My main use case for SentinelOne Singularity Endpoint is to work in our environment mainly for endpoint protection, threat detection, response, monitoring and suspicious process, and investigating the alerts.

SentinelOne Singularity Endpoint offers behavior AI detection, which is not just a normal signature thing, real-time threat blocking, automatic endpoint isolation, detailed process visibility, and easy-to-use dashboards.

Using SentinelOne Singularity Endpoint has positively impacted my organization by significantly reducing malware infections, providing faster incident responses, and enhancing the state of our endpoints.

SentinelOne Singularity Endpoint has helped reduce my organization's mean time to detect (MTTD) by 30 to 40%.

SentinelOne Singularity Endpoint has improved my organization's mean time to respond (MTTR) by 30 to 40% due to its automated detection and response capabilities.

SentinelOne Singularity Endpoint sometimes generates false positives, which they can work on. Additionally, the user interface can be improved, and more detailed reports could help us further.

I have been using SentinelOne Singularity Endpoint for around three years.

SentinelOne Singularity Endpoint is very stable.

SentinelOne Singularity Endpoint performs very well in terms of scalability and is very good at scaling.

The customer support for SentinelOne Singularity Endpoint is good, and the support team is very responsive.

Before choosing SentinelOne Singularity Endpoint, I evaluated other options like Microsoft Defender for Endpoint and CrowdStrike Falcon. However, I selected SentinelOne mainly because of its strong behavioral AI-based detection and automated response.

SentinelOne Singularity Endpoint reduces the time of SOC employees, providing a return on investment.

SentinelOne Singularity Endpoint has freed up my staff for other projects and tasks, reducing their workload by about 40 to 60% due to its main detection and investigation capabilities.

Regarding pricing, setup cost, and licensing for SentinelOne Singularity Endpoint, I find the pricing to be dependent on the licensing and how many endpoints we have, so I don't have exact details on how it is handled by them.

I rate the customer support for SentinelOne Singularity Endpoint a perfect 10 out of 10.

If any organization is battling with strong endpoint security and seeking faster detection and response, SentinelOne is a very good choice.

SentinelOne Singularity Endpoint sometimes generates false positives, which they can work on. Additionally, the user interface can be improved, and more detailed reports could help further.

My overall review rating for SentinelOne Singularity Endpoint is 8.5 out of 10.

My main use case for SentinelOne Singularity Complete is for endpoint protection, threat detection, and automated response across all our corporate devices. Day-to-day, it is used to monitor endpoints in real time for malware, ransomware, and other threats. Automatically remediating detected threats and performing rollbacks when necessary allows us to maintain visibility into security events through the management console. Additionally, it supports our IT team with alerts and actionable reports for faster incident response.

A recent incident illustrates how we use it in our environment. Recently, one of our endpoints was targeted by a ransomware variant. SentinelOne Singularity Complete immediately detected the suspicious behavior, quarantined the affected files, and automatically rolled back the changes to restore the system to its previous state. This prevented any data loss and allowed the user to continue working without downtime. The alert also provided our IT team with detailed insights, helping us quickly understand the scope of the incident and ensure no other devices were affected.

We rely on SentinelOne Singularity Complete not only for malware and ransomware protection, but also for behavior-based threat detection, which can catch unusual activity that traditional antivirus might miss. It helps us maintain compliance by generating audit-ready security reports for management.

The best feature of SentinelOne Singularity Complete is that the console allows us to manage endpoints across multiple locations, which is critical for our distributed environment.

What stands out most about managing endpoints across multiple locations with SentinelOne Singularity Complete is the centralized dashboard, which gives us real-time visibility into all endpoints across every location from a single console. We can see threat alerts, device status, and policy compliance, which saves a lot of time compared to managing each location separately. Additionally, the reporting capabilities are very valuable. They allow us to generate detailed audit and compliance reports quickly, track trends, and identify recurring issues. This combination of centralized monitoring and actionable reporting makes it much easier to maintain a consistent security posture across our entire environment.

One feature I particularly appreciate about SentinelOne Singularity Complete is the AI-powered behavior detection. It can identify suspicious activity even before it is classified as malware, which adds an extra layer of proactive protection. I also appreciate how the platform automatically prioritizes threats based on the risk level, so our IT team can focus on the most critical issues first without being overwhelmed by alerts.

