Sold by: SentinelOne
Deployed on AWS
Free Trial
AWS Free Tier
Block attacks and secure your entire cloud with SentinelOne Singularity Cloud Security, an AI-powered CNAPP providing deep visibility and robust, real-time protection to defend your AWS environment from initial access to mission target. It unifies proactive exposure management, and real-time protection to safeguard your AWS infrastructure, workloads (VMs, containers), and data with AI-powered detection and automated response. Try Cloud Security for free!
4.6
Overview
Video
Detect and Block an Attack in Under 1 Minute
Video
Cloud Native Security Overview
Block attacks and secure your entire cloud environment with SentinelOne Singularity Cloud Security, a comprehensive, AI-powered Cloud-Native Application Protection Platform (CNAPP). Our platform provides deep visibility and robust security from build time to runtime, with all security findings natively integrated into the Singularity Data Lake for investigation and custom detection. Safeguard your AWS cloud infrastructure and workloads against modern threats with our unified, real-time protection.
Our Comprehensive AI-Powered CNAPP is comprised of three key products designed to secure your entire cloud stack:
- Our agentless Cloud Native Security provides proactive exposure management capabilities that prevent attackers from gaining a foothold in your AWS environment with:
Offensive Security Engine: Reduce your cloud attack surface by simulating external exploits to produce Verified Exploit Paths to prioritize the expsoures that are truly reachable by an outside attacker.
Cloud Security Posture Management (CSPM): Continuously monitor and manage the security of your AWS configurations to prevent public exposure and ensure compliance.
Secrets Scanning: Identify more than 750 types of secrets across public and private repositories.
Cloud Infrastructure Entitlements Management (CIEM): Detect and manage excessive or unused permissions to mitigate the risk of privilege escalation.
Infrastructure as Code (IaC) Scanning: Scan and secure your IaC templates and images, including secrets and vulnerabilities, before deployment.
Cloud Detection and Response: Leverage our AI SIEM and forensics capabilities for advanced threat hunting and rapid incident response across your cloud.
- Cloud Workload Security is a real-time, AI-powered Cloud Workload Protection Platform (CWPP) for servers, virtual machines (VMs), and containers across public and private clouds. Built for the modern cloud, it helps you:
Detect and Stop Threats: Automatically stop runtime threats like ransomware, zero-days, and fileless attacks in real time without performance impact.
Accelerate Threat Hunting: Gather forensic data and telemetry for deep, comprehensive threat hunting and analysis.
Ensure Stability: Experience unmatched stability and performance without kernel panics, thanks to our lightweight, patented agent.
- Cloud Data Security provides AI-powered malware detection for cloud object storage, including Amazon S3 and file storage services like Amazon FSxN and NetApp. This product ensures that your data is always protected:
Real-Time Scanning: Detect malware, including zero-days, in milliseconds with scanning done directly in your own cloud environment.
Automated Action: Take immediate, automated action against threats, including quarantine and encryption.
AI Model Protection: Safeguard your AI models and pipelines deployed on services like Amazon SageMaker and Amazon Bedrock with our AI Security Posture Management (AISPM).
Additional SentinelOne integrations with AWS Services:
AWS CloudTrail: SentinelOne ingests AWS CloudTrial activity logs to identify and remediate cloud misconfigurations. By analyzing API and resource changes in real time, SentinelOne uncovers suspicious behaviors like unauthorized IAM change that create security gaps.
AWS Security Hub: Consolidates SentinelOne's deep security findings and context into AWS Security Hub for a single pane of glass and automated, high-fidelity response.
AWS Config: Uses AWS Config data to provide continuous compliance monitoring, track configuration changes over time, and ensure your cloud assets remain secure and auditable.
Amazon GuardDuty: Enriches Amazon GuardDuty's network and account-level threat detections with SentinelOne's detailed workload telemetry for more accurate correlation and faster threat hunting.
Get started
Verify exploitable risk and stop runtime threats with the most comprehensive and integrated CNAPP solution today. Simply click on the Request private offer button on this page to begin your procurement process.
