Sold by: SentinelOne
Deployed on AWS
Free Trial
AWS Free Tier
Block attacks and secure your entire cloud with SentinelOne Singularity Cloud Security, an AI-powered CNAPP providing deep visibility and robust, real-time protection to defend your AWS environment from initial access to mission target. It unifies proactive exposure management, and real-time protection to safeguard your AWS infrastructure, workloads (VMs, containers), and data with AI-powered detection and automated response. Try Cloud Security for free!
4.6
Overview
Video
Detect and Block an Attack in Under 1 Minute
Video
Cloud Native Security Overview
Block attacks and secure your entire cloud environment with SentinelOne Singularity Cloud Security, a comprehensive, AI-powered Cloud-Native Application Protection Platform (CNAPP). Our platform provides deep visibility and robust security from build time to runtime, with all security findings natively integrated into the Singularity Data Lake for investigation and custom detection. Safeguard your AWS cloud infrastructure and workloads against modern threats with our unified, real-time protection.
Our Comprehensive AI-Powered CNAPP is comprised of three key products designed to secure your entire cloud stack:
- Our agentless Cloud Native Security provides proactive exposure management capabilities that prevent attackers from gaining a foothold in your AWS environment with:
Offensive Security Engine: Reduce your cloud attack surface by simulating external exploits to produce Verified Exploit Paths to prioritize the expsoures that are truly reachable by an outside attacker.
Cloud Security Posture Management (CSPM): Continuously monitor and manage the security of your AWS configurations to prevent public exposure and ensure compliance.
Secrets Scanning: Identify more than 750 types of secrets across public and private repositories.
Cloud Infrastructure Entitlements Management (CIEM): Detect and manage excessive or unused permissions to mitigate the risk of privilege escalation.
Infrastructure as Code (IaC) Scanning: Scan and secure your IaC templates and images, including secrets and vulnerabilities, before deployment.
Cloud Detection and Response: Leverage our AI SIEM and forensics capabilities for advanced threat hunting and rapid incident response across your cloud.
- Cloud Workload Security is a real-time, AI-powered Cloud Workload Protection Platform (CWPP) for servers, virtual machines (VMs), and containers across public and private clouds. Built for the modern cloud, it helps you:
Detect and Stop Threats: Automatically stop runtime threats like ransomware, zero-days, and fileless attacks in real time without performance impact.
Accelerate Threat Hunting: Gather forensic data and telemetry for deep, comprehensive threat hunting and analysis.
Ensure Stability: Experience unmatched stability and performance without kernel panics, thanks to our lightweight, patented agent.
- Cloud Data Security provides AI-powered malware detection for cloud object storage, including Amazon S3 and file storage services like Amazon FSxN and NetApp. This product ensures that your data is always protected:
Real-Time Scanning: Detect malware, including zero-days, in milliseconds with scanning done directly in your own cloud environment.
Automated Action: Take immediate, automated action against threats, including quarantine and encryption.
AI Model Protection: Safeguard your AI models and pipelines deployed on services like Amazon SageMaker and Amazon Bedrock with our AI Security Posture Management (AISPM).
Additional SentinelOne integrations with AWS Services:
AWS CloudTrail: SentinelOne ingests AWS CloudTrial activity logs to identify and remediate cloud misconfigurations. By analyzing API and resource changes in real time, SentinelOne uncovers suspicious behaviors like unauthorized IAM change that create security gaps.
AWS Security Hub: Consolidates SentinelOne's deep security findings and context into AWS Security Hub for a single pane of glass and automated, high-fidelity response.
AWS Config: Uses AWS Config data to provide continuous compliance monitoring, track configuration changes over time, and ensure your cloud assets remain secure and auditable.
Amazon GuardDuty: Enriches Amazon GuardDuty's network and account-level threat detections with SentinelOne's detailed workload telemetry for more accurate correlation and faster threat hunting.
Get started
Verify exploitable risk and stop runtime threats with the most comprehensive and integrated CNAPP solution today. Simply click on the Request private offer button on this page to begin your procurement process.
Highlights
- Unified Visibility: Powered by Singularity Data Lake and Purple AI, customers can have a complete view of their security issues across endpoint, identity, and cloud
- Attacker's Mindset: Prioritize cloud health and remediation with evidence-based Verified Exploit Paths™ from code to multi-cloud environments.
