Sold by: SentinelOne
Deployed on AWS
Free Trial
AWS Free Tier
Block attacks and secure your entire cloud with SentinelOne Singularity Cloud Security, an AI-powered CNAPP providing deep visibility and robust, real-time protection to defend your AWS environment from initial access to mission target. It unifies proactive exposure management, and real-time protection to safeguard your AWS infrastructure, workloads (VMs, containers), and data with AI-powered detection and automated response. Try Cloud Security for free!
4.6
Overview
Video
Detect and Block an Attack in Under 1 Minute
Video
Cloud Native Security Overview
Block attacks and secure your entire cloud environment with SentinelOne Singularity Cloud Security, a comprehensive, AI-powered Cloud-Native Application Protection Platform (CNAPP). Our platform provides deep visibility and robust security from build time to runtime, with all security findings natively integrated into the Singularity Data Lake for investigation and custom detection. Safeguard your AWS cloud infrastructure and workloads against modern threats with our unified, real-time protection.
Our Comprehensive AI-Powered CNAPP is comprised of three key products designed to secure your entire cloud stack:
- Our agentless Cloud Native Security provides proactive exposure management capabilities that prevent attackers from gaining a foothold in your AWS environment with:
Offensive Security Engine: Reduce your cloud attack surface by simulating external exploits to produce Verified Exploit Paths to prioritize the expsoures that are truly reachable by an outside attacker.
Cloud Security Posture Management (CSPM): Continuously monitor and manage the security of your AWS configurations to prevent public exposure and ensure compliance.
Secrets Scanning: Identify more than 750 types of secrets across public and private repositories.
Cloud Infrastructure Entitlements Management (CIEM): Detect and manage excessive or unused permissions to mitigate the risk of privilege escalation.
Infrastructure as Code (IaC) Scanning: Scan and secure your IaC templates and images, including secrets and vulnerabilities, before deployment.
Cloud Detection and Response: Leverage our AI SIEM and forensics capabilities for advanced threat hunting and rapid incident response across your cloud.
- Cloud Workload Security is a real-time, AI-powered Cloud Workload Protection Platform (CWPP) for servers, virtual machines (VMs), and containers across public and private clouds. Built for the modern cloud, it helps you:
Detect and Stop Threats: Automatically stop runtime threats like ransomware, zero-days, and fileless attacks in real time without performance impact.
Accelerate Threat Hunting: Gather forensic data and telemetry for deep, comprehensive threat hunting and analysis.
Ensure Stability: Experience unmatched stability and performance without kernel panics, thanks to our lightweight, patented agent.
- Cloud Data Security provides AI-powered malware detection for cloud object storage, including Amazon S3 and file storage services like Amazon FSxN and NetApp. This product ensures that your data is always protected:
Real-Time Scanning: Detect malware, including zero-days, in milliseconds with scanning done directly in your own cloud environment.
Automated Action: Take immediate, automated action against threats, including quarantine and encryption.
AI Model Protection: Safeguard your AI models and pipelines deployed on services like Amazon SageMaker and Amazon Bedrock with our AI Security Posture Management (AISPM).
Additional SentinelOne integrations with AWS Services:
AWS CloudTrail: SentinelOne ingests AWS CloudTrial activity logs to identify and remediate cloud misconfigurations. By analyzing API and resource changes in real time, SentinelOne uncovers suspicious behaviors like unauthorized IAM change that create security gaps.
AWS Security Hub: Consolidates SentinelOne's deep security findings and context into AWS Security Hub for a single pane of glass and automated, high-fidelity response.
AWS Config: Uses AWS Config data to provide continuous compliance monitoring, track configuration changes over time, and ensure your cloud assets remain secure and auditable.
Amazon GuardDuty: Enriches Amazon GuardDuty's network and account-level threat detections with SentinelOne's detailed workload telemetry for more accurate correlation and faster threat hunting.
Get started
Verify exploitable risk and stop runtime threats with the most comprehensive and integrated CNAPP solution today. Simply click on the Request private offer button on this page to begin your procurement process.