Highlights
- Unified Visibility: Powered by Singularity Data Lake and Purple AI, customers can have a complete view of their security issues across endpoint, identity, and cloud
- Attacker's Mindset: Prioritize cloud health and remediation with evidence-based Verified Exploit Paths™ from code to multi-cloud environments.
- AI-Powered Threat Detection and Protection: Secure cloud and container workloads with real-time protection and forensic visibility.
Details
Sold by
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Access real-time vendor security and compliance information through their Trust Center powered by Drata or Vanta. Review certifications and security standards before purchase.
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Pricing available upon request. | Contact SentinelOne for custom pricing. | $20,000.00 |
Vendor refund policy
No refunds are available for this solution.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Support is available for this solution. For custom pricing contact sales@sentinelone.com .
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Unlock enterprise-wide security for your AWS environment with SentinelOne Singularity Platform. This AI-powered solution provides real-time threat detection and automated response across your infrastructure, ensuring continuous protection at infinite scale. By autonomously securing endpoints, cloud workloads, and identity, SentinelOne delivers total visibility while eliminating security silos. Integrate seamlessly with AWS and leverage our unified data lake and Purple AI to accelerate investigations and gain deeper insights. Secure your AWS cloud and focus on innovation with the speed and efficiency of AI.
Purple AI Model Context Protocol (MCP) Server provides secure, seamless integration between the Singularity Platform and any AI framework or large language model. Acting as a universal translator and intelligence hub, it empowers developers and partners to build custom agentic AI experiences powered by the full context and analytics of the SentinelOne platform. The open-source Purple AI MCP Server is available today on GitHub and will also be deployable as an EKS and through Amazon Bedrock, using Agent Core. Users will need to have an active deployment of SentinelOne console and be able to obtain the SentinelOne Singularity Console token and url to be able to deploy and use the Purple AI MCP server.
SentinelOne Singularity AI SIEM revolutionizes your security operations on AWS. Eliminate the skyrocketing ingestion costs and data overloads of legacy SIEMs by utilizing Observo AI to filter data volumes. This provides a deeper, richer dataset, enabling smarter and more accurate detections, accelerated generative AI investigations, and precise responses with Singularity Hyperautomation. AI SIEM is fundamentally shifting the role of security analyst from manual, repetitive tasks to strategic defense. Empower your team to accelerate investigations and mitigate critical risks with a fast, scalable, and intelligent SIEM built for the Autonomous SOC.
Secure endpoints, servers and cloud workloads with SentinelOne Singularity, an AI-powered platform for autonomous prevention, detection, and response. SentinelOne sets the standard for how AI and automation transform security operations, stopping novel and evolving threats at machine speed, scaling under-resourced teams, and simplifying data to outpace adversaries. This pay-as-you-go (PAYGO) listing provides a unified platform defense against the most sophisticated attacks.
Customer reviews
Abhishek Vilas Sawant
Automated threat detection has reduced response times and streamlines our incident investigations
Reviewed on May 22, 2026
Review provided by PeerSpot
What is our primary use case?
Our use case for SentinelOne Singularity Cloud Security is to use it for endpoint detection to safeguard our client's infrastructure, so we have deployed the use case as per our client recommendations. We are not a customer, partner, or reseller; we work as an MSSP and provide services for our clients.
What is most valuable?
In my scenario, the best features of SentinelOne Singularity Cloud Security are that it gives a very quick response and has rollback capability. The benefit for my customer is that it is fully autonomous where mostly everything is automated, and the threat detection engine operates on a real-time basis, so it is almost fully automated and that is the major capability that SentinelOne Singularity has.
Since implementing SentinelOne Singularity Cloud Security, it has detected alerts in real-time, which obviously has affected our client's security, so we can rely on that very much.
The impact on our MTTR for incident investigations has been quite positive because the investigation feature shows us detections in the UI only, as it detects threats in real scenarios, so it is much more reliable.
What needs improvement?
