SentinelOne Singularity Platform

My main use case for SentinelOne Singularity Endpoint is endpoint detection and monitoring as well as monitoring devices. An example of how I use SentinelOne Singularity Endpoint for endpoint detection is monitoring the device to see if there is any suspicious activity.

SentinelOne Singularity Endpoint has a very quick detection capability, so we managed to detect a virus and quarantine it during a recent situation.

The best features SentinelOne Singularity Endpoint offers are the fact that it quarantines any malicious activity very quickly and it detects by hashes. When threats such as ransomware or malware are detected, it alerts me quickly and quarantines the file.

SentinelOne Singularity Endpoint's scalability is very easy to scale because it just takes adding devices since the main server is already set up. SentinelOne Singularity Endpoint is deployed in my organization on-premises via agents that are installed on each device. SentinelOne Singularity Endpoint has impacted my organization positively as we have been able to minimize threats, and it is automated.

It is very difficult to say how SentinelOne Singularity Endpoint can be improved as it is such a great product. It would be nice if they improved the user interface. I wish it was easier to navigate the dashboard and that it was more user-friendly.

I have been using SentinelOne Singularity Endpoint for three years in total.

SentinelOne Singularity Endpoint is stable.

SentinelOne Singularity Endpoint's scalability is very easy to scale because it just takes adding devices since the main server is already set up.

The customer support is great and very easy.

I would rate the customer support on a scale of 1 to 10 as a 10, and I would give customer support a 9 from 1 to 10.

I previously used Microsoft Defender. I switched because SentinelOne Singularity Endpoint has a lot more AI capabilities and is much easier to use and has a better detection procedure.

My experience with pricing, setup cost, and licensing was very easy and simple.

Singularity Complete has helped me consolidate my security solutions, as I was able to get rid of a lot of unnecessary software.

I have seen no return on investment as I do not deal with finances.

My experience with pricing, setup cost, and licensing was very easy and simple.

I evaluated other options such as Microsoft Defender as well as Kaspersky before choosing SentinelOne Singularity Endpoint.

SentinelOne Singularity Endpoint has helped reduce my organization's mean time to detect, or MTTD, by 56 percent. SentinelOne Singularity Endpoint has helped reduce my organization's mean time to respond, or MTTR, by 50 percent.

My advice to others looking into using SentinelOne Singularity Endpoint is that they should evaluate the product and run a proof of concept to see if it is well-suited for the organization.

Regarding SentinelOne Singularity Endpoint's AI capabilities, I believe it has a lot of governance and security features that are built-in, which I am very impressed with. It is very accurate in terms of its detection regarding SentinelOne Singularity Endpoint's AI capabilities in terms of accuracy and reliability of its output.

I am very impressed with SentinelOne Singularity Endpoint's ability to ingest and correlate across my security solutions because the solution is able to do its own thing with very little interaction with anything else.

Singularity Complete has helped reduce alerts by 56 percent as it was able to mitigate false positives. Singularity Complete has saved my staff a couple of hours every day as less human intervention is required and they are able to release the devices. I would rate this solution overall a 10.

My main use case for SentinelOne Singularity Endpoint includes ransomware attacks, server management, disk scans, anti-attacks, and reviewing threats or events generated by some attack.

I consider the best features that SentinelOne Singularity Endpoint offers to include its robust protection and the very detailed breakdown of all the events generated on devices, as well as how fast and effective its method of action is—whether that's blocking, deleting, or rolling back to a previous version from before the threat appeared. That makes it very flexible and very robust for protecting sensitive machines such as servers, databases, and AD, among others.

Singularity Complete has helped me free up time for my staff, allowing them to focus on other projects or tasks; it has saved a lot of time, because normally, when you do checks in a standard console for another solution, SentinelOne Singularity Endpoint reduces review time by about 50–60% of the tasks, since it's such a robust tool and at the same time has such an easy-to-understand interface. That makes it much easier to understand, reviews are much faster, and with fewer alerts, there are fewer alert reviews on devices.

I think SentinelOne Singularity Endpoint could be improved; I have seen that SentinelOne Singularity Endpoint has an artificial intelligence feature, but so far I haven't been able to apply it. I don't know if it's enabled for all consoles. At the moment, in my company, I manage around five consoles and so far I haven't seen an AI, or I haven't seen details on how to use the AI to improve event analysis. Even though SentinelOne Singularity Endpoint outputs all the events in a very detailed way, it's understandable that it's a huge amount of data, and you can't easily detect a pattern with the human eye, maybe across one or several machines. A specific guide on how to use that AI in these cases would be beneficial.

Regarding necessary improvements for support, there have been cases where support doesn't fully understand what I'm saying or sometimes what I request ends up being very redundant, because even though I manage many clients, when a case is opened for the same issue, they ask me for the same information even though it's already been handled before. This generates frustration both for me and my staff and for the end client, because what we're looking for is a quick response. Additionally, sometimes the response time is quite long for certain incidents—response time can be two to four hours, based on my experience. Response times or attention could certainly be improved, at least for cases that are already known.

I give it a nine because even though the tool is very robust, it still lacks an AI component, as I mentioned earlier. We're in the AI boom right now, and it's really necessary for companies given the amount of information they handle. Since SentinelOne Singularity Endpoint gives you a very detailed breakdown, it would be good to have AI as an additional tool for response and information extraction. Also, what's missing to reach 10 is support and response time, because while sometimes they respond, other times they take too long or don't fully understand what you're trying to say, and that makes things difficult. Since I'm primarily a Spanish-speaker and not so fluent in English, there are also some communication issues. The tool itself, as an antivirus solution, seems very good to me.