Highlights
- Unified Visibility: Powered by Singularity Data Lake and Purple AI, customers can have a complete view of their security issues across endpoint, identity, and cloud
- Attacker's Mindset: Prioritize cloud health and remediation with evidence-based Verified Exploit Paths™ from code to multi-cloud environments.
- AI-Powered Threat Detection and Protection: Secure cloud and container workloads with real-time protection and forensic visibility.
Details
Sold by
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Access real-time vendor security and compliance information through their Trust Center powered by Drata or Vanta. Review certifications and security standards before purchase.
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Pricing available upon request. | Contact SentinelOne for custom pricing. | $20,000.00 |
Vendor refund policy
No refunds are available for this solution.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Support is available for this solution. For custom pricing contact sales@sentinelone.com .
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Unlock enterprise-wide security for your AWS environment with SentinelOne Singularity Platform. This AI-powered solution provides real-time threat detection and automated response across your infrastructure, ensuring continuous protection at infinite scale. By autonomously securing endpoints, cloud workloads, and identity, SentinelOne delivers total visibility while eliminating security silos. Integrate seamlessly with AWS and leverage our unified data lake and Purple AI to accelerate investigations and gain deeper insights. Secure your AWS cloud and focus on innovation with the speed and efficiency of AI.
Purple AI Model Context Protocol (MCP) Server provides secure, seamless integration between the Singularity Platform and any AI framework or large language model. Acting as a universal translator and intelligence hub, it empowers developers and partners to build custom agentic AI experiences powered by the full context and analytics of the SentinelOne platform. The open-source Purple AI MCP Server is available today on GitHub and will also be deployable as an EKS and through Amazon Bedrock, using Agent Core. Users will need to have an active deployment of SentinelOne console and be able to obtain the SentinelOne Singularity Console token and url to be able to deploy and use the Purple AI MCP server.
SentinelOne Singularity AI SIEM revolutionizes your security operations on AWS. Eliminate the skyrocketing ingestion costs and data overloads of legacy SIEMs by utilizing Observo AI to filter data volumes. This provides a deeper, richer dataset, enabling smarter and more accurate detections, accelerated generative AI investigations, and precise responses with Singularity Hyperautomation. AI SIEM is fundamentally shifting the role of security analyst from manual, repetitive tasks to strategic defense. Empower your team to accelerate investigations and mitigate critical risks with a fast, scalable, and intelligent SIEM built for the Autonomous SOC.
Secure endpoints, servers and cloud workloads with SentinelOne Singularity, an AI-powered platform for autonomous prevention, detection, and response. SentinelOne sets the standard for how AI and automation transform security operations, stopping novel and evolving threats at machine speed, scaling under-resourced teams, and simplifying data to outpace adversaries. This pay-as-you-go (PAYGO) listing provides a unified platform defense against the most sophisticated attacks.
Customer reviews
Daniil Kalmykov
Unified cloud security has improved misconfiguration detection and simplified compliance work
Reviewed on Jun 09, 2026
Review from a verified AWS customer
What is our primary use case?
I am an integrator and reseller of SentinelOne Singularity Cloud Security . Most of our customers are interested in cloud security posture management, including misconfigurations of different clouds, particularly AWS and Azure . We also use SentinelOne Singularity Cloud Security for compliance in the cloud and, rarely, with modules like Kubernetes security and IAC security posture management.
What is most valuable?
What I appreciate most about SentinelOne Singularity Cloud Security is how deeply the solution can identify misconfigurations with many different built-in rules for misconfigurations, probably around 2,000 if I remember correctly. Additionally, the solution has very good compliance modules with strong rules for standards such as PCI DSS.
From my experience, the unified platform of SentinelOne helps streamline security operations, and I propose to our customers that they move to the platform where they can choose different solutions such as EDR, SIEM , cloud security, and others, which I consider one of the biggest positives.
What needs improvement?
In one of my latest projects, I faced issues with the functionality of runtime protection for serverless functions for AWS , as SentinelOne currently does not have this functionality. However, the vendor promised that this functionality should be added by the end of this year, so it would be beneficial if SentinelOne adds runtime protection for serverless AWS.
For how long have I used the solution?
I am still working with SentinelOne Singularity Cloud Security for half a year.