I feel there is room for improvement in SentinelOne Singularity Cloud Security, particularly in creating custom dashboards since it only has a default dashboard feature, and a capability for creating custom dashboards would help us a lot as analysts. Additionally, there is a high number of false positive alerts when new clients come, as the default use cases are only enabled for that client, resulting in resource consumption and increased CPU utilization, which could be improved in the future.
For how long have I used the solution?
I have been using SentinelOne Singularity Cloud Security for more than a year.
What do I think about the stability of the solution?
As for stability, I find it very much stable since we have not experienced any downtime for more than a year, and if we ever do, we connect with OEM customer support, getting a quick response for whatever the issue may be. I would rate the stability of SentinelOne Singularity Cloud Security a 10 because as of now we have not faced any stability issues.
What do I think about the scalability of the solution?
SentinelOne Singularity Cloud Security is very much scalable, as it charges on a per-endpoint basis, allowing us to scale up or down depending on any requirements. I would rate its scalability an eight.
How are customer service and support?
I would rate the technical support for SentinelOne Singularity Cloud Security a 10.
How was the initial setup?
It is easy to deploy SentinelOne Singularity Cloud Security.
What about the implementation team?
I have not been part of integration but know that it is very easy; we just install the agent on any endpoint.
What was our ROI?
SentinelOne Singularity Cloud Security saves a significant amount of time because it detects in real-time and is fully automated, thus allowing us to detect and respond to any threats efficiently compared to other solutions for SIM and SOAR products.
What's my experience with pricing, setup cost, and licensing?
Although I am not the person responsible for pricing, I know that SentinelOne pricing depends on how many endpoints the client is using, and it is discussed on a per-device basis.
Which other solutions did I evaluate?
Compared to other vendors, I would say the reliability of SentinelOne Singularity Cloud Security is higher; we can rely on it very much as the detection and remediation features are very quick, and it is much easier to grasp even for beginners due to its user interface and rollback capabilities, keeping SentinelOne at a top tier compared to other solutions.
What other advice do I have?
Our mean time to response, every time a malware or any malicious file is detected in an endpoint, the alert is generated, and as analysts, we take a response accordingly, so we try to respond to the alert as soon as 15 minutes for our client. Although SentinelOne automatically quarantines malicious files, our purpose as analysts is just to raise the alert with our client.
I would say the MTTR has reduced by about 50%. For MTTD, I would say it detects files in real-time, so as soon as the file is detected, it gives us an alert in real-time, so I would say about 80-90%.
For overall scanning, we conduct activities to check for any unknown devices that should not be present. During scanning, a higher number of alerts are generated, which is expected, but we can rely on scanning as it is crucial to check every endpoint or desktop.
SentinelOne Singularity Cloud Security's unified platform experience has helped streamline our security operations significantly because the threat detection and the incidents we manage daily, including checking hash and other factors, are greatly aided by the platform.
We are using it as an XDR , not for cloud, so I cannot provide a specific reduction amount for MTTR in cloud incident investigation. We have SentinelOne Singularity Cloud Security deployed in an on-prem model.
There are around five to six members managing more than 15 or 16 clients with SentinelOne Singularity Cloud Security. In our organization, many specialists work with SentinelOne Singularity Cloud Security; we are a large team working in SOC and SOAR , sharing the same infrastructure, totaling more than 40 members. Our clients are mostly medium-sized businesses.
SentinelOne Singularity Cloud Security does require maintenance, such as basic updates and patching for new versions.
I would advise anyone looking to implement SentinelOne Singularity Cloud Security to choose it if they want a very reliable product because it is fully automated and very reliable, and it is the best option within the price range everyone is looking for. I give this review an overall rating of 10.
Ashraf Razi
Behavioral detection has strengthened threat hunting and now improves incident response speed
Reviewed on May 20, 2026
Review provided by PeerSpot
What is our primary use case?
We were using SentinelOne Singularity Cloud Security as an endpoint security platform to get threat intelligence regarding malware and threats.
We have an MDR platform, and we are using it as a log ingester for log collection and then we are deploying webhooks for incident response.
What is most valuable?
Power Queries are useful in deep threat hunting and deep visibility.
