available: support@sentinelone.com 

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Product comparison

     Info
    Updated weekly

    Accolades

     Info
    Top
    10
    In Generative AI, Security Observability

    Customer reviews

     Info
    Sentiment is AI generated from actual customer reviews on AWS and G2
    Reviews
    Functionality
    Ease of use
    Customer service
    Cost effectiveness
    4 reviews
    Insufficient data
    Positive reviews
    Mixed reviews
    Negative reviews

    Overview

     Info
    AI generated from product descriptions
    AI-Powered Threat Detection and Response
    Real-time threat detection and automated response capabilities augmented by advanced AI and automation across endpoints, cloud workloads, and identity infrastructure.
    Cloud Workload Protection
    Runtime threat protection for Amazon EC2 instances, EKS clusters, and AWS Fargate with autonomous blocking of malware, ransomware, and fileless attacks.
    Extended Detection and Response
    Correlated view of full attack stories across endpoints, identities, and cloud workloads using patented Storyline technology to automatically correlate and contextually group related events.
    Identity Threat Detection and Response
    Continuous monitoring and protection against credential theft, privilege escalation, and lateral movement attacks across Active Directory and cloud identity providers including Entra ID, Okta, Ping, SecureAuth, and Duo.
    Generative AI Security Analysis
    Generative AI security analyst that automates threat hunting, provides incident summaries, and accelerates investigations through machine-speed analysis.
    Multi-Source Threat Data Integration
    Correlates security events from Trellix Security Platform and over 500 third-party tools including 13 AWS integrations to create unified threat visibility across the security stack.
    AI-Driven Alert Triage and Prioritization
    Applies artificial intelligence-driven analytics to perform 100% alert triage, prioritize threats, and provide GenAI-powered insights for threat investigation and remediation guidance.
    No-Code Automation for Investigation and Response
    Provides UI-driven, point-and-click automation capabilities to offload repetitive security operations tasks and accelerate investigation and response workflows.
    Pre-Built Analytics and Correlation Rules
    Ingests data from multiple sources and correlates events using pre-built analytics and rules to reconstruct complete attack narratives and reduce manual investigation pivots.
    Multi-Deployment Architecture Support
    Supports cloud, hybrid, and air-gapped deployment models with an open integration ecosystem for flexible security infrastructure configurations.
    Multi-Domain Attack Detection
    AI-powered detections that expose attacker activity across network, identity, and cloud environments including data centers, campuses, remote work, IoT/OT, AWS, Microsoft Active Directory, Microsoft Entra ID, Microsoft Azure, and Microsoft 365.
    Automated Alert Triage and Correlation
    AI agents that automatically triage, stitch, and prioritize attacks in real time, removing up to 99% of alert noise and reducing manual task time by up to 50%.
    Unified Investigation and Response Interface
    Centralized response user experience that enables discovery, hunting, detection, investigation, and automated response capabilities with aggregated and contextualized views of attack progression across network, identity, and cloud.
    Network Detection and Response
    Dedicated network detection and response (NDR) module for monitoring and detecting malicious activity across network infrastructure.
    Multi-Cloud and Identity Platform Coverage
    Modular architecture supporting AWS, Microsoft Azure, Microsoft 365, Microsoft Active Directory, and Microsoft Entra ID with configurable metadata retention periods ranging from 14 to 90 days.

    Security credentials

     Info
    Validated by AWS Marketplace
    FedRAMP
    GDPR
    HIPAA
    ISO/IEC 27001
    PCI DSS
    SOC 2 Type 2
    -
    -
    -
    -
    -
    No security profile
    No security profile

    Contract

     Info
    Standard contract
    No
    No
    No

    Customer reviews

    Ratings and reviews

     Info
    4.6
    381 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    75%
    22%
    1%
    1%
    1%
    39 AWS reviews
    |
    342 external reviews
    External reviews are from G2  and PeerSpot .
    Likhith Varma

    Centralized threat hunting has improved incident response and now reduces investigation time

    Reviewed on Jul 01, 2026
    Review from a verified AWS customer

    What is our primary use case?

