SentinelOne Singularity Platform

I work with SentinelOne Singularity Endpoint's complete Singularity Lake, which includes XDR, SIM, and everything integrated together.

I normally use SentinelOne Singularity Endpoint for endpoint management, with the EDR setup to get data from my endpoints. As an MSSP, I receive alerts and incidents and work on securing endpoints.

For mean time to detect, we promise less than 15 minutes for critical activity as an MSSP. This obviously depends on how good the platform is, and we commit to less than two hours for resolution. Obviously, this depends on many factors beyond what you can do from the platform. As an MSSP, you need to be very mindful that there are company resources which make the final call on whether to block something or not, whether it's malicious but still needed for that particular environment. So I normally commit to 15 minutes for MTTD and less than two hours for MTTR.

I think over the last one and a half years they have been improving significantly. Prior to that, they were also a very good product. In the market, there are hardly three products I can name: SentinelOne, CrowdStrike, Defender for Endpoint, and a bit of Cortex, but I am not that impressed with that product. These are the three major products that are doing very well in terms of their active EDR engine where you get the storyline correct—what exactly has happened, the parent process, child process, command line arguments. You get everything in a single fetch. Now with Purple AI, I think you get everything. Even an L1 engineer does not need to do anything complex. They can just write in natural language and get the details they need.

I think SentinelOne Singularity Endpoint presents a very holistic picture of an alert. Their enrichment layer is quite great. Once you get an alert, you get the complete process around it: how the parent process has started, which child process it has enabled, what kind of command line arguments or modifications have been done, what kind of scheduled task has been created, what kind of network connection you have, and what kind of file activity has occurred. You get everything in a single view.

In terms of their XDR, the consolidation is quite good. They have their own SIM and everything as well. The consolidation point has improved a lot, and you get everything under a single umbrella. This makes life much easier for MSSPs like me to manage a particular customer.

I think a few things are the confidence level you get in an alert. You get that very straightforward, so it is easier and you do not need to worry about it. The second thing is the automation level within the platform. Your alerts lifecycle has false positives reduced dramatically. You get all these features, and they help a lot. Also, the biggest factor is when I am opening SentinelOne Singularity Endpoint and presenting to a customer, the question is whether I can get a complete story of what has happened. That is where the most fatigue happens. When an alert occurs, people have to reach out to multiple sources to find out what exactly has happened. I think the story completeness is quite great with SentinelOne Singularity Endpoint.

The biggest problem for any organization is their L1 layer. That is where you spend more time when you get an alert, determining what exactly happened and whether it should be converted to an incident or whether it is a false positive or a true positive. Now with Purple AI and their LLM module, it is quite easier for the L1 engineers. The fatigue is quite low, and the alert to incident ratio has improved quite a bit. You know what is coming and what is not, and the L1 can add more value than they normally did before. Your load becomes easier on the L1 engineer, and obviously you can cut your costs there as well because one person can do more work. You do not need to teach any new language to manage SentinelOne Singularity Endpoint. As an MSSP, we can utilize the same L1 for multiple providers.

Since the enrichment layer is great and we get the data properly with deep visibility and the storyline is complete, the dashboarding is quite decent. You can make the call quite faster, and resolution time has decreased significantly.

The Purple AI features are notable. One of the most notable features is that you get a complete summarized alert. This works for someone who is not a great security L1 professional who has just joined from college or even for a more experienced professional who wants to see much data. You also get your AI verdict, indicating whether something is a true positive or false positive, so you get validation from AI. You get community verdict as well. If someone else has seen those alerts, you also see if there are similar alerts happening 1000 plus times, 10,000 plus times, or even just twice, or if it is only a standalone alert. Apart from that, you get a complete summary of what has happened, where it has happened, and why it has happened. You get complete details about what exactly has happened in a single click. So I think this makes life much easier for a respondent.

The two things that are top of my mind are Purple AI and the consolidation. What you get is detailed reporting and detailed RCA as well from them. The third thing is the storyline and complete visibility of what has happened and the complete flow of a particular attack vector. You get that very properly in SentinelOne Singularity Endpoint.