SentinelOne Singularity Cloud Security maps any threat or incident with all the applicable MITRE ATT&CK techniques and also provides behavioral detection. This would be useful when an endpoint has a zero-day threat involved in the incident, as it will have better detection because of the behavioral detection engine and dynamic detection engine. The mapping of the MITRE ATT&CK techniques provides deep understanding of what the threat actor is trying to do.
Meantime threat response is quite fast. There is no doubt about that. The reason we are migrating to Defender from SentinelOne Singularity Cloud Security is not because of the cost or features. It is just a managerial decision taken in order to save money as we are already having some other tooling with different licensing. There is no doubt that the MTTR and MTTD are quite great in SentinelOne Singularity Cloud Security and it is quite effective in detecting threats and responding to incidents effectively.
SentinelOne Singularity Cloud Security has a dynamic and behavioral detection engine which examines the files based on their behavior and tries to map it with the MITRE ATT&CK techniques. Even if there is a zero-day threat, it would be able to detect it because of its behavioral detection capabilities.
What needs improvement?
Pricing is on the higher side. I would rate it at seven or eight.
The price is high, and of course it could be lower. The market is changing and SentinelOne Singularity Cloud Security has a very good competitor in Microsoft Defender. SentinelOne Singularity Cloud Security should innovate more and come up with features which clearly justify the purchase if someone is already having Microsoft Defender inbuilt with Microsoft 365 licensing. Suppose my organization is moving to Defender because they already have Microsoft Defender in E5 licensing and opted for it in order to save money that was being spent on SentinelOne Singularity Cloud Security. SentinelOne Singularity Cloud Security should come up with innovative and new features that justify organizations staying with SentinelOne Singularity Cloud Security and not opting for a Defender-solution.
I would not say the functionality was missing. However, for example, Defender provides correlations from an identity perspective. In SentinelOne Singularity Cloud Security, the identity module was available, but it needed to be purchased separately and did not come with the base licensing.
SentinelOne Singularity Cloud Security should include the identity module in their base subscription so that their value gets increased. Nowadays the threats are evolving and moving towards identity-based attacks. If a customer has to purchase an identity module of SentinelOne Singularity Cloud Security separately, they will get hesitant because their competitor, Microsoft Defender, is providing that for free in their base subscription. SentinelOne Singularity Cloud Security must work on their subscription pricing in order to stay relevant in the market.
For how long have I used the solution?
I have been working with SentinelOne Singularity Cloud Security for five years.
What do I think about the stability of the solution?
Stability is a benchmark at ten, and I would rate it at eight.
What do I think about the scalability of the solution?
Scalability is also eight because it can be easily scaled up if more endpoints need to be covered. They just have to have the agent installed on them and the license should have that many seats.
How are customer service and support?
The technical support is acceptable, and I would rate it at eight.
Which solution did I use previously and why did I switch?
In the company where I work as a security engineer, we used to have SentinelOne Singularity Cloud Security in our environment, but the company has decided to migrate to Microsoft Defender. The reason is managerial, not technical. The migration is in process and we will soon stop using SentinelOne Singularity Cloud Security and use Microsoft Defender instead.
How was the initial setup?
The deployment is much justified as it is a cloud-based setup.
SentinelOne Singularity Cloud Security is a separate endpoint security technology. It does not come or integrate with other platforms such as email platforms or cloud platforms. Because it is a separate technology, the deployment is not particularly tough.
What's my experience with pricing, setup cost, and licensing?
If you want a comparative score, it will not be good because Microsoft Defender is coming as a free offering in the Microsoft E5 licensing. Whichever organization is having E5 licensing of Microsoft Office 365 is literally getting Defender for free. If they were using SentinelOne Singularity Cloud Security or CrowdStrike and are already having Microsoft E5 licensing, then this move will save a lot of money from their security budget. SentinelOne Singularity Cloud Security has aggressive pricing, but they will get an equivalent product or maybe better in the Windows environment. If they use Microsoft Defender, they will get correlation from Microsoft Defender for Identity , for cloud, for cloud apps, for endpoints, and Microsoft Entra ID and Active Directory. Threat intelligence and correlation would be better because most organizations are using Microsoft Office 365 , so they will get two things if they use Microsoft Defender.