What do I think about the stability of the solution?
The stability and reliability of SentinelOne Singularity Cloud Security are good enough. I believe the vendor does not have any problems with stability, which indicates it is a good factor for improvement in the future. I have not experienced any outages with SentinelOne Singularity Cloud Security when the product stopped working abruptly.
What do I think about the scalability of the solution?
When evaluating how scalable SentinelOne Singularity Cloud Security is, I find that if we need to scale, we just need to buy additional licenses; we do not need to deploy additional servers or consoles.
How are customer service and support?
I do not usually communicate with the technical support of SentinelOne Singularity Cloud Security. In some projects, we have communicated with their support due to specific customer infrastructure needs, but generally, the initial setup can be completed without support team communication.
Based on my interactions with the technical support of SentinelOne, I would rate them highly. As an integrator, I have communicated with many support teams and vendors, and I was impressed when we sent some technical requests and received answers within 30 minutes, although those were general questions, not high-priority ones.
How was the initial setup?
My experience with the initial setup of SentinelOne Singularity Cloud Security is that when we receive the license and do a full initial setup, it takes around one workday. After one workday, we can use this solution with all capabilities and get value.
Overall, I find the initial setup of SentinelOne Singularity Cloud Security straightforward due to good documentation and a really user-friendly interface. I do not use the documentation a lot other than during the initial setup, but I refer to it in specific cases.
What's my experience with pricing, setup cost, and licensing?
I think it is hard to say about the pricing, but projects with SentinelOne Singularity Cloud Security can start from probably 20,000 dollars per year. I do not know the current cost for one cloud resource for scanning, but I think if the customer has about 20,000 dollars for cloud security posture management solutions, we can proceed with SentinelOne.
What other advice do I have?
I have extensive experience with SentinelOne Singularity Cloud Security. The functionalities I get from SentinelOne Singularity Cloud Security mean the possibilities outweigh the price. It is not over-expensive; for the capabilities it provides, SentinelOne Singularity Cloud Security is truly not over-expensive.
I cannot answer the question about the impact of SentinelOne Singularity Cloud Security on reducing MTTR for cloud incident investigations because I am not working as an analyst and this is not part of my experience. I have not worked closely with any different technology for the same use cases before SentinelOne Singularity Cloud Security.
I would rate this review a 9 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Hardik Murdia
Runtime protection has strengthened AWS workloads and simplifies Kubernetes threat detection
Reviewed on Jun 08, 2026
Review from a verified AWS customer
What is our primary use case?
Our current organization operates in an AWS-centric environment with SentinelOne Singularity Cloud Security . We use everything on AWS , and all our resources require vulnerability detection and dependency issue management. Those detections are straightforward, and any tool can identify vulnerabilities. However, SentinelOne Singularity Cloud Security provides an extension on top of basic detection. Any CNAP currently in the market can tell you about vulnerabilities, but how to detect them and whether an attack is continuously happening on our traditional systems—and how to stop them at that moment—is critical. Runtime vulnerability checks are very important for us and help significantly with Kubernetes workflows as well as cloud infrastructure level operations.
We have extensively used the Kubernetes security features in SentinelOne Singularity Cloud Security, specifically the KSPM. We followed that with cloud work through what is called Cloud Workload Protection. Because we receive substantial data from AWS , the CWP has provided us with good information around what is going wrong. When attacks happen, we understand what to do and how to identify our system's vulnerabilities before they are exploited, ensuring things work properly without any security issues.
In my use case with SentinelOne Singularity Cloud Security, what I have used extensively is for Kubernetes and other infrastructure components.
What is most valuable?
Runtime protection is exceptional. The initial setup of SentinelOne Singularity Cloud Security is one of the best available. I have never had an easier integration than this, as everything is cloud-managed.
The positive impact I have observed is that runtime issues, which SentinelOne Singularity Cloud Security solves, are very good. Many times with Kubernetes and infrastructure that have numerous vulnerabilities, those issues can only be caught at the runtime level. SentinelOne Singularity Cloud Security provides the best runtime protection I have seen. I have not faced any problems, and regarding the engineering aspect, I have not been worried about this. That is a very good thing.