SentinelOne Singularity Complete has positively impacted my organization in several ways. Improved security regarding threats such as malware, ransomware, and suspicious behavior are detected and remediated automatically, reducing the risk of breaches. Better visibility across locations is another advantage. The centralized access console and reporting give us consistent oversight of all endpoints, helping us maintain compliance and quickly respond to alerts. Increased efficiency is evident as well; automated responses and rollback capabilities save our IT team significant time that would otherwise be spent manually investigating and resolving incidents.

Since implementing SentinelOne Singularity Complete, our IT team has been able to respond to endpoint threats up to seventy percent faster compared to our previous manual process. Incidents that used to take hours to investigate and remediate now often get resolved within minutes, thanks to automated detection, containment, and rollback. Additionally, we have reduced endpoint downtime by approximately sixty percent, minimizing disruption for our users.

In terms of improvement areas for SentinelOne Singularity Complete, while it is a very strong platform, there are a few areas where it could be better. Custom reporting flexibility is an aspect to consider; while the existing reports are useful, having more customizable report templates or an easier drag-and-drop option would help tailor insights to different teams. Granular policy control is another aspect to improve, as some security policies could benefit from more fine-grained control, especially for organizations with highly diverse endpoint and specialization workflows. Lastly, integration with other IT tools could be expanded, as additional out-of-the-box integrations with other IT management or SIEM platforms could further streamline operations. Overall, these are relatively minor improvements and do not take away from the core strengths of the platform. Addressing them could make SentinelOne Singularity Complete even more powerful and flexible for larger, complex environments.

A needed improvement for SentinelOne Singularity Complete is faster console load time. On very large deployments, the management console can sometimes be slightly slow to load dashboards or filter large endpoint lists. Faster performance here would improve efficiency. Additionally, enhanced threat insights in alerts would be beneficial. While alerts are clear, having contextual information and suggested remediation steps directly in the alert could help junior IT staff act even faster.

I have been using SentinelOne Singularity Complete for the last two years.

SentinelOne Singularity Complete is stable.

SentinelOne Singularity Complete scales very well across both small and large environments. The platform is designed to handle thousands of endpoints without significant performance degradation, and I have found it easy to expand the coverage as our organization grows. The aspects for scalability include centralized management, minimal performance impact, flexible architecture, and efficient resource use. Overall, SentinelOne Singularity Complete's architecture and automation features make it easy to grow with our environment, accommodating hundreds of thousands of endpoints without needing to restructure security operations.

Customer support for SentinelOne Singularity Complete is good.

I have seen a return on investment with SentinelOne Singularity Complete. Automatically detecting, remediating, and rolling back threats has reduced manual investigation by approximately sixty to seventy percent, allowing IT teams to reduce mean time to respond and mean time to detect, with mean time to detect improved by sixty to seventy percent. Resource efficiency is also enhanced; the platform's automation has enabled a smaller team to manage a larger number of endpoints without compromising security. Downtime is reduced by sixty percent. Overall, the solution delivers seamless operation, improved threat management, and cost-effective security, making a strong investment in our organization.

My experience with pricing, setup cost, and licensing for SentinelOne Singularity Complete has been positive. SentinelOne Singularity Complete does not require any maintenance from our end. There is a maintenance schedule once a month from SentinelOne itself. We receive prior notification if there are any maintenance schedules, but it does not take much time. The system will be offline for no more than five minutes. The security is still maintained during that time. If any alerts come, they are automatically recorded.

Before choosing SentinelOne Singularity Complete, we evaluated multiple options such as CrowdStrike Falcon, Microsoft Defender for Endpoint, and other EDR solutions. We conducted a proof of concept phase to see which aligned best with our security requirements and operational workflow before committing to SentinelOne Singularity Complete.

In our environment, we do use Purple AI as part of SentinelOne Singularity Complete to help with threat analysis, investigation workflows, and speeding up the incident triage. Purple AI acts as an AI-powered security analyst, helping translate complex data into actionable insights and enabling faster threat hunting and investigation across our endpoint security data.

Purple AI plays a critical role in amplifying our team knowledge by helping us interpret alerts, investigate threats, and identify patterns across endpoints quickly. It essentially amplifies our team's knowledge by providing contextual insights, suggesting remediation steps, and correlating between security events that might otherwise be missed.

SentinelOne Singularity Complete has significantly reduced the number of alerts our IT team has to handle manually. By leveraging AI-driven behavior analysis and automated threat automation, low-risk or duplicate alerts are filtered out, allowing the team to focus on the most critical incidents. In our experience, the platform has reduced actionable alerts by fifty to sixty percent.

