SentinelOne Singularity Cloud Security - AI Powered CNAPP

The purpose of using SentinelOne Singularity Cloud Security  is for endpoint security. We have deployed its agents on our client side to catch and quarantine any malicious script or malicious file identified, then we identify and quarantine it at the point of attack to safeguard our clients.

Although we can identify IOCs from SentinelOne Singularity Cloud Security , we provide quite a good vulnerability assessment report to our clients.

We are working with SentinelOne Singularity Cloud Security and we are providing MDR services to our clients.

The best features in SentinelOne Singularity Cloud Security are that it is user friendly and its user interface is very easy to understand. The biggest benefit that customers often mention is that its automation and threat detection are very impressive compared to other XDR  solutions. Its auto-remediation rule feature and setup provide a very fast response, and the rollback capability outperforms many different solutions.

SentinelOne Singularity Cloud Security detects threats in real-time scenarios. At the point it detects any threat or malicious script running in the background, it notifies us so we can take action accordingly. If it is malicious, then we report it to the client. If it is a false positive, then we take action accordingly and fine-tune it by making appropriate changes in the rule.

It does help save time because as it is detecting in real time, it is very reliable. The average detection and response time is 15 minutes. We can take very quick action if any alert has been generated. Our average SLA is 15 minutes only. We respond very quickly; the moment SentinelOne Singularity Cloud Security detects any threat, we take action on it.

Creating a customized dashboard would have been better. There are default dashboards created on SentinelOne Singularity Cloud Security that we are using particularly, and it could have been better if we could customize them.

It sometimes produces a high number of false positive alerts. The resource consumption including CPU and disk usage gets very high at that point. It can work on reducing false positives as well.

Although integration is not my part, we can integrate it into any cloud platform or any other product. We feel it is very straightforward to integrate any other products with it.

I have been using the solution for the past almost two years, deploying it in multiple client tenants.

SentinelOne Singularity Cloud Security is a very stable solution. We have not experienced any downtime as of now. It is very reliable.

SentinelOne Singularity Cloud Security is very scalable. We can scale up and scale down as per our requirement. It depends upon what we need and what we have to deploy in our client. If our client is a bigger organization, then we scale up as per our requirement.

I would rate the support a 10 out of 10.

We have used other products for the same solution as SentinelOne Singularity Cloud Security, for SOAR  and different other products. Other products are especially difficult to understand first of all. SentinelOne Singularity Cloud Security is much more reliable and an easy-to-learn tool. We can rely on it for security purposes. It catches any incident that happens, and we have several examples in our infrastructure. Recently, some ransomware happened on our client's side, but SentinelOne Singularity Cloud Security identified the source from where the attack originated and reported it to the client.

However, the client's problem was that they did not take any real-time action on it; therefore, the attack happened. There are different examples where SentinelOne Singularity Cloud Security has been very useful and captured these events well, compared to other products we are using that could not capture them, but SentinelOne Singularity Cloud Security did.

We can rely on it when it comes to security purposes.

We are a team of six to eight people working with different roles and responsibilities.

The costing is not that expensive compared to other solutions. They are very aggressive regarding the pricing module compared to what Microsoft and other CrowdStrike are providing. This is quite a bit better than any client could ask for. We can scale up and scale down, and its cost depends upon the per device basis, or in simple terms, per agent we have deployed at the endpoints.

These are enterprise businesses.

Maintenance means we have to get connected with the OEM from time to time to patch any updates. If SentinelOne Singularity Cloud Security has any newer version, then we have to stay connected with the OEM.

We can use public cloud, private cloud, or hybrid cloud. We can deploy through AWS .

SentinelOne Singularity Cloud Security does streamline operations. We can deploy use cases as per our need. We can add any custom rule on our client's requirement. It depends on the requirement.

We scan our client's endpoints from time to time on the servers, desktops, or laptops. By doing so, the scanning sometimes generates quite a higher amount of false positive alerts. However, the scanning helps us identify if there are any vulnerabilities or exploits in the desktop, laptop, or server. There is a drawback in that it does generate a high number of false positives, but it is great from a security perspective because we get to scan every bit of file in the server, laptop, or desktop at any endpoint.