    I am currently working with SentinelOne products, specifically SentinelOne EDR and AI SIEM  solutions. I have been working with SentinelOne Singularity Endpoint  for the past nine months.

    My use cases for SentinelOne Singularity Endpoint  involve integrating multiple log sources from clients into a centralized platform. The platform has predefined rules, and I write custom rules based on threat hunts we are conducting. I analyze threats and alerts triggered by the platform to understand and respond to security incidents.

    I work with the Ranger functionality for network and asset visibility in SentinelOne Singularity Endpoint.

    SentinelOne Singularity Endpoint helps consolidate my security solutions in a different way than other products on the market. It offers new perspectives regarding threat fingerprinting and handling certain aspects of security. There are some limitations, but it is a growing product, and the team has made significant improvements since I joined, with new features continuously being developed.

    What is most valuable?

    The best aspect of SentinelOne Singularity Endpoint is its integration with AI, which provides initial analysis of alerts. It gives an overview of what the alert or threat is about and provides insight into what is happening.

    SentinelOne Singularity Endpoint's ability to ingest and correlate across security solutions is valuable because it correlates data from the EDR module with custom rules I have defined. This correlation provides a complete overview of the incident and the overall capability.

    SentinelOne Singularity Endpoint has helped me reduce alerts by correlating multiple data sources and grouping related alerts. This grouping makes it easier to investigate multiple incidents simultaneously.

    SentinelOne Singularity Endpoint helps save time and free up my staff for other projects and tasks. It provides a brief description of each alert, which reduces investigation time so my team can focus on other priorities and increases overall productivity.

    SentinelOne Singularity Endpoint has reduced my average MTDD and MTTR. The platform detects threats quickly, lowering the Mean Time to Detect, and provides brief alert descriptions that help close incidents faster, improving overall MTTR.

    What needs improvement?

    When retrieving results for logs in the AI SIEM  of SentinelOne, there is a limitation where I can download up to 10,000 columns at a time, and the same constraint applies to vulnerability data. This product limitation needs improvement in future updates.

    I would like to see these limitations removed in SentinelOne Singularity Endpoint. Additionally, the device control feature needs improvement. The EDR is solid, but there are several areas where the quality of work could be enhanced.

    For how long have I used the solution?

    I have been using SentinelOne Singularity Endpoint for the past 9 months.

    What do I think about the stability of the solution?

    SentinelOne has not presented many stability issues. However, when searching for long-range queries, such as logs spanning three to four months, the platform sometimes takes extended time to retrieve the logs. Other than this, I have not encountered significant stability problems with the product.

    What do I think about the scalability of the solution?

    I find SentinelOne Singularity Endpoint scalable.

    How are customer service and support?

    I am aware of SentinelOne's tech support team. When I encounter agent issues, I create support cases, and the team usually provides a very good response with rapid turnaround. The support is available around the clock.

    Which solution did I use previously and why did I switch?

    I have used other tools apart from SentinelOne, including CrowdStrike, Microsoft Sentinel , Microsoft Defender, and Carbon Black.

    Having worked with tools like Defender and CrowdStrike, I can identify key differences in both pros and cons of SentinelOne. In Defender, you have limited information related to events, but in SentinelOne Singularity Endpoint, you have everything. When hunting on a specific device, you get all events including device events, network events, IP connections, and separate indicators to identify any indicators of compromise. SentinelOne has done significant work correlating these data points and keeping them separate so I can check each category independently while investigating alerts.

    How was the initial setup?

    I am not certain how SentinelOne Singularity Endpoint was initially set up because the organization had been using it for the past five or six years before I recently joined them.

    What about the implementation team?

    With new clients, I have not encountered many problems. From the EDR perspective, I did face some challenges related to SentinelOne Singularity AI SIEM  where I had to find new ways of integrating all log sources, but I experienced nothing from the EDR perspective.

    Which other solutions did I evaluate?

    Purple AI  plays a role in amplifying team knowledge and is quite effective in my environment. For example, when I receive an alert and want to see surrounding activities, if I am a person with no prior knowledge of SentinelOne Singularity Endpoint, building the query would be difficult to get new context and results. Purple AI  helps by allowing me to provide a normal query or prompt, and it generates the query along with the results.