I've also seen that SentinelOne Singularity Endpoint only keeps an account active for 90 days of inactivity and then removes it. If no one logs into the organization, then nobody has access and you have to open a case with the vendor. Sometimes that's really annoying. Ideally, there should be an account without an expiration date so you don't lose all console management. I've had two clients where this happened. The 90 days don't always fully pass, but after 40 or 50 days, nobody can log in and you have to open a case with the vendor. Sometimes they have to run checks, so an improvement would be to add a primary account or maybe two primary accounts if a third party is the one that contracts SentinelOne Singularity Endpoint, so that you don't lose overall management and have to open a case with the vendor. That often takes a long time and depends on who purchased it, under whose name it's registered, and that creates frustration on both sides.

My impression of SentinelOne Singularity Endpoint's ability to ingest and correlate information across my different security solutions is very good, because we associate it with a SIEM, but even then the SIEM gives us almost the same information. We use SentinelOne Singularity Endpoint itself to correlate information and we do see a big difference compared to other endpoint security solutions. Its capability as an antivirus and incident response tool is very extensive. I think, of all the solutions I've seen, SentinelOne Singularity Endpoint would be first, then Cortex, then Kaspersky, and so on.

I have used other solutions before SentinelOne Singularity Endpoint; we've actually used a lot of technologies. In this case, we haven't strictly replaced an antivirus. For workstation machines, more general technologies are used, like Cortex, Kaspersky, and Trend Micro. However, for sensitive machines with very sensitive information or that are highly exposed to attacks, we've used SentinelOne Singularity Endpoint. Because we know it's a more robust technology, it allows us to have better analysis and better security on those more sensitive devices. Since the number of such devices isn't very large, we focus on providing better security there.

I have seen a return on investment from implementing SentinelOne Singularity Endpoint; we've seen time optimization and fewer staff needed. Since our company provides services, analysts can dedicate themselves to other requests, because with clients that have SentinelOne Singularity Endpoint, we almost never have to deal with incidents, as SentinelOne Singularity Endpoint itself blocks them. Most of the time what they contact us for is account enablement.

My experience with licensing costs, pricing, and configuration of SentinelOne Singularity Endpoint is that I haven't really seen the licensing prices. I have seen the configuration side, and it's very quick to implement. At least in the implementations I've been involved in, I haven't had many problems—almost never. I don't know about pricing, because I'm in support and analysis, not in sales or pre-sales.

Before choosing SentinelOne Singularity Endpoint, I did evaluate other options; the other options we consider are: if the machines are sensitive, like servers or databases, SentinelOne Singularity Endpoint is the primary choice. If not, we go to Cortex; if not, to Kaspersky, Trend Micro, and so on. The main ones are SentinelOne Singularity Endpoint and Cortex.

There was another case when there was a ransomware attack on a machine that didn't have any security solution, no antivirus installed, and a ransomware attack was detected. I installed SentinelOne Singularity Endpoint on it, and when I completed the installation and the disk auto-scan ran, it detected a threat that was active there. I isolated the server in that case and let SentinelOne Singularity Endpoint keep running to see if there were any other threats. Because there was already a vulnerability and I installed SentinelOne Singularity Endpoint afterward, I couldn't do much more, so based on what SentinelOne Singularity Endpoint showed me about that threat, I also carried out checks on the other servers. Fortunately, thanks to that detection SentinelOne Singularity Endpoint made, I was able to find several servers that had no security components installed, which was due to an oversight by that company's security staff. I installed SentinelOne Singularity Endpoint on the other servers, ran a full disk scan, and from there reviewed the detailed events for everything that's generated, because SentinelOne Singularity Endpoint shows you every event that's detected. Based on that, I was able to detect some anomalous patterns or port connections to devices and queries. Based on that, I implemented best practices on both the firewall and the endpoint.

The advice I would give to other professionals who are considering implementing SentinelOne Singularity Endpoint is first to review the company's budget for endpoint implementation across the whole organization. If there are many devices and they can afford SentinelOne Singularity Endpoint, they should go for it. If not, they should opt for a lower-tier, more economical technology, and focus on using SentinelOne Singularity Endpoint specifically on the most vulnerable or sensitive devices—in this case, servers and databases. While SentinelOne Singularity Endpoint is somewhat expensive, as far as I know, it's very good in terms of protection. If they can't afford SentinelOne Singularity Endpoint for the entire company, they should deploy a cheaper technology for workstations and focus on acquiring at least SentinelOne Singularity Endpoint for, say, 100–120 licenses for servers and sensitive devices. That will help a lot in mitigating many threats and service availability issues that are critical for the company. It's better to spend a bit more money protecting your sensitive machines than protecting them with something cheaper and having potential problems, outages, or impacts. I give the tool a rating of 9 out of 10.

I am using SentinelOne Singularity Endpoint basically for endpoint protection, and some customers have requirements for USB control and network control as well.

When it comes to the favorite features of the customers, they appreciate the additional management opportunities that SentinelOne Singularity Endpoint provides. For example, remote shell execution, rebooting, restarting, and pushing messages to the endpoint are the most favorite features that customers are requesting.