- AI-Powered Threat Detection and Protection: Secure cloud and container workloads with real-time protection and forensic visibility.
Details
Sold by
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Access real-time vendor security and compliance information through their Trust Center powered by Drata. Review certifications and security standards before purchase.
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Pricing available upon request. | Contact SentinelOne for custom pricing. | $20,000.00 |
Vendor refund policy
No refunds are available for this solution.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Support is available for this solution. For custom pricing contact sales@sentinelone.com .
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Unlock enterprise-wide security for your AWS environment with SentinelOne Singularity Platform. This AI-powered solution provides real-time threat detection and automated response across your infrastructure, ensuring continuous protection at infinite scale. By autonomously securing endpoints, cloud workloads, and identity, SentinelOne delivers total visibility while eliminating security silos. Integrate seamlessly with AWS and leverage our unified data lake and Purple AI to accelerate investigations and gain deeper insights. Secure your AWS cloud and focus on innovation with the speed and efficiency of AI.
Purple AI Model Context Protocol (MCP) Server provides secure, seamless integration between the Singularity Platform and any AI framework or large language model. Acting as a universal translator and intelligence hub, it empowers developers and partners to build custom agentic AI experiences powered by the full context and analytics of the SentinelOne platform. The open-source Purple AI MCP Server is available today on GitHub and will also be deployable as an EKS and through Amazon Bedrock, using Agent Core. Users will need to have an active deployment of SentinelOne console and be able to obtain the SentinelOne Singularity Console token and url to be able to deploy and use the Purple AI MCP server.
SentinelOne Singularity AI SIEM revolutionizes your security operations on AWS. Eliminate the skyrocketing ingestion costs and data overloads of legacy SIEMs by utilizing Observo AI to filter data volumes. This provides a deeper, richer dataset, enabling smarter and more accurate detections, accelerated generative AI investigations, and precise responses with Singularity Hyperautomation. AI SIEM is fundamentally shifting the role of security analyst from manual, repetitive tasks to strategic defense. Empower your team to accelerate investigations and mitigate critical risks with a fast, scalable, and intelligent SIEM built for the Autonomous SOC.
Empower your organization to safely and securely embrace AI.
Customer reviews
Marcelo Simoes
Unified security platform has improved threat visibility and supports swift incident response
Reviewed on Apr 27, 2026
Review provided by PeerSpot
What is our primary use case?
My main use case for SentinelOne Singularity Cloud Security is the implementation inside of IT Brazil for around 100 users.
I use SentinelOne Singularity Cloud Security day-to-day by having a team look at the SentinelOne Singularity Cloud Security platform to monitor our equipment and environment, and we also use SentinelOne Singularity Cloud Security to block USB ports, which are the main uses here in Brazil.
Our team relies on SentinelOne Singularity Cloud Security for both threat detection and response, though it does not happen very frequently. We keep our eyes on the application within the platform, and when it occurs, we connect SentinelOne Singularity Cloud Security with our ITSM in the cloud.
SentinelOne Singularity Cloud Security supports our operations as we are using the platform for control.
What is most valuable?
The best features that SentinelOne Singularity Cloud Security offers include the ability to see the path of how malware contaminates equipment, allowing me to follow the entire path to mitigate problems.
This visibility helps my team by being very useful when we talk about threats; we can see the complete path from the start of a malware attempt, and we can run a remote search tool, making it very useful.
The API integration is very helpful for our platforms, including the ITSM I mentioned earlier, and I believe the API connection between platforms is very useful.
SentinelOne Singularity Cloud Security has positively impacted my organization through the ease of use of the tool and the protection that it provides.
When I mention the protection that comes with using SentinelOne Singularity Cloud Security, I find that the ease of detection is very fast in our platform, especially in our ITSM. We enter the SentinelOne Singularity Cloud Security platform and search for anything related to malware directly on the computers, ensuring that nothing passes through SentinelOne Singularity Cloud Security EDR.
What needs improvement?
Currently, I have nothing to suggest for improvements to SentinelOne Singularity Cloud Security; we are very happy with the tool.