    The key benefits from using SentinelOne Singularity Endpoint are that I have everything in a single platform. I have Ranger, the EDR module, AI SIEM, Purple AI to retrieve results, and vulnerability capabilities. I can correlate a single threat with all of these components to get a clear picture of what is happening in the environment.

    What other advice do I have?

    I am using the SaaS deployment model for SentinelOne.

    Ranger is important because it gives me visibility into how many devices in my network are unprotected. It provides security posture information showing how many detections exist, how many devices are protected, and how many are not. It gives an overview of what devices need protection and allows me to review why certain devices are not protected and identify any limitations.

    The company name is SentinelOne.

    I use Purple AI in SentinelOne.

    Purple AI is an AI developed by SentinelOne that helps me correlate or build queries for those who have not used SentinelOne Singularity Endpoint before. It also provides information about the product without sharing confidential information. SentinelOne has a policy ensuring that all data and queries are kept internally and not shared with any third party.

    Regarding workflow, Purple AI helps overall in my day-to-day operations by assisting with how alerts are triggered, retrieving results for alerts, providing alert descriptions from connected devices, and helping mitigate threats. I gave this review a rating of 8 out of 10.

    Dinesh Yadav

    Security monitoring has improved and current endpoint deployments run smoothly for customers

    Reviewed on Jun 26, 2026
    Review provided by PeerSpot

    What is our primary use case?

    I use SentinelOne Singularity Endpoint  for my customers.

    I help our customers implement SentinelOne Singularity Endpoint  because its initial setup is straightforward and not complicated. However, there are cases where they are not integrated with Active Directory, so I assist them by sending the link or email to the end user so they can download the agent, and the rest can be done through the console.

    My customers purchase SentinelOne Singularity Endpoint from us. I place the order with SentinelOne distributors because local support is more important for customers, and they want to be locally supported by resellers or vendors. If you buy from AWS , then there will not be any support.

    What is most valuable?

    My experience working with SentinelOne Singularity Endpoint has been fantastic.

    The most valuable features I have found in SentinelOne Singularity Endpoint are MITRE ATT&CK, continuous monitoring, and threat vectors.

    What needs improvement?

    The drawbacks I have identified with SentinelOne Singularity Endpoint are that they should work on being more responsive than CrowdStrike. CrowdStrike has a very strong team here in the Middle East and they are very frequently available to discuss any kind of issues or challenges. In comparison to these, they are a bit slow.

    I think in the next release of SentinelOne Singularity Endpoint, they should be working on a SIEM  solution so that customers can have data logs for 30 days or 90 days.

    SentinelOne Singularity Endpoint's R&D team should learn from CrowdStrike's approach, looking at the technologies that protect endpoints, customer protection, and providing extra features that customers can utilize and be loyal to them. For example, CrowdStrike gives seven days data retrieval for end users in the SIEM  without any charges. If SentinelOne does something similar, they might gain more loyalty and more customers.

    For how long have I used the solution?

    I have been dealing with SentinelOne Singularity Endpoint for more than five to six years.

    What do I think about the stability of the solution?

    When it comes to functionalities and performance, SentinelOne Singularity Endpoint is fine, and there are not many issues with SentinelOne Singularity Endpoint products once deployed.

    How are customer service and support?

    I would rate their technical support around a nine out of ten. Every solution has some kind of drawback, but it is a pretty good score.

    How was the initial setup?

    Its initial setup is straightforward and not complicated. However, there are cases where they are not integrated with Active Directory, so I have to assist them by sending the link or email to the end user so they can download the agent, and the rest can be done through the console.

    What's my experience with pricing, setup cost, and licensing?

    I find SentinelOne Singularity Endpoint's pricing to be competitive because if I look at the pricing of CrowdStrike, they are competitive to CrowdStrike.

    Which other solutions did I evaluate?

    I cannot say SentinelOne Singularity Endpoint is the best option on the market at the moment, but I can say it is the second best. If I look at CrowdStrike, they have many other features and come with various other solutions including identity protection, SIEM, data protection, and firewall management. In terms of technology, SentinelOne is doing good and very competitive in the market, but CrowdStrike is still ahead of them.

