Sold by: SentinelOne
Deployed on AWS
Vendor Insights
Unlock enterprise-wide security for your AWS environment with SentinelOne Singularity Platform. This AI-powered solution provides real-time threat detection and automated response across your infrastructure, ensuring continuous protection at infinite scale. By autonomously securing endpoints, cloud workloads, and identity, SentinelOne delivers total visibility while eliminating security silos. Integrate seamlessly with AWS and leverage our unified data lake and Purple AI to accelerate investigations and gain deeper insights. Secure your AWS cloud and focus on innovation with the speed and efficiency of AI.
4.6
Overview
The SentinelOne Singularity Platform is the industry's first AI-powered security solution for the modern enterprise, offering a unified defense across your entire infrastructure from endpoints and cloud workloads to identity. As cloud adoption accelerates, traditional, siloed security tools create complexity and leave gaps in protection. Our platform consolidates multiple security capabilities into a single, intelligent solution, providing AWS customers with real-time visibility and autonomous protection to simplify security operations and reduce risk.
Core Capabilities & Benefits
Autonomous Protection: Singularity Platform is designed for customers seeking enterprise-wide protection, detection, and response capabilities, augmented by the intelligence and speed of advanced AI and automation. SentinelOne's Singularity Platform protects thousands of customer environments, including Amazon cloud workloads, across the globe.
Unified Visibility: Break down data silos and security tool sprawl. Using patented Storyline™ technology, the platform automatically correlates and contextually groups related events into a single attack story, providing a consolidated view for faster investigation and response within our unified data lake.
Extended Detection & Response (XDR): Gain a complete, correlated view of the full attack story across endpoints, identities, and cloud workloads. Our XDR solution provides the context needed to understand and respond to threats at machine speed.
Cloud Workload Protection Platform (CWPP): Secure your AWS compute resources from runtime threats. Our Singularity Cloud Workload Security delivers real-time, AI-powered threat detection and response for Amazon EC2 instances, EKS clusters, and AWS Fargate. It provides deep visibility into vulnerabilities and configuration risk while autonomously blocking malware, ransomware, and fileless attacks without disrupting production performance.
Identity Threat Detection & Response (ITDR): Proactively defend against credential theft, privilege escalation, and lateral movement attacks across hybrid environments. Our solution provides continuous monitoring and protection for Active Directory and leading cloud identity providers, including Entra ID, Okta, Ping, SecureAuth, and Duo, ensuring identity infrastructure remains secure.
Accelerated Incident Response with Generative AI: Purple AI, our generative AI security analyst, acts as a force multiplier for your security team. It automates threat hunting, provides instant summaries of complex incidents, and accelerates investigations, allowing your team to focus on strategic initiatives.
Seamless Integration with AWS Services
The SentinelOne Singularity Platform is designed for seamless integration into your existing AWS environment. We provide bidirectional integrations for AWS Security Hub and Amazon CloudWatch, ensuring your security findings are centralized and actionable. Additionally, our AI-powered malware scanning for Amazon S3 protects sensitive data while maintaining compliance, helping you maximize your AWS investment and enhance your overall security posture.
How to Get Started
Secure your AWS cloud and focus on innovation with the SentinelOne Singularity Platform. Simply click on the Request private offer button at the top of this page to begin your procurement process.
Highlights
- 338% three-year ROI for SentinelOne customers using Purple AI, included with SentinelOne Singularity Platform Complete
- 96% of Gartner Peer Insights™ EDR reviewers recommend SentinelOne Singularity
- 5-Consecutive Year Gartner® Magic Quadrant™ Leader for Endpoint Protection Platforms
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Access real-time vendor security and compliance information through their Trust Center powered by Drata or Vanta. Review certifications and security standards before purchase.
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(1)
FedRAMP
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/month |
|---|---|---|
Custom Pricing and Packaging | Contact SentinelOne for custom pricing and packaging including Private Offers | $10,000.00 |
Vendor refund policy
Refunds available as required by law.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
Multiple support options available. Email support available: support@sentinelone.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By SentinelOne
By Trellix
By Vectra AI
Top
10
In Generative AI, Security Observability
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
AI-Powered Threat Detection and Response
Real-time threat detection and automated response capabilities augmented by advanced AI and automation across endpoints, cloud workloads, and identity infrastructure.