SentinelOne Singularity Complete has significantly reduced our organization's mean time to detect. With real-time AI-driven detection, automatic alerts, and behavioral analysis, threats are identified almost immediately upon occurrence. In our environment, we have observed that mean time to detect has improved by approximately sixty to seventy percent, meaning our IT team can detect and respond to incidents much faster than before. The rapid detection has been critical in preventing escalation and minimizing potential impact on end-user systems.

SentinelOne Singularity Complete has significantly reduced our organization's mean time to respond, thanks to automated remediation, rollback capabilities, and prioritized alerts. Our IT team can respond to incidents almost immediately. Mean time to respond has been reduced by approximately sixty-two percent, allowing threats to be contained and resolved in minutes rather than hours.

For others looking into using SentinelOne Singularity Complete, I advise utilizing the Purple AI summarization. The alert without much manual investigation allows us to determine if it is a true positive or not by seeing the Purple AI alert summarization, what happened, what process, activity, and what the underlying behavior is. Overall, SentinelOne Singularity Complete is highly effective, but organizations get the most value when they combine automation, AI, incident, and proactive management. Regularly reviewing the report with audit features is valuable for complete tracking of trends. Utilize the AI-driven insight to amplify your team knowledge and reduce alert fatigue. Planning for deployment across sites if you have multiple locations is essential, as is planning your policy and endpoint coverage for centralized management. I rate this solution a nine out of ten.

I use Singularity Platform as a SIEM across many infrastructures, including cloud and on-premises environments, to detect attacks on endpoints, cloud workloads, identities such as Active Directory, and network signals.

Singularity Platform is used to detect, investigate, and respond to threats all in one platform, which is why it is called Singularity Platform, because it has EDR, XDR, and cloud security all unified in one system.

I use fraud detection while working with financial companies and many fintech companies. Although SentinelOne is not known for fraud detection, it does detect stolen credentials, accounts that have been misused, or privilege abuse. I use it to a certain extent, but I cannot provide a deep-dive analysis on it today as I am fatigued from working through the night.

In my organization, I have around ten clients, of which six use SentinelOne as a SIEM, mainly financial companies, with one being a shopping-based company. I cannot provide all client details, but that is the general overview.

The best feature of Singularity Platform is that everything is unified in one platform, which would be a main unique selling point for them. The unique feature is Next-Gen AV plus EDR, which detects and blocks threats in real-time.

There is a rollback feature that rolls back to the previous state if anything goes wrong after a new feature is installed or a ransomware attack occurs. Singularity XDR extends visibility beyond the endpoints and correlates how the endpoint, cloud, identity, and network help me to see a full attack chain.

The real-time personalization feature allows for customizing the detection rules and adapting security decisions based on who is doing what and where. It tracks users with behavior-based personalization, detecting abnormalities such as a non-admin gaining admin access. It also detects credential theft by correlating identity plus endpoint data for better context.

For policy personalization in my SOC, I group devices based on alert names, agent versions, or OS types, which helps significantly. I can personalize based on alert severity and true positives or false positives, leading to automated responses. A unique feature in Singularity Platform is StoryLine technology, which connects incidents into a full storyline attack.

It explains the attack pattern in a way that follows commands executed after an incident, and I can write workflows using AI, working even offline, mainly with agent-based decisions without constant cloud dependency.

I have customized dashboards for my companies, including an overview dashboard showing alerts from endpoints. I created a unified dashboard with a network and an endpoint dashboard, consolidating SOC-related unassigned alerts and daily solved alerts. I customized that dashboard myself, and it is very easy to do, being a UI-based feature.

Real-time monitoring is very helpful, helping me stay one step ahead in cybersecurity. It allows me to see exactly what is happening at this moment, and knowing about an attack immediately is better than knowing an hour or two later. The sooner I know, the better it is for me. Real-time monitoring helps me significantly as a SOC analyst, making it one of the best features. After an alert, analyzing what happens next is just two to three clicks away, needing only to input the timeline, the query, and the affected user or endpoint.

For improvement, I would say the infrastructure is very slow; the application I use is sluggish, potentially due to workload or problems on my company's side.

Although they have fantastic features, if it is not working properly, it hinders performance. Recently, during maintenance, it was still operational but sluggish, with features not working as efficiently.

Grouping alerts previously worked fine but now requires multiple clicks to achieve the same result, which is problematic. They could improve the UI and focus more on creating new rules from their MDR team.