For AI workloads, we have been using Purple AI  in SentinelOne Singularity Cloud Security. Although I have had limited experience with it, it gives us different features including a co-pilot feature wherein we can use a pull-down menu to identify based on the IOCs present in our client's endpoint with retrieval time. The retrieval time is very fast compared to other features it has, and the co-pilot feature is certainly faster compared to other features. I have had hands-on experience with Purple AI  only.

I would give this solution an overall rating of 9 out of 10.

My customer saw benefits from using  SentinelOne Singularity  Cloud Security as we are able to actually fix the vulnerabilities. There are many infrastructure components that need to be properly patched. We have a hybrid platform with hyper-scaler components. My customer is into hyper-scaler environments, and there are many aspects that need to be properly patched. We have plenty of cloud native applications that have been hosted in both AWS  and Azure . Governing all of this requires many employees to govern it. When we implemented SentinelOne, the team was shortened from 25 people to only 15 or 16 people. This reduction occurred because of the consolidated platform and all the vulnerabilities showing up in the console have been automatically patched. The vulnerabilities automatically go to the SIEM  and are patched by the application team, and the vulnerabilities in the cloud are patched by the cloud department. This was much easier because the integration with the SIEM , which was LogRhythm  on premise, was much easier than Trend Micro. Trend Micro would have required syslog servers, but SentinelOne only had three or four steps and just connected to the log server. LogRhythm  was able to easily fetch the logs from it.

The role of SentinelOne's secret scanning feature is very important in tightening my company's cloud hygiene. In an infrastructure where there are hybrid cloud and different vendors of cloud such as AWS  and Azure , maintaining both clouds and having a resource pool with the skill set of AWS and Azure is very difficult. After implementing CSPM, I could have a vulnerability management system under one roof where I could take the misconfiguration of Azure and AWS at the same place and get it done by a limited amount of users. SentinelOne CSPM knows how AWS configuration and Azure configuration work, so I can know about it and fix it all in one place. SentinelOne has eased the process of finding vulnerabilities in each cloud platform. I have vulnerability visibility for every tenant that I have hosted in different cloud hosting platforms, and it has eased my work of fixing the vulnerabilities.

The impact and effectiveness SentinelOne had in managing cloud identities and enforcing least privilege is evident in an incident where SentinelOne helped us. There were some identities which did not have two-factor authentication. In fact, they were not even linked to our Active Directory. It turned out that the cloud infrastructure had some identities from the company which implemented that cloud. We were able to find accounts which were not supposed to exist in the cloud infrastructure because it mapped itself with the Active Directory and fetched all the users who actually need access to the AWS server. We found out that these two users were not in there, identified the anomaly, and deleted the identities from the cloud platforms.

My experience includes implementing  SentinelOne Singularity  Cloud Security, specifically the Cloud Singularity  as a marketplace for AWS and Azure. I only have to connect the connectors from the marketplace, and as soon as I get the license, I can deploy it from the marketplace and start using it. The deployment phase was actually easy when I connected with the connectors from AWS and Azure marketplace.

I compared Trend Micro and SentinelOne Singularity Cloud Security with two POCs for both of them. SentinelOne was at the higher price end, but my customer and the management opted for it because of the integrity and the better coverage. The ease of deployment mechanism in SentinelOne is not present in Trend Micro. In Trend Micro, for each cloud platform, such as AWS, I need to have another localhost web URL to access that particular dashboard. In SentinelOne, I can manage everything under one particular URL and there are different functions to it. I can easily navigate to any dashboard that I require, so the ease of using SentinelOne was easier than Trend Micro. The better coverage and easy deployment is the second part. Trend Micro had some manual intervention required and an extra server needed to be a jump server for all the traffic to be passed. SentinelOne had both on-premise and cloud options, which was another plus point for the customer.