Cloud Workload Protection
Runtime threat protection for Amazon EC2 instances, EKS clusters, and AWS Fargate with autonomous blocking of malware, ransomware, and fileless attacks.
Extended Detection and Response
Correlated view of full attack stories across endpoints, identities, and cloud workloads using patented Storyline technology to automatically correlate and contextually group related events.
Identity Threat Detection and Response
Continuous monitoring and protection against credential theft, privilege escalation, and lateral movement attacks across Active Directory and cloud identity providers including Entra ID, Okta, Ping, SecureAuth, and Duo.
Generative AI Security Analysis
Generative AI security analyst that automates threat hunting, provides incident summaries, and accelerates investigations through machine-speed analysis.
Multi-Source Threat Data Integration
Correlates security events from Trellix Security Platform and over 500 third-party tools including 13 AWS integrations to create unified threat visibility across the security stack.
AI-Driven Alert Triage and Prioritization
Applies artificial intelligence-driven analytics to perform 100% alert triage, prioritize threats, and provide GenAI-powered insights for threat investigation and remediation guidance.
No-Code Automation for Investigation and Response
Provides UI-driven, point-and-click automation capabilities to offload repetitive security operations tasks and accelerate investigation and response workflows.
Pre-Built Analytics and Correlation Rules
Ingests data from multiple sources and correlates events using pre-built analytics and rules to reconstruct complete attack narratives and reduce manual investigation pivots.
Multi-Deployment Architecture Support
Supports cloud, hybrid, and air-gapped deployment models with an open integration ecosystem for flexible security infrastructure configurations.
Multi-Domain Attack Detection
AI-powered detections that expose attacker activity across network, identity, and cloud environments including data centers, campuses, remote work, IoT/OT, AWS, Microsoft Active Directory, Microsoft Entra ID, Microsoft Azure, and Microsoft 365.
Automated Alert Triage and Correlation
AI agents that automatically triage, stitch, and prioritize attacks in real time, removing up to 99% of alert noise and reducing manual task time by up to 50%.
Unified Investigation and Response Interface
Centralized response user experience that enables discovery, hunting, detection, investigation, and automated response capabilities with aggregated and contextualized views of attack progression across network, identity, and cloud.
Network Detection and Response
Dedicated network detection and response (NDR) module for monitoring and detecting malicious activity across network infrastructure.
Multi-Cloud and Identity Platform Coverage
Modular architecture supporting AWS, Microsoft Azure, Microsoft 365, Microsoft Active Directory, and Microsoft Entra ID with configurable metadata retention periods ranging from 14 to 90 days.
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
-
-
-
-
-
No security profile
No security profile
Standard contract
No
No
No
Customer reviews
Kathiravan S
Advanced endpoint protection has prevented ransomware spread and supports precise threat triage
Reviewed on Jun 09, 2026
Review from a verified AWS customer
What is our primary use case?
I use SentinelOne Singularity Endpoint for threat analysis and threat detections on endpoint devices. Since Barracuda has the XDR product, that provides additional support for SentinelOne Singularity Endpoint . The product is primarily used for endpoint protection to identify threats, malicious payloads, unauthorized access, or accessing malicious websites. This is used for all endpoint level detections.
While troubleshooting with one of the customers in the previous organization, they experienced a ransomware execution attack. The ransomware was changing file names and file properties while encrypting files. The customer called us to triage those particular incidents. I checked the endpoint to see which file was flagged. SentinelOne Singularity Endpoint had clear indications of a file with a hash that appeared to be malicious. It triggered an alert and blocked that particular file. I was able to identify which user clicked on this particular file, preventing the ransomware behavior. I contained that particular user using SentinelOne Singularity Endpoint and captured information about the ransomware attack. Additionally, SentinelOne Singularity Endpoint provides USB detection; if an endpoint device has a USB plugged in that contains something malicious, I can block it. It provides a very clean UI that allows me to control the entire endpoint with the options provided by SentinelOne Singularity Endpoint. I have many options along with user roles and can specifically give permissions to specific users. It has proven to be a very helpful platform for endpoint devices.