Although they are working on automation, they could advance automatic remediation capabilities further than they are currently.

I have been using Singularity Platform for the last six months.

I would give stability a seven, as it usually crashes, requiring me to log in repeatedly.

Singularity Platform is very scalable but requires planning; it is not as easy as Orca Security or agentless platforms because it has agents. I would still give scalability a seven.

I would rate technical support as an eight.

Comparing Singularity Platform with other vendors, I find others also have fantastic features, but SentinelOne has unique offerings like the StoryLine feature, Purple AI, and a unified platform where endpoints, cloud security, and assets come together. This gives them a great advantage. Although there are better security tools in the market, considering the money I spend, SentinelOne is much more cost-efficient than other products. For example, Microsoft Sentinel is much too costly for my company, and although CrowdStrike provides top-notch service, SentinelOne is still doing well to keep up with market needs, though there is room for improvement.

Singularity Platform requires maintenance, which is typically done on weekends. Although there was a maintenance window recently, it is almost acceptable, but technical issues can cause lag or latency, which is common in upgrades. They can improve by utilizing a backup or other measures.

I recommend Singularity Platform because of features such as the StoryLine model, Purple AI, and automating workflows with hyper-automation capabilities. I would hesitate to recommend it solely due to reliability issues.

Our use case primarily involves using SentinelOne Singularity Complete for other clients as an EDR to monitor endpoint-related alerts, including malware and any malicious files, ransomware files, and any attack on endpoints such as servers or laptops. We use it as an EDR.

SentinelOne Singularity Complete has behavior-based AI that detects alerts that are not predefined without relying on predefined rules. For example, it detects zero-day attacks or any behavioral changes in the baseline of the user, or any suspicious anomalies through AI-based threat detection only.

In terms of SentinelOne Singularity Complete's ability to ingest and correlate across our security solutions, when using this AI SIEM, it provides any incident in a unified view only. It correlates and gives the information in one view rather than requiring access to other data sources. It connects the dots and gives a complete, correlated incident.

With SentinelOne Singularity Complete integrated with AI, false-positive alerts have been reduced significantly. I can say that 50% of false-positive alerts have been reduced, and we mostly get true positive alerts. I cannot say 100%, but the false-positive to true-positive ratio has been reduced by 50%.

We do not currently use the Ranger functionality option as it has not been enabled by our organization.

SentinelOne Singularity Complete itself is somewhat laggy and loads slowly at times. Sometimes when there are alerts in the dashboard, we cannot see them and it shows zero alerts. In this case, we have to log out and log in again and refresh it before we can see the alerts. We also experience some flickering issues. The UI needs significant improvement. In this case, I would rate it around 6.5 to seven on stability and performance.

I have been using SentinelOne Singularity Complete for one year and two months.

The mean time to detect with SentinelOne Singularity Complete depends on AI automation as well. Mean time to detect does not process for more than three or four seconds. We get real-time alerts that arrive as incidents occur. The product is performing very well in terms of MTDD and MTTR.

Scalability for SentinelOne Singularity Complete is good. It works well with all the endpoints, even if there are large numbers of endpoints. For example, in an enterprise environment, it performs well. Proper configuration and policies need to be set, but overall it is effective. I would rate it around 8 out of 10 for scalability.

Technical support is good. I would rate it 8 out of 10 because there is a feature of AI support. If we require any help with documentation, we receive it immediately. With a single prompt, we receive help with documentation, and those documentations are very clear.

I have previously used CrowdStrike. I can say SentinelOne Singularity Complete is better than CrowdStrike because it is more AI-capable and integrated. It gives us alerts based on behavior using the AI. In this aspect, I have only used CrowdStrike as an EDR, and I can rate SentinelOne as better than CrowdStrike.

Deployment of SentinelOne Singularity Complete is easy. Installing agents is straightforward. We can do it using Active Directory and group policies. It is easy to install agents in endpoints.

In my company, SecureIntelli, we are a team of 15 members with two leads. The 15 members use SentinelOne Singularity Complete on an everyday basis to monitor for our clients.

SentinelOne Singularity Complete saves 50% time for me and my team in responding to alerts, and it has reduced response time by 50%.

SentinelOne Singularity Complete does not require any maintenance from our end. There is maintenance scheduled once a month from SentinelOne itself. We receive prior notification if there is any maintenance scheduled, but it does not take much time. The system will be offline for no more than five minutes. The security is still maintained during this time. If any alerts come or if anything is automatically remediated, it is taken care of in the backend.