If I had to imagine one thing that could enhance my experience with SentinelOne Singularity Cloud Security, I would pick an easier way to view or follow the XDR platform, as I had some difficulties with it in the past.
I think that training would be beneficial for using the XDR , as we have a lot of information available there.
For how long have I used the solution?
I have been using SentinelOne Singularity Cloud Security for two years.
What do I think about the stability of the solution?
SentinelOne Singularity Cloud Security is stable.
What do I think about the scalability of the solution?
Scaling within SentinelOne Singularity Cloud Security is very easy; if we acquire more licenses, the platform automatically distributes them to our equipment.
How are customer service and support?
Customer support is very good; we opened a few tickets in the last month and received everything we needed from the support team.
Which solution did I use previously and why did I switch?
We previously used Microsoft Defender and switched because it is not an advanced EDR, leading us to change to SentinelOne Singularity Cloud Security.
Before selecting SentinelOne Singularity Cloud Security, we evaluated other options such as Sophos and CrowdStrike, finding CrowdStrike to be very expensive and Sophos not meeting our requirements.
What was our ROI?
I believe we have seen a return on investment, particularly in terms of money saved compared to another tool.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing is good; the setup is very easy, and the license is per equipment, so it feels fair.
One noticeable benefit is that SentinelOne Singularity Cloud Security is cheaper than other tools available in the market.
What other advice do I have?
I do not have anything else to add about my main use case or how SentinelOne Singularity Cloud Security fits into my workflow.
The unified platform experience certainly helps streamline our security operations, making things easier for my team.
In terms of adaptability to new and unknown threats, I believe SentinelOne Singularity Cloud Security is the tool I have used the most, and while I cannot compare right now since I have only used CrowdStrike once, I find SentinelOne Singularity Cloud Security easier to use than CrowdStrike.
I was not aware of the possibility to use an Offensive Security Engine, but I will seek more information on it.
Having built-in integrations that unify various aspects of cloud security is very significant for my team, as it makes everything easier to manage.
I advise others looking into SentinelOne Singularity Cloud Security to check the ease of usage of the tool, as the platform is very helpful and the protection it provides is truly exceptional. I have given this review a rating of 10.
Randall D.
Easy Deployment, Seamless RMM Onboarding, and Great Value
Reviewed on Apr 23, 2026
Review provided by G2
What do you like best about the product?
Ease of managing and integrating and deployment of endpoint agent. No impact to the client. Onboarding was integrated with my existing RMM.
Pricing was WAY cheaper than the prior EDR agent
Pricing was WAY cheaper than the prior EDR agent
What do you dislike about the product?
Struggling with Log ingestion with with Entra but have a ticket in for that. Otherwise seems to be moving along well and intregrates with all other systems
What problems is the product solving and how is that benefiting you?
The current issue that I am having is with the log ingestion and Entra. There is a ticket in place and they have been working with me to resolve this issue. KB Articles and suggestions
Sreeraj Mohandas
Consolidated cloud security has reduced manual work and has automated vulnerability remediation
Reviewed on Apr 23, 2026
Review from a verified AWS customer
How has it helped my organization?
My customer saw benefits from using SentinelOne Singularity Cloud Security as we are able to actually fix the vulnerabilities. There are many infrastructure components that need to be properly patched. We have a hybrid platform with hyper-scaler components. My customer is into hyper-scaler environments, and there are many aspects that need to be properly patched. We have plenty of cloud native applications that have been hosted in both AWS and Azure . Governing all of this requires many employees to govern it. When we implemented SentinelOne, the team was shortened from 25 people to only 15 or 16 people. This reduction occurred because of the consolidated platform and all the vulnerabilities showing up in the console have been automatically patched. The vulnerabilities automatically go to the SIEM and are patched by the application team, and the vulnerabilities in the cloud are patched by the cloud department. This was much easier because the integration with the SIEM , which was LogRhythm on premise, was much easier than Trend Micro. Trend Micro would have required syslog servers, but SentinelOne only had three or four steps and just connected to the log server. LogRhythm was able to easily fetch the logs from it.