The first benefit is that they would not have to spend a lot of money on an endpoint security tool separately, because they will get the Defender endpoint security suite for free as they already have the E5 licensing. It comes with E5 licensing, so no additional money. Suppose an organization is spending ten thousand dollars on SentinelOne Singularity Cloud Security; if they were having Microsoft 365 E5 licensing, they would just straight save ten thousand dollars. The spending will come from ten thousand dollars to directly zero, as the license is already included in E5.
The second thing is that the threat intelligence will be enriched due to Microsoft Office 365 having various products such as Entra ID and Azure resources. Microsoft Defender integrates by default with all those Microsoft toolings, so the threat intelligence would be much enriched as compared to SentinelOne Singularity Cloud Security.
Which other solutions did I evaluate?
In the company where I work, we are migrating from SentinelOne Singularity Cloud Security to Defender.
I am using it, but it will soon go away from the organization where I work.
Microsoft Defender is the alternate solution.
What other advice do I have?
My recommendation depends upon the budget, client expectation, and their existing security stack.
Ranger is a module in SentinelOne Singularity Cloud Security which scans all the network and determines the OS, whatever devices there are, their OS, and their versions.
Integration is acceptable, neither easy nor tough.
I would rate this review at eight overall.
KetanPatel7
Advanced rollback and AI-driven insights have protected endpoints and simplified security operations
Reviewed on May 19, 2026
Review provided by PeerSpot
What is our primary use case?
I have recently used SentinelOne Singularity Cloud Security . We also have the CrowdStrike EDR tool, which is similar to SentinelOne Singularity Cloud Security and other EDR solutions. We used the CrowdStrike tool two to three months ago.
What is most valuable?
We can check multiple types of alerts and triggers, and we can analyze these. There are many types of functions such as Kill, Quarantine, and remediate rollback types of features, which we can use for client safety.
The rollback feature is the best feature because it is only used in SentinelOne Singularity Cloud Security. We have used multiple types of EDR, but the rollback feature is unique to SentinelOne Singularity Cloud Security. When many types of attacks happen in an organization, the rollback feature deletes all types of malicious files and other malware-type files and completely cleans your system. This feature is very interesting according to me.
SentinelOne Singularity Cloud Security provides many types of features such as Kill and Quarantine, which are very interesting features for security operations. There are deep visibility features, and Purple AI is also one of the best features. It is easy for security operations and incident response. We can check log analysis with the help of deep visibility, and any types of attacks, malware, and phishing attacks are detected by SentinelOne Singularity Cloud Security. Many types of security operations can be tracked and observed with the help of SentinelOne Singularity Cloud Security.
Purple AI is one of the interesting features in SentinelOne Singularity Cloud Security. Deep visibility is one of the best features in SentinelOne Singularity Cloud Security. You can find any types of logs and any types of devices through searching portals, similar to Google search. It gives you information regarding this. With deep visibility, you can search for any name. For example, we can search for any name and check what is happening with that person's laptops, what USB is connected or disconnected, and whether the network is connected or not. This is with the help of Purple AI.
What needs improvement?
According to me, there is one thing I dislike, which is the dashboard. SentinelOne Singularity Cloud Security does not provide a custom dashboard according to our mindset. There are more types of EDR that give custom dashboards, but SentinelOne Singularity Cloud Security does not provide the custom dashboard. This is the only area for improvement.
For how long have I used the solution?
I have been working in my current field overall for the last five years, but I have used SentinelOne Singularity Cloud Security for the last two years.
What do I think about the stability of the solution?
We do not observe any lagging or crashing.
What do I think about the scalability of the solution?
There is low maintenance because it is a cloud platform. It is very low maintenance according to my experience. We can observe our organization, and it is very low maintenance for small organizations. They can easily maintain this.
How are customer service and support?
Technical support is the best for my side. We can raise any ticket for help from the OEM side. It gives a 10 to 15-minute reply, and for anything that is emergency, they schedule a call and solve our problems. According to me, the technical support is good. I give them 10 out of 10 for technical support.
