SentinelOne Singularity is an AI-driven EDR/XDR platform that detects and responds to threats in real time.
What is our primary use case?
Our main use cases are endpoint protection, EDR, and automated threat response for users and servers. We also use it for ransomware protection, threat hunting, and incident investigations. One thing that helped us a lot is the single-agent approach, because we don’t need multiple tools or agents installed on every machine.
It reduces complexity and makes deployment and updates much easier across different entities. The automated isolation of compromised endpoints has also saved a lot of manual effort. Overall, we use it to improve detection, response, and visibility on all endpoints with minimum overhead.
How has it helped my organization?
SentinelOne has had a very positive impact on our security posture. We see threats being stopped in real time without waiting for manual action. This has reduced the stress on our team and lowered the number of incidents we need to handle directly.
The automatic isolation and remediation really helped us shorten response time. The ransomware rollback feature also gives peace of mind, especially in critical environments.
We now have much better visibility into what actually happened during an attack, which helps with investigations and closing gaps. Overall, it has saved us time and improved our confidence against modern threats.
What is most valuable?
The best feature for us is the autonomous response. We don’t have to wait for a security analyst—SentinelOne isolates the device, kills the malicious process, and stops lateral movement automatically. The ransomware rollback capability is also something we really value because it gives confidence that even if something slips through, we can undo the damage.
The visibility and forensic details are excellent; it actually tells a story of what happened instead of just showing alerts. This helps our investigations and audits a lot.
Performance-wise, the agent is lightweight, and deployment was very smooth across different entities. Overall, the combination of prevention + response + forensics in one platform has been the biggest advantage for us.
What needs improvement?
SentinelOne works very well overall, but there are a few areas that could improve. The reporting and dashboards could be more customizable, especially for audit and compliance needs. Sometimes the UI feels a bit complex when you’re trying to drill down quickly.
More built-in analytics and ready-made reports would help a lot. Also, alert tuning could be simpler, because in some cases we still get false positives that require manual review.
It would also be great to see more visibility into identity-related attacks in future releases. Overall, nothing critical, but these improvements would make the platform even stronger.
For how long have I used the solution?
We have been using SentinelOne Singularity Complete for roughly four years in our production environment.
What do I think about the stability of the solution?
It is a very stable solution.
What do I think about the scalability of the solution?
It is a scalable solution. Everyone is using this solution in our organization, with almost 2000 users. It's mandatory for us to install this EDR solution on all the inputs.
How are customer service and support?
Customer support has been generally good for us, and most questions are handled properly. The platform is stable, so we don’t need support very often. For normal issues, the response time is fine.
However, for complex cases—especially agent-related problems—we sometimes need remote assistance, and that level of support is not included in the basic subscription. In those situations, the resolution can take longer. Overall, support is helpful but could improve in advanced troubleshooting.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
Yes, we previously used Trend Micro. We switched to SentinelOne because we wanted stronger detection capabilities, faster automated response, and better visibility into advanced threats. SentinelOne’s AI-based approach and single-agent design were important factors for us, along with the ability to automatically isolate and remediate incidents without relying completely on manual action.
How was the initial setup?
The initial setup was straightforward. We use the SaaS model, cloud-based solution, and console on cloud, so it's very straightforward. I rate the setup a 4.8 out of five, and I would give it a five if they added application control.
What was our ROI?
Yes, we have seen clear ROI after moving to SentinelOne. The biggest saving has been the reduction in manual investigation and remediation time. Since most incidents are handled automatically, our team spends less time reacting and more time on proactive work.
We also avoided several potential ransomware impacts, which in itself protects us from large financial and operational losses. The single agent and tool consolidation also reduced the need for multiple products and maintenance efforts.
Overall, the time saved, lower incident impact, and improved security confidence clearly justified the investment.
What's my experience with pricing, setup cost, and licensing?
Pricing is okay and costs almost the same as Trend Micro. We have a partnership with SentinelOne, and it costs about $30 to $35 per user per year.
Which other solutions did I evaluate?
We also evaluated Malwarebytes and CrowdStrike before choosing SentinelOne. Malwarebytes was simple to use but it didn’t provide the same level of autonomous response or forensic depth that we needed. CrowdStrike was strong in detection, but overall SentinelOne offered better rollback, a single-agent approach, and more automation.
In the end, SentinelOne gave us a more complete platform for prevention, response, and investigation rather than just detection. The balance of features, automation, and usability was the main reason we selected it.
What other advice do I have?
I rate this solution a ten out of ten. SentinelOne is the next-generation EDR solution. Once it is installed, no action is required from the end user. It's machine learning and AI integrated, and 95% of threats are blocked. It's a great product.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Best Security Software
What do you like best about the product?