It has saved considerable time. For example, I can take device control and control all device control features and device control permissions through SentinelOne Singularity Endpoint. Otherwise, I would have to depend on a different solution to achieve that. Using SentinelOne Singularity Endpoint, I can achieve that as well.

When it comes to SentinelOne Singularity Endpoint, most of the complaints I am getting are related to the connectivity between the endpoint and the cloud console. It disconnects from time to time without proper reasons. Also, when I compare it to other next-generation antivirus or next-generation endpoints such as CrowdStrike, SentinelOne Singularity Endpoint has many dependencies on Windows. That is the most disliked aspect coming from the customers I work with.

Other than Windows, when it comes to Linux and Kubernetes, SentinelOne Singularity Endpoint is great. However, when it comes to Windows, there are a lot of dependencies.

There are some issues with collecting crash reports and crash logs on the endpoint. They are not visible over the console. Sometimes, the PC's hard disk and its available space is consumed by the SentinelOne Singularity Endpoint agent. I have to attend manually and clear the crash data. I can do it on the SentinelOne Singularity Endpoint management console as well, but I have to go with a restart. For critical servers, it is a huge headache for the end users.

I have been working with SentinelOne Singularity Endpoint for about two and a half years.

SentinelOne Singularity Endpoint scales well and is scalable.

SentinelOne Singularity Endpoint provides pretty good support to their end customers.

There are some improvements needed. When it comes to some troubleshooting, such as technical troubleshooting, I have to do some follow-ups in order to get relevant feedback from them.

Most of the customers in Sri Lanka are currently migrating from SentinelOne Singularity Endpoint to CrowdStrike. CrowdStrike is the main alternative product in the market at the moment for SentinelOne Singularity Endpoint.

I prefer CrowdStrike because it is easier to manage. When it comes to SentinelOne Singularity Endpoint, after the agent is pushed to the endpoint and the installation is done, I have to do a reboot to establish the connection and turn on the engines. With CrowdStrike, I do not need to do any restart upon installing the agent on the new device.

SentinelOne Singularity Endpoint is easy to set up. It does not have any deployment mechanism, so I either have to install it one by one on the PC manually or I can use third-party tools to do the deployment. For example, I can do remote deployment through Active Directory. When it comes to deployment, it is not that difficult. It follows the same procedure as other vendors.

Since I work in post-sales, prices are not revealed to me, but to my knowledge, SentinelOne Singularity Endpoint is a bit cheaper than other products in the market. For example, when I compare CrowdStrike with SentinelOne Singularity Endpoint, SentinelOne Singularity Endpoint is a bit cheaper. Since I work in post-sales, I do not get exact price information. Based on my understanding, that is the basic pricing.

Ranger functionality is used to detect the agents.

Asset discovery is an important feature. As far as my understanding goes, once I enable the Ranger function in the console, I can initiate a network scan through the available agent. By doing that, I can identify what IoT devices and other devices are available in my network infrastructure. I can get better visibility over the network, which devices have the SentinelOne Singularity Endpoint agent, which devices do not have the SentinelOne Singularity Endpoint agent, and so on.

SentinelOne Singularity Endpoint helps to reduce alerts because there are customizable options when it comes to the alerts. For example, if I get false-positive alerts over time, I can do exclusions for that particular alert. Similarly, I can reduce many alerts using SentinelOne Singularity Endpoint and the Singularity platform. I gave this review a rating of 8.

SentinelOne Singularity Complete has helped customers consolidate their security stack by offering superb threat hunting, excellent incident response, and compliance monitoring in the EDR, with ransomware protection being exceptionally well supported by the Rollback feature. The behavior analytics in the tools are outstanding, providing granular reports and identifying abnormal users and activities while detecting previously undetected threats. This functionality is excellent in both the EDR and XDR of Singularity throughout the year.

The Ranger functionality of SentinelOne Singularity Endpoint is valuable for understanding your environment, but I would want something integrated comparable to Mythos with all the features associated with Mythos. I would appreciate improvements to the technical support. I would prefer to see faster response times and quicker resolution from the technical support team of SentinelOne Singularity Endpoint.

Regarding overall security, it is about managing the attack surface, securing data, brand, and organizations, as everything relates to compliance in data security. Overall security with tools including SASE, SOAR, SIEM, threat intelligence, and integrations with EDR and XDR is excellent. SentinelOne Singularity Endpoint has helped my customers reduce their organization's mean time to detect, as detection is a matter of seconds—improving from 40 seconds to 30 seconds in case of any attacks and altering mean time to respond depending on incident types such as P1, P2, P3, and P4.

Challenges can arise depending on the customer base, as the technical team must respond very quickly, especially since the post-sales team needs to have better quality than others to win the market. I participate in the initial setup of SentinelOne Singularity Endpoint as part of my regular tasks. I would rate this review a seven out of ten overall.

My usual use case is to employ Antivirus plus EDR plus automated incident response. This solution employs one single agent, and that is one of our key activities.

I appreciate the one-click rollback feature of SentinelOne Singularity Endpoint. In case of any issues, it will roll back and restore the system. Just yesterday, I was struggling with a ransomware incident where clients were using SentinelOne Singularity Endpoint. They asked if they could restore it, and their backup systems are very strong. I said to go ahead and restore, and they restored it. It took some time as the number of servers was large. If the servers are fewer, we could handle it within 24 hours. We restored a mid-range company with around 16,000 employees within two days, but they lost about four hours of work. They have not opted for our RTO and RPO services for security. Now they are considering that.