Which solution did I use previously and why did I switch?
SentinelOne Singularity Cloud Security provides the most features compared to other EDRs, and it is easy to understand. The features are very compact in SentinelOne Singularity Cloud Security, not vast types of features. It is easy to understand for both any fresher or any experienced person. The integration part is also easy compared to other EDR solutions. Newly joined persons can also integrate this because the steps are very easy. According to me, SentinelOne Singularity Cloud Security is the best compared to other EDR devices.
How was the initial setup?
It is easy. Any person newly joined or not belonging to the IT field can follow the steps very easily according to me. The integration parts do not require more types of servers and anything. It is very easy to deploy, and the installation part is also good. There is only one to two minutes installing SentinelOne Singularity Cloud Security agent in each and every endpoint. I think this is the best for SentinelOne Singularity Cloud Security.
What about the implementation team?
Our organization is an MSSP , not a client. We provide the license about our client base. We manage multiple clients through the MSSP portal. We also manage and resell. We provide this license for SentinelOne Singularity Cloud Security and also we manage. There are 8 to 10,000 agents installed on our client side. We manage around 20 to 30 clients, and there are 8 to 10,000 endpoints installed with SentinelOne Singularity Cloud Security on the client side.
What was our ROI?
Overall, I give it a 10 out of 10 because SentinelOne Singularity Cloud Security is the best for me. We have used multiple types of EDR, but SentinelOne Singularity Cloud Security provides the best features for our organization and client organization to safely do any activity or go to internet sites, which is why we can give 10 out of 10.
What's my experience with pricing, setup cost, and licensing?
The pricing is basically not very low and very high. It is in the middle range for easy buying for any small organization and big organization. According to me, it is the best price for the EDR. We can check multiple types of EDR, and their prices are so high, but SentinelOne Singularity Cloud Security is not. SentinelOne Singularity Cloud Security is not lesser and not more. It is in the middle range of price.
Which other solutions did I evaluate?
SentinelOne Singularity Cloud Security has multiple types of policies. One of them is the offensive security. There are also behavioral policies and static AI policies and suspicious policies. There are 10 to 11 types of policies. Anything that triggers the alerts belongs to these policies, which happen through behavioral analysis and offensive security analysis. There are multiple types of policies. Any alert triggered in SentinelOne Singularity Cloud Security comes with the help of these policies.
What other advice do I have?
I have been using this solution overall in my career for the last two years.
There is an AI-based feature. You can create any use case according to our side. Many organizations are not using RDP tools such as AnyDesk or TeamViewer . Most organizations do not allow these features. At that time, the AI gives you the most types of generated codes. With the help of this code, you can create according to your side for creating any custom rules to keep your organization and clients secure.
I give this solution a 10 out of 10 rating.
Danish Ansari
Rapid threat response has reduced client infections and supports real-time endpoint monitoring
Reviewed on May 14, 2026
Review provided by PeerSpot
What is our primary use case?
SentinelOne Singularity Cloud Security is an EDR product that we utilize. We operate as an MSSP and provide services to 25 to 30 customers. We manage SentinelOne Singularity Cloud Security with 30 to 40 people and have installed the agent on a total of 8,000 to 10,000 endpoints across our client side. Our team of 30 to 40 people continues to use it.
What is most valuable?
The most valuable features of SentinelOne Singularity Cloud Security are the deep visibility, real-time monitoring, and real-time threat detection. These features benefit both our customers and our organization significantly.
We have reduced client response time to 10 to 15 minutes. Early response prevents client infections and the kill and quarantine features are the most important in SentinelOne for reducing attacks.
SentinelOne Singularity Cloud Security has helped streamline our security operations because it is a fast tool. The threat detection time has improved and there are more features available, such as deep visibility, which allows us to check raw logs and user connectivity. We can check user activity per second, and this information helps customers make purchasing decisions.
What needs improvement?