What needs improvement?
When it comes to the maturity of SentinelOne Singularity Cloud Security, it is not currently at the level of more established solutions. For example, we previously used CrowdStrike, which has been established for ages. CrowdStrike had an incident with an agent issue that was catastrophic, and despite that, people did not unsubscribe. CrowdStrike has something called Falcon that helped us in great ways before. Investigation is easier with SentinelOne Singularity Cloud Security—you can go through the screen and check everything, whereas with CrowdStrike it was more of a headache. However, the ecosystem is more mature at CrowdStrike compared to SentinelOne Singularity Cloud Security. There are not many users that need this in the market, and the CNAP market is very large. SentinelOne is specifically targeting AWS-first companies and is not extending its solution to Azure or GCP , which might help potentially.
For how long have I used the solution?
We have been using SentinelOne Singularity Cloud Security for one and a half years now, following an incident with CrowdStrike where we experienced a complete blue screen crash. After that issue, we switched to SentinelOne Singularity Cloud Security.
What do I think about the stability of the solution?
We have never faced any outage or problem with SentinelOne Singularity Cloud Security. All the SLAs are in place. I don't think we have specific metrics to measure this, but if it had been down, we would have known. We have always received reports and have created a pipeline using a monitoring tool called Signoz that fetches everything from the SentinelOne report and provides that information to Slack every day at 8:00 a.m. IST. This has helped us identify any ongoing vulnerability and has never failed since its one-time setup. SentinelOne Singularity Cloud Security operates consistently, and that is how a product should work—you should not have to worry about it.
What do I think about the scalability of the solution?
We have not faced any scalability issues with SentinelOne Singularity Cloud Security, and since our organization is not large, this is acceptable.
How are customer service and support?
I do not communicate often with technical support regarding SentinelOne Singularity Cloud Security because our VP of Engineering handles that. My work focuses on the integration aspect. I am an end user in terms of how the solutions are working, and vulnerability catching happens in the code. If something goes wrong during infrastructure deployments, I need to investigate what happened and assess the problem. I need to check how things are looking and whether we have the visibility we need or if any threat hunting is happening, which is something very important.
Which solution did I use previously and why did I switch?
Before choosing SentinelOne Singularity Cloud Security, we were using CrowdStrike, and we also evaluated Wiz . Wiz was acceptable, but compared to SentinelOne Singularity Cloud Security, their pricing was higher. They also provide similar features and are known better because they have something called agentless cloud visibility, which would have been a better opportunity for us to adopt, but their costing is very high. We opted for the runtime aspects instead.
My organization is small in terms of the scale of use cases with SentinelOne Singularity Cloud Security, so we did not have any issues. Even with CrowdStrike previously, it was also performing well. However, due to constraints regarding our customers who specifically asked us not to proceed with it, we had to move to SentinelOne Singularity Cloud Security.
How was the initial setup?
The installation of SentinelOne Singularity Cloud Security was straightforward. First, we onboarded through AWS by connecting our AWS account from the SentinelOne console. We had to configure some privilege issues, and policies had to be configured beforehand. We created a cross-account IAM role before integrating SentinelOne, which helped ensure that SentinelOne could run on multi-cloud environments. After that, we enabled CloudTrail� integration and configured some AWS configurations. Then we proceeded to Security Hub and enabled GuardDuty. We started the agent asset discovery, which helped us deploy the provided solution quickly.
For Kubernetes, each step was straightforward. We had one EKS cluster where we deployed a SentinelOne Kubernetes component via Helm chart. The admission policy of the controller had to be configured at that point, and we enabled the KSPM scanning. The onboarding aspect was something I completed extensively, and I remember the steps involved. It was very straightforward, I did not face many issues, and the documentation was appropriate and to the point.
What's my experience with pricing, setup cost, and licensing?
I am not the right person to provide details about the cost aspect of SentinelOne Singularity Cloud Security because the company has already integrated it. I evaluated the solutions and provided a report, but the costing aspect is handled by the cost analysis or FinOps team. From articles I have read, SentinelOne Singularity Cloud Security appears fairly priced, but when dealing with many vulnerabilities, the runtime cost becomes somewhat high. However, I do not have much exposure to the pricing aspect.