I primarily use SentinelOne Singularity Endpoint for detection and threat analysis, containing that particular endpoint from the attacking surface. I also utilize it for whitelisting and blocklisting IPs, malicious hash values, or specific URLs. That is something I usually do while handling whitelist and blocklist tasks. It is a pretty easy task because SentinelOne Singularity Endpoint provides an option to upload text files with those parameters and indicators. The main use case is for threat analysis and triaging the incidents caused by a particular endpoint in an attacking way.
SentinelOne Singularity Endpoint relates to ransomware attack cases and other incidents involving malicious file executions. In all those cases, it achieves specific outcomes, saves time, and prevents users from being exposed. It achieves these goals, although I do not remember a specific use case.
What is most valuable?
The best features SentinelOne Singularity Endpoint offers are clear fingerprints, malicious fingerprints, and the patterns they use to detect malicious files or activities. That fingerprint database is very unique and captures most threats. The fingerprint database is a particular feature I really appreciate, which captures almost every single malicious activity.
The fingerprint database definitely helps me day-to-day, making my job easier and saving time. Most of the threats and malicious activities are flagged with those fingerprints. It makes me trust the software because when SentinelOne Singularity Endpoint flags something as malicious, it is most probably accurate. If it is not malicious, I can easily whitelist it. It helps in both ways, making my job easier as well as saving time on predefined threats. I do not need to check every time whether something is malicious; SentinelOne Singularity Endpoint has that feature, flagging it as malicious with proper notes and giving me trust that it has something to do with that.
SentinelOne Singularity Endpoint positively impacts my organization based on the user experience I provide. Users mostly give good feedback about SentinelOne, which is a primary reason I support SentinelOne to assist customers. Most customers provide positive feedback since I support them on SentinelOne Singularity Endpoint regarding how endpoint detection works. I really appreciate using SentinelOne Singularity Endpoint to provide good support to customers using it.
I find SentinelOne Singularity Endpoint to be a really good platform for ingesting and correlating across our security solutions. The correlation use case captures where the requests are coming from, who is making them, and who clicked them. All event logs, including Windows event logs, are captured from multiple devices, and it correlates event times from multiple systems to identify whether the execution affects the entire organization or just specific computers. I really appreciate that capability because when a ransomware attack happens, it executes almost simultaneously across 10 or 20 devices. This allows me to determine how many devices executed that particular file based on event time, enabling me to correlate and isolate all those devices.
SentinelOne Singularity Endpoint has helped consolidate our security solutions. The same example I just provided helps prevent ransomware attacks and allows me to take appropriate actions immediately.
What needs improvement?
Although it has been almost six and a half months, I do not have many features in mind that I find necessary. However, I really appreciate how I can specify scanning folders or areas in the system. Since it is endpoint detection, I can specify which areas to always check for scanning. It has exclusions as well; for example, if I want to scan everything in a system but exclude particular folders or extensions, I can specify that in SentinelOne Singularity Endpoint. That provides me with more granular control over what needs to be scanned and what does not, helping me avoid many false positives and making the systems more reliable in alert conditions. The results become more accurate.
I do not feel anything needs to be flagged for improvement, but everything requires some enhancements. While using SentinelOne Singularity Endpoint, I do not feel anything needs to be added as a feature or improved. Most of its functions work well.
I cannot think of anything at this moment regarding needed improvements.
For how long have I used the solution?
I was using SentinelOne Singularity Endpoint for two and a half years until I worked at Barracuda Networks six months ago.
What other advice do I have?
I primarily use the AI capabilities in SentinelOne Singularity Endpoint for endpoint detections, threat analysis, and threat hunting.
I have not extensively used the AI capabilities, so I do not have much experience to share or feedback regarding its accuracy and reliability.
My review rating for this product is 8.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Hussain Nogama
Endpoint protection has blocked unknown threats and has improved incident response speed
Reviewed on Jun 04, 2026
Review provided by PeerSpot
What is our primary use case?
SentinelOne Singularity Endpoint is used in my company as we are a client of Sentinel . The primary use cases are for endpoint security, policies, and other features.
What is most valuable?
The most valuable features I find in SentinelOne Singularity Endpoint are the EDR, lateral movement feature, and machine learning feature, which I find impressive.
I am using the Ranger functionality in Singularity .