    What other advice do I have?

    I have not gone through SentinelOne Singularity Endpoint's Purple AI  that much. I believe it is an AI feature. It is similar to all other AIs where you can ask questions about technical issues or challenges through the portal and it can access security, indicating if any configuration is missing or if there are any attacks or vectors, or if some users are inactive for longer periods. This can help them keep track of users in case some are offline for longer days or if their agent has not been updated. I would rate this review an eight out of ten.

    AbhishekVilas Sawant

    Automated threat response has freed our security team to focus on high‑value client projects

    Reviewed on Jun 22, 2026
    Review from a verified AWS customer

    What is our primary use case?

    My use case with SentinelOne Singularity Endpoint  is primarily for security purposes, to secure our clients from different malware. If they download any suspicious file onto their desktop which creates a problem afterwards, then for that purpose, we are basically using this. We are basically an MSSP , providing services to our clients.

    What is most valuable?

    The features and functions in SentinelOne Singularity Endpoint  that I have found most valuable include its fully autonomous nature. We don't have to put manual effort into that. Basically, mostly everything is automated, and also the threat detection feature, the rule remediation feature, and the rollback as I mentioned earlier. If anything comes out to be clean and genuine, then we can just do the rollback so that everything gets back to normal and keeps on running. I feel that is the foremost thing I appreciate: having a fast response and rollback capability.

    Singularity  Complete has helped me reduce the number of alerts. Although I would say that it is a depreciating factor when it comes to false-positive alerts. Initially, it generates a very high number of false-positive alerts, but by using it accordingly, very prominently, we can control the false-positive alerts by deploying only the necessary use cases that our clients need to detect only true-positive alerts rather than false-positive noises.

    Singularity  Complete helps my clients free up staff for other projects. I also mentioned earlier that it is fully autonomous. Every feature is automated. It does its work on its own by doing the quarantine. Any malicious thing it detects, its rule engine, which is obviously a behavioral AI. Because everything is automated, it decreases our manual effort. Rather than typing a manual email to a client, which obviously takes fifteen to twenty minutes extra, we are just taking action directly from the SentinelOne Singularity Endpoint user interface. So it reduces our manual effort and time overall.

    What needs improvement?

    Regarding potential areas for improvement for SentinelOne Singularity Endpoint, as I mentioned earlier, I felt that it was generating a very high number of false-positive alerts initially. Although by making a few changes, we reduced that. The first thing is the false-positive alerts. Also, I've felt that a few of our clients have a very high number of endpoints integrated, such as more than one thousand endpoints have been deployed for those particular clients. For those kinds of clients, I've felt that the resource consumption, including high CPU and disk utilization, is a factor. The utilization sometimes gets very high, so we have to keep it in control and monitor it from time to time. One more thing is creating a customized dashboard, which is not a feature in SentinelOne Singularity Endpoint. We can only view their existing dashboard. No custom dashboard feature is present in SentinelOne Singularity Endpoint, so that's also something that can be brought up in the future.

    For how long have I used the solution?

    I've been working with SentinelOne Singularity Endpoint product for about a year.

    What do I think about the stability of the solution?

    Stability-wise, I would rate SentinelOne Singularity Endpoint a nine out of ten.

    What do I think about the scalability of the solution?

    I would say ten out of ten for the scalability of SentinelOne Singularity Endpoint because we can scale up and scale down as per requirement. We can increase or decrease the number of endpoints, whatever suits perfectly at that particular time.

    How are customer service and support?

    I would rate SentinelOne's technical support ten out of ten. There have been a number of times when we get in contact with their OEM, the customer support. Their response is very quick. Within a day, we get a response from them. There are a number of times we get stuck in creating a use case or doing whitelisting, blacklisting, or deploying rules. At that particular time, we contact customer support, and we get their response very quickly.

    How was the initial setup?

    The initial setup for SentinelOne Singularity Endpoint is much simpler, although I have not been a part of the integration team. First, we have to allow SentinelOne Singularity Endpoint on a desktop, then we have to install its endpoint on the desktop or laptop.

