We need to provide a form of antivirus for our cybersecurity insurance. The new term now is EDR or endpoint detection response. I tested out several vendors including CrowdStrike, SentinelOne, and Cisco. SentinelOne definitely stood out. My use case is pretty for much protecting all of my end-user devices and all of my servers on-premise and in our virtual environment.

We were trying to solve for visibility and license management. We used to use other products, and licensing became an issue. We would have issues where clients would not really be connected all the time. They would just randomly lose connection. And that was with McAfee.

ESET was another one that we used in the past, and we just kept running the issues with the physical server. So having a cloud-managed EDR solution, the agent-based, cloud-managed solution, has worked very well for a few years now at multiple companies. It's the first thing I bought when I came to my new company.

I really like Ranger. I like the deep dive of Ranger in an incident section. Diving into each incident and being able to see complete visibility of when the action was taken against something that it deemed a threat is valuable. Using those incidents in Ranger is definitely up there on my list of favorite features. I have multiple locations all across the globe. Being able to separate my devices, per location, is super helpful.

It's good at ingesting data and correlating. It has zero issues with ingesting data with the agents installed. I've had no issues with that. Being able to go through and create exclusions for specific types of data, like SQL has been really tough in our environment. Being able to just go through and customize those exclusions and working with the support team is great. We also have Vigilance, which is another SOC that they offer. That's a fantastic service.

Everywhere I have an agent, it sees everything, and it does so when I deep dive into a threat or a proposed threat. It does pick out host names, and IP addresses, and it just gives you a really clear picture where you can read it.

I like that Ranger requires no new agents or hardware. Anytime you can keep it lightweight enough. If you add a function and you only pay for your yearly fee for an extra function without making changes in your environment, that's huge.

I love the reporting. The reporting definitely helps me see the entire network and find what open ports are out there. I can work with my network team to get those things closed, which is fantastic. I like the ease of looking at the graphs and the reports.

The solution has helped reduce our alerts. Instead of waiting on a monthly basis and then executing a plan, I'm able to keep up with it all throughout and day to day. That granular control has left me very impressed.

It gives me peace of mind. My staff isn't really using it. I know I have 24/7 eyes on it.

It has helped me reduce my mean time to detect. I would be lost without the tool. It definitely helps me figure things out really quickly. I can figure out the whole story very quickly.

It helps with my mean time to respond. It definitely helps with that. I get an alert in my email immediately, which lets me just know that something happened to my environment. That's something that I previously did not have in my old tool set.

I do want to see Vigilance reach out with that Identity. I don't have Identity, however, it's a very good tool. There is another tool that I use called Purple Knight that does very similar things. I'd like to see adding Vigilance to the visibility of Identity.

One thing I don't like is the exportable report. They're not as useful as I'd hoped they would be. I always feel like I have to finagle them a little bit before I can present them to the executive board. The reporting needs to be beefed up a bit more. Everything feels a little lacking. They're trying to keep it simple, yet it is a little oversimplified.

I really wish it could be an app on my phone. If I could open up an app on my phone and get all the alerts or look at my environment and see the health real quick, that would be ideal. It doesn't have to be a full feature.

I'd like the ability to have text alerts, for example, if something gets quarantined.

The website, if you are trying to figure out what all the products are, it's kind of busy. I don't know what all the products are. The marketing is a little tough to follow.

I've been using the solution for three years.

I haven't experienced any stability issues.

The solution is extremely scalable. It's super easy to push out to thousands of clients if you really need to. I haven't had any issues. It scales very well.

Usually, technical support is very good. They are very knowledgeable. It's usually 24 hours for a response. I've had a couple of phone conversations with them. Right now, we're going basically through email. They give me a ton of information. They're open to working with my third-party MSP. Right now, the MSP brought up a concern about a very specific function that needs a little bit more tending to in the exclusion arena.

We had Defender at this company before.

I was involved in the initial setup.

The deployment is very straightforward. It's super easy to just download your agent, and you get your site token, you install, and you push it out. We use the PDQ at my last company. Here, we use SCCM. We push it out with the MSI, with the site token pre-installed. I see it on my dashboard. It's easy.

My last deployment was handled by myself.