SentinelOne Singularity Endpoint does provide network and asset visibility, but in Singularity , you do not have the complete feature. If you want more EDR and want to know from where the attack happened and what it does, you have to purchase the EDR. When I purchased Sentinel , it had three products: SentinelOne Core, Control, and Complete. We are using Core. If you want full visibility on an EDR, there is one more add-on that you have to purchase. As a product, I think most of the features remain the same. It does not allow the machine to work if it finds any unknown activity; it immediately blocks the machine from the network and isolates it completely. Regardless of the location or where you are, if your machine is connected to the internet, you will get an alert that this machine has been isolated. It does not allow you to work at all.
What needs improvement?
There are certain things that need to be improved, such as the roll-up things because not every upgrade or update is useful. They have to do more work on the configuration side, which I believe they are already working on.
I would appreciate improvements in the patches. If I have Windows patches or application patches, it would be excellent if they could cover that on the same portal so I could go straight in and do it. It shows the vulnerability but does not provide the package to resolve that vulnerability. For example, if my Windows is outdated and Sentinel finds that there is an update that is not installed, there should be an option to install the Windows update from the portal itself.
The additional features I would appreciate in the future are already present in the Complete feature of SentinelOne Singularity Endpoint. Since I am using Core, whatever features are lacking in Core are already in Complete, so if customers want those features, they can upgrade their product.
For how long have I used the solution?
I have been working with SentinelOne Singularity Endpoint for more than four years.
How are customer service and support?
The response is excellent from them; the moment I submit a ticket, I can expect their response within 15 minutes, less than 15 minutes.
For technical support, I would rate them 9.5.
What other advice do I have?
For security solutions, we are also using different types of products, but I have never done the correlation across our different solutions.
Regarding Purple AI , we have recently done that with ManageEngine.
We have not integrated SentinelOne Singularity Endpoint with third-party solutions.
My overall review rating for SentinelOne Singularity Endpoint is 9.5.
reviewer2846475
Automated protection has minimized threats and reduced detection and response times dramatically
Reviewed on Jun 01, 2026
Review provided by PeerSpot
What is our primary use case?
My main use case for SentinelOne Singularity Endpoint is endpoint detection and monitoring as well as monitoring devices. An example of how I use SentinelOne Singularity Endpoint for endpoint detection is monitoring the device to see if there is any suspicious activity.
SentinelOne Singularity Endpoint has a very quick detection capability, so we managed to detect a virus and quarantine it during a recent situation.
What is most valuable?
The best features SentinelOne Singularity Endpoint offers are the fact that it quarantines any malicious activity very quickly and it detects by hashes. When threats such as ransomware or malware are detected, it alerts me quickly and quarantines the file.
SentinelOne Singularity Endpoint's scalability is very easy to scale because it just takes adding devices since the main server is already set up. SentinelOne Singularity Endpoint is deployed in my organization on-premises via agents that are installed on each device. SentinelOne Singularity Endpoint has impacted my organization positively as we have been able to minimize threats, and it is automated.
What needs improvement?
It is very difficult to say how SentinelOne Singularity Endpoint can be improved as it is such a great product. It would be nice if they improved the user interface. I wish it was easier to navigate the dashboard and that it was more user-friendly.
For how long have I used the solution?
I have been using SentinelOne Singularity Endpoint for three years in total.
What do I think about the stability of the solution?
SentinelOne Singularity Endpoint is stable.
What do I think about the scalability of the solution?
SentinelOne Singularity Endpoint's scalability is very easy to scale because it just takes adding devices since the main server is already set up.
How are customer service and support?
The customer support is great and very easy.
I would rate the customer support on a scale of 1 to 10 as a 10, and I would give customer support a 9 from 1 to 10.
Which solution did I use previously and why did I switch?
I previously used Microsoft Defender. I switched because SentinelOne Singularity Endpoint has a lot more AI capabilities and is much easier to use and has a better detection procedure.
How was the initial setup?
My experience with pricing, setup cost, and licensing was very easy and simple.
What about the implementation team?
Singularity Complete has helped me consolidate my security solutions, as I was able to get rid of a lot of unnecessary software.
What was our ROI?
I have seen no return on investment as I do not deal with finances.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing was very easy and simple.
Which other solutions did I evaluate?
I evaluated other options such as Microsoft Defender as well as Kaspersky before choosing SentinelOne Singularity Endpoint.
What other advice do I have?
SentinelOne Singularity Endpoint has helped reduce my organization's mean time to detect, or MTTD, by 56 percent. SentinelOne Singularity Endpoint has helped reduce my organization's mean time to respond, or MTTR, by 50 percent.