In terms of advantages, I think I will still use the AI visibility and the storyline. Most of the EDR providers use the same capabilities. Everyone has similar feature sets and everyone has been rated by ISG or other organizations. The end of the story that matters for every end customer or a provider like me is how well I can use it without getting too complicated. I have multiple stacks that I manage in my day-to-day, so how well their dashboard is, how well they are able to tell me the story around it, what exactly has happened, how exactly it happened, and how well they let me customize it matters. I think that is where SentinelOne Singularity Endpoint stands out. They are doing quite great there. At the same time, the Purple AI feature is much better. Imagine going for Copilot, which is a generic AI platform not specific to security. You may need to train it and work around it to get the exact responses you want. Apart from that, you pay for it, and you have to integrate it with your XDR or SentinelOne Singularity Endpoint, which creates lots of complications. When you get SentinelOne Singularity Endpoint, it is easier. Purple AI is already built into it, so you do not have to worry about it. You just buy it and can use it from day one.

I think they are doing pretty decent. The only thing is that once you are competing with someone like Microsoft and CrowdStrike, I think the investment should be slightly more in terms of a holistic view. Their threat feed is also limited. You get a very vast threat feed, but again it is not as mature as you get from a CrowdStrike or Microsoft stack. I think that is where they can look at it. Threat hunting is also something they do, so I think they can improve there as well. I think everyone is almost similar in that regard, so I think the rest of everything looks fine.

In terms of pricing, SentinelOne is slightly cheaper than CrowdStrike and Microsoft from what I have seen. Obviously, it is costlier than Sophos and a few other providers, but cheaper than those two. Deployment-wise I think it is there. I think the only thing is that Microsoft offers some free deployments to their customers with ECF funding and other options. I think that is something which Microsoft, being a bigger partner, has. Otherwise, I think they are doing good.

Regional availability is there, and I do know they are in most locations. In terms of compliance, there are some locations where I have seen them saying they still host on the US or EMEA region. I think the regional maturity is something they need to improve. I think otherwise, everything they are doing is quite good.

I have been using SentinelOne Singularity Endpoint for three to four years now.

I have not experienced any stability issues.

It is a very scalable environment. We have some large deployments on SentinelOne Singularity Endpoint, so the environment is very stable.

As a service provider, we manage most of the discussion in-house. Whenever we reach out to them, we get a very good response from them.

I think SentinelOne Singularity Endpoint is quite straightforward. They have been in the market, so the deployment and initial setup is quite easy. It is not a very tricky task and is very mature.

I think SentinelOne Singularity Endpoint is quite straightforward. They have been in the market, so the deployment and initial setup is quite easy. It is not a very tricky task and is very mature.

We purchased directly from SentinelOne.

As an architect, I do not work directly on ROI, but I think it is understood.

SentinelOne Singularity Endpoint sells on a SaaS model. For us, it does not matter whether it is AWS or Azure, but we work with Azure, AWS, and everything.

SentinelOne Singularity Endpoint sells on a SaaS model. For us, it does not matter whether it is AWS or Azure, but we work with Azure, AWS, and everything.

The ask is always simple from a customer standpoint. What exactly do you want to achieve, and what exactly is your problem base? Take a call in terms of what makes your life easier rather than having a very fancy-looking product and still having to learn a new technology or hire a new set of people. I think that is the concern most companies have. So just go for a genuine product which does serve the purpose and at the same time gets you out of the situations. I would rate this product and experience a 9 out of 10.

I deploy SentinelOne Singularity Endpoint agents on my client's servers and other endpoints to secure those systems.

SentinelOne Singularity Endpoint offers the best features in the market at an affordable rate, providing a secure solution. The easy-to-understand user interface and Purple AI are standout features.

Correlation is important, and I have correlated SentinelOne Singularity Endpoint with other types of devices and created several correlation use cases, making it feasible to create multiple correlating use cases.

It helps secure my infrastructure because it has a very fast response. The moment it detects a vulnerability or any threat malware on any file, it creates an alert and quarantines that file automatically, proving very reliable and saving significant time.

It does help reduce alerts. Although it generates many false positive alerts initially, when managed properly by deploying custom use cases, it detects only the required alerts, saving considerable time by marking only true positive alerts.

