SentinelOne Singularity Platform

I have used SentinelOne Singularity Complete  in a SOC environment where most customers were utilizing it. 

The solution has been helpful especially for the infrastructure security team. They can focus their energy on other business projects and priorities while having peace of mind knowing that even without real-time operation, SentinelOne Singularity Complete can detect vulnerabilities and contain threats until they intervene. This allows them to work on other projects, develop security policies, and strengthen their defense. The team can address other security loopholes while SentinelOne Singularity Complete manages their infrastructure.

One of the features I particularly appreciate is the hunting capability, specifically being able to use deep visibility for threat hunting. 

It's quite elaborate. It allows you to create and manage queries easily. Even if you're not very proficient in the language being used, it suggests the correct syntax when you type in plain text. If there's an error, it points out where you're wrong, enabling you to adjust the syntax. This feature is particularly beneficial for threat hunting using the deep visibility feature of SentinelOne Singularity Complete .

Additionally, the platform allows for compartmentalization, which is great because we use it for about 13 customers. It enables us to manage different environments from a single console and download relevant data for each customer.

What stands out is that this solution is not just about detection; it's also about response and containment. When it addresses an incident, it explains what occurred and suggests actions to take before further investigation.

Another excellent feature is its ability to filter events from the same company, helping to reduce noise. For instance, if a single user performs various actions that would typically trigger hundreds of alerts, this system consolidates those activities under that one user. This approach allows for tracking related events together rather than generating multiple alerts. As a result, you can analyze an incident from a holistic perspective rather than just viewing individual alerts in isolation. Overall, these capabilities enhance the effectiveness of threat management and incident response. That's my take on it!

It's capable of integrating with SIEM  and other solutions. It offers enhanced interoperability. 

The main area for improvement relates to Linux compatibility. When deploying on a Linux system, the process isn't as seamless compared to other operating systems. They could enhance this by providing an easier way to implement or deploy on Linux OS systems.

I have used SentinelOne Singularity Complete for four years.

There have been no stability issues at the moment.

It's scalable.

Their support is very good. When we encounter an issue, we quickly raise support tickets, and the response time is very good.

Positive

It's not complex. It's straightforward, and the support is very good. 

SentinelOne Singularity Complete has shown a return on investment with its ability to detect threats at approximately 99% efficiency.

It's affordable. The pricing is competitive. 

SentinelOne Singularity Complete has proven beneficial in a specific case. In one instance, a customer had Microsoft licenses that were very expensive at the enterprise level. By implementing SentinelOne Singularity Complete, they were able to reduce their license plans and focus on this solution because it offered more robust features than their previous solution.

I would rate SentinelOne Singularity Complete a ten out of ten. It's a good solution.

I have extensive experience with SentinelOne products and am particularly impressed with SentinelOne Singularity Complete. The solution integrates effectively with third parties.

I find it extremely reliable. For instance, I report monthly for compliance and other security metrics across our multi-cloud platforms. Primarily, we rely on Microsoft, especially with Entra ID and MFA. While Microsoft provides decent reporting tools, they can make it difficult to get high-level summaries. In contrast, Singularity allows me to pull insights across various platforms, not just Microsoft and Azure. Whether I’m using it within AWS, with single sign-on, or with one of our partners, I can see all the relevant data.

It has improved significantly with its upgrades, especially in threat hunting and analysis. Now, when it identifies a threat, it efficiently kills the process and attempts to quarantine the affected items. If it cannot, the system continues its automated threat hunting. This feature is fantastic because it remediates issues while maintaining a clear audit trail, which is great for compliance. However, a drawback is that although it handles threats effectively, I sometimes cannot access the necessary data quickly enough to address recurring problems and prevent them from escalating. The good news is that the platform is robust and supports our security needs. While it's not perfect, it certainly has its strengths.

The analytics and reporting can be a bit overwhelming. I love the dashboards, but I find that I need to better understand PowerQuery—specifically when to turn it on and off and its limitations. It's similar to SharePoint in that regard. As a former SharePoint instructor, I know it like the back of my hand. The best thing about SharePoint is that it can do whatever you want; the worst part is also that it can do whatever you want. You really need to know what you want before diving in. Most people usually have a good idea of what they need. SharePoint offers a lot out of the box, but you can customize it further if you wish. However, customization often requires hiring someone, which can be risky since you never know if it will work as intended. On the other hand, PowerQuery can help bridge some of those gaps within Singularity. The challenge arises when you want to incorporate what you've done into dashboards and charts, as there are limitations. For instance, I want more clickable drill-down options that allow me to filter on specific sections of the data, but that's currently not possible. It’s not to say that improvements won’t come in the future; it's just that it feels a bit early at this stage.

Additionally, I find some navigation features frustrating, like the back button in certain contexts. For example, if you open PowerQuery from a chart, it doesn't open in a new window or tab. Clicking the back button takes you all the way back to the previous state, causing you to lose whatever progress you made. However, I'm actively providing this feedback to my partner, Pro Circular, through whom we access SentinelOne. They take our input seriously, and I've been sharing my observations. They have their own views but are addressing the issues I raise. It's good to see that suggestions occasionally lead to updates and improvements.

I have been using SentinelOne for approximately three and a half to four years, with particularly intensive use in the last two and a half years.

Though I wasn't present for the implementation, the success of SentinelOne Singularity Complete migration heavily depends on having a quality partner. Prior to the purchase and recent changes, experiences with SentinelOne's support and product were not positive.