One of the features we use normally is the ability to ingest and correlate across security solutions for triages, training, and customer demonstrations. We demonstrate that feature to customers, and they usually express interest in deploying the same solution in their system.

SentinelOne Singularity Endpoint helps to consolidate security solutions in general. My general view is that Singularity Complete does help to save time and free up my staff for other projects and tasks. Significant time is saved through the use of the product.

Regarding Mean Time to Detect (MTTD), it is reduced with the help of SentinelOne Singularity Endpoint, and the same applies for Mean Time to Respond (MTTR); those numbers are comparable.

The Purple AI part in SentinelOne is important for clients concerning data privacy and security. It meets customer needs well, as we call it SecOps for security operations, incorporating network, third-party tools, identity, cloud, and EDR aspects. Purple AI amplifies team knowledge and is effective in the environment. It allows for threat hunting with natural language, and we used it in certain scenarios during the current ransomware incident. It features Auto Triage, which is very useful during high-risk incidents. Purple AI provides contextual insights, synthesizes threat intelligence, and includes autonomous responses, next-generation capabilities, device isolation, process killing, and remediation workflows— all key aspects on my mind.

SentinelOne Singularity Endpoint operates with Ranger, which connects with network and asset visibility.

On the negative side, I find that SentinelOne is expensive compared to some other options like Orca Security, which is cheaper. Cost reduction could be a consideration since the pricing is not competitive compared to Check Point or Palo Alto; however, it is more expensive compared to Orca Security or Fortinet.

I would say there could be added features in the future for SentinelOne, such as a CNAPP version of Singularity, which would nicely incorporate all-in-one offline security features onto a single dashboard.

I have been working on SentinelOne Singularity Endpoint for the last five years.

I have not heard any complaints from my clients regarding stability. There has been no problem at all.

SentinelOne Singularity Endpoint is obviously scalable since we only receive the agent; we are not limited as everything is pushed through group policy or from third-party tools.

Regarding technical support from the vendor, CrowdStrike is number one. SentinelOne support is adequate, but compared to CrowdStrike, no other vendors seem as strong. I would rate their support at eight out of ten.

None of my customers are using Check Point. We are using a different solution that I have forgotten the name of at this time.

In terms of deployment for SentinelOne Singularity Endpoint, it is quite straightforward. All setups are external, and the vendor provides the main setup. They give us the agent, which we push, and they write some code, XML, JSON, or similar that we patch. For the client, deployment is not tough at all— it is very easy across all companies.

I do not work with SentinelOne as a reseller, as only resellers do not make money in India. I work with resellers and integrators instead.

Technically, if you compare SentinelOne Singularity Endpoint to competitors like Orca, CrowdStrike is more advanced. They operate in a completely different manner from Singularity, and I can appreciate Microsoft Defender for Cloud as a good product as well, personally. CrowdStrike is the market leader due to their lightweight agents that sit in every machine and utilize AI for automating triages, investigations, and their 24/7 managed threat intelligence and threat hunting services like Overwatch, which would have helped manage a ransomware attack more effectively.

Check Point is part of my portfolio, and specifically, we use Email Security. Before it was called Harmony Email & Collaboration, which is the Harmony solution.

Today, I manage some XDR and EDR products as I am a CISO. I have to work on everything, but since all these things are already there, Palo Alto is not involved anymore because it is already there. It is only the SIEM team and the SOC team taking care of it.

In terms of XDR, I am working with Trend AI or SentinelOne.

The deployment model depends on the customers, as some may prefer EDR, which requires local deployment and policy configuration, while others might opt for XDR or MDR solutions that take less time. I give this review a rating of eight out of ten.

I use SentinelOne Singularity Endpoint as HDR, as the product is designed.

My favorite feature about it is the full visibility into telemetry.

SentinelOne Singularity Endpoint has helped reduce alerts, but false positives could be less.

It has helped me in my investigation to free up my staff for other projects.

I have seen a reduction in mean time to respond.

I think the visibility on Storyline could be better.

I could not comment on the Ranger functionality because I don't use it.

I have seen a reduction in mean time to respond and it has helped me in investigations to free up my staff for other projects.

I tried using the Purple AI feature.

I think it's great and it's working very well and has helped reduce the mean time to respond. The description is great; it's not too specific and not too much reduced. The long summary is excellent; it provides a great summary.

I have been working with SentinelOne Singularity Endpoint for eight months.

The stability of SentinelOne Singularity Endpoint is great and I would rate it 10.

SentinelOne Singularity Endpoint is very scalable and I would rate it 10.

I have had to contact technical support and it worked well.

I think the quality of their support is 10 and the speed could be nine.

If I were to put together an overall score for the support, I would give them nine.

I have used many products as alternatives to SentinelOne Singularity Endpoint.

I am involved in the initial deployment and it's working great.

It's easy to deploy, but the documentation about the Linux part could be better because it's a little complicated only on the Linux part, specifically on Ubuntu; it could be clearer and simpler.

SentinelOne Singularity Endpoint requires a little bit of maintenance on the agent upgrade, so a feature to auto-deliver updates month by month would be great.

SentinelOne Singularity Endpoint consolidated the environment.

I can give 30% as a number for the reduction.

The product closest in terms of quality and features to SentinelOne Singularity Endpoint is CrowdStrike.