    Which other solutions did I evaluate?

    The main competitor on the market for SentinelOne Singularity Endpoint can be CrowdStrike Falcon . I have not used that product, but I do know that the price range SentinelOne is offering is the best, as Falcon  CrowdStrike is much more expensive.

    What other advice do I have?

    My experience with SentinelOne Singularity Endpoint's ability to ingest and correlate data across security solutions is great because we personally have integrated SentinelOne Singularity Endpoint with a different product and deployed a few correlation use cases. By doing that, we strengthen our use cases, correlating it with different email security solutions. It's been great doing that correlation.

    The Mean Time To Respond automatically decreases because everything has been already completed by the AI engine running in the background.

    I have limited experience with Purple AI , but I have used some of the features, including identifying IOCs (Indicators of Compromise) in Purple AI  and a few other features as well.

    Regarding Purple AI's capabilities in threat intelligence for detecting threats, IOCs are utilized for that purpose. By using the copilot feature in Purple AI, where I can use the pull-down menu on the left-hand side, from there I can get the IOCs present on my client's endpoint. By doing that, I can gather threat intelligence on our clients' endpoints.

    In my opinion, the main benefits that SentinelOne Singularity Endpoint provides are many. I would say it's already a valuable security device. I can literally line up different things that SentinelOne is offering. Obviously, the foremost thing is for security purposes. You are securing your own desktop, laptop, or whatever server it is. And also, what you are getting at such a low price, I would say. The foremost thing you are getting is the best that anyone can offer. So that's what I would say about SentinelOne Singularity Endpoint.

    I have not personally used the Ranger functionality because it has been blocked in our environment, but I am aware of the Ranger functionality that SentinelOne is providing for network security purposes.

    Regarding Mean Time To Detect (MTTD), if I compare it with other SIEM  solutions, what does that SIEM  solution do? It just detects an alert and gives a pop-up that the threat is detected in an environment. But comparing it with SentinelOne Singularity Endpoint, it is doing its work on its own. So, it's very useful compared to other solutions.

    I will recommend SentinelOne Singularity Endpoint to other users. I would rate this product ten out of ten overall.

    Anish Varma

    Automated endpoint protection has reduced manual effort and improves real-time threat response

    Reviewed on Jun 19, 2026
    Review provided by PeerSpot

    What is our primary use case?

    We are working for SentinelOne Singularity Endpoint . We are using SentinelOne Singularity Endpoint  for endpoint detection to detect any suspicious malware detected in any PDF or file that users download and access. SentinelOne Singularity Endpoint marks suspicious or malicious files and takes appropriate action by quarantining that file in real time. This is the basic purpose that we are using SentinelOne Singularity Endpoint for.

    We have integrated SentinelOne Singularity Endpoint with third-party tools such as our ManageEngine ticketing portal and a few other security devices. It works very well and we have not faced any issues yet.

    What is most valuable?

    The foremost thing would be that the response is very fast, and capability-wise, it is highly capable. Its automated features, behavioral analysis, and machine learning features are numerous, and I feel SentinelOne Singularity Endpoint is best for these aspects.

    SentinelOne Singularity Endpoint has a faster response, so the mean time to detect is remarkably better than other products. This has improved the overall productivity for our organization, which is a plus point using SentinelOne Singularity Endpoint.

    Because it is fully automated, the moment any threat is detected on any file or system, that very second it marks the alert and takes appropriate automated action on it. If any manual human intervention is required, then we, the analysts, are responsible for drafting a mail to our client. This has overall reduced our manual effort significantly, making it very beneficial.

    What needs improvement?

    I feel that it can be much better. Initially, it creates a lot of false positive alerts, which can be improved. SentinelOne Singularity Endpoint does not have any custom dashboard feature, so adding that would be better for us. We could create our own customized dashboard rather than using the default dashboard that SentinelOne Singularity Endpoint has.

    Regarding CPU utilization, in a few of our clients, we have observed that the disk usage and utilization gets very high because they have lots of endpoints integrated on that particular client. This can be improved in that scenario as well.