I would recommend SentinelOne Singularity Complete over others. If they are using CrowdStrike, I can recommend SentinelOne Singularity Complete over that product. However, it requires some fine-tuning of policies and configuration. If that is done correctly, it works very well as an EDR.

With Purple AI, it summarizes the alerts. Without much manual intervention, we can determine if it is a true positive or not by seeing the Purple AI alert summarization, what has been happening, what process activity is occurring, and what the user behavior is. It also provides recommendations on what to look for and what needs to be done to remediate the attack. This has helped us to respond to low and medium alerts very quickly, but it still requires manual intervention for high and critical alerts because Purple AI is not that accurate. Sometimes it gives more generic answers for any queries. In this way, we use Purple AI and it has benefited us.

I can say that with Purple AI, security is maintained in terms of data privacy. We cannot share it outside. I do not have much detail on this, but based on my experience, it is secure. There is no insecurity in using Purple AI and GenAI.

In terms of threat intelligence with Purple AI, it depends on the quality of the data that it is receiving. With AI analysis, it correlates with the threat intelligence databases, and if there are any matches, it shows whether the observable is a threat or malicious. It is very good in this aspect and it will be updating very frequently.

Purple AI summarizes the alerts in a very concise format. We can determine if it is a true positive or false positive by seeing a summary. Sometimes it is very precise. As it provides remediation recommendations as well, it is very helpful for us to respond in a shorter amount of time.

I am not sure about the financial aspect as I am in a technical department as an analyst and do not have much information on financial matters.

Overall, I would rate this product 8.5 out of 10.

I used SentinelOne Singularity Complete for endpoint security, and we selected it because we were looking for an AI-powered cloud solution.

The best features of SentinelOne Singularity Complete include a ransomware rollback feature that can be used on infected machines, which we have used before and appreciated. The deployment is fairly straightforward as well.

SentinelOne Singularity Complete's ability to ingest and correlate across our security solutions has not presented any problems. This capability provides a benefit when hunting for threats and leveraging the AI side of the platform.

Regarding alert reduction, I would not say the impact has been massive. One of the negatives we have found is that we receive quite a lot of false positives.

Overall, SentinelOne Singularity Complete saves me time, and I would say the time savings are approximately 10 to 15 percent.

The reporting in SentinelOne Singularity Complete could be improved as it is still somewhat clunky and lacks customization. Support response times could also be better.

I have been using SentinelOne Singularity Complete for approximately 18 months.

I would rate the stability of SentinelOne Singularity Complete as an eight out of ten.

I would rate the scalability of SentinelOne Singularity Complete as an eight out of ten.

I would rate the support of SentinelOne Singularity Complete overall as a six out of ten.

SentinelOne Singularity Complete was already in place when I joined.

The deployment of SentinelOne Singularity Complete was straightforward and easy. It took approximately one day to implement SentinelOne Singularity Complete, based on the number of clients we had.

Regarding pricing for SentinelOne Singularity Complete, on a scale where one is cheap and ten is expensive, I would rate it as an eight.

When comparing SentinelOne Singularity Complete with other vendors, we use it for client-specific purposes, while other clients may use Microsoft or similar solutions. I have noticed it works well.

SentinelOne Singularity Complete has not helped us consolidate any security tools that I am aware of.

We do not use the Ranger functionality in SentinelOne Singularity Complete as we use other solutions for that purpose.

Maintenance of SentinelOne Singularity Complete is straightforward to perform. Approximately 60 users use the solution, and all users are local. SentinelOne Singularity Complete requires some maintenance as part of our internal checks to ensure policies are up to date, which we perform on a weekly basis.

We do not use Purple AI.

My advice for others looking into purchasing SentinelOne Singularity Complete is that I would definitely recommend it. I would rate this review an eight out of ten overall.

The primary use cases for SentinelOne Singularity Complete include endpoint security to detect, prevent, and respond to cyber threats in real-time using AI-based behavior analysis.

The second use case is that the SOC team will investigate incidents, automate response actions, and protect systems from malware and ransomware.

SentinelOne Singularity Complete has helped me consolidate my security solutions, and there is some improvement overall. SentinelOne Singularity Complete is a good feature that requires skilled analysts and a proper plan for implementation. SentinelOne Singularity Complete is good for S1 analysts and is helpful for analysts with a simple GUI base.