SentinelOne Singularity Endpoint is a fully AI-based model, negating manual tasks and allowing me to save considerable time to manage other priorities.

It saves a lot of time by detecting alerts in real-time and automatically quarantining malicious files.

It does help reduce my organization's mean time to detect.

I have used the Purple AI feature that SentinelOne Singularity Endpoint provides quite extensively.

I have used Purple AI for identifying IOCs on my client infrastructure. Regarding data privacy, I do not rely on external LLMs like ChatGPT or Claude due to potential misuse of my valuable data. Purple AI, being SentinelOne Singularity Endpoint's in-house automated intelligence, is much more reliable from a data privacy perspective.

Purple AI has been very effective for my team, providing various features including the Copilot feature, which allows me to identify many non-present IOCs quickly and retrieve information in a very fast manner, saving considerable time.

It provides IOCs, which are a form of threat intelligence. By utilizing Purple AI, I am effectively preventing my clients from various forms of threats.

For Security Operations, it saves considerable time by performing quarantine automatically whenever a threat is detected.

The biggest benefit SentinelOne Singularity Endpoint brings to my particular customer is its fully autonomous capabilities, automating threat detection and auto-remediation rules, making it efficient.

I feel that the custom dashboard feature is absent in SentinelOne Singularity Endpoint, as I can only use a default dashboard. Additionally, for clients with large infrastructures of over a thousand endpoints, resource consumption can become high, which could be improved.

I have been using SentinelOne Singularity Endpoint for more than a year.

There have not been any issues regarding stability. It is fully scalable, allowing me to scale up or down as needed.

Regarding performance, I have faced some resource consumption issues for one particular client with a huge infrastructure. However, customer support resolves issues within the day, so I do not worry much about finding solutions.

The customer support team is very good at responding to queries on the same day. I would rate them ten out of ten in customer support.

I feel it is very easy to install SentinelOne Singularity Endpoint on any endpoint, as it just takes a few seconds to deploy and install the agent.

I am aware of the pricing module for SentinelOne Singularity Endpoint, although I am not the person handling it directly.

The cost for SentinelOne Singularity Endpoint depends on a per-device basis, charging around eight to ten dollars per month per device, which can be multiplied by the number of devices I want to deploy.

It is very cost-effective compared to other solutions, as SentinelOne Singularity Complete is not that expensive and has an aggressive price point.

I feel that in a week, for a particular client, five to seven alerts are generated. Out of those, if I estimate seven alerts, three would be suspicious, two false positives, and the remaining two or three would be true positives. I feel that twenty to twenty-five percent of alerts are false positives.

I would recommend that organizations choose SentinelOne Singularity Endpoint due to its impactfulness and low price, as I believe no other product offers what it does. My overall review rating for SentinelOne Singularity Endpoint is eight out of ten.

SentinelOne Singularity Endpoint is used in my company as we are a client of Sentinel. The primary use cases are for endpoint security, policies, and other features.

The most valuable features I find in SentinelOne Singularity Endpoint are the EDR, lateral movement feature, and machine learning feature, which I find impressive.

I am using the Ranger functionality in Singularity.

SentinelOne Singularity Endpoint does provide network and asset visibility, but in Singularity, you do not have the complete feature. If you want more EDR and want to know from where the attack happened and what it does, you have to purchase the EDR. When I purchased Sentinel, it had three products: SentinelOne Core, Control, and Complete. We are using Core. If you want full visibility on an EDR, there is one more add-on that you have to purchase. As a product, I think most of the features remain the same. It does not allow the machine to work if it finds any unknown activity; it immediately blocks the machine from the network and isolates it completely. Regardless of the location or where you are, if your machine is connected to the internet, you will get an alert that this machine has been isolated. It does not allow you to work at all.

There are certain things that need to be improved, such as the roll-up things because not every upgrade or update is useful. They have to do more work on the configuration side, which I believe they are already working on.