The role of SentinelOne's secret scanning feature is very important in tightening my company's cloud hygiene. In an infrastructure where there are hybrid cloud and different vendors of cloud such as AWS and Azure , maintaining both clouds and having a resource pool with the skill set of AWS and Azure is very difficult. After implementing CSPM, I could have a vulnerability management system under one roof where I could take the misconfiguration of Azure and AWS at the same place and get it done by a limited amount of users. SentinelOne CSPM knows how AWS configuration and Azure configuration work, so I can know about it and fix it all in one place. SentinelOne has eased the process of finding vulnerabilities in each cloud platform. I have vulnerability visibility for every tenant that I have hosted in different cloud hosting platforms, and it has eased my work of fixing the vulnerabilities.
The impact and effectiveness SentinelOne had in managing cloud identities and enforcing least privilege is evident in an incident where SentinelOne helped us. There were some identities which did not have two-factor authentication. In fact, they were not even linked to our Active Directory. It turned out that the cloud infrastructure had some identities from the company which implemented that cloud. We were able to find accounts which were not supposed to exist in the cloud infrastructure because it mapped itself with the Active Directory and fetched all the users who actually need access to the AWS server. We found out that these two users were not in there, identified the anomaly, and deleted the identities from the cloud platforms.
What is most valuable?
My experience includes implementing SentinelOne Singularity Cloud Security, specifically the Cloud Singularity as a marketplace for AWS and Azure. I only have to connect the connectors from the marketplace, and as soon as I get the license, I can deploy it from the marketplace and start using it. The deployment phase was actually easy when I connected with the connectors from AWS and Azure marketplace.
I compared Trend Micro and SentinelOne Singularity Cloud Security with two POCs for both of them. SentinelOne was at the higher price end, but my customer and the management opted for it because of the integrity and the better coverage. The ease of deployment mechanism in SentinelOne is not present in Trend Micro. In Trend Micro, for each cloud platform, such as AWS, I need to have another localhost web URL to access that particular dashboard. In SentinelOne, I can manage everything under one particular URL and there are different functions to it. I can easily navigate to any dashboard that I require, so the ease of using SentinelOne was easier than Trend Micro. The better coverage and easy deployment is the second part. Trend Micro had some manual intervention required and an extra server needed to be a jump server for all the traffic to be passed. SentinelOne had both on-premise and cloud options, which was another plus point for the customer.
In Cloud Singularity , there is a cloud native application, and in that, there is CSPM. We also used to have CWSPM. In CSPM, we only used to get the vulnerabilities in the cloud configuration, just the misconfiguration. In SentinelOne CWSPM, the attack map and the graph that it created inside the dashboard gave me a better idea for myself and the management to fix the most vulnerable issues. There might be some vulnerabilities with a higher risk rate, but some CVE IDs with lesser risk rate could have caused major damage to the company's infrastructure than the CVE with the higher risk end. The attack graph which CWSPM showed in SentinelOne was the best thing I have come across because it gave me a better visibility of the whole infrastructure and what vulnerabilities can be impactful and more critical to any customer.
SentinelOne's runtime protection is lightweight. I would say it is very lightweight and it does not even feel that I am running a SentinelOne agent in the systems. Compared to Checkpoint EDR, SentinelOne is a lot better because the Checkpoint agent takes a major chunk of the RAM of the desktop. SentinelOne barely takes around 25 MB of the RAM, so it is very easy and lightweight.
Regarding SentinelOne Singularity Cloud Security advanced SIEM capabilities, we had log servers. There were only EDR part and the CSPM, and it actually created the attack graph matrix and created it as a SIEM. We have actually used it. The logs are very much in real time and the false positive was less compared to the LogRhythm ones.
What needs improvement?
I elaborate on my rating of SentinelOne support by mentioning that there was some time where the troubleshooting took a longer time. In fact, there were many meetings going on. The availability of the document on the internet is on a lesser side because as an engineer, I would want to know about the troubleshooting aspects of this particular tool. When I am facing a customer, I do not prefer to bring the vendor to every call and try to resolve it, as it takes months and months. It would be better to have a training session with the engineer on site to explain and train properly. This is not the case with SentinelOne, so this is the only thing I have a complaint about.
I do not have any other room for improvement to suggest within SentinelOne itself. However, I would really want the AI assistant for the threat hunting part to be more accessible. They have it, but they are making it licensed, so it is a bit on the higher end.