SentinelOne Singularity Complete has helped reduce alerts for my organization. In my organization, we are an MSSP and right now we manage 6,000 plus endpoints and provide services to 10 plus customers because we are a partner with SentinelOne, and our customers are buying from us while we are providing endpoint services. All customers from us are very happy because the biggest difference is that SentinelOne Singularity Complete gives us the support team and the TAC team. There is human intervention between us and the TAC team because SentinelOne Singularity Complete is a SaaS product. If we get a false positive alert or if we get stuck anywhere, the TAC team will resolve that. The biggest advantage is the support from the TAC team to us, which is very helpful. If there was no TAC team, I would not advise using SentinelOne Singularity Complete.

SentinelOne Singularity Complete has helped free up my staff for other projects and tasks. I will tell you how SentinelOne Singularity Complete helps our SOC team. First of all, we have implemented SOAR technology, the Shuffle technology, which is open-source. Whenever an alert comes on SentinelOne Singularity Complete, we have integrated the Shuffle SOAR technology. Automatically the alert will be killed and quarantined, and mitigating action will be taken from SentinelOne Singularity Complete. Before that, we had to raise the alert manually, but we integrated SOAR technology, and automatically the alert raises to the customer within one or two minutes. This reduces the false positive alerts. We give criteria for Sentinel Shuffle: if the alert is triggered and the hash value for that file is bigger than five seconds, a secondary vendor will mark it suspicious or malicious, and we will raise the alert. Before implementing this, we had to manually check and explore and manually check deep visibility to determine where the alert came from or what scheduled task was generated. After implementing SentinelOne Singularity Complete with SOC as Shuffle SOAR, it is reducing the time significantly.

The best features from my perspective are that SentinelOne Singularity Complete includes EDR, XDR, and next-generation SIEM, and additionally, they have also added Purple AI. SentinelOne Singularity Complete is an automated tool with minimal interactions required. Everything works if we install the endpoint SentinelOne Singularity Complete agent on the endpoint. We don't require anything else because all the work will be done from the SentinelOne Singularity Complete agent that conducts real-time monitoring. If malware is detected, the agent will take care of its kill and quarantine and automatically send the alert to the dashboard.

If the agent is online or the desktop is online, it will connect to the dashboards, and we will get the alerts. That is the best feature. The second feature is the rollback feature for Windows, such as VSS rollback feature. If the endpoint is malware infected, we can restore our files and important data. These are the two best features I appreciate about SentinelOne Singularity Complete.

My impressions of SentinelOne Singularity Complete's ability to ingest and correlate across security solutions are that they can ingest logs from all over the device. For example, we have integrated the Shuffle open-source SOAR tool that ingests the logs from that Shuffle tool. Second, we have also integrated different firewalls and additionally, we have integrated the AWS cloud. Ingestion is seamless and awesome from SentinelOne Singularity Complete.

Regarding the role Purple AI plays in amplifying team knowledge, I use Purple AI for advisory and IOC purposes in my organization. I explore it for research purposes and find it very good and fast for sending advisories every week regarding vulnerabilities found. I don't use Purple AI much for other uses because I have limited exposure to it.

Regarding mean time to respond, the improvements I see with SentinelOne Singularity Complete are that genuine files also get alerts. We are getting false positives, but we are also getting genuine true positive alerts. The improvement will be deep visibility because as I am using Splunk as a SIEM, I compare deep visibility with Splunk, but deep visibility has limited access with only a 14-day policy to retain logs. The improvement will be in overall policy management. The third point will be the complexity of policies. If we want some endpoints to use only USB or if we need to block USB on some points, the policy management is very complex. The fourth point will be that Mac OS and Linux don't have the rollback policy; that policy is only for Windows. These four points are improvements if SentinelOne Singularity Complete can address them.

Data privacy and security when utilizing Purple AI is crucial for SentinelOne Singularity Complete, and SentinelOne Singularity Complete lacks in data security. Data security is very important in this world. In my organization, if we deploy SentinelOne Singularity Complete and we have integrated all the firewalls, all devices, and AWS devices to SentinelOne Singularity Complete, logs will be forwarded to SentinelOne Singularity Complete through SentinelOne Singularity Complete. However, SentinelOne Singularity Complete doesn't have data security solutions such as Forcepoint DLP or 48 layer; SentinelOne Singularity Complete doesn't have that DLP solution. From the data security point of view, SentinelOne Singularity Complete is not good.

I have been working with SentinelOne Singularity Complete for 2.3 years.