Sentinel one is considered as the best endpoint security software for enterprises and it simplifies every organization's security solutions like an endpoint anti-virus and anti-malware.Very effective software. Helps to resolve system threats and attacks. Frequent scan in the background to detect virus.
What do you dislike about the product?
There is nothing I dislike about SentinelOne so far. Works as expected for the enterprise requirements. More and More updates are expected from SentinelOne to protect any threats in the future
What problems is the product solving and how is that benefiting you?
SentinelOne keeps my enterprise environment and system secure by providing complete end-to-end security. It provides the status of the system(Number of processes, Applications, Services which is running in the system). Protects the system from any external threats.
1)Advanced threat protection
2)Protect from vulnerabilities.
3)Roll-back features
4)Identifying Incidents
Recommendations to others considering the product:
Highly recommended as SentinelOne keeps the enterprise infrastructure safe and secure. Supports the latest Windows version as well and does threat hunting and provides high visibility
Excellent Endpoint Solution!
What do you like best about the product?
Great coverage for all the operating systems that I need for our endpoints and servers (Windows, Mac, and Linux). The solution works well, detects and blocks malware infection attempts promptly.
What do you dislike about the product?
I want to be able to use one solution to cover the mobile devices as well (Android, and iPhone), and also include enterprise features such as MDM and policy manager for my endpoints using a single solution.
What problems is the product solving and how is that benefiting you?
I'm protecting the endpoints and servers in my organization against malware infection attempts, such as Ransomware, Spyware, Rootkits, and information stealers.
AIML based Endpoint Protection leader
What do you like best about the product?
Sentinel one is the best endpoint protection solution as it doesn't depend on any signatures to take action and prevent the attacks, and it can prevent the attacks in offline mode as well. Internet connectivity is not necessary for this solution. Its lightweight agent doesn't consume the machine resources like other Endpoint solutions. Its completely
What do you dislike about the product?
I won't say it is disliked, but it should have few traditional features like USB blocking, HDD encryption,
What problems is the product solving and how is that benefiting you?
Since now most of the users are working from home, so it's not possible to connect the users to the office network and update the Threat signatures. So Sentinel one is the savior here as it doesn't rely on any signatures, and it can prevent attacks on advanced AIML based.
Excellent EDR and Threat Manager
What do you like best about the product?
Simple to use and automate security controls
What do you dislike about the product?
Not able to control how much time a USB device, if blocked, can be allowed
What problems is the product solving and how is that benefiting you?
The time required to manage and solve an incident
SentinelOne Awesome Review
What do you like best about the product?
The agent is small but very powerful, and the Roll-Back function is excellent
What do you dislike about the product?
Could definitely do with a Mobile version of this
What problems is the product solving and how is that benefiting you?
Because the package is so small, it can easily replace traditional EndPoint solutions that tend to slow your systems down. And the Deep visibility makes Forensics and troubleshooting a dream
100% Reliable with fully autonomous threat mitigation and real-time ransomware file encryption roll back, without human intervention.
What is our primary use case?
The product is used to provide cybersecurity protection to SMBs predominantly in the financial, manufacturing, and retail industry as well as private individuals.
SentinelOne is key in achieving compliance with the General Data Protection Regulation (GDPR) in the European Union and the Protection of Personal Information (POPI) Act in South Africa.
Resolving ransomware encrypted servers or personal computers is costly to the customer, both in repair costs and loss of business due to downtime. In addition, the customer may suffer reputational damage if any of its customer data is compromised.
How has it helped my organization?
Our clients trust us to protect their IT systems and data.
We use SentinelOne because it has proven itself and has never been breached. It offers us a 100% protection record and our company reputation stays intact.
Resolving ransomware encrypted servers or personal computers is both costly and time consuming to both the customer as well as the service provider - protecting against these attacks is a win-win for all.
The SentinelOne portal dashboard provides a good overview of all the sentinels deployed and offers quick access to review and resolve affected sites and endpoints
What is most valuable?
The most valuable feature is that it works and is reliable.
Other solutions I have researched have all been breached, and as far as I can see, SentinelOne is the only one that has never been breached. It provides fully autonomous threat mitigation and ransomware file encryption roll back in real-time without human intervention.
Our clients have been able to survive a ransomware attack without even knowing that they had had files encrypted and automatically rolled back - even their Point of Sale (POS) system did not miss a beat and the business continued as normal without interruption.
What needs improvement?
SentinelOne's ongoing updates and rate of technology improvments are adequate for now, and have kept SentinelOne ahead of the cyber criminals, but we cannot rest, and continuous development - in particular with regard to the areas of automation, machine learning, and artificial intelligence - is required to stay ahead of the cyber criminal techniques and exploits. The "false positive" detection rate could be improved, if possible, but this should not increase the risk of the endpoint being breached.