I obviously want it to be more affordable, and I believe we should be able to achieve that. However, my main concern is partner pricing; that's where they really need to focus. While we can manage it ourselves, if we're going back to the traditional service management model with trusted service providers, I depend heavily on ProCircular as our SOC partner. They offer a few different solutions, but SentinelOne Singularity appears to be the preferred choice.

Similarly, SHI can provide various options as well, but according to my account representative, SentinelOne is gaining momentum and improving significantly. However, it’s important to note that we're only talking about a timeframe of around six months. I'm happy to share this feedback because insights like these can impact future purchasing decisions for other tech leaders like myself who have decision-making authority.

As for pricing, it’s essential to address that. Reputation and quality are important, but especially in today’s economy, price is a significant factor. Unfortunately, many organizations are prioritizing price right now. My hope is that SentinelOne and Singularity can recognize the importance of partner pricing and economies of scale.

Right now, I'm focusing on the basics of cloud integration. I have established a standard that I need to recreate, particularly with SentinelOne. It serves two main purposes: it is our primary antivirus solution for both Windows and Linux. There are various ways to forward logs from other systems where SentinelOne cannot be installed, such as firewalls and databases. However, they all provide similar functionality. There are two types of integrations available: you can use a plug-in, or you can utilize the standard Singularity integration. For AWS specifically, I've standardized the ingestion of AWS CloudTrail data across all platforms. Azure has a similar capability, so now I can view all my cloud reports in one place instead of having to switch between different dashboards, like SentinelOne's or AWS's Security Hub and GuardDuty. I can consolidate everything into one platform, which is very convenient. The integrations are robust, and from a plug-in perspective, I realize that I might not even need to use them. Some older systems, such as Cisco, can forward logs to a log management system, and SentinelOne Singularity Complete handles those logs seamlessly, which is fantastic. There's still a lot more I want to accomplish, but I'm pleased with the progress so far.

It has evolved significantly. Prior to SentinelOne Singularity's acquisition of DataSet, there were numerous issues and negative feedback. Previously, common complaints involved having to implement exclusions due to lack of thorough investigation. However, these complaints have ceased since the changes were implemented.

They offer a lot of options, especially when it comes to integration. With the recent upgrades they've made to their platform, it truly appears cohesive, almost like a single pane of glass. There is a lot of consistency, which makes navigation easier. However, the challenge lies in the distinction between EDR and XDR. SentinelOne is still part of the product, but it’s important to recognize that SentinelOne and Singularity operate separately. This situation is both a positive and a negative. The positive aspect is the uniformity of the interface, which you would expect to make it more intuitive and user-friendly. I know they’re working toward that, but the systems are fundamentally different. Your EDR, XDR, and other tools need to be considered separately; one involves installation and monitoring logs, while the other focuses on ingestion. They do an impressive job of bringing together commonalities among EDR, XDR, and the managed extended detection response, but if you choose one path over the other, you need to understand that the approach may vary. It’s a bit of a blessing and a curse at the same time.

I would rate it an eight out of ten. For ten, it has got to be rock solid all over the place.

I typically deploy it into typical business environments such as law offices, doctors' offices, and marketing companies. I have clients of all walks of life, including accountants, attorneys, doctors, and veterinarians. I work in a very simple environment and am not dealing with high security, such as CIA-level security. For example, I use it in a doctor's office where it does a good job staying HIPAA compliant.

The best aspects of SentinelOne Singularity Complete  for these clients are its ability to detect malicious activity. While there are sometimes false positives, they are minimal, making it quite effective. It recently stopped a ransomware attack at one of my clients, proving its reliability. The clients do not see immediate efficiency gains or significant time savings.

I haven't done any integrations, as I'm just in the beginning stage of ramping up the product implementation and mastering the product. I don't qualify myself as a master in the use of SentinelOne Singularity Complete , so I cannot offer great insight on this.

I have dealt with SentinelOne Singularity Complete for less than a year.

The stability of SentinelOne Singularity Complete is demonstrated through its ability to detect malicious activity. While there are sometimes false positives, they are minimal. It recently stopped a ransomware attack at one of my clients, proving its reliability.

My clients are mostly small, and my largest client has about thirty computers. I do the deployment myself, and it's not a huge effort. It's not comparable to dealing with a company that has three thousand computers.

In the past, I used another product that malfunctioned and caused high processor activity which required stopping and reinstalling it. However, this hasn't happened with SentinelOne Singularity Complete. I used to have many false positives with other products that would block good programs, but I haven't experienced that with SentinelOne Singularity Complete, making it more quiet and efficient.

The initial setup was very simple; deployment is straightforward. Fine-tuning it is a bit more involved, but overall, it's a very simple product to get started with.

I was a part of the setup and deployment process.

The return on investment for my clients isn't visible until there is an incident or an attack that gets stopped. Then they realize the value of prevention. The challenge with security products is that ROI isn't apparent until an incident demonstrates the potential for loss. Clients often think they are immune, especially small ones, believing they're too small to be attacked. They don't realize that the cost of an attack could be a hundred thousand dollars, while they perceive the likelihood as very low.

The pricing for SentinelOne Singularity Complete is good. There are other products that are less expensive, but I tell my clients that in security, they cannot cut corners or look for the cheapest solution. If they want security, looking for the cheapest solution means they have the wrong approach, because good products are not cheap.

I don't have hands-on experience with CrowdStrike, Cisco, or Palo Alto products, but I know the companies. I do not have experience with AI features or AI analytics yet. I don't think there is real-time threat intelligence within SentinelOne Singularity Complete, and if there is, I'm not using it. I'm just getting to learn the product, so I cannot offer any deep insightful opinion. On a scale of one to ten, I would rate it a nine or a ten, as I'm very happy with it currently.