What other advice do I have?
As we are a smaller firm and need significant automation, we opted for SentinelOne Singularity Cloud Security. I would rate this solution a solid nine out of ten. Everyone has some room for improvement, but a nine is something I consider very good.
Abhishek Vilas Sawant
Automated threat detection has reduced response times and streamlines our incident investigations
Reviewed on May 22, 2026
Review provided by PeerSpot
What is our primary use case?
Our use case for SentinelOne Singularity Cloud Security is to use it for endpoint detection to safeguard our client's infrastructure, so we have deployed the use case as per our client recommendations. We are not a customer, partner, or reseller; we work as an MSSP and provide services for our clients.
What is most valuable?
In my scenario, the best features of SentinelOne Singularity Cloud Security are that it gives a very quick response and has rollback capability. The benefit for my customer is that it is fully autonomous where mostly everything is automated, and the threat detection engine operates on a real-time basis, so it is almost fully automated and that is the major capability that SentinelOne Singularity has.
Since implementing SentinelOne Singularity Cloud Security, it has detected alerts in real-time, which obviously has affected our client's security, so we can rely on that very much.
The impact on our MTTR for incident investigations has been quite positive because the investigation feature shows us detections in the UI only, as it detects threats in real scenarios, so it is much more reliable.
What needs improvement?
I feel there is room for improvement in SentinelOne Singularity Cloud Security, particularly in creating custom dashboards since it only has a default dashboard feature, and a capability for creating custom dashboards would help us a lot as analysts. Additionally, there is a high number of false positive alerts when new clients come, as the default use cases are only enabled for that client, resulting in resource consumption and increased CPU utilization, which could be improved in the future.
For how long have I used the solution?
I have been using SentinelOne Singularity Cloud Security for more than a year.
What do I think about the stability of the solution?
As for stability, I find it very much stable since we have not experienced any downtime for more than a year, and if we ever do, we connect with OEM customer support, getting a quick response for whatever the issue may be. I would rate the stability of SentinelOne Singularity Cloud Security a 10 because as of now we have not faced any stability issues.
What do I think about the scalability of the solution?
SentinelOne Singularity Cloud Security is very much scalable, as it charges on a per-endpoint basis, allowing us to scale up or down depending on any requirements. I would rate its scalability an eight.
How are customer service and support?
I would rate the technical support for SentinelOne Singularity Cloud Security a 10.
How was the initial setup?
It is easy to deploy SentinelOne Singularity Cloud Security.
What about the implementation team?
I have not been part of integration but know that it is very easy; we just install the agent on any endpoint.
What was our ROI?
SentinelOne Singularity Cloud Security saves a significant amount of time because it detects in real-time and is fully automated, thus allowing us to detect and respond to any threats efficiently compared to other solutions for SIM and SOAR products.
What's my experience with pricing, setup cost, and licensing?
Although I am not the person responsible for pricing, I know that SentinelOne pricing depends on how many endpoints the client is using, and it is discussed on a per-device basis.
Which other solutions did I evaluate?
Compared to other vendors, I would say the reliability of SentinelOne Singularity Cloud Security is higher; we can rely on it very much as the detection and remediation features are very quick, and it is much easier to grasp even for beginners due to its user interface and rollback capabilities, keeping SentinelOne at a top tier compared to other solutions.
What other advice do I have?
Our mean time to response, every time a malware or any malicious file is detected in an endpoint, the alert is generated, and as analysts, we take a response accordingly, so we try to respond to the alert as soon as 15 minutes for our client. Although SentinelOne automatically quarantines malicious files, our purpose as analysts is just to raise the alert with our client.
I would say the MTTR has reduced by about 50%. For MTTD, I would say it detects files in real-time, so as soon as the file is detected, it gives us an alert in real-time, so I would say about 80-90%.
For overall scanning, we conduct activities to check for any unknown devices that should not be present. During scanning, a higher number of alerts are generated, which is expected, but we can rely on scanning as it is crucial to check every endpoint or desktop.