For how long have I used the solution?
I've used the solution for over 5 years.
What do I think about the stability of the solution?
The stability is excellent.
What do I think about the scalability of the solution?
The scalability is excellent.
How are customer service and support?
The customer support has been good.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I did not use a different solution previously.
How was the initial setup?
The initial setup is straightforward.
What about the implementation team?
We are able to handle implementations in-house.
What's my experience with pricing, setup cost, and licensing?
If you are an end-user you should procure the service through a Managed Cyber Security Systems Provider.
Which other solutions did I evaluate?
Yes, I have looked into ESET, Crowdstrike, Cylance, Webroot, and many others.
What other advice do I have?
Contact me on cybersec[at]global[dot]co[dot]za
SentinelOne is very powerful
What do you like best about the product?
The endpoint does its job like it is supposed to do. I love how it will take the computer offline if it detects malware but still allows me back in via a shell. It will also schedule updates, firewall rules, USB rules, and it tells me of lapsed software. Plus, they keep up with everything that is happening out there in real time.
What do you dislike about the product?
There is nothing I dislike about this product. This product works as described.
What problems is the product solving and how is that benefiting you?
The benefit is that I don't have to watch the systems. It protects it for me, and I get alerts in real-time. The dashboard is terrific.
Recommendations to others considering the product:
I recommend this product.
Sentinel One
What do you like best about the product?
Ease of installation. It is very to install from a batch file with the msi and key.
What do you dislike about the product?
It is cumbersome to uninstall. You need to get the uninstall key from the Sentinel One admin portal.
What problems is the product solving and how is that benefiting you?
It is excellent at detecting abnormalities in network traffic for possible ransonware, virus, and other malware attacks.
Recommendations to others considering the product:
I would recommend going thru the Admin portal training course.
Very powerful solution that highlights threats in real-time, effective 0 day detection
What is our primary use case?
Singularity Complete combines prevention, detection, response, and remediation for endpoints, servers, and VMs. It autonomously blocks malware, ransomware, and zero-day threats using behavioral AI and machine-speed prevention.
Enables natural language queries, auto-summaries, and investigation notebooks for faster triage and hunting
How has it helped my organization?
It has reduced the need for manual intervention and accelerates incident response, lowering operational overhead.
What is most valuable?
Provides rich forensic data and automated root cause analysis cuts down investigation time from hours/days to minutes, improving SOC efficiency.
What needs improvement?
I believe it is currently at its best.
Moreover SentinelOne development teams is working for continuous improvement of agent and console features.
For how long have I used the solution?
We started deploying it in 2018.
What do I think about the stability of the solution?
I do confirm, it is a really stable solution: we have been using sentinelOne solution for years and the agent minimizes conflicts and reduces system resource consumption, which contributes to stability across diverse environments.
What do I think about the scalability of the solution?
The platform is built on a cloud-native foundation, So we don’t need heavy on-prem infrastructure, it means we can easily scale up or down as our organization grows, without worrying about hardware limitations.
One lightweight agent handles EPP, EDR, threat hunting, and even IoT/identity protection, reducing complexity and makes scaling across thousands of endpoints straightforward.
Finally the management console provides centralized control for endpoints across multiple regions and environments (Windows, macOS, Linux, cloud workloads).
How are customer service and support?
5 star.
Very fast and very professional.
P.S.: I cannot edit “Pros” and “Cons”
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
Previously, we had the McAfee, which was complicated to managed.
We heard about this SentinelOne and its new antivirus, so we contacted our consultant who organized a PoC. After the PoC, we decided to migrate the solution.
How was the initial setup?
For deploying, it takes a long time. Our process was first to install SentinelOne with McAfee, having two antiviruses in the same host. Then, we started to uninstall McAfee. That process took about six to nine months because we had a lots of endpoints to deploy.
The antivirus migration was smooth. The only thing that was tricky was the removal of the McAfee tool because sometimes it worked incorrectly and didn't uninstall the antivirus.
What about the implementation team?
The deploy was almost completely autonomous, we just followed the suggestions provided by SORINT and used our software distribution tool to install the agents on our assets.
What was our ROI?
I am sure the solution has reduced our incident response time and detection as well, but we have never evaluate, calculate an actual Return of investment of the solution. We will think about it, thank you.
What's my experience with pricing, setup cost, and licensing?
I haven't managed budget so far, so I have no experience with licenses and costs
Which other solutions did I evaluate?
No other solutions were evaluated.
What other advice do I have?
I would rate this solution as a 10 out of 10.
The only advice I would give is to try the solution with a POC/POV and evaluate the solution features provided with the complete.
I am sure they will be surprised by the effectiveness of the solution and the simplicity of its management.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