I would appreciate improvements in the patches. If I have Windows patches or application patches, it would be excellent if they could cover that on the same portal so I could go straight in and do it. It shows the vulnerability but does not provide the package to resolve that vulnerability. For example, if my Windows is outdated and Sentinel finds that there is an update that is not installed, there should be an option to install the Windows update from the portal itself.

The additional features I would appreciate in the future are already present in the Complete feature of SentinelOne Singularity Endpoint. Since I am using Core, whatever features are lacking in Core are already in Complete, so if customers want those features, they can upgrade their product.

I have been working with SentinelOne Singularity Endpoint for more than four years.

The response is excellent from them; the moment I submit a ticket, I can expect their response within 15 minutes, less than 15 minutes.

For technical support, I would rate them 9.5.

For security solutions, we are also using different types of products, but I have never done the correlation across our different solutions.

Regarding Purple AI, we have recently done that with ManageEngine.

We have not integrated SentinelOne Singularity Endpoint with third-party solutions.

My overall review rating for SentinelOne Singularity Endpoint is 9.5.

My main use case for SentinelOne Singularity Endpoint is endpoint detection and monitoring as well as monitoring devices. An example of how I use SentinelOne Singularity Endpoint for endpoint detection is monitoring the device to see if there is any suspicious activity.

SentinelOne Singularity Endpoint has a very quick detection capability, so we managed to detect a virus and quarantine it during a recent situation.

The best features SentinelOne Singularity Endpoint offers are the fact that it quarantines any malicious activity very quickly and it detects by hashes. When threats such as ransomware or malware are detected, it alerts me quickly and quarantines the file.

SentinelOne Singularity Endpoint's scalability is very easy to scale because it just takes adding devices since the main server is already set up. SentinelOne Singularity Endpoint is deployed in my organization on-premises via agents that are installed on each device. SentinelOne Singularity Endpoint has impacted my organization positively as we have been able to minimize threats, and it is automated.

It is very difficult to say how SentinelOne Singularity Endpoint can be improved as it is such a great product. It would be nice if they improved the user interface. I wish it was easier to navigate the dashboard and that it was more user-friendly.

I have been using SentinelOne Singularity Endpoint for three years in total.

SentinelOne Singularity Endpoint is stable.

SentinelOne Singularity Endpoint's scalability is very easy to scale because it just takes adding devices since the main server is already set up.

The customer support is great and very easy.

I would rate the customer support on a scale of 1 to 10 as a 10, and I would give customer support a 9 from 1 to 10.

I previously used Microsoft Defender. I switched because SentinelOne Singularity Endpoint has a lot more AI capabilities and is much easier to use and has a better detection procedure.

My experience with pricing, setup cost, and licensing was very easy and simple.

Singularity Complete has helped me consolidate my security solutions, as I was able to get rid of a lot of unnecessary software.

I have seen no return on investment as I do not deal with finances.

My experience with pricing, setup cost, and licensing was very easy and simple.

I evaluated other options such as Microsoft Defender as well as Kaspersky before choosing SentinelOne Singularity Endpoint.

SentinelOne Singularity Endpoint has helped reduce my organization's mean time to detect, or MTTD, by 56 percent. SentinelOne Singularity Endpoint has helped reduce my organization's mean time to respond, or MTTR, by 50 percent.

My advice to others looking into using SentinelOne Singularity Endpoint is that they should evaluate the product and run a proof of concept to see if it is well-suited for the organization.

Regarding SentinelOne Singularity Endpoint's AI capabilities, I believe it has a lot of governance and security features that are built-in, which I am very impressed with. It is very accurate in terms of its detection regarding SentinelOne Singularity Endpoint's AI capabilities in terms of accuracy and reliability of its output.

I am very impressed with SentinelOne Singularity Endpoint's ability to ingest and correlate across my security solutions because the solution is able to do its own thing with very little interaction with anything else.

Singularity Complete has helped reduce alerts by 56 percent as it was able to mitigate false positives. Singularity Complete has saved my staff a couple of hours every day as less human intervention is required and they are able to release the devices. I would rate this solution overall a 10.

My main use case for SentinelOne Singularity Endpoint includes ransomware attacks, server management, disk scans, anti-attacks, and reviewing threats or events generated by some attack.