What do I think about the stability of the solution?
Regarding stability and availability of SentinelOne Singularity Cloud Security, it has been on and stable every time I have opened it. There are no issues for me with respect to the availability of it, so it is going good.
What do I think about the scalability of the solution?
SentinelOne Singularity Cloud Security scalability does grow well with the growing needs of my company and my client's company. We are trying to make every other component SentinelOne so that we can have a better attack map walkthrough and have clearer visibility for where the attack can be associated with. We are trying to replace whichever security solutions are necessary to create a consolidated attack map vector which we call the Singularity, the Cloud Singularity, so that everything comes under one and we can get a better overview of all the vulnerabilities and fix it accordingly.
How are customer service and support?
Regarding the level of support I am getting from SentinelOne, I would rate it a seven out of ten.
Which solution did I use previously and why did I switch?
Since switching to SentinelOne, I have been able to eliminate three tools or solutions. The first was Trend Micro EDR, which SentinelOne replaced. The second one was Tenable Synapse , which we replaced with CSPM from SentinelOne. The third one was the SIEM LogRhythm.
Which other solutions did I evaluate?
I compared Trend Micro and SentinelOne Singularity Cloud Security.
What other advice do I have?
SentinelOne CSPM also eliminates misconfiguration on its own after one approval, which is a very good thing that I actually liked about SentinelOne CSPM.
The rating of nine is because of some false positives that I found recently. There was some misconfiguration from cloud servers which I thought was not necessary. That is the one point that I reduced for. They can improve, but they are better than other solutions, which is the reason it received a nine and not a ten.
If someone is considering and evaluating SentinelOne Singularity Cloud Security, I want to advise them to opt for SentinelOne because if you want integrity and faster driven insights on your whole infrastructure, you should really opt for SentinelOne because it has ease of access, easy deployment, and you would require only fewer engineers to deploy it because it is not a big Checkpoint level complex integrity that you have to do in SentinelOne. I gave this review an overall rating of nine out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Rakesh Das
Unified cloud security has reduced alert fatigue and improves response with AI-driven protection
Reviewed on Apr 19, 2026
Review from a verified AWS customer
What is our primary use case?
I have been using SentinelOne Singularity Cloud Security for the last two years.
My main use case for SentinelOne Singularity Cloud Security is Cloud Security Posture Management, cloud data security, and unified visibility.
A specific example of how I use SentinelOne Singularity Cloud Security for cloud data security management is with cloud object storage such as Amazon S3 .
I continuously monitor and audit my environment for misconfigurations as part of my main use case for SentinelOne Singularity Cloud Security.
What is most valuable?
The best features SentinelOne Singularity Cloud Security offers in my experience are cloud Open-Sip Security Engine and a very tight expert path, as well as AI-powered runtime protection. This feature provides clear evidence of exploitability, allowing security teams to focus on fixing critical issues rather than chasing noise and false positives. It uses behavioral AI to detect ransomware, zero-day exploits, fileless attacks, and NDR attacks.
For visibility, SentinelOne Singularity Cloud Security has a Singularity Data Lake, where telemetry from cloud workload endpoints identifies into a single repository for rapid querying and analysis. It also has Graph Explorer, which visually maps the relationships between cloud assets, endpoints, and identities to help analysts understand the blast radius and root cause of the incident. It correlates related events into a single storyline, providing full historical context for deeper forensic analysis.
SentinelOne Singularity Cloud Security positively impacts my organization by reducing alert fatigue and decreasing false positives. The platform allows security analysts to focus strictly on actionable, verified risk rather than manual triage. It also provides faster response times, helping my organization see a reduction in mean time to respond and mean time to detect. It includes autonomous resolutions and eliminates blind spots, providing unified visibility across multi-cloud environments, endpoints, and enterprise risk, reducing the likelihood of major security incidents.
What needs improvement?
In terms of improvement for SentinelOne Singularity Cloud Security, users and industry analysts identify several areas where the platform can be enhanced, including administrative setup experience and operational tuning and performance.
The user interface of SentinelOne Singularity Cloud Security is quite good. I do not have any additional improvements needed for SentinelOne Singularity Cloud Security that I have not already mentioned.
