SentinelOne Singularity Endpoint's main use case is that it includes EDR, XDR, and NGSM. SentinelOne Singularity Complete has the ability to ingest and correlate across security solutions extensively. It functions as an EDR, XDR, and MDR mix with Purple AI and NGSM real-time monitoring tools.

Ranger functionality is a network discovery and control feature. Its primary role is to identify and manage unmanaged devices on the network. It detects devices in our network, ingests logs from network sources, and captures threat metrics, including IOCs. Ranger functionality is effective for identifying rogue devices in our network.

What I appreciate most about SentinelOne Singularity Endpoint is the fastest response of EDR and the rollback VSS capability. The rollback feature is my top preference, followed by the fastest response from the EDR side.

SentinelOne has helped reduce alerts for us by almost 50%. Before implementing SentinelOne Singularity, my colleague told me that we were using an AV, but I do not have knowledge about which AV we were using. After using SentinelOne Singularity platform, the time has reduced by 50%.

There is up to 30 to 40% mean time reduction in MTTD.

For mean time to resolve, whenever we get the alert from the console, we integrate SentinelOne Singularity with a sub-console, so it raises the alert within five minutes.

For SentinelOne Singularity Endpoint, the first issue I dislike is the high CPU utilization, and the second is a very high number of false positive alerts from the EDR.

Data security is very important in today's organizations when using Purple AI with endpoints in the SentinelOne Singularity network and applications everywhere. However, SentinelOne Singularity does not have strong features for data security. Purple AI is used to find IOCs, hashes, zero-day vulnerabilities, or CVEs found in the network. We use it for that purpose only. From a data security perspective, SentinelOne Singularity does not have a major role. With Purple AI, we ask questions about an IOC or provide a query and receive answers from Purple AI, but that is the extent of its functionality.

I have been working with this solution for eight months.

SentinelOne Singularity Endpoint protection runs continuously. I heard news about one or two years ago that CrowdStrike had a blue screen issue, but I have not heard any news about SentinelOne lagging or crashing. I have been using it for the last eight months with no issues from the Singularity application.

Scalability with SentinelOne depends on your organization and how many licenses you have. I am a co-worker of Softcell, and we have a license for 7,000 to 8,000 endpoints. Currently, we have only 6,000 endpoints implemented for our customers and for our use only. Scalability-wise, it is very scalable and depends on how many licenses your organization has purchased from SentinelOne.

Support is very important for SentinelOne Singularity Endpoint. Because it is a SaaS product, whenever we get stuck, we require a TAC team or support team. For instance, two days ago, one of our customers was hit by a ransomware attack. We required the support team to help us with root cause analysis to find out why the ransomware entered our client's organization. The support team helped us all night, standing with our customer while providing support to us. Support is very important for SentinelOne, and the TAC team is essential.

If I were to rate the support on a scale from one to ten, I would give it a nine. Support is important for us.

Before SentinelOne Singularity Endpoint, I used an AV, but I do not have knowledge about which AV it was.

SentinelOne Singularity Endpoint's initial deployment is very easy. I have eight months of experience with it and take on some admin responsibilities. We have to set up the tenant, though I do not have access to do so. I am downloading the packages during our initial deployment. Downloading the packages and installing them is very easy. We just require the site token from the management console. For our organization's pilot deployment, I downloaded some SentinelOne Singularity Endpoint packages on laptops. With eight months of experience as a fresher, I can install the endpoints on laptops. The initial setup is very straightforward.

I have not used any alternatives to SentinelOne Singularity Endpoint. I have knowledge of other solutions, but I am using SentinelOne for the first time. Before this company, I was a college student, so this is my first company and my first tool.

SentinelOne Singularity Endpoint has helped reduce alerts for us by almost 50%. Before implementing it, my colleague told me that we were using an AV, but I do not have knowledge about which AV it was. After using SentinelOne Singularity platform, the time has reduced by 50%.

There is up to 30 to 40% mean time reduction in MTTD.

For mean time to resolve, whenever we get the alert from the console, we integrate SentinelOne Singularity with a sub-console, so it raises the alert within five minutes.

I would rate this solution a 9 out of 10 overall.

From my IT experience, I have been working with multiple endpoints for about eight to ten years, and specifically with SentinelOne Singularity Endpoint for over four years.

I am a current administrator of SentinelOne Singularity Endpoint, and I have been involved in decision-making from vendor assessment to purchasing and deploying the product to end-users.