SentinelOne Singularity Cloud Security's unified platform experience has helped streamline our security operations significantly because the threat detection and the incidents we manage daily, including checking hash and other factors, are greatly aided by the platform.
We are using it as an XDR , not for cloud, so I cannot provide a specific reduction amount for MTTR in cloud incident investigation. We have SentinelOne Singularity Cloud Security deployed in an on-prem model.
There are around five to six members managing more than 15 or 16 clients with SentinelOne Singularity Cloud Security. In our organization, many specialists work with SentinelOne Singularity Cloud Security; we are a large team working in SOC and SOAR , sharing the same infrastructure, totaling more than 40 members. Our clients are mostly medium-sized businesses.
SentinelOne Singularity Cloud Security does require maintenance, such as basic updates and patching for new versions.
I would advise anyone looking to implement SentinelOne Singularity Cloud Security to choose it if they want a very reliable product because it is fully automated and very reliable, and it is the best option within the price range everyone is looking for. I give this review an overall rating of 10.
Ashraf Razi
Behavioral detection has strengthened threat hunting and now improves incident response speed
Reviewed on May 20, 2026
Review provided by PeerSpot
What is our primary use case?
We were using SentinelOne Singularity Cloud Security as an endpoint security platform to get threat intelligence regarding malware and threats.
We have an MDR platform, and we are using it as a log ingester for log collection and then we are deploying webhooks for incident response.
What is most valuable?
Power Queries are useful in deep threat hunting and deep visibility.
SentinelOne Singularity Cloud Security maps any threat or incident with all the applicable MITRE ATT&CK techniques and also provides behavioral detection. This would be useful when an endpoint has a zero-day threat involved in the incident, as it will have better detection because of the behavioral detection engine and dynamic detection engine. The mapping of the MITRE ATT&CK techniques provides deep understanding of what the threat actor is trying to do.
Meantime threat response is quite fast. There is no doubt about that. The reason we are migrating to Defender from SentinelOne Singularity Cloud Security is not because of the cost or features. It is just a managerial decision taken in order to save money as we are already having some other tooling with different licensing. There is no doubt that the MTTR and MTTD are quite great in SentinelOne Singularity Cloud Security and it is quite effective in detecting threats and responding to incidents effectively.
SentinelOne Singularity Cloud Security has a dynamic and behavioral detection engine which examines the files based on their behavior and tries to map it with the MITRE ATT&CK techniques. Even if there is a zero-day threat, it would be able to detect it because of its behavioral detection capabilities.
What needs improvement?
Pricing is on the higher side. I would rate it at seven or eight.
The price is high, and of course it could be lower. The market is changing and SentinelOne Singularity Cloud Security has a very good competitor in Microsoft Defender. SentinelOne Singularity Cloud Security should innovate more and come up with features which clearly justify the purchase if someone is already having Microsoft Defender inbuilt with Microsoft 365 licensing. Suppose my organization is moving to Defender because they already have Microsoft Defender in E5 licensing and opted for it in order to save money that was being spent on SentinelOne Singularity Cloud Security. SentinelOne Singularity Cloud Security should come up with innovative and new features that justify organizations staying with SentinelOne Singularity Cloud Security and not opting for a Defender-solution.
I would not say the functionality was missing. However, for example, Defender provides correlations from an identity perspective. In SentinelOne Singularity Cloud Security, the identity module was available, but it needed to be purchased separately and did not come with the base licensing.
SentinelOne Singularity Cloud Security should include the identity module in their base subscription so that their value gets increased. Nowadays the threats are evolving and moving towards identity-based attacks. If a customer has to purchase an identity module of SentinelOne Singularity Cloud Security separately, they will get hesitant because their competitor, Microsoft Defender, is providing that for free in their base subscription. SentinelOne Singularity Cloud Security must work on their subscription pricing in order to stay relevant in the market.
For how long have I used the solution?
I have been working with SentinelOne Singularity Cloud Security for five years.
What do I think about the stability of the solution?
Stability is a benchmark at ten, and I would rate it at eight.
What do I think about the scalability of the solution?
Scalability is also eight because it can be easily scaled up if more endpoints need to be covered. They just have to have the agent installed on them and the license should have that many seats.