For how long have I used the solution?
I have been working in my current field for two years.
What do I think about the stability of the solution?
SentinelOne Singularity Cloud Security is very stable.
What do I think about the scalability of the solution?
SentinelOne Singularity Cloud Security's scalability is quite good, as it is very scalable.
How are customer service and support?
I rate the customer support for SentinelOne Singularity Cloud Security a ten out of ten.
What other advice do I have?
I observe an approximate 88% reduction in mean time to respond as a specific metric around the reduction in false positives and response times.
I chose a rating of ten out of ten for SentinelOne Singularity Cloud Security because of its autonomous threat detection and response, comprehensive visibility, operational efficiency, and lightweight performance. It also demonstrates proven industry leadership.
SentinelOne Singularity Cloud Security's unified platform experience has helped streamline my security operations, functioning as a single pane of glass. My users appreciate having one source of truth for endpoints and cloud workloads, such as virtual machines and containers across AWS and other clouds. It has verified exploit paths, not just listing vulnerabilities but identifying which ones are actually reachable and exploitable by an attacker, helping my team focus only on high-priority risks.
I use Purple AI for threat investigations, and it is a game-changer.
SentinelOne Singularity Cloud Security's runtime protection is quite good in terms of adaptability to new and unknown threats compared to other solutions I have used.
It is significant for my team to have built-in integrations that unify various aspects of cloud security, resulting in superior threat detection and faster response, along with improved operational efficiency and security posture.
Drift detection significantly impacts my organization's ability to detect unexpected process behavior in containerized environments by reducing response times. The system can automatically share information and responses across different aspects to improve incident response time significantly. The automation of tasks and built-in integration enables automated compliance audit and risk remediation, reducing manual efforts and human error in managing security configurations.
SentinelOne Singularity Cloud Security drastically reduces the mean time to remediate for cloud incidents by shrinking investigation and response time from hours to seconds or minutes. The platform offers an autonomous AI-driven approach.
We measure the time savings in terms of SecOps operations achieved through SentinelOne Singularity Cloud Security by focusing on metrics, where automation reduces manual investigation and expedites incident response time. My organization frequently achieves significant efficiencies, with some customers achieving a 95% reduction in mean time to detect and an 88% reduction in mean time to respond. The reduction of false positives by using AI contextualized alerts allows teams to spend less time investigating non-malicious findings. The verified exploit paths feature helps my team prioritize vulnerabilities with a critical exploitable route, reducing time spent patching non-critical issues.
I advise others looking into using SentinelOne Singularity Cloud Security to prioritize the visibility feature, utilize the AI-driven Purple AI for cross-environment threat analysis, and adopt a least-privilege IAM model to maximize the security impact.
SentinelOne Singularity Cloud Security is a recognized Singularity Cloud system and a premier cloud-native application protection platform, heavily emphasizing autonomous and AI-driven protection over manual, policy-based detections. I rate this product ten out of ten.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Anniki Iskandar
Unified endpoint protection has simplified real-time threat blocking and policy-driven control
Reviewed on Apr 15, 2026
Review provided by PeerSpot
What is our primary use case?
I use SentinelOne Singularity Cloud Security to collect endpoint data from the company, such as servers, computers, and mobile phones. The solution functions similarly to Cortex XDR and provides antivirus protection that safeguards devices from viruses and malware.
What is most valuable?
SentinelOne Singularity Cloud Security offers real-time protection, anti-tamper capabilities, and a centralized platform with a good user interface. The UI is intuitive enough that even people without cybersecurity knowledge can understand how to use it.
The policy feature is valuable because it tells the product what to do with new files, such as whether to scan them or leave them untouched. One single tab covers all the features, so I do not have to open another tab or window to turn settings on or off. The simplicity of the product itself makes it better than competitors.
The real-time protection is quite valuable. If any attack occurs or if an employee tries to download something malicious, SentinelOne Singularity Cloud Security directly blocks it for us without requiring manual intervention. For example, if an employee accidentally clicks on a link that tries to download something malicious, SentinelOne Singularity Cloud Security directly blocks it and quarantines it, notifying us on the console about the employee's name and what they attempted to download. We can then check the file or ask the user, and if they did not download it intentionally, we can close the case. If it was critical for them, we can release it directly from the console.