In terms of stability and scalability, I heard the news that 25,000 plus endpoints can be installed in one go, so scalability is very good. Regarding stability, I haven't heard of any issues with SentinelOne Singularity Complete. Before two years ago, we heard about a blue screen issue with CrowdStrike, but I haven't heard of such issues with SentinelOne Singularity Complete. Stability is important because even if the agent disconnects from our console, it will still protect the desktop or laptop. There aren't many stability issues; the agent handles everything including upgrades.

Regarding the technical support and customer service teams, I rate them 10 out of 10 on a scale of 1 to 10. The TAC team, which is available 24/7, is the reason for this rating. We are now in India, but if we get stuck at midnight, any other TAC team will be in GMT or Europe or America, and they will assign our support engineer and suddenly schedule a call for us and resolve the issue. The TAC team plays a major role and is very important for us.

Regarding cost-effectiveness and ROI, I will say it is cost-effective. In India, before the installation of SentinelOne Singularity Complete, all our organizations used CrowdStrike, which is a competitor to SentinelOne Singularity Complete. After SentinelOne Singularity Complete came into the picture, the cost is more competitive, and the cost of SentinelOne Singularity Complete will be cheaper than CrowdStrike. I also have some exposure to CrowdStrike, so from a price perspective, I would prefer SentinelOne Singularity Complete if my organization has a limited budget for EDR or XDR solutions.

Regarding the initial setup, I can say it is very easy to set up. We just need to create one tenant from my customer name and send and install the packets for Mac OS, Windows, and Linux servers. We take remote access, and within 5 to 10 minutes, one endpoint will be installed, although it takes some time to connect to the dashboard. The setup is very straightforward, and we have installed over 500 agents in one day. That is a very fast process we have accomplished.

For the deployment model, my organization has a tie-up with Amazon Web Services, AWS. We are using the cloud because of that tie-up with AWS.

Pricing-wise, it is very price-sensitive. My customers, enterprises, are buying from us. For small and medium enterprises, it is very costly. The pricing is approximately $7 to $10 per agent per month. My organization selling depends on the size of the endpoint we are dealing with, but the price is around $7 to $10 per agent per month. In terms of functionality compared to other EDR tools, it is the best price.

Regarding the key differences, both pros and cons of SentinelOne Singularity Complete compared to other technologies such as CrowdStrike or other EDR and NMI products, I have several pros and cons to discuss. The first pro is the fast response. The EDR will immediately get the malicious file, kill or quarantine it, and send the alert to our dashboard. The second is the rollback capability, which is a beautiful feature SentinelOne Singularity Complete gives us for Windows desktops and laptops. The third pro is the automation; 90% of actions will go through the agent. The agent will take all actions—kill, quarantine, alert—and everything is automated; we don't require anything else from our side.

However, cons would include the high false positive alerts; we get alerts for genuine files, and that creates noise, though we can whitelist it. Additionally, there is resource consumption; SentinelOne Singularity Complete uses more disk resources, which reduces the functionality of the desktop. The third con is that when we install the SentinelOne Singularity Complete agent, it takes time to reconnect to the dashboard due to network issues, and it can take 5 to 10 minutes for the endpoint to reflect.

Regarding SentinelOne Singularity Complete's Ranger functionality, I am an L1 analyst and I don't have much hands-on experience with Ranger, but I know that the Ranger is used for detecting rogue endpoints in our network. The Ranger functionality includes network discovery and control features. These two features are very important in Ranger because it ingests logs from network sources and captures the threat matrix including IOC. The most important functionality will be the Ranger's ability to detect rogue device detection. I cannot confirm that we can use Ranger to completely reduce the alerts because I don't have that heavy work as I am only an L1 analyst doing some basic admin tasks.

Additionally, right now we are implementing the next-generation SIEM of SentinelOne Singularity Complete, but this is in the initial phase. Regarding mean time to detect, SentinelOne Singularity Complete is immediately detecting the alerts and giving them to us on the dashboard. The problem is that when we install the agent on the desktop, it takes some time to show on the console. Otherwise, the agent is seamlessly running in the background; while the user is doing their job on desktops, the agent is doing its job greatly in the background.

For threat investigations, I don't have exposure because I am L1, and right now, I have L2. One of my seniors, a senior forensic analyst, uses Purple AI for threat investigation. I don't use Purple AI for threat investigation; I just use it for searching IOC.