    For how long have I used the solution?

    It has been a few months that I have been using SentinelOne Singularity Endpoint, and I have had a great experience with it.

    What do I think about the stability of the solution?

    As far as I am concerned, I have not seen any downtime in SentinelOne Singularity Endpoint. There has not been any scenario where we have to wait to see whenever the device gets back up and running. There has not been any issue on that.

    What do I think about the scalability of the solution?

    It is very much scalable. SentinelOne Singularity Endpoint charges on a per-endpoint basis, so whatever the requirement is, it charges the client on that basis. We can scale up and scale down whenever we want. If we want to scale up to a higher endpoint, then it is very much easy to scale up and scale down.

    How are customer service and support?

    There have been a number of scenarios where I have felt that this is not my area of expertise to manage. In those kinds of times, I have been connected with the OEM and the customer support team of SentinelOne Singularity Endpoint. These scenarios include when creating a new rule or finding out IOCs on a client's endpoint. I would rate the customer support a 10 out of 10 because their response was very quick, within a day.

    Which solution did I use previously and why did I switch?

    I have not been aware of other EDR or XDR  solutions. This is my first EDR endpoint detection response team, so I am not aware of what other vendors are providing.

    How was the initial setup?

    From what I am aware of, the deployment is very easy. You just have to install SentinelOne Singularity Endpoint agent on the desktop, laptop, server, or whatever device it is. Before installing, we have to allow its IP address and port in the firewall for better services. After that, we have to install SentinelOne Singularity Endpoint on the desktop and laptop.

    What was our ROI?

    Our return on investment is very much high. Our company is basically an MSSP , and we are providing managed services to our clients. By using SentinelOne Singularity Endpoint and providing its features to our clients, our company makes a huge amount of money. It is a great return of investment for our organization.

    What's my experience with pricing, setup cost, and licensing?

    What SentinelOne Singularity Endpoint is offering for the price range is very remarkable. They are pricing on the basis of per endpoint. They charge around six to ten dollars based on the required amount of endpoints that are necessary. At this price range, the type of solution we are getting is the best that we can ask for.

    What other advice do I have?

    We have a dedicated threat hunting team for that kind of thing, so I have never been a part of that threat hunting procedure in our team.

    The analytics bar allows us to view every threat that has been observed in whatever time frame it is. By seeing that, we can directly assess whatever threats that have been observed on any endpoints and take a particular action on that.

    There has been a scenario when SentinelOne Singularity Endpoint automatically remediated a threat, but the client confirmed us that the file is genuine and necessary for them. During that time, we used the rollback feature to get it back to the original state. By doing that rollback, we can roll back to our default settings. For that purpose, we use the rollback feature.

    The rollback feature has saved us quite a bit of time. Doing it manually would have taken much more time. By directly doing the rollback, it has saved us more than an hour of time.

    Everyone should go for SentinelOne Singularity Endpoint because at the price range that they are offering their services, it is the best that we can ask for. Everyone should keep SentinelOne Singularity Endpoint as their security device for their firm or their own personal purpose as well. I would rate this review a 9 out of 10 overall.

    Karrie Westmoreland

    Security platform has consolidated threat protection and delivers faster incident response

    Reviewed on Jun 18, 2026
    Review from a verified AWS customer

    What is our primary use case?

    The usual use cases for SentinelOne Singularity Endpoint  that I work with mostly are endpoint detection and response.

    What is most valuable?

    SentinelOne Singularity Endpoint 's malware detection and quarantine kill capabilities have been the most valuable features. SentinelOne Complete has helped my customers consolidate their security solutions very well; we house everything under one umbrella called N-able, where they have everything housed under the N-able platform, and we do everything through there. Once they are under our umbrella, we take care of everything, and SentinelOne Singularity Endpoint is a big part of that, enabling our customers to get what they need in one house. They also work with another solution called Adlumin, which is an XDR  solution, and they combine with that really well.

    What needs improvement?

    SentinelOne Singularity Endpoint's features are valuable because they are very quick and also easy; it is easy to set up exclusions, but it can be picky about how you do that, so that is a pro and a con.