In Cloud Singularity , there is a cloud native application, and in that, there is CSPM. We also used to have CWSPM. In CSPM, we only used to get the vulnerabilities in the cloud configuration, just the misconfiguration. In SentinelOne CWSPM, the attack map and the graph that it created inside the dashboard gave me a better idea for myself and the management to fix the most vulnerable issues. There might be some vulnerabilities with a higher risk rate, but some CVE IDs with lesser risk rate could have caused major damage to the company's infrastructure than the CVE with the higher risk end. The attack graph which CWSPM showed in SentinelOne was the best thing I have come across because it gave me a better visibility of the whole infrastructure and what vulnerabilities can be impactful and more critical to any customer.

SentinelOne's runtime protection is lightweight. I would say it is very lightweight and it does not even feel that I am running a SentinelOne agent in the systems. Compared to Checkpoint EDR, SentinelOne is a lot better because the Checkpoint agent takes a major chunk of the RAM of the desktop. SentinelOne barely takes around 25 MB of the RAM, so it is very easy and lightweight.

Regarding SentinelOne Singularity Cloud Security advanced SIEM capabilities, we had log servers. There were only EDR part and the CSPM, and it actually created the attack graph matrix and created it as a SIEM. We have actually used it. The logs are very much in real time and the false positive was less compared to the LogRhythm ones.

I elaborate on my rating of SentinelOne support by mentioning that there was some time where the troubleshooting took a longer time. In fact, there were many meetings going on. The availability of the document on the internet is on a lesser side because as an engineer, I would want to know about the troubleshooting aspects of this particular tool. When I am facing a customer, I do not prefer to bring the vendor to every call and try to resolve it, as it takes months and months. It would be better to have a training session with the engineer on site to explain and train properly. This is not the case with SentinelOne, so this is the only thing I have a complaint about.

I do not have any other room for improvement to suggest within SentinelOne itself. However, I would really want the AI assistant for the threat hunting part to be more accessible. They have it, but they are making it licensed, so it is a bit on the higher end.

Regarding stability and availability of SentinelOne Singularity Cloud Security, it has been on and stable every time I have opened it. There are no issues for me with respect to the availability of it, so it is going good.

SentinelOne Singularity Cloud Security scalability does grow well with the growing needs of my company and my client's company. We are trying to make every other component SentinelOne so that we can have a better attack map walkthrough and have clearer visibility for where the attack can be associated with. We are trying to replace whichever security solutions are necessary to create a consolidated attack map vector which we call the Singularity, the Cloud Singularity, so that everything comes under one and we can get a better overview of all the vulnerabilities and fix it accordingly.

Regarding the level of support I am getting from SentinelOne, I would rate it a seven out of ten.

Since switching to SentinelOne, I have been able to eliminate three tools or solutions. The first was Trend Micro EDR, which SentinelOne replaced. The second one was Tenable Synapse , which we replaced with CSPM from SentinelOne. The third one was the SIEM LogRhythm.

I compared Trend Micro and SentinelOne Singularity Cloud Security.

SentinelOne CSPM also eliminates misconfiguration on its own after one approval, which is a very good thing that I actually liked about SentinelOne CSPM.

The rating of nine is because of some false positives that I found recently. There was some misconfiguration from cloud servers which I thought was not necessary. That is the one point that I reduced for. They can improve, but they are better than other solutions, which is the reason it received a nine and not a ten.

If someone is considering and evaluating SentinelOne Singularity Cloud Security, I want to advise them to opt for SentinelOne because if you want integrity and faster driven insights on your whole infrastructure, you should really opt for SentinelOne because it has ease of access, easy deployment, and you would require only fewer engineers to deploy it because it is not a big Checkpoint level complex integrity that you have to do in SentinelOne. I gave this review an overall rating of nine out of ten.

I have been using  SentinelOne Singularity  Cloud Security for the last two years.

My main use case for  SentinelOne Singularity  Cloud Security is Cloud Security Posture Management, cloud data security, and unified visibility.

A specific example of how I use SentinelOne Singularity Cloud Security for cloud data security management is with cloud object storage such as Amazon S3 .

I continuously monitor and audit my environment for misconfigurations as part of my main use case for SentinelOne Singularity Cloud Security.

The best features SentinelOne Singularity Cloud Security offers in my experience are cloud Open-Sip Security Engine and a very tight expert path, as well as AI-powered runtime protection. This feature provides clear evidence of exploitability, allowing security teams to focus on fixing critical issues rather than chasing noise and false positives. It uses behavioral AI to detect ransomware, zero-day exploits, fileless attacks, and NDR attacks.