My advice to others looking into using SentinelOne Singularity Endpoint is that they should evaluate the product and run a proof of concept to see if it is well-suited for the organization.
Regarding SentinelOne Singularity Endpoint's AI capabilities, I believe it has a lot of governance and security features that are built-in, which I am very impressed with. It is very accurate in terms of its detection regarding SentinelOne Singularity Endpoint's AI capabilities in terms of accuracy and reliability of its output.
I am very impressed with SentinelOne Singularity Endpoint's ability to ingest and correlate across my security solutions because the solution is able to do its own thing with very little interaction with anything else.
Singularity Complete has helped reduce alerts by 56 percent as it was able to mitigate false positives. Singularity Complete has saved my staff a couple of hours every day as less human intervention is required and they are able to release the devices. I would rate this solution overall a 10.
Alvaro Ramos
Advanced endpoint protection has optimized incident response and reduced analyst workload
Reviewed on May 29, 2026
Review provided by PeerSpot
What is our primary use case?
My main use case for SentinelOne Singularity Endpoint includes ransomware attacks, server management, disk scans, anti-attacks, and reviewing threats or events generated by some attack.
What is most valuable?
I consider the best features that SentinelOne Singularity Endpoint offers to include its robust protection and the very detailed breakdown of all the events generated on devices, as well as how fast and effective its method of action is—whether that's blocking, deleting, or rolling back to a previous version from before the threat appeared. That makes it very flexible and very robust for protecting sensitive machines such as servers, databases, and AD, among others.
Singularity Complete has helped me free up time for my staff, allowing them to focus on other projects or tasks; it has saved a lot of time, because normally, when you do checks in a standard console for another solution, SentinelOne Singularity Endpoint reduces review time by about 50–60% of the tasks, since it's such a robust tool and at the same time has such an easy-to-understand interface. That makes it much easier to understand, reviews are much faster, and with fewer alerts, there are fewer alert reviews on devices.
What needs improvement?
I think SentinelOne Singularity Endpoint could be improved; I have seen that SentinelOne Singularity Endpoint has an artificial intelligence feature, but so far I haven't been able to apply it. I don't know if it's enabled for all consoles. At the moment, in my company, I manage around five consoles and so far I haven't seen an AI, or I haven't seen details on how to use the AI to improve event analysis. Even though SentinelOne Singularity Endpoint outputs all the events in a very detailed way, it's understandable that it's a huge amount of data, and you can't easily detect a pattern with the human eye, maybe across one or several machines. A specific guide on how to use that AI in these cases would be beneficial.
Regarding necessary improvements for support, there have been cases where support doesn't fully understand what I'm saying or sometimes what I request ends up being very redundant, because even though I manage many clients, when a case is opened for the same issue, they ask me for the same information even though it's already been handled before. This generates frustration both for me and my staff and for the end client, because what we're looking for is a quick response. Additionally, sometimes the response time is quite long for certain incidents—response time can be two to four hours, based on my experience. Response times or attention could certainly be improved, at least for cases that are already known.
I give it a nine because even though the tool is very robust, it still lacks an AI component, as I mentioned earlier. We're in the AI boom right now, and it's really necessary for companies given the amount of information they handle. Since SentinelOne Singularity Endpoint gives you a very detailed breakdown, it would be good to have AI as an additional tool for response and information extraction. Also, what's missing to reach 10 is support and response time, because while sometimes they respond, other times they take too long or don't fully understand what you're trying to say, and that makes things difficult. Since I'm primarily a Spanish-speaker and not so fluent in English, there are also some communication issues. The tool itself, as an antivirus solution, seems very good to me.
I've also seen that SentinelOne Singularity Endpoint only keeps an account active for 90 days of inactivity and then removes it. If no one logs into the organization, then nobody has access and you have to open a case with the vendor. Sometimes that's really annoying. Ideally, there should be an account without an expiration date so you don't lose all console management. I've had two clients where this happened. The 90 days don't always fully pass, but after 40 or 50 days, nobody can log in and you have to open a case with the vendor. Sometimes they have to run checks, so an improvement would be to add a primary account or maybe two primary accounts if a third party is the one that contracts SentinelOne Singularity Endpoint, so that you don't lose overall management and have to open a case with the vendor. That often takes a long time and depends on who purchased it, under whose name it's registered, and that creates frustration on both sides.