One area for improvement is that the dashboards are not customizable. You cannot create dashboards according to your understanding as they are default dashboards in SentinelOne. Other tools such as CrowdStrike and Splunk allow you to create dashboards based on the number of incidents that happened and what types of alerts you can watch, allowing multiple changes according to your needs. SentinelOne does not provide these types of features, so I believe it could improve in this area.
For how long have I used the solution?
I have been using SentinelOne Singularity Cloud Security for the last 2 to 2.5 years.
How are customer service and support?
I rate the technical support a 10 out of 10 because we can raise any ticket to OM and they respond very quickly, typically within 10 to 15 minutes.
Which solution did I use previously and why did I switch?
We have used CrowdStrike for approximately 7 to 8 months, around one year. The main difference between them is that CrowdStrike generates alerts on a slower basis, while SentinelOne Singularity Cloud Security detects alerts on machines quickly, catching them faster than other devices. The kill and quarantine feature, along with the rollback feature, is the best in SentinelOne.
We checked CrowdStrike multiple times and while both have their merits, the process of SentinelOne Singularity Cloud Security is superior for our needs. We installed test malicious files on two endpoints and SentinelOne Singularity Cloud Security detected alerts multiple times faster than CrowdStrike.
What's my experience with pricing, setup cost, and licensing?
SentinelOne Singularity Cloud Security is neither cheap nor cost-inefficient; it is in the middle range. While there are more expensive EDR tools available, SentinelOne Singularity Cloud Security is not very costly. It is easy for an organization to purchase for helping the client side.
What other advice do I have?
The solution was purchased through a partner project.
The built-in integrations are straightforward. Smaller franchises can also integrate it in a short time, as you can install the agent on one endpoint in a maximum of two to three minutes. The integration level is easy and smaller organizations can manage it.
We have used Purple AI for threat investigation because with Purple AI , you can use deep visibility. It allows you to check how many people are using tools such as AnyDesk and RDP by creating queries that can be pasted into deep visibility. This gives us details of whether agents are installed or not. Unlike deep visibility alone, Purple AI provides the command to help us run queries and trace multiple activities effectively.
There are a total of 11 types of engines in SentinelOne Singularity Cloud Security. These engines generate multiple alerts, enabling us to analyze them easily and trace the types of alerts and their footprint, aiding in effective scanning and monitoring.
Drift detection impacts our ability to detect unexpected processes or behaviors because the engine generates alerts based on 11 types of engines, which we can analyze and raise to the client in about 10 to 15 minutes. For instance, when detecting a malicious executable that appears harmful, we recommend to clients to delete them from their sites and we can also kill and quarantine these threats.
I would recommend SentinelOne Singularity Cloud Security to other users because there are many types of features available and it is compact in its offerings. Although many EDR solutions have numerous features, SentinelOne Singularity Cloud Security provides a compact feature set that is easy to understand, even for newcomers. Additionally, its full disk scan features, installation, and uninstallation are quick, taking a maximum of two to three minutes, and the integration is also reasonable for small MNCs and organizations on a budget.
I have IT experience of about 2.5 years from my first company job and we have been using SentinelOne Singularity Cloud Security for the last 2.5 to 3 years. I rate this solution 10 out of 10 from an overall perspective.
Rohit Jaiswar
Automated detection and swift MDR response have protected client endpoints from real threats
Reviewed on May 05, 2026
Review from a verified AWS customer
What is our primary use case?
The purpose of using SentinelOne Singularity Cloud Security is for endpoint security. We have deployed its agents on our client side to catch and quarantine any malicious script or malicious file identified, then we identify and quarantine it at the point of attack to safeguard our clients.
Although we can identify IOCs from SentinelOne Singularity Cloud Security , we provide quite a good vulnerability assessment report to our clients.
We are working with SentinelOne Singularity Cloud Security and we are providing MDR services to our clients.
What is most valuable?
The best features in SentinelOne Singularity Cloud Security are that it is user friendly and its user interface is very easy to understand. The biggest benefit that customers often mention is that its automation and threat detection are very impressive compared to other XDR solutions. Its auto-remediation rule feature and setup provide a very fast response, and the rollback capability outperforms many different solutions.