For advice or recommendations for organizations considering SentinelOne Singularity Complete, I suggest that before implementation, first, train your SOC on how to handle alerts and investigate. When I started with SentinelOne Singularity Complete, my manager told me to sit with the MBA team and learn about it, which was confusing at first. Start with the pilot deployment instead of deploying thousands of endpoints at once; install a few endpoints to check the performance. Third, integrate SentinelOne Singularity Complete with all your SIEM tools or SOAR tools. We as customers integrate SentinelOne Singularity Complete with Shuffle SOAR and get benefits such as triggering alerts quickly, so implementation is crucial for SentinelOne Singularity Complete to be a powerful tool. Training SOC, proper configuration with skilled analysts, and a well-defined strategy are the key recommendations.

I rate this review 9 out of 10.

I mostly use Singularity Platform in incident response time, especially when there is a ransomware attack or when we want to recover any previous files. My other use case is when I have to investigate any files or EXE files that have been on the PC to deeply investigate what services they are using and what type of network connections they are establishing on the PC.

I use the Pro-detection feature in financial services, and it is a very good feature. There is no need to manage any complicated cases because the Pro-detection feature works by simply analyzing over time. It takes two to three days to investigate a specific issue thoroughly, and then it gives a conclusion based on that analysis, which helps determine the actions to take.

One of the likely features of Singularity Platform is that it is very user-friendly and easy to understand. The UI is indeed very user-friendly. Alerts and writing long queries are somewhat challenging. The predefined queries of SentinelOne can be very jargony to configure and hectic to write.

Singularity Platform's real-time personalization feature is a time-taking process and not a single setup process. It takes at least six to seven months to train the platform so it can be aware of the environment, after which there is some visibility over personalization setups.

The personalization feature has been good for customer experience strategies. People are very positive about that personalization feature because the machine learning offered by Singularity Platform is very good and easy to use. Once it fully adapts to the environment, customers don't even need to monitor their endpoint protection landscape, as it can automatically learn and mitigate any threats or problems with minimal human interaction.

Risk management efforts have improved significantly with Singularity Platform. Previously, a lot of time was spent investigating issues, but now this process has reduced investigation time from days to hours. The focus is on what type of recommendations and remediations to implement, which can be completed within an hour.

Singularity Platform's real-time monitoring capability has significantly improved decision-making. Previously, decision-making was more manual, but after integrating something called Purple AI, it doesn't hallucinate and provides accurate real-time decisions, pinpointing exact problems and suggesting what changes need to be made.

One of the main benefits from using Singularity Platform is that there are no over-alerts; there are very few false positives. Most triggers are by true positives, which helps manage alert fatigue effectively and allows focus on actual threats.

Singularity Platform could be improved by providing a more comprehensive analysis part, particularly on the threat dashboard. If automated analysis in simple terms could be received to explain to customers what exactly is happening, it would be a great addition to the product.

Regarding customizable dashboards, there are predefined dashboards that provide good visibility, but customized dashboards are not that helpful. I would not recommend using them as they can become messier.

My advice for organizations considering Singularity Platform is to encourage the addition of a threat analysis part that integrates with their Purple AI, allowing explanation of specific threats in a simpler way for customers.

I have been using Singularity Platform for three years.

Experience with customer service and technical support has been primarily with tech support because, during the initial configuration time, there were many doubts. Tech support was mostly used, while customer service has not needed to be contacted. Direct contacts for technical support were available.

On a scale of one to ten, the technical support of SentinelOne would be rated as an 8.5.

The initial setup process for Singularity Platform is straightforward across all three platforms—Mac, Linux, and Windows—and doesn't require any prerequisites. It is a very lightweight agent, and the setup is easy to handle.

Singularity Platform does bring a good return on investment. First, proofs of concept are shown for the two EDRs, comparing what they offer. Large enterprises that can afford it often choose SentinelOne for its ease of management compared to other platforms.

Regarding the pricing, Singularity Platform is very high compared to other platforms that have been worked with, such as CrowdStrike and other Sophos EDRs. While it offers very good features at the enterprise level, it comes at a premium price. Licensing includes various tiers like Pro and Singularity, and while highly customizable, it is indeed expensive.

In comparison to other products, a key difference in Singularity Platform is the ability to push customizable scripts, which other platforms offer in their tiers. If detailed analysis were received instead of just a graph, showing a step-by-step explanation of each threat or process would enhance the digital forensics perspective.

From a features perspective, there are no missing functionalities in Singularity Platform; the features are quite good for now. The overall review rating for Singularity Platform is 8.