How are customer service and support?
My impression of SentinelOne Singularity Endpoint's ability to ingest and correlate information across my different security solutions is very good, because we associate it with a SIEM , but even then the SIEM gives us almost the same information. We use SentinelOne Singularity Endpoint itself to correlate information and we do see a big difference compared to other endpoint security solutions. Its capability as an antivirus and incident response tool is very extensive. I think, of all the solutions I've seen, SentinelOne Singularity Endpoint would be first, then Cortex , then Kaspersky, and so on.
Which solution did I use previously and why did I switch?
I have used other solutions before SentinelOne Singularity Endpoint; we've actually used a lot of technologies. In this case, we haven't strictly replaced an antivirus. For workstation machines, more general technologies are used, like Cortex , Kaspersky, and Trend Micro. However, for sensitive machines with very sensitive information or that are highly exposed to attacks, we've used SentinelOne Singularity Endpoint. Because we know it's a more robust technology, it allows us to have better analysis and better security on those more sensitive devices. Since the number of such devices isn't very large, we focus on providing better security there.
What was our ROI?
I have seen a return on investment from implementing SentinelOne Singularity Endpoint; we've seen time optimization and fewer staff needed. Since our company provides services, analysts can dedicate themselves to other requests, because with clients that have SentinelOne Singularity Endpoint, we almost never have to deal with incidents, as SentinelOne Singularity Endpoint itself blocks them. Most of the time what they contact us for is account enablement.
What's my experience with pricing, setup cost, and licensing?
My experience with licensing costs, pricing, and configuration of SentinelOne Singularity Endpoint is that I haven't really seen the licensing prices. I have seen the configuration side, and it's very quick to implement. At least in the implementations I've been involved in, I haven't had many problems—almost never. I don't know about pricing, because I'm in support and analysis, not in sales or pre-sales.
Which other solutions did I evaluate?
Before choosing SentinelOne Singularity Endpoint, I did evaluate other options; the other options we consider are: if the machines are sensitive, like servers or databases, SentinelOne Singularity Endpoint is the primary choice. If not, we go to Cortex; if not, to Kaspersky, Trend Micro, and so on. The main ones are SentinelOne Singularity Endpoint and Cortex.
What other advice do I have?
There was another case when there was a ransomware attack on a machine that didn't have any security solution, no antivirus installed, and a ransomware attack was detected. I installed SentinelOne Singularity Endpoint on it, and when I completed the installation and the disk auto-scan ran, it detected a threat that was active there. I isolated the server in that case and let SentinelOne Singularity Endpoint keep running to see if there were any other threats. Because there was already a vulnerability and I installed SentinelOne Singularity Endpoint afterward, I couldn't do much more, so based on what SentinelOne Singularity Endpoint showed me about that threat, I also carried out checks on the other servers. Fortunately, thanks to that detection SentinelOne Singularity Endpoint made, I was able to find several servers that had no security components installed, which was due to an oversight by that company's security staff. I installed SentinelOne Singularity Endpoint on the other servers, ran a full disk scan, and from there reviewed the detailed events for everything that's generated, because SentinelOne Singularity Endpoint shows you every event that's detected. Based on that, I was able to detect some anomalous patterns or port connections to devices and queries. Based on that, I implemented best practices on both the firewall and the endpoint.
The advice I would give to other professionals who are considering implementing SentinelOne Singularity Endpoint is first to review the company's budget for endpoint implementation across the whole organization. If there are many devices and they can afford SentinelOne Singularity Endpoint, they should go for it. If not, they should opt for a lower-tier, more economical technology, and focus on using SentinelOne Singularity Endpoint specifically on the most vulnerable or sensitive devices—in this case, servers and databases. While SentinelOne Singularity Endpoint is somewhat expensive, as far as I know, it's very good in terms of protection. If they can't afford SentinelOne Singularity Endpoint for the entire company, they should deploy a cheaper technology for workstations and focus on acquiring at least SentinelOne Singularity Endpoint for, say, 100–120 licenses for servers and sensitive devices. That will help a lot in mitigating many threats and service availability issues that are critical for the company. It's better to spend a bit more money protecting your sensitive machines than protecting them with something cheaper and having potential problems, outages, or impacts. I give the tool a rating of 9 out of 10.