For SentinelOne Singularity Endpoint, our main use cases include endpoint patching and updating, whereby we roll out the agent to different operating systems. Overall, our experience with SentinelOne Singularity Endpoint has been very positive; the combination of MDR and endpoint protection significantly strengthens our security posture, especially as we grow as a small to medium business in the energy sector and battery manufacturing. I come from the US Energy sector, which manufactures zinc batteries in the United States and globally, with our headquarters in Pittsburgh, Pennsylvania.

The most valuable features of SentinelOne Singularity Endpoint include robust MDR support, autonomous EDR capabilities, real-time detection, rollback, and automatic remediation, which reduce manual workload. The lightweight agent that runs on any endpoint is crucial, and it provides clear visibility in the event of an incident, including a detailed storyline with guidelines for analysts. SentinelOne Singularity Endpoint works with all platforms—Windows, Linux, Mac, and even ARM devices—making it compatible across our devices.

The cross-platform support and ease of deployment make it a great fit for the energy sector, providing scaling from SMB to enterprise-level protection.

Regarding SentinelOne Singularity Endpoint's ability to ingest and correlate across our security solutions, we approach security as a defense-in-depth layer; if one tool misses a detection, others will pick it up. So far, we have not missed any detections, and we have a positive outlook on strengthening our overall security posture with the help of SentinelOne Singularity Endpoint, which reduces manual workload while providing enterprise-level protection, especially since we are a small to medium business with limited resources.

In terms of consolidating our security solutions, I would rate SentinelOne Singularity Endpoint a 9 out of 10 because it meets all our use cases effectively. It provides granular insights into endpoints and comes with feature roadmaps, including AI security analysis that helps us understand the usage of shadow AI in our environment, vulnerabilities, and overall system alerts. This functionality allows us to monitor how many threats were remediated and triggered, significantly enhancing our security posture.

We assessed the Ranger functionality a couple of months ago; we turned it on for a trial and subsequently turned it off. When we activated it, it scanned our network for shadow endpoints without SentinelOne Singularity Endpoint, identifying devices such as printers or scanners. It provided insight into unknown devices on our network and scanned for vulnerabilities, giving us valuable reports through the Singularity dashboard.

For reducing alerts, we need to collaborate with the MDR team to manage false positive alerts. The support from MDR is frequent; once an alert is triggered, they respond within 48 to 72 hours based on criticality. We are pleased with their support, which helps us address false positives. Although we receive more than one hundred alerts, we mark them as false positives to reduce noise. SentinelOne Singularity Endpoint interface is user-friendly, allowing us to manage daily tasks efficiently while maintaining high security without a large team.

Currently, we are managing about 10 to 20 different tasks or projects simultaneously, requiring minimum input from analysts. SentinelOne Singularity Endpoint MDR team provides guidance on handling alerts, helping us maintain a small security team while effectively minimizing the noise created by alerts.

The mean time to detect has significantly improved since implementing SentinelOne Singularity Endpoint from the previous technology we used, which lacked MDR functionality. With higher priority alerts, the response time is swift, enhancing our overall security and asset protection.

The mean time to respond has significantly decreased thanks to the features available, such as isolating compromised servers directly through the UI, which helps prevent the spread of threats on our network effectively.

We have not activated Purple AI yet, but when alerts occur, the guidance provided is helpful, summarizing what triggered the alert and offering steps for analysis. It aids our small team by providing high-level overviews of alerts.

To improve SentinelOne Singularity Endpoint, I suggest enhancing the dashboard and reporting functionalities for better customization, making it easier for management to access tailored reports. Also, deeper integration with other tools would streamline daily operations, especially as it currently does not support mobile devices—though I know this feature is on their roadmap.

From my IT experience, I have been working with multiple endpoints for about eight to ten years, and specifically with SentinelOne Singularity Endpoint for over four years.

So far, I find the stability and reliability of the service to be excellent, estimating 99.95% uptime.

The scalability of SentinelOne Singularity Endpoint has been impressive; as we have grown from 200 employees to where we are now, SentinelOne Singularity Endpoint has scaled alongside us, ensuring effective threat management and security.

My experience with SentinelOne's customer service has been positive; I would rate them four out of five. Although there were times communication was delayed by one or two days, they provided solutions reliably.

Before adopting SentinelOne Singularity Endpoint, we used McAfee.

We decided to switch from McAfee due to limited visibility on threats, manual remediation taking too long, a lack of centralized incident storylines, and difficulty managing alerts, particularly with their legacy AV missing modern threat detection.

The initial setup was straightforward, with SentinelOne Singularity Endpoint's dedicated team managing the backend script running migration for any online endpoints, ensuring a seamless onboarding process.

I participated in the initial setup of SentinelOne Singularity Endpoint as part of the migration project.