I consider the best features that SentinelOne Singularity Endpoint offers to include its robust protection and the very detailed breakdown of all the events generated on devices, as well as how fast and effective its method of action is—whether that's blocking, deleting, or rolling back to a previous version from before the threat appeared. That makes it very flexible and very robust for protecting sensitive machines such as servers, databases, and AD, among others.

Singularity Complete has helped me free up time for my staff, allowing them to focus on other projects or tasks; it has saved a lot of time, because normally, when you do checks in a standard console for another solution, SentinelOne Singularity Endpoint reduces review time by about 50–60% of the tasks, since it's such a robust tool and at the same time has such an easy-to-understand interface. That makes it much easier to understand, reviews are much faster, and with fewer alerts, there are fewer alert reviews on devices.

I think SentinelOne Singularity Endpoint could be improved; I have seen that SentinelOne Singularity Endpoint has an artificial intelligence feature, but so far I haven't been able to apply it. I don't know if it's enabled for all consoles. At the moment, in my company, I manage around five consoles and so far I haven't seen an AI, or I haven't seen details on how to use the AI to improve event analysis. Even though SentinelOne Singularity Endpoint outputs all the events in a very detailed way, it's understandable that it's a huge amount of data, and you can't easily detect a pattern with the human eye, maybe across one or several machines. A specific guide on how to use that AI in these cases would be beneficial.

Regarding necessary improvements for support, there have been cases where support doesn't fully understand what I'm saying or sometimes what I request ends up being very redundant, because even though I manage many clients, when a case is opened for the same issue, they ask me for the same information even though it's already been handled before. This generates frustration both for me and my staff and for the end client, because what we're looking for is a quick response. Additionally, sometimes the response time is quite long for certain incidents—response time can be two to four hours, based on my experience. Response times or attention could certainly be improved, at least for cases that are already known.

I give it a nine because even though the tool is very robust, it still lacks an AI component, as I mentioned earlier. We're in the AI boom right now, and it's really necessary for companies given the amount of information they handle. Since SentinelOne Singularity Endpoint gives you a very detailed breakdown, it would be good to have AI as an additional tool for response and information extraction. Also, what's missing to reach 10 is support and response time, because while sometimes they respond, other times they take too long or don't fully understand what you're trying to say, and that makes things difficult. Since I'm primarily a Spanish-speaker and not so fluent in English, there are also some communication issues. The tool itself, as an antivirus solution, seems very good to me.

I've also seen that SentinelOne Singularity Endpoint only keeps an account active for 90 days of inactivity and then removes it. If no one logs into the organization, then nobody has access and you have to open a case with the vendor. Sometimes that's really annoying. Ideally, there should be an account without an expiration date so you don't lose all console management. I've had two clients where this happened. The 90 days don't always fully pass, but after 40 or 50 days, nobody can log in and you have to open a case with the vendor. Sometimes they have to run checks, so an improvement would be to add a primary account or maybe two primary accounts if a third party is the one that contracts SentinelOne Singularity Endpoint, so that you don't lose overall management and have to open a case with the vendor. That often takes a long time and depends on who purchased it, under whose name it's registered, and that creates frustration on both sides.

My impression of SentinelOne Singularity Endpoint's ability to ingest and correlate information across my different security solutions is very good, because we associate it with a SIEM, but even then the SIEM gives us almost the same information. We use SentinelOne Singularity Endpoint itself to correlate information and we do see a big difference compared to other endpoint security solutions. Its capability as an antivirus and incident response tool is very extensive. I think, of all the solutions I've seen, SentinelOne Singularity Endpoint would be first, then Cortex, then Kaspersky, and so on.

I have used other solutions before SentinelOne Singularity Endpoint; we've actually used a lot of technologies. In this case, we haven't strictly replaced an antivirus. For workstation machines, more general technologies are used, like Cortex, Kaspersky, and Trend Micro. However, for sensitive machines with very sensitive information or that are highly exposed to attacks, we've used SentinelOne Singularity Endpoint. Because we know it's a more robust technology, it allows us to have better analysis and better security on those more sensitive devices. Since the number of such devices isn't very large, we focus on providing better security there.