I prefer CrowdStrike over SentinelOne Singularity Endpoint.

I prefer CrowdStrike because I could see a lot more information in the detection part and the false positives are reduced.

Data privacy and security are very important for us when using Purple AI because we work with some Italian government companies or government-related companies, so privacy and European regulation are very important.

SentinelOne Singularity Endpoint consolidated the environment.

Endpoint protection solutions were consolidated now that I don't need them.

I would rate this review 9 overall.

SentinelOne Singularity Endpoint serves as my primary tool for Endpoint Detection and Response (EDR). I do not use the XDR function of SentinelOne Singularity Endpoint. I use it exclusively as an EDR, and this EDR integrates seamlessly with our SIEM solutions. We have SIEM tools in place such as Splunk and QRadar, and SentinelOne Singularity Endpoint integrates with both of them perfectly, providing valuable inputs. The metadata that it fetches is useful for our security operations.

I find the functions and features in SentinelOne Singularity Endpoint very useful; their detections are precise. They are very accurate and do not produce a lot of false positives, which we experience from other EDR tools. That is their unique selling proposition. Furthermore, I believe SentinelOne Singularity Endpoint is the only EDR that provides on-premise deployment. Even CrowdStrike and Microsoft are entirely SaaS-based and cloud-based.

SentinelOne Singularity Endpoint helps reduce the number of alerts. As I mentioned earlier, it generates precise alerts with very few false positives, if any, so the number of alerts it generates has actually reduced the load on our SOC analysts.

SentinelOne Singularity Endpoint does help free up my staff. I support approximately 18,000 to 20,000 endpoints with only two EDR engineers. This is a significant reduction from when we had multiple EDR admins. SentinelOne Singularity Endpoint is very easy to manage from an administration and maintenance perspective. Management is straightforward and simple.

SentinelOne Singularity Endpoint helps reduce mean time to detect (MTTD).

We are not working with SentinelOne Complete to consolidate our security solutions in one place.

If SentinelOne could localize the Purple AI and other features for larger environments such as ours, which has around 20,000 endpoints, that would be an improvement. If they could provide a local LLM that can be installed on-premise, it would be easier for us. Otherwise, we need to obtain government permissions, which is quite complex and can take years. A local version of the LLMs for Purple AI would be beneficial.

I believe that SentinelOne's technical support needs to improve slightly. They are quite slow, and while I understand they might be busy, I would rate them at a seven out of ten.

I have been using SentinelOne Singularity Endpoint for more than two years.

For the stability of SentinelOne Singularity Endpoint, I would rate it at eight or even nine because I have not experienced any downtime.

I would rate the scalability of SentinelOne Singularity Endpoint at nine.

In comparison to products such as Splunk and QRadar, their support is swift and quick.

Previously, we had solutions that were inferior to SentinelOne Singularity Endpoint, which demonstrates an improvement, but they can still do better.

SentinelOne Singularity Endpoint has a simple and straightforward initial setup process.

We purchase our licenses for SentinelOne Singularity Endpoint from a local distributor, not through the marketplaces or directly from SentinelOne.

SentinelOne Singularity Endpoint provides benefits such as saving money as it is very light on the endpoint. It uses between 150 to 250 MB of RAM when booted up and drops down to 100-150 MB. It is not resource-hungry, and the laptops work fine. We do not have to upgrade the RAM of all employee laptops. In comparison, other EDRs such as Microsoft Defender are quite resource-hungry, and employees often complain about laptop speed, but we do not face those issues.

I would rate the pricing for SentinelOne Singularity Endpoint at around four out of ten.

If I could choose between CrowdStrike and SentinelOne Singularity Endpoint without considering pricing, I would still choose SentinelOne Singularity Endpoint because I have not had a negative experience with them. In contrast, CrowdStrike has a reputation for causing issues.

I do recommend SentinelOne Singularity Endpoint to other users as part of my day-to-day responsibilities. I have given this review an overall rating of eight out of ten.

I am using only the XDR part of SentinelOne Singularity Endpoint. There are multiple use cases for SentinelOne Singularity Endpoint. From a deep visibility perspective, I need the XDR license. Whether I want to create a STAR custom rule or check multiple processes and multiple source process storylines, I need that XDR. I am looking for hop-to-hop malware detection, which requires XDR. If I am looking for any destination IP address and what is running in my organization for any ports that are open, perhaps the particular event type, there are multiple URL actions and categories to consider.

There are two or three things I would like to highlight about SentinelOne Singularity Endpoint. The first is the application inventory part. Many endpoint solutions do not provide inventory and the risk of the application, such as the severity in the endpoint machine. For that, we need to enable the policy, which is a different part. The application management is valuable because there are multiple applications running on endpoints. Without SentinelOne, I would need to purchase a new OEM or a new security tool to know the inventory of the machine. In SentinelOne Singularity Endpoint, apart from endpoint security from malware and other threats, we have the application management.

The second thing I appreciate the most is Purple AI. As a security analyst, there are many things I would rely on, perhaps on SentinelOne pre-sales or a security technical person to know after initial deployment. With Purple AI, I can search for what I need. If I want to create any block policy, create any specific allow rule, or do the whitelisting part, I can do it from there. Purple AI is overall the best thing I can highlight.