Prior to choosing SentinelOne Singularity Endpoint, we evaluated a few other vendors through POCs, and ultimately, everyone agreed to proceed with SentinelOne Singularity Endpoint.

During the POC, we tested a couple of endpoints in our environment, confirming that SentinelOne Singularity Endpoint is a good fit for our executive membership side, leading us to choose SentinelOne Singularity Endpoint.

In terms of consolidating our security solutions, I would rate SentinelOne Singularity Endpoint a 9 out of 10 because it meets all our use cases effectively. It provides granular insights into endpoints and comes with feature roadmaps, including AI security analysis that helps us understand the usage of shadow AI in our environment, vulnerabilities, and overall system alerts. This functionality allows us to monitor how many threats were remediated and triggered, significantly enhancing our security posture.

We assessed the Ranger functionality a few months ago; we activated it for a trial and subsequently turned it off. During activation, it scanned our network for shadow endpoints without SentinelOne Singularity Endpoint, identifying devices such as printers or scanners, and provided insights into unknown devices on our network, offering valuable reports through the Singularity dashboard. Although we have not yet activated Purple AI, the guidance provided when alerts occur is helpful, summarizing what triggered the alerts and offering analysis steps for our small team, providing high-level alert overviews.

I rate this review a 10 out of 10.

SentinelOne Singularity Endpoint is one of the applications that we are using in our environment. We have been hands-on with SentinelOne for more than a year now.

SentinelOne Singularity Endpoint is very good because alerts are generated on a real-time basis. The real-time detection makes it a much better option to rely on. In comparison to other tools like Wazuh, which we use as a SIEM tool in our environment, Wazuh detects alerts very late. However, EDR solutions like SentinelOne Singularity Endpoint detect alerts in real-time, so we can rely on it much more than other tools.

Purple AI was recently introduced by SentinelOne, introduced last year. Purple AI helps us while creating advisories for our clients to identify any ongoing vulnerabilities. From a data privacy perspective, it is good because Purple AI is an inbuilt feature that SentinelOne has introduced. It is comparatively much better than using any other LLM across the internet.

To make it much better, the STAR custom rule option that SentinelOne offers could be much better and easier to deploy. As of now, I have not learned it properly, but I know it is very useful for creating and deploying use cases. The STAR custom rule can be much improved in SentinelOne Singularity Endpoint.

SentinelOne Singularity Endpoint is very useful because if there is any virus or malware detected in any endpoints, it quarantines the malware or any malicious application that it deems unusual and should not be there. It works amazingly well in this regard because it quarantines and flags it as malicious through its behavioral analysis. For endpoint security, SentinelOne Singularity Endpoint is the best option.

If a user on an endpoint downloads a file from an unknown or malicious website that contains anything malicious or has an unknown presence of suspicious or malicious EXE, SentinelOne Singularity Endpoint uses behavioral analysis with static and dynamic components. Static analysis is rule-based and created by users like us, while dynamic analysis uses behavioral pattern matching. This is useful in zero-day attacks, which is why it is one of the best options when it comes to endpoint security.

SentinelOne Singularity Endpoint is very easy to understand because the incident options and threat options are easy to understand, and the UI is very user-friendly for understanding what use cases we can create. In comparison to CrowdStrike, which took a long time for us to understand regarding what use cases we could create, SentinelOne Singularity Endpoint was much easier for us to understand. SentinelOne Singularity Endpoint provides the same functionality as CrowdStrike and is also easier to understand. For this reason, I feel SentinelOne Singularity Endpoint is much easier and much more preferable compared to other solutions.

I would rate it eight out of ten.

Ranger functionality is something I am not familiar with, and I do not have any hands-on experience with that function.

It depends on the client's perspective. If we have to whitelist any specific thing, we can easily negate the rules that we have deployed in SentinelOne Singularity Endpoint. By doing that, the detection becomes much clearer.

To make it much better, the STAR custom rule option that SentinelOne offers could be much better and easier to deploy. As of now, I have not learned it properly, but I know it is very useful for creating and deploying use cases. The STAR custom rule can be much improved in SentinelOne Singularity Endpoint.

I have been using SentinelOne Singularity Endpoint for more than one year.

Scalability is ten out of ten because we can scale it.

SentinelOne's customer service is outstanding and rates ten out of ten. We have used SentinelOne support multiple times because clients have different questions that we cannot understand initially. When this happens, we raise those questions to SentinelOne's support team, and we get faster responses from them.

We have not deployed SentinelOne Singularity Endpoint in any cloud solutions as of now. We have deployed it on a server and agent basis on-premises only. We have not deployed it in any cloud solutions.