SentinelOne Singularity Cloud Security detects threats in real-time scenarios. At the point it detects any threat or malicious script running in the background, it notifies us so we can take action accordingly. If it is malicious, then we report it to the client. If it is a false positive, then we take action accordingly and fine-tune it by making appropriate changes in the rule.
It does help save time because as it is detecting in real time, it is very reliable. The average detection and response time is 15 minutes. We can take very quick action if any alert has been generated. Our average SLA is 15 minutes only. We respond very quickly; the moment SentinelOne Singularity Cloud Security detects any threat, we take action on it.
What needs improvement?
Creating a customized dashboard would have been better. There are default dashboards created on SentinelOne Singularity Cloud Security that we are using particularly, and it could have been better if we could customize them.
It sometimes produces a high number of false positive alerts. The resource consumption including CPU and disk usage gets very high at that point. It can work on reducing false positives as well.
Although integration is not my part, we can integrate it into any cloud platform or any other product. We feel it is very straightforward to integrate any other products with it.
For how long have I used the solution?
I have been using the solution for the past almost two years, deploying it in multiple client tenants.
What do I think about the stability of the solution?
SentinelOne Singularity Cloud Security is a very stable solution. We have not experienced any downtime as of now. It is very reliable.
What do I think about the scalability of the solution?
SentinelOne Singularity Cloud Security is very scalable. We can scale up and scale down as per our requirement. It depends upon what we need and what we have to deploy in our client. If our client is a bigger organization, then we scale up as per our requirement.
How are customer service and support?
I would rate the support a 10 out of 10.
Which solution did I use previously and why did I switch?
We have used other products for the same solution as SentinelOne Singularity Cloud Security, for SOAR and different other products. Other products are especially difficult to understand first of all. SentinelOne Singularity Cloud Security is much more reliable and an easy-to-learn tool. We can rely on it for security purposes. It catches any incident that happens, and we have several examples in our infrastructure. Recently, some ransomware happened on our client's side, but SentinelOne Singularity Cloud Security identified the source from where the attack originated and reported it to the client.
However, the client's problem was that they did not take any real-time action on it; therefore, the attack happened. There are different examples where SentinelOne Singularity Cloud Security has been very useful and captured these events well, compared to other products we are using that could not capture them, but SentinelOne Singularity Cloud Security did.
We can rely on it when it comes to security purposes.
What about the implementation team?
We are a team of six to eight people working with different roles and responsibilities.
What's my experience with pricing, setup cost, and licensing?
The costing is not that expensive compared to other solutions. They are very aggressive regarding the pricing module compared to what Microsoft and other CrowdStrike are providing. This is quite a bit better than any client could ask for. We can scale up and scale down, and its cost depends upon the per device basis, or in simple terms, per agent we have deployed at the endpoints.
What other advice do I have?
These are enterprise businesses.
Maintenance means we have to get connected with the OEM from time to time to patch any updates. If SentinelOne Singularity Cloud Security has any newer version, then we have to stay connected with the OEM.
We can use public cloud, private cloud, or hybrid cloud. We can deploy through AWS .
SentinelOne Singularity Cloud Security does streamline operations. We can deploy use cases as per our need. We can add any custom rule on our client's requirement. It depends on the requirement.
We scan our client's endpoints from time to time on the servers, desktops, or laptops. By doing so, the scanning sometimes generates quite a higher amount of false positive alerts. However, the scanning helps us identify if there are any vulnerabilities or exploits in the desktop, laptop, or server. There is a drawback in that it does generate a high number of false positives, but it is great from a security perspective because we get to scan every bit of file in the server, laptop, or desktop at any endpoint.
For AI workloads, we have been using Purple AI in SentinelOne Singularity Cloud Security. Although I have had limited experience with it, it gives us different features including a co-pilot feature wherein we can use a pull-down menu to identify based on the IOCs present in our client's endpoint with retrieval time. The retrieval time is very fast compared to other features it has, and the co-pilot feature is certainly faster compared to other features. I have had hands-on experience with Purple AI only.
I would give this solution an overall rating of 9 out of 10.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)