However, there are many things Purple AI cannot do. I do not know what relevance Purple AI is using in the backend. There is one module in SentinelOne called STAR custom rule. If I want to block AnyDesk or any other application on my endpoint, I need to run an SQL query for that. To run that query, I need to create it. If I am relying totally on Purple AI, I am not able to get the correct query to run. If I want to block any application, I may be relying on another head security analyst or I can do it on my own. I may need to create multiple queries. I do not think the STAR rule query in Purple AI is that efficient and not running as expected.

For maintenance of SentinelOne Singularity Endpoint, there are two things. If I need to create any maintenance or upgrade policy, that is a different matter. The customer is looking for the maintenance window and wants the upgrade part mainly on Sunday or Saturday, the weekend part. They do not want the auto-upgrade whenever SentinelOne pushes from the backend.

If I am looking at the impact of Purple AI on amplifying team knowledge, there are multiple things. If I am looking at how many endpoints are in my organization, how many endpoints have this application, and how many endpoints have multiple threats and alerts, I want to know how to reduce them. If I am asking particularly how to reduce the threat count, I do not think Purple AI can give this answer because AI is not particularly for this enterprise account. Purple AI is something I can rely on for multiple things, such as if I need to know how to create tags, policies, blocklists, exclusions, network control, device control, how to enable the firewall, and how to create a block policy with the hash. There are many things. If I need to install any agent on a particular Windows machine, whether it is 64 or 32-bit, or a Mac machine, or a Linux machine, or any other machine, how I need to add the token, and how I need to download the package are all considerations. Additionally, how to ensure that the agent is connected with my management plane is important.

I have been using this product in my career for more than two years.

As a user interface, I am more comfortable with SentinelOne Singularity Endpoint. When talking about overall security, as far as I am concerned, there is no threat leaked, as I have seen in SentinelOne as well as in CrowdStrike. As a user interface and as a security analyst, I am much more comfortable with SentinelOne Singularity Endpoint.

I have not experienced that much difficulty because I think two years back, there was no reduction I could see. However, nowadays, I think there is minimal reduction in changes. This is because two years back, the customer size was very different. Now SentinelOne is globally present, and in India, there are many customers using this. There are many data centers, which is why I think the reduction is possible.

Because I have done many deployments for SentinelOne, starting from 500 to 3,000 and 4,000 user customers, I can say that for the deployment perspective, SentinelOne Singularity Endpoint deployment is far more easy and very smooth. I have given the prerequisite document that is publicly available to the customer with all the things I already told them, such as what needs to be bypassed from the firewall. After that, for a 500-user deployment, I accomplished it in one day with the policy making.

I have contacted the technical support and customer support of SentinelOne Singularity Endpoint.

I can tell you the complete story of my last case regarding the quality and speed of the support. I was taking up a query for the STAR custom rule. If I want to block AnyDesk for one of the customers, and the customer requirement is to block AnyDesk, there are multiple queries I can get from SentinelOne SEs, but the query is not working in my environment. My team raised a support ticket with SentinelOne, and the first thing they asked for is the logs. If I need only the query and do not have any problem with my endpoint, then there is no point to add a log. Without logs, communication is not possible. I need to collect logs from my machine, which is totally wasteful. I need to upload them, and then they will revert from SentinelOne support.

When I write that I need a query for AnyDesk blocking, they say again that this is not part of their job. It is part of SentinelOne SE or a product deployment team. I have two or three queries, and when I send them, there is no good response from their side. There may be a very long delay from getting answers.

Apart from SentinelOne Singularity Endpoint, I am working on the EDR of CrowdStrike. The endpoint security is the same, but their approach and persona is very different to cater to customers. SentinelOne customers are totally different.

In the initial deployment, the customer is facing many threats in the incident windows. From my experience, I can say that this is largely because in the backend, SentinelOne AI confidence level and the analyst's verdict are undefined. This is because it depends on whether the customer is taking the MDR or not. If the customer is relying on their threat analysis or on my analysis, there are many applications which are allowed in the organization, but by default, SentinelOne is blocking them because they are executable files. For decreasing the threats, I need to allow the hash value or I can directly go to the threats and allow it because there is a production thing which is needed in the enterprise. Initially, the flow is from 500 to 1,000 alerts in a day. Day by day, I think the analyst's verdict is what I need to refine. There are many false positives and true positives, and suspicious items. As an analyst, I may not be capable of knowing whether something is a real threat or not. I need to check the hash value for that on public security websites. If anything is publicly available, the hash is publicly available. I can directly rely on other public websites. If I enter the hash value, I can know whether it is part of something that another organization has faced. I can also take the verdict that it is a suspicious and true positive. I can mark it as the true positive.

For the overall SentinelOne Singularity Endpoint, I would give a score of eight for the whole product. Regarding the price point of SentinelOne Singularity Endpoint, I do not know the exact number, but I have come from the community and attended many events. As far as the cost is concerned, before the CrowdStrike blue screen attack, CrowdStrike pricing was far more increased rather than SentinelOne. After the CrowdStrike shares decreased due to the blue screen attack, they are very competitive with SentinelOne nowadays.

The impact of Purple AI on investigations ultimately depends on what incident I got. I do not think the analyst should rely completely on Purple AI because there are many hashes or threats that are not publicly available. If things are not publicly available or not learned by the AI, I do not think I should rely completely on Purple AI. If I have any sort of data and see any pattern from my analyst's perspective, I can completely tell Purple AI that I think it can demonstrate the storyline that I am right. Based on that, I can take a decision, but I should not rely on the decision solely on Purple AI. My overall rating for this product is eight out of ten.