We have a team of fourteen to fifteen people who are currently working on SentinelOne Singularity Endpoint. Across our team, we have seven to eight clients, and every person has their own job. Some have the job to trigger alerts, some have jobs to raise those alerts that have been triggered, and some have admin tasks. Every task is distributed accordingly in our team. My overall review rating for SentinelOne Singularity Endpoint is nine out of ten.

SentinelOne Singularity Endpoint is used for endpoint security to detect, prevent, and respond to cyber threats in real time. Using AI-based behavior analysis, it helps the SOC team to investigate incidents, automate responses and actions, and protect systems from malware and ransomware. SentinelOne Singularity Endpoint includes EDR, XDR, and NGAV.

A favorite feature of mine about SentinelOne Singularity Endpoint is the VSS rollback feature, which is most valuable. If a laptop is infected with any malware, there is an option to rollback files and recover them from before the attack happened.

Using SentinelOne Singularity Endpoint has helped me reduce alerts because it is integrated with FortiSIEM, one of the leading SIEM tools, and with SOAR technology. Whenever alerts come on SentinelOne Singularity Endpoint, they are directly raised to SOAR technology automatically. This is an automatic tool, so manual interaction is not required. All work is done by SentinelOne Singularity Endpoint, and I only have to take action on the analyst's verdict to determine if it is a true positive or false positive and investigate accordingly.

Dislikes include high false-positive alerts and resource consumption issues with CPU and disk usage.

Ranger functionality is for network discovery and control features. Its primary role is to identify and manage unmanaged devices on the network by detecting rogue devices in detections. It ingests logs from network sources and captures threat metrics, including IOCs. However, I cannot confirm if SentinelOne Singularity Endpoint releases the alert through Ranger, as I have not worked heavily on this feature because the Ranger functionality license is not available. SentinelOne Singularity Endpoint captures different telemetry from network devices.

I have been using SentinelOne Singularity Endpoint for 2.3 years in my career.

Everything is perfect with SentinelOne Singularity Endpoint. There are no stability problems, and the system is very reliable and hands-on.

SentinelOne Singularity Endpoint is very good in scalability. Scalability is extremely easy to achieve as new endpoints and new detection points come on board. The system can scale any number of times, and only the license for each endpoint is needed.

Whenever I get stuck on any alert with SentinelOne Singularity Endpoint and do not understand it, or when I face any admin task challenges, I manually open a ticket with the customer team. Every time they help regarding the case. Each day, if I get stuck anywhere in SentinelOne Singularity Endpoint, whether with any admin task or threat hunting, the tech team or support team will surely help.

For the support team of SentinelOne Singularity Endpoint, I would rate them nine out of ten because there is a human voice there, so they are listening and responsive.

For the first two years in my organization, I used Symantec AV. After that, I changed my domain to SentinelOne Singularity Endpoint.

The initial deployment of SentinelOne Singularity Endpoint is easy and very straightforward. All that is needed is to set up a tenant and create a package file. Once installed, it automatically connects to the management console, and the entire system can be set up in one or two hours.

For one customer of SentinelOne Singularity Endpoint, one to two people are enough for deployment. Because we are a partner with SentinelOne and have many customers, one to two members are sufficient for each customer deployment.

I do not have knowledge about the pricing of SentinelOne Singularity Endpoint, as the sales team handles that. However, based on my knowledge, SentinelOne Singularity Endpoint is very flexible in its pricing range at approximately $9 to $10 per endpoint. We have 5,000+ endpoints because we are an MSSP provider, making it cost-effective.

I would choose SentinelOne Singularity Endpoint. In Symantec AV, there is only signature-based and behavior-based threat detection, whereas SentinelOne Singularity Endpoint has advanced behavior AI and pre-static AI. In Symantec AV, alerts must be manually raised and actions taken on the endpoint, but SentinelOne Singularity Endpoint has fully automated AI. The use cases are moderate in Symantec AV, but SentinelOne Singularity Endpoint is very easy with a modern UI. I prefer SentinelOne Singularity Endpoint because I have worked with both.

The mean time to detect with SentinelOne Singularity Endpoint is very low. The mean time to respond for SentinelOne Singularity Endpoint is approximately two to three minutes since it is integrated with SOAR, and alerts are raised within that timeframe. From endpoint to console, alerts are received in real time with no lagging. SentinelOne Singularity Endpoint requires no maintenance. Since we have a partnership with the SentinelOne Singularity Endpoint team and are an MSSP provider, no maintenance is required. My overall rating for this review is eight out of ten.