Sankha Rajaguru
Endpoint security has improved and centralized control now simplifies device and alert management
Reviewed on May 29, 2026
Review provided by PeerSpot
What is our primary use case?
I am using SentinelOne Singularity Endpoint basically for endpoint protection, and some customers have requirements for USB control and network control as well.
What is most valuable?
When it comes to the favorite features of the customers, they appreciate the additional management opportunities that SentinelOne Singularity Endpoint provides. For example, remote shell execution, rebooting, restarting, and pushing messages to the endpoint are the most favorite features that customers are requesting.
It has saved considerable time. For example, I can take device control and control all device control features and device control permissions through SentinelOne Singularity Endpoint. Otherwise, I would have to depend on a different solution to achieve that. Using SentinelOne Singularity Endpoint, I can achieve that as well.
What needs improvement?
When it comes to SentinelOne Singularity Endpoint, most of the complaints I am getting are related to the connectivity between the endpoint and the cloud console. It disconnects from time to time without proper reasons. Also, when I compare it to other next-generation antivirus or next-generation endpoints such as CrowdStrike, SentinelOne Singularity Endpoint has many dependencies on Windows. That is the most disliked aspect coming from the customers I work with.
Other than Windows, when it comes to Linux and Kubernetes , SentinelOne Singularity Endpoint is great. However, when it comes to Windows, there are a lot of dependencies.
There are some issues with collecting crash reports and crash logs on the endpoint. They are not visible over the console. Sometimes, the PC's hard disk and its available space is consumed by the SentinelOne Singularity Endpoint agent. I have to attend manually and clear the crash data. I can do it on the SentinelOne Singularity Endpoint management console as well, but I have to go with a restart. For critical servers, it is a huge headache for the end users.
For how long have I used the solution?
I have been working with SentinelOne Singularity Endpoint for about two and a half years.
What do I think about the scalability of the solution?
SentinelOne Singularity Endpoint scales well and is scalable.
How are customer service and support?
SentinelOne Singularity Endpoint provides pretty good support to their end customers.
There are some improvements needed. When it comes to some troubleshooting, such as technical troubleshooting, I have to do some follow-ups in order to get relevant feedback from them.
Which solution did I use previously and why did I switch?
Most of the customers in Sri Lanka are currently migrating from SentinelOne Singularity Endpoint to CrowdStrike. CrowdStrike is the main alternative product in the market at the moment for SentinelOne Singularity Endpoint.
I prefer CrowdStrike because it is easier to manage. When it comes to SentinelOne Singularity Endpoint, after the agent is pushed to the endpoint and the installation is done, I have to do a reboot to establish the connection and turn on the engines. With CrowdStrike, I do not need to do any restart upon installing the agent on the new device.
How was the initial setup?
SentinelOne Singularity Endpoint is easy to set up. It does not have any deployment mechanism, so I either have to install it one by one on the PC manually or I can use third-party tools to do the deployment. For example, I can do remote deployment through Active Directory. When it comes to deployment, it is not that difficult. It follows the same procedure as other vendors.
What's my experience with pricing, setup cost, and licensing?
Since I work in post-sales, prices are not revealed to me, but to my knowledge, SentinelOne Singularity Endpoint is a bit cheaper than other products in the market. For example, when I compare CrowdStrike with SentinelOne Singularity Endpoint, SentinelOne Singularity Endpoint is a bit cheaper. Since I work in post-sales, I do not get exact price information. Based on my understanding, that is the basic pricing.
Which other solutions did I evaluate?
Ranger functionality is used to detect the agents.
Asset discovery is an important feature. As far as my understanding goes, once I enable the Ranger function in the console, I can initiate a network scan through the available agent. By doing that, I can identify what IoT devices and other devices are available in my network infrastructure. I can get better visibility over the network, which devices have the SentinelOne Singularity Endpoint agent, which devices do not have the SentinelOne Singularity Endpoint agent, and so on.
What other advice do I have?
SentinelOne Singularity Endpoint helps to reduce alerts because there are customizable options when it comes to the alerts. For example, if I get false-positive alerts over time, I can do exclusions for that particular alert. Similarly, I can reduce many alerts using SentinelOne Singularity Endpoint and the Singularity platform. I gave this review a rating of 8.