I use SentinelOne Singularity Endpoint for endpoint protection. I utilize it for different companies and different purposes. It is effective for endpoint detections and remediation of the detections. Additionally, I use it for new endpoint discovery within the company intranet. Overall, I use SentinelOne for incident response activities.

The best features in SentinelOne Singularity Endpoint are the Sentinels and the features provided within the Sentinel module, which include machine identification and machine details. I can accomplish everything within the endpoint using these features. Endpoint Sentinel is a good detection rule, and if I can create or already have created rules, these are good working rules that protect my organization and make the endpoints more secure.

Ranger is also a cool feature that provides visibility of new endpoints that have been attached or connected within my infrastructure that do not have SentinelOne Singularity Endpoint agent installed on them.

Before using SentinelOne Singularity Endpoint, I used different products, including CrowdStrike. In the space where SentinelOne Singularity Endpoint is working, it is an awesome product. However, I believe the vulnerability management is currently in pilot. If it can mature into good production where the vulnerability management module is working well within Singularity Complete edition, that would be an awesome step. The vulnerability assessment is available, but application vulnerability assessment or other endpoint vulnerability assessment is not as good as what other products are providing.

Singularity Complete is a good product in its area and, obviously, when comparing to other organizations or companies providing endpoint detection solutions, it is an end-to-end solution for antimalware and XDR. This has been working fine for me so far. I am using it in small, medium, and enterprise organizations, and it is good. However, as I mentioned for the vulnerability assessment, along with the specification of handling core, detailed forensics, there could be more details I would add. However, if I recall correctly, there is a specific module within SentinelOne Singularity Endpoint to check all details of the functions that happened within the target machine. I am currently unable to recall the name of that module, but it exists. However, there is room for improvement where more details of the solution or from the target can be added, and this would help me more easily identify the impact or the root cause that impacts the endpoint. This would be more helpful for end users. Currently, if there is an impacted endpoint, I click on the endpoint, and it gives me insights about what happened with this endpoint. However, when I need to go into the details, there is some limitation to viewing those details for the target machine. It would be awesome if this module could be integrated into the normal Sentinels. This would be more helpful for engineers working on core identification of root causes.

I have been working with SentinelOne Singularity Endpoint for more than two or three years.

It is working fine for me. In the majority of cases where files have been detected as malware or virus within the organization on the target machine, they are quarantined. This is good functionality from XDR, as I mentioned earlier.

For me, it is good, but I believe SentinelOne Singularity Endpoint does not directly engage with customers who have fewer than one thousand nodes. I have to engage through SentinelOne's partners. This is an impact based on market or company strategy. The pricing is not too bad; it is good. If I directly engage the organization or company, the pricing is different and obviously better. Additionally, when I go directly within the company, they provide visibility or vigilance services to customers at the same price. When I go into the partner channel, my account is within the partner's umbrella, and they provide limited support for visibility and further incident investigations. This is a limitation for small and medium organizations. However, for large organizations that can directly engage SentinelOne Singularity Endpoint, this is a positive point, but there is a lag when I go into the partner channel. The partners engage with customers in their own way, and that is how it works.

For me as an end user, the setup process was not difficult because everything was set up from the partner's side. I may not be the right person to answer for all aspects. For the end user, it is very easy. The partner set up the whole environment within a week or two. After creating the whole setup, as an end user, I would just have to install SentinelOne Singularity Endpoint agent into my end user devices or servers. It is easy to do that. Once I do this and the environment has been set up with all Sentinels collecting data from end user devices or servers, everything is there and the environment has been set up. It is easy for end users, but obviously for those creating the environment, the whole environment, creation of security rules, detection rules, and those kinds of things may be challenging, especially for beginners. That would be the challenging part, and I did not do it earlier, so I cannot comment on it fully.

It is comparative to other products and is cost-efficient.

This is a competitive market with competitive solutions that have core good products and features within them. If I am looking for an endpoint protection solution, this is a good product because I always compare SentinelOne Singularity Endpoint with CrowdStrike and Microsoft Defender. Based on that comparison, if SentinelOne Singularity Endpoint had good vulnerability assessment capabilities, because currently the vulnerability assessment is based on the application, not the operating system, it would be a good point from the perspective of cost-efficiency along with the features within the product. SentinelOne Singularity Endpoint has Ranger, Sentinels, and visibility where I can go in and have detailed knowledge about every detection along with every happening on the target machine. This is good, but SentinelOne Singularity Endpoint is still lagging under the vulnerability assessment module.

SentinelOne Singularity Endpoint provides alerting into the dashboard, but I did not configure it correctly and never received alerts over emails. If such a feature exists within the product, that would be awesome, and I could incorporate and configure it. Currently, I do not have visibility on it. Once I log into SentinelOne Singularity Endpoint, it provides visibility within the dashboard showing how many endpoints have been detected as infected, how many endpoints are impacted, and how many endpoints have been identified as malware where SentinelOne Singularity Endpoint has quarantined those files, and I can do analysis and further processing. However, currently, I did not configure it if it is available, but I am unable to navigate it. I do not have visibility on whether any endpoints or target machines have been impacted so that I receive email notifications or SMS notifications alerting me that a machine has been impacted and needs to be worked on urgently. This is a critical function I need to perform right now. If this would be configurable or is available in SentinelOne Singularity Endpoint, that is awesome. If not, then the alerting mechanism needs to be improved to get alerts over emails or SMS for at minimum critical assets.