I have seen a return on investment from implementing SentinelOne Singularity Endpoint; we've seen time optimization and fewer staff needed. Since our company provides services, analysts can dedicate themselves to other requests, because with clients that have SentinelOne Singularity Endpoint, we almost never have to deal with incidents, as SentinelOne Singularity Endpoint itself blocks them. Most of the time what they contact us for is account enablement.

My experience with licensing costs, pricing, and configuration of SentinelOne Singularity Endpoint is that I haven't really seen the licensing prices. I have seen the configuration side, and it's very quick to implement. At least in the implementations I've been involved in, I haven't had many problems—almost never. I don't know about pricing, because I'm in support and analysis, not in sales or pre-sales.

Before choosing SentinelOne Singularity Endpoint, I did evaluate other options; the other options we consider are: if the machines are sensitive, like servers or databases, SentinelOne Singularity Endpoint is the primary choice. If not, we go to Cortex; if not, to Kaspersky, Trend Micro, and so on. The main ones are SentinelOne Singularity Endpoint and Cortex.

There was another case when there was a ransomware attack on a machine that didn't have any security solution, no antivirus installed, and a ransomware attack was detected. I installed SentinelOne Singularity Endpoint on it, and when I completed the installation and the disk auto-scan ran, it detected a threat that was active there. I isolated the server in that case and let SentinelOne Singularity Endpoint keep running to see if there were any other threats. Because there was already a vulnerability and I installed SentinelOne Singularity Endpoint afterward, I couldn't do much more, so based on what SentinelOne Singularity Endpoint showed me about that threat, I also carried out checks on the other servers. Fortunately, thanks to that detection SentinelOne Singularity Endpoint made, I was able to find several servers that had no security components installed, which was due to an oversight by that company's security staff. I installed SentinelOne Singularity Endpoint on the other servers, ran a full disk scan, and from there reviewed the detailed events for everything that's generated, because SentinelOne Singularity Endpoint shows you every event that's detected. Based on that, I was able to detect some anomalous patterns or port connections to devices and queries. Based on that, I implemented best practices on both the firewall and the endpoint.

The advice I would give to other professionals who are considering implementing SentinelOne Singularity Endpoint is first to review the company's budget for endpoint implementation across the whole organization. If there are many devices and they can afford SentinelOne Singularity Endpoint, they should go for it. If not, they should opt for a lower-tier, more economical technology, and focus on using SentinelOne Singularity Endpoint specifically on the most vulnerable or sensitive devices—in this case, servers and databases. While SentinelOne Singularity Endpoint is somewhat expensive, as far as I know, it's very good in terms of protection. If they can't afford SentinelOne Singularity Endpoint for the entire company, they should deploy a cheaper technology for workstations and focus on acquiring at least SentinelOne Singularity Endpoint for, say, 100–120 licenses for servers and sensitive devices. That will help a lot in mitigating many threats and service availability issues that are critical for the company. It's better to spend a bit more money protecting your sensitive machines than protecting them with something cheaper and having potential problems, outages, or impacts. I give the tool a rating of 9 out of 10.

I am using SentinelOne Singularity Endpoint basically for endpoint protection, and some customers have requirements for USB control and network control as well.

When it comes to the favorite features of the customers, they appreciate the additional management opportunities that SentinelOne Singularity Endpoint provides. For example, remote shell execution, rebooting, restarting, and pushing messages to the endpoint are the most favorite features that customers are requesting.

It has saved considerable time. For example, I can take device control and control all device control features and device control permissions through SentinelOne Singularity Endpoint. Otherwise, I would have to depend on a different solution to achieve that. Using SentinelOne Singularity Endpoint, I can achieve that as well.

When it comes to SentinelOne Singularity Endpoint, most of the complaints I am getting are related to the connectivity between the endpoint and the cloud console. It disconnects from time to time without proper reasons. Also, when I compare it to other next-generation antivirus or next-generation endpoints such as CrowdStrike, SentinelOne Singularity Endpoint has many dependencies on Windows. That is the most disliked aspect coming from the customers I work with.

Other than Windows, when it comes to Linux and Kubernetes, SentinelOne Singularity Endpoint is great. However, when it comes to Windows, there are a lot of dependencies.