    With this filtering, I think it is as best as it can be; however, there are some programs that have multiple files and paths for the same process, so if I do not get them all, such as an updater that has different files and paths for the update, it will still see it as malware, and they will not be able to update their software. I have to go in and build new exclusions daily, so it can be a headache for certain users and programs. I would prefer SentinelOne Singularity Endpoint to be more refined, or maybe more general would be easier.

    SentinelOne Singularity Endpoint does generate a lot of noise as far as tickets; anytime I change the resolution status or am working on a ticket, if I change the process from suspicious to a false positive, every time I change the status of anything, it generates a ticket and an email. I have all this noise every time I am working on tickets, which is annoying.

    For how long have I used the solution?

    I have been using SentinelOne Singularity Endpoint for a little over two years.

    What do I think about the stability of the solution?

    SentinelOne Singularity Endpoint is definitely reliable; we have never been able to take it down, even when we tried. I have never had any outages; it has never been down for repair, and they always send out emails letting us know if they are going to be doing maintenance at night or something, and it always comes right back up if they do, which is really good.

    What do I think about the scalability of the solution?

    SentinelOne Singularity Endpoint is definitely scalable; you bring a customer in through N-able, and then you can go from there. It is per endpoint, so you can have as many as you want.

    How are customer service and support?

    I have communicated with SentinelOne Singularity Endpoint's support a couple of times, usually right through the chat if I am trying to do something and cannot find it. They escalate if they have to and follow up by email, using a ticketing system through Jira , so everything is fine.

    Their skills and expertise are pretty good if you get through the right channel through chat right away; however, it can be hard because they have many chat channels, so if you are specific on your original ticket request, you might get through the right support person. Otherwise, they will have to transfer you depending on whether someone is covering that shift or not, which can lead to a wait for email support. It can take a couple of hours.

    What was our ROI?

    I have seen a definite ROI with this solution, as we have got a lot of new customers signed on just for SentinelOne Singularity Endpoint. A couple of customers came on just because they wanted SentinelOne Singularity Endpoint, which turned into sales points for other products that we offer, so that was really good.

    What's my experience with pricing, setup cost, and licensing?

    As for pricing, I think it is just right on the nose for us; we chose it because it was price efficient and everything, and it was good for the two years we had it, but unfortunately, we are switching away.

    What other advice do I have?

    My impression of SentinelOne Singularity Endpoint's ability to ingest and correlate across security solutions is that for cross-security, we do not mix with anything else, so I am not sure on that end.

    I am familiar with the Ranger functionality of SentinelOne Singularity Endpoint, and while we do not have it, I see it advertised everywhere and would love to be able to press that button to see further into the visibility of what is going on.

    From my experience, SentinelOne Complete has not reduced alerts; I would say it increased them just because it finds every little thing. This increase relates to the malware detection as I mentioned earlier. The customer does not really get the alerts; we do, and we handle them before they ever reach the customer because I do not think there has been only one actual real malware since I have been working with it that did reach the customer end because it was real malware, so that was one out of two years.

    From my experience, SentinelOne Complete has helped free up employees for other projects and tasks; I handle everything, even the noise, so there is no need to escalate beyond where I am working. I let people handle all the noise, and it is just easier for me to go in without having to explain to other people what is going on.

    I do not think that SentinelOne Singularity Endpoint saved me a lot of time; it creates work for me, but that is the point of the program, so I would say it is doing its job perfectly.

    SentinelOne Singularity Endpoint has absolutely helped reduce my customer's mean time to detect, and it is almost instant. I cannot say by how much compared to before SentinelOne Singularity Endpoint because it was online before I came into this business, but if you had to do this manually, such as if you were just watching as things came in, it would be a nightmare, saving a lot of time.

    Regarding the mean time to respond with SentinelOne Singularity Endpoint, that is up to me because I am the responder, so I would say within about two to three minutes. I would say it has been reduced by five minutes at maximum. It used to take around 10 minutes, and now it is about three minutes, which sounds about right.

    My overall review rating for SentinelOne Singularity Endpoint is 8 out of 10.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    View all reviews