How are customer service and support?
The technical support is acceptable, and I would rate it at eight.
Which solution did I use previously and why did I switch?
In the company where I work as a security engineer, we used to have SentinelOne Singularity Cloud Security in our environment, but the company has decided to migrate to Microsoft Defender. The reason is managerial, not technical. The migration is in process and we will soon stop using SentinelOne Singularity Cloud Security and use Microsoft Defender instead.
How was the initial setup?
The deployment is much justified as it is a cloud-based setup.
SentinelOne Singularity Cloud Security is a separate endpoint security technology. It does not come or integrate with other platforms such as email platforms or cloud platforms. Because it is a separate technology, the deployment is not particularly tough.
What's my experience with pricing, setup cost, and licensing?
If you want a comparative score, it will not be good because Microsoft Defender is coming as a free offering in the Microsoft E5 licensing. Whichever organization is having E5 licensing of Microsoft Office 365 is literally getting Defender for free. If they were using SentinelOne Singularity Cloud Security or CrowdStrike and are already having Microsoft E5 licensing, then this move will save a lot of money from their security budget. SentinelOne Singularity Cloud Security has aggressive pricing, but they will get an equivalent product or maybe better in the Windows environment. If they use Microsoft Defender, they will get correlation from Microsoft Defender for Identity , for cloud, for cloud apps, for endpoints, and Microsoft Entra ID and Active Directory. Threat intelligence and correlation would be better because most organizations are using Microsoft Office 365 , so they will get two things if they use Microsoft Defender.
The first benefit is that they would not have to spend a lot of money on an endpoint security tool separately, because they will get the Defender endpoint security suite for free as they already have the E5 licensing. It comes with E5 licensing, so no additional money. Suppose an organization is spending ten thousand dollars on SentinelOne Singularity Cloud Security; if they were having Microsoft 365 E5 licensing, they would just straight save ten thousand dollars. The spending will come from ten thousand dollars to directly zero, as the license is already included in E5.
The second thing is that the threat intelligence will be enriched due to Microsoft Office 365 having various products such as Entra ID and Azure resources. Microsoft Defender integrates by default with all those Microsoft toolings, so the threat intelligence would be much enriched as compared to SentinelOne Singularity Cloud Security.
Which other solutions did I evaluate?
In the company where I work, we are migrating from SentinelOne Singularity Cloud Security to Defender.
I am using it, but it will soon go away from the organization where I work.
Microsoft Defender is the alternate solution.
What other advice do I have?
My recommendation depends upon the budget, client expectation, and their existing security stack.
Ranger is a module in SentinelOne Singularity Cloud Security which scans all the network and determines the OS, whatever devices there are, their OS, and their versions.
Integration is acceptable, neither easy nor tough.
I would rate this review at eight overall.
KetanPatel7
Advanced rollback and AI-driven insights have protected endpoints and simplified security operations
Reviewed on May 19, 2026
Review provided by PeerSpot
What is our primary use case?
I have recently used SentinelOne Singularity Cloud Security . We also have the CrowdStrike EDR tool, which is similar to SentinelOne Singularity Cloud Security and other EDR solutions. We used the CrowdStrike tool two to three months ago.
What is most valuable?
We can check multiple types of alerts and triggers, and we can analyze these. There are many types of functions such as Kill, Quarantine, and remediate rollback types of features, which we can use for client safety.
The rollback feature is the best feature because it is only used in SentinelOne Singularity Cloud Security. We have used multiple types of EDR, but the rollback feature is unique to SentinelOne Singularity Cloud Security. When many types of attacks happen in an organization, the rollback feature deletes all types of malicious files and other malware-type files and completely cleans your system. This feature is very interesting according to me.
SentinelOne Singularity Cloud Security provides many types of features such as Kill and Quarantine, which are very interesting features for security operations. There are deep visibility features, and Purple AI is also one of the best features. It is easy for security operations and incident response. We can check log analysis with the help of deep visibility, and any types of attacks, malware, and phishing attacks are detected by SentinelOne Singularity Cloud Security. Many types of security operations can be tracked and observed with the help of SentinelOne Singularity Cloud Security.