I can say that I currently did not implement it in such a way because for what I am using SentinelOne Singularity Endpoint for, it is the on-premises infrastructure for some organizations and just for endpoints in other organizations. In that case, I believe for SaaS products, I am currently not utilizing it for such things. My question is whether SentinelOne Singularity Endpoint is an agent-based solution that I can only utilize on endpoints or servers or where the operating system is Linux or different flavors where the operating system is running. However, for the serverless environment, SentinelOne Singularity Endpoint cannot work. Is that the right expectation?

Obviously, the core concern is about data protection and privacy. There is something I have to adopt with AI. If I do not adopt it, I am not running with the market and chasing new goals. The thing is I have to implement frameworks such as ISO 42001 to manage data and contain my data's confidentiality and privacy. This is core importance for me in my job role. I take care of this all the time, and obviously if I am integrating solutions that utilize AI-based features into their product, I do have vendor management or vendor risk management to perform with vendors. I currently look into AI standards or framework implementation within organizations if they are providing me with full core data security. This is the point I engage in with existing and onboarding vendors. Additionally, I am currently utilizing AI and making AI models within my organizations. I implement security standards and maintain the whole implementation and operationalization of data protections within AI models and machine learning models.

This is the function that can be adopted, and if it is in the product, obviously this is a positive point and I do encourage that utilization of AI models within products. As I mentioned, if I got email alerts or SMS alerts for critical systems and if AI has been engaged into threat modeling with well-known algorithms that identify what threats, viruses, or malicious insights have been identified in the system, and if AI can guess that certain operating systems, files, or things are critical to my organization and can do this on a real-time basis, that would be a positive point. Obviously, as I mentioned, if I want to run with the market, I have to integrate those AI threat modeling or AI remediations within my organization. I have to do that. I give this review an overall rating of eight out of ten.

As an integrator, my use cases are to reduce the attack surface and ensure that all endpoints, workstations, and servers are compliant with security standards. We have integration with the SOC as well, providing 24/7 monitoring. We serve a critical customer with many use cases.

In general, the solution helps to save time and free up staff for other projects and tasks. Approximately 15% of staff time is freed up. Regarding mean time to detect (MTTD), the solution also reduces MTTD by approximately 10%. As for mean time to respond (MTTR), this is something which is amazing, providing approximately a 20% reduction.

As an integrator, the biggest advantages of SentinelOne Singularity Endpoint that really stand out to me are that it supports on-premises deployment where we will not have to send the traffic back to the cloud. It only requires updates. This is why we selected it over CrowdStrike and other alternatives. EDR integration and memory protection to guard against attackers is valuable. It can detect lateral movement and other technical aspects.

Regarding the solution's ability to ingest and correlate across security solutions, we are approaching this differently. On the customer side, we have Splunk SIM (now owned by Cisco). We are ingesting all the traffic towards Splunk to have clear visibility from EDR. We are integrating with the SIM rather than the other way around.

Regarding alerts, SentinelOne Singularity Endpoint sometimes produces too many false positives, and sometimes produces true positives. We have to ensure that if there is an event flagged as a false positive, we have a layer two analyst conduct incident response investigation to verify whether it is a false positive or a real alert.

Regarding the Ranger functionality in SentinelOne Singularity Endpoint, I am not really working with this part. Regarding the AI part of the product, there is Purple AI for SentinelOne Singularity Endpoint. I am asking whether Purple AI is a separate product or included within SentinelOne Singularity Endpoint, or if it is a separate license product.

I have been using the solution for one year.

Regarding stability, I would say the product is approximately 95% stable. We first implemented it in detection mode (passive mode) and then transitioned to preventive mode.

Regarding scalability, I would say it is very easy to scale up and scale out. SentinelOne Singularity Endpoint is indeed scalable.

Regarding technical support from SentinelOne, my team is working on that aspect. They have not reported any issues so far. We have not opened any support cases yet. We are working with the local team on SentinelOne Singularity Endpoint for deployment, and they are doing the deployment work. Everything has gone smoothly because professional services are provided by the SentinelOne team.

We have on-premises deployments for the product.

The deployment itself is not easy because we operate in a very critical telecom environment. We have to manually install the product because we do not have Active Directory or patch management solutions yet. We have to select the servers and workstations manually and then perform manual installation on each. This takes considerable time for the installation process.

As an integrator, we are implementing the product.

Even though it is a security product, it is not possible to observe any return on investment yet. I have not conducted this analysis exercise yet.

Regarding pricing and licensing cost, I would say SentinelOne Singularity Endpoint pricing is medium.

When comparing solutions among themselves, the main reason for selecting SentinelOne Singularity Endpoint was because of on-premises deployment capability. CrowdStrike is an amazing solution, but it does not support on-premises deployment. It must be cloud-based through their Falcon service. Enterprises which have hybrid cloud environments and are using SASE solutions where all people are connecting from various locations rather than coming to the office would benefit more from CrowdStrike than SentinelOne Singularity Endpoint.

Summarizing everything that I have told you about the product, I can give SentinelOne Singularity Endpoint a rating of seven out of ten. Regarding deployment and stability to some extent, these areas could be improved. SentinelOne Singularity Endpoint should be able to provide integration with network detection and response (NDR). They should also be able to provide AI solutions built into the product rather than as a separate product. This is something that I am looking for.