The unified platform experience of SentinelOne Singularity Cloud Security is good. The dashboard, settings menu, policy menu, user menu, and endpoint menu are all well organized. I can say it is one of the best user interfaces I have used, and it is very user-friendly.
What needs improvement?
Integration could be improved because not all solutions can be integrated with SentinelOne Singularity Cloud Security or vice versa. I was in a project where the company wanted to integrate SentinelOne Singularity Cloud Security with another solution product. When I checked, it turned out that integration was possible but could not be directly connected. It had to go through middleware before reaching that product, which is more complicated.
SentinelOne Singularity Cloud Security is a newer product compared to Palo Alto Cortex , so perhaps some product solutions cannot be integrated yet. SentinelOne Singularity Cloud Security does not have as large a portfolio of integrations as Cortex XDR .
SentinelOne Singularity Cloud Security is more sensitive compared to other solutions. While all solutions perform well when it comes to real-time protection, SentinelOne Singularity Cloud Security tends to generate more false positive events due to its high sensitivity. For example, some companies use older types of WinRAR, which may get blocked by SentinelOne Singularity Cloud Security directly.
I would appreciate it if they introduced a filtering or archive feature where we could add applications that should not be marked as threats.
Many features in SentinelOne Singularity Cloud Security have additional costs, which limits our exploration of the full product.
It would be more convenient if SentinelOne Singularity Cloud Security could be integrated with other solution tools such as firewalls or SIEM , as it would be more comfortable for us to avoid checking the console every single time. In our SOC, we have many tabs open on our screen, and it is confusing; we might miss some alerts. With better integrations, we could go in one tab and have everything provided for us.
For how long have I used the solution?
I have used SentinelOne Singularity Cloud Security for almost one year.
What do I think about the stability of the solution?
SentinelOne Singularity Cloud Security is very stable, and there are no errors, even compared to Cortex where there were errors on the agent. We have not experienced any issues with SentinelOne Singularity Cloud Security. The platform is more convenient, and for the server, they choose the nearest one from Indonesia, so when we go to the console or when the devices try to connect, there are no errors. Even during power outages, the system remains stable.
What do I think about the scalability of the solution?
From the licensing perspective, it is very easy to scale. When a company wants to add more licenses, they simply call the provider or a consultant, and they can add it within one or two months from the time they request it. They will then receive the license instantly.
SentinelOne Singularity Cloud Security is more resource-friendly, so it does not consume a lot of RAM or storage. This is excellent because even companies with older devices can run SentinelOne Singularity Cloud Security. In Indonesia, especially in financial-related companies, there are regulations stating that some servers or programs can only run on older servers. SentinelOne Singularity Cloud Security can directly create a custom build for that specific server.
In the case of custom builds, the company itself has to contact SentinelOne Singularity Cloud Security, as this is not publicly available.
How are customer service and support?
I have experience with the technical support and customer service of SentinelOne Singularity Cloud Security.
During implementation, when we encounter any issues, we call support. The implementation process has only involved minor issues, so we have not needed extensive support. We simply email them, and they respond directly with documentation if available. Otherwise, they provide comments to help resolve the issue.
What other advice do I have?
After implementation, the process is fast. SentinelOne Singularity Cloud Security provides cloud hosting itself. If we choose the cloud option, they will set it up, and we simply wait until we have our domain and account. When we go to that domain and log in, our console is already there.
Regarding the deployment model, I recommend the cloud option for SentinelOne Singularity Cloud Security.
As far as I know, SentinelOne Singularity Cloud Security has one license for the cloud itself and another license for the devices. If the company size is one thousand people, they can buy one thousand or one thousand one hundred for a backup. If they need more, they can add more licenses, and the company will buy it and update it directly to the console. SentinelOne Singularity Cloud Security is much cheaper than Palo Alto Cortex.
SentinelOne Singularity Cloud Security is simpler than Cortex XDR . The process is similar to Cortex, but the difference is that Cortex integrates the package file with the license or token. With SentinelOne Singularity Cloud Security, we have to manually insert the token or copy it from the console to a notepad. When we try to install, we click the installer and open the notepad to paste the token.