For visibility, SentinelOne Singularity Cloud Security has a Singularity  Data Lake, where telemetry from cloud workload endpoints identifies into a single repository for rapid querying and analysis. It also has Graph Explorer, which visually maps the relationships between cloud assets, endpoints, and identities to help analysts understand the blast radius and root cause of the incident. It correlates related events into a single storyline, providing full historical context for deeper forensic analysis.

SentinelOne Singularity Cloud Security positively impacts my organization by reducing alert fatigue and decreasing false positives. The platform allows security analysts to focus strictly on actionable, verified risk rather than manual triage. It also provides faster response times, helping my organization see a reduction in mean time to respond and mean time to detect. It includes autonomous resolutions and eliminates blind spots, providing unified visibility across multi-cloud environments, endpoints, and enterprise risk, reducing the likelihood of major security incidents.

In terms of improvement for SentinelOne Singularity Cloud Security, users and industry analysts identify several areas where the platform can be enhanced, including administrative setup experience and operational tuning and performance.

The user interface of SentinelOne Singularity Cloud Security is quite good. I do not have any additional improvements needed for SentinelOne Singularity Cloud Security that I have not already mentioned.

I have been working in my current field for two years.

SentinelOne Singularity Cloud Security is very stable.

SentinelOne Singularity Cloud Security's scalability is quite good, as it is very scalable.

I rate the customer support for SentinelOne Singularity Cloud Security a ten out of ten.

I observe an approximate 88% reduction in mean time to respond as a specific metric around the reduction in false positives and response times.

I chose a rating of ten out of ten for SentinelOne Singularity Cloud Security because of its autonomous threat detection and response, comprehensive visibility, operational efficiency, and lightweight performance. It also demonstrates proven industry leadership.

SentinelOne Singularity Cloud Security's unified platform experience has helped streamline my security operations, functioning as a single pane of glass. My users appreciate having one source of truth for endpoints and cloud workloads, such as virtual machines and containers across AWS  and other clouds. It has verified exploit paths, not just listing vulnerabilities but identifying which ones are actually reachable and exploitable by an attacker, helping my team focus only on high-priority risks.

I use Purple AI  for threat investigations, and it is a game-changer.

SentinelOne Singularity Cloud Security's runtime protection is quite good in terms of adaptability to new and unknown threats compared to other solutions I have used.

It is significant for my team to have built-in integrations that unify various aspects of cloud security, resulting in superior threat detection and faster response, along with improved operational efficiency and security posture.

Drift detection significantly impacts my organization's ability to detect unexpected process behavior in containerized environments by reducing response times. The system can automatically share information and responses across different aspects to improve incident response time significantly. The automation of tasks and built-in integration enables automated compliance audit and risk remediation, reducing manual efforts and human error in managing security configurations.

SentinelOne Singularity Cloud Security drastically reduces the mean time to remediate for cloud incidents by shrinking investigation and response time from hours to seconds or minutes. The platform offers an autonomous AI-driven approach.

We measure the time savings in terms of SecOps operations achieved through SentinelOne Singularity Cloud Security by focusing on metrics, where automation reduces manual investigation and expedites incident response time. My organization frequently achieves significant efficiencies, with some customers achieving a 95% reduction in mean time to detect and an 88% reduction in mean time to respond. The reduction of false positives by using AI contextualized alerts allows teams to spend less time investigating non-malicious findings. The verified exploit paths feature helps my team prioritize vulnerabilities with a critical exploitable route, reducing time spent patching non-critical issues.

I advise others looking into using SentinelOne Singularity Cloud Security to prioritize the visibility feature, utilize the AI-driven Purple AI  for cross-environment threat analysis, and adopt a least-privilege IAM  model to maximize the security impact.

SentinelOne Singularity Cloud Security is a recognized Singularity  Cloud system and a premier cloud-native application protection platform, heavily emphasizing autonomous and AI-driven protection over manual, policy-based detections. I rate this product ten out of ten.