There are some issues with collecting crash reports and crash logs on the endpoint. They are not visible over the console. Sometimes, the PC's hard disk and its available space is consumed by the SentinelOne Singularity Endpoint agent. I have to attend manually and clear the crash data. I can do it on the SentinelOne Singularity Endpoint management console as well, but I have to go with a restart. For critical servers, it is a huge headache for the end users.

I have been working with SentinelOne Singularity Endpoint for about two and a half years.

SentinelOne Singularity Endpoint scales well and is scalable.

SentinelOne Singularity Endpoint provides pretty good support to their end customers.

There are some improvements needed. When it comes to some troubleshooting, such as technical troubleshooting, I have to do some follow-ups in order to get relevant feedback from them.

Most of the customers in Sri Lanka are currently migrating from SentinelOne Singularity Endpoint to CrowdStrike. CrowdStrike is the main alternative product in the market at the moment for SentinelOne Singularity Endpoint.

I prefer CrowdStrike because it is easier to manage. When it comes to SentinelOne Singularity Endpoint, after the agent is pushed to the endpoint and the installation is done, I have to do a reboot to establish the connection and turn on the engines. With CrowdStrike, I do not need to do any restart upon installing the agent on the new device.

SentinelOne Singularity Endpoint is easy to set up. It does not have any deployment mechanism, so I either have to install it one by one on the PC manually or I can use third-party tools to do the deployment. For example, I can do remote deployment through Active Directory. When it comes to deployment, it is not that difficult. It follows the same procedure as other vendors.

Since I work in post-sales, prices are not revealed to me, but to my knowledge, SentinelOne Singularity Endpoint is a bit cheaper than other products in the market. For example, when I compare CrowdStrike with SentinelOne Singularity Endpoint, SentinelOne Singularity Endpoint is a bit cheaper. Since I work in post-sales, I do not get exact price information. Based on my understanding, that is the basic pricing.

Ranger functionality is used to detect the agents.

Asset discovery is an important feature. As far as my understanding goes, once I enable the Ranger function in the console, I can initiate a network scan through the available agent. By doing that, I can identify what IoT devices and other devices are available in my network infrastructure. I can get better visibility over the network, which devices have the SentinelOne Singularity Endpoint agent, which devices do not have the SentinelOne Singularity Endpoint agent, and so on.

SentinelOne Singularity Endpoint helps to reduce alerts because there are customizable options when it comes to the alerts. For example, if I get false-positive alerts over time, I can do exclusions for that particular alert. Similarly, I can reduce many alerts using SentinelOne Singularity Endpoint and the Singularity platform. I gave this review a rating of 8.

SentinelOne Singularity Complete has helped customers consolidate their security stack by offering superb threat hunting, excellent incident response, and compliance monitoring in the EDR, with ransomware protection being exceptionally well supported by the Rollback feature. The behavior analytics in the tools are outstanding, providing granular reports and identifying abnormal users and activities while detecting previously undetected threats. This functionality is excellent in both the EDR and XDR of Singularity throughout the year.

The Ranger functionality of SentinelOne Singularity Endpoint is valuable for understanding your environment, but I would want something integrated comparable to Mythos with all the features associated with Mythos. I would appreciate improvements to the technical support. I would prefer to see faster response times and quicker resolution from the technical support team of SentinelOne Singularity Endpoint.

Regarding overall security, it is about managing the attack surface, securing data, brand, and organizations, as everything relates to compliance in data security. Overall security with tools including SASE, SOAR, SIEM, threat intelligence, and integrations with EDR and XDR is excellent. SentinelOne Singularity Endpoint has helped my customers reduce their organization's mean time to detect, as detection is a matter of seconds—improving from 40 seconds to 30 seconds in case of any attacks and altering mean time to respond depending on incident types such as P1, P2, P3, and P4.

Challenges can arise depending on the customer base, as the technical team must respond very quickly, especially since the post-sales team needs to have better quality than others to win the market. I participate in the initial setup of SentinelOne Singularity Endpoint as part of my regular tasks. I would rate this review a seven out of ten overall.