Purple AI is one of the interesting features in SentinelOne Singularity Cloud Security. Deep visibility is one of the best features in SentinelOne Singularity Cloud Security. You can find any types of logs and any types of devices through searching portals, similar to Google search. It gives you information regarding this. With deep visibility, you can search for any name. For example, we can search for any name and check what is happening with that person's laptops, what USB is connected or disconnected, and whether the network is connected or not. This is with the help of Purple AI.
What needs improvement?
According to me, there is one thing I dislike, which is the dashboard. SentinelOne Singularity Cloud Security does not provide a custom dashboard according to our mindset. There are more types of EDR that give custom dashboards, but SentinelOne Singularity Cloud Security does not provide the custom dashboard. This is the only area for improvement.
For how long have I used the solution?
I have been working in my current field overall for the last five years, but I have used SentinelOne Singularity Cloud Security for the last two years.
What do I think about the stability of the solution?
We do not observe any lagging or crashing.
What do I think about the scalability of the solution?
There is low maintenance because it is a cloud platform. It is very low maintenance according to my experience. We can observe our organization, and it is very low maintenance for small organizations. They can easily maintain this.
How are customer service and support?
Technical support is the best for my side. We can raise any ticket for help from the OEM side. It gives a 10 to 15-minute reply, and for anything that is emergency, they schedule a call and solve our problems. According to me, the technical support is good. I give them 10 out of 10 for technical support.
Which solution did I use previously and why did I switch?
SentinelOne Singularity Cloud Security provides the most features compared to other EDRs, and it is easy to understand. The features are very compact in SentinelOne Singularity Cloud Security, not vast types of features. It is easy to understand for both any fresher or any experienced person. The integration part is also easy compared to other EDR solutions. Newly joined persons can also integrate this because the steps are very easy. According to me, SentinelOne Singularity Cloud Security is the best compared to other EDR devices.
How was the initial setup?
It is easy. Any person newly joined or not belonging to the IT field can follow the steps very easily according to me. The integration parts do not require more types of servers and anything. It is very easy to deploy, and the installation part is also good. There is only one to two minutes installing SentinelOne Singularity Cloud Security agent in each and every endpoint. I think this is the best for SentinelOne Singularity Cloud Security.
What about the implementation team?
Our organization is an MSSP , not a client. We provide the license about our client base. We manage multiple clients through the MSSP portal. We also manage and resell. We provide this license for SentinelOne Singularity Cloud Security and also we manage. There are 8 to 10,000 agents installed on our client side. We manage around 20 to 30 clients, and there are 8 to 10,000 endpoints installed with SentinelOne Singularity Cloud Security on the client side.
What was our ROI?
Overall, I give it a 10 out of 10 because SentinelOne Singularity Cloud Security is the best for me. We have used multiple types of EDR, but SentinelOne Singularity Cloud Security provides the best features for our organization and client organization to safely do any activity or go to internet sites, which is why we can give 10 out of 10.
What's my experience with pricing, setup cost, and licensing?
The pricing is basically not very low and very high. It is in the middle range for easy buying for any small organization and big organization. According to me, it is the best price for the EDR. We can check multiple types of EDR, and their prices are so high, but SentinelOne Singularity Cloud Security is not. SentinelOne Singularity Cloud Security is not lesser and not more. It is in the middle range of price.
Which other solutions did I evaluate?
SentinelOne Singularity Cloud Security has multiple types of policies. One of them is the offensive security. There are also behavioral policies and static AI policies and suspicious policies. There are 10 to 11 types of policies. Anything that triggers the alerts belongs to these policies, which happen through behavioral analysis and offensive security analysis. There are multiple types of policies. Any alert triggered in SentinelOne Singularity Cloud Security comes with the help of these policies.
What other advice do I have?
I have been using this solution overall in my career for the last two years.
There is an AI-based feature. You can create any use case according to our side. Many organizations are not using RDP tools such as AnyDesk or TeamViewer . Most organizations do not allow these features. At that time, the AI gives you the most types of generated codes. With the help of this code, you can create according to your side for creating any custom rules to keep your organization and clients secure.
I give this solution a 10 out of 10 rating.