The solution does not require any maintenance anymore. It used to be kind of a headache to go through and have to update the agent. And just to remember to do it. Now I get the email. It tells me there's a new agent out there. I go read up on what the changes are, which is great. Then I go in there and set up the auto-install on the agents, and it just hits them on the schedule. You only have to really pay attention to it once in a blue moon when a new agent is installed or there's a general release.

I installed the solution myself.

I can pay, for my environment, between $30,000 and $40,000 a year, and that's a pretty good deal.

I'm a customer and end-user.

I haven't really done any third-party tools. I've looked into their Identity tool which is one of the newer offerings that they have. It's a very nice offering. It is rather expensive. That said, it is very nice to be able to see Active Directory all in one pane of glass. Honestly, the hardest thing about my job as a security professional is having all these different tools so the more I can see everything in one area, the better it is.

The quality and maturity are important. The company is relatively new in the space, however, they are pretty mature in the market and pretty well-respected.

SentinelOne is a great strategic partner. I can't see myself doing security without them at this point. They are one of the backbones of my security platform. They were the first pieces even before I bought Cisco Duo or Meraki.

I'm excited to see where this will be in the next ten years. I can just see this platform just going crazy. I would love to see maybe a little bit more focus. We have to deal with a lot of sensitive equipment that run specific jobs and I love how SentinelOne, and specifically Ranger, is very passive in its ability. It complements our OT. I would love to see some way of getting away from the super expensive platforms of Tenable and bringing in some of these functions that Tenable offers from a scanning platform fully into SentinelOne in the future.

I'd rate the solution nine out of ten.

This is a best-in-breed solution. If you're looking at anything in comparison, do your due diligence, do proof of concept between whatever companies you're looking into. However, SentinelOne is the best-in-breed.

We utilize SentinelOne Singularity for endpoint malware protection and to gain visibility into threats across the network.

SentinelOne Singularity has the potential to ingest and correlate data across our security solutions.

Ranger provides network and asset visibility.

Ranger saves us time by not having to make changes to our hardware and systems.

Ranger helps prevent vulnerable devices from being compromised.

SentinelOne Singularity assisted our organization by saving deployment time and decreasing the volume of support calls.

Singularity helps reduce the number of alerts.

Singularity has helped our staff free up around 15 minutes of their time to focus on other projects.

It has reduced our MTTD.

It has helped our organization save costs through time savings.

The most valuable features include the agent installation and update processes.

The UI appears to be flat, and I wish to have the ability to customize it with features and buttons that are tailored to our needs.

I have been using SentinelOne Singularity Complete for seven months.

SentinelOne Singularity is stable. We have not experienced any crashes or downtime.

SentinelOne Singularity scaled easily in terms of deployment. We haven't experienced any performance issues, whether it's installed on a higher-end machine or a low-end machine. SentinelOne Singularity has been excellent.

We faced issues with our previous endpoint solution, Panda Adaptive Defense 360. SentinelOne Singularity seemed to be a more reliable and easier-to-manage alternative. Panda Adaptive Defense 360 caused significant downtime during deployments and updates.

The initial setup was straightforward. The deployment required three people.

The implementation was completed in-house.

We assessed McAfee, Trend Micro, and BlackBerry. We opted for SentinelOne Singularity due to its smaller footprint and more efficient software that uses fewer resources.

I rate SentinelOne Singularity a nine out of ten.

SentinelOne Singularity is a mature product.

Maintenance is necessary only when we are periodically carrying out updates.

Having a vendor like SentinelOne is crucial for a solid security strategy, as we aim for a product that seamlessly caters to both the IT department and end users. We intend to avoid exacerbating issues more than resolving them. Therefore, I believe SentinelOne is a suitable solution for us – easy to deploy and maintain on a daily basis.

I suggest trying out SentinelOne Singularity and comparing it to more traditional security vendors. SentinelOne Singularity offers a slightly distinct approach, but it's an effective method.

We have deployed SentinelOne Singularity on each end-user machine, as well as on the majority of our servers, utilizing it as an antivirus solution. Additionally, we employ SentinelOne Vigilance for our Security Operations Center. Moreover, we extensively utilize this solution across all our machines for tasks such as inventory control, asset tracking, and software monitoring. Furthermore, we have incorporated Ranger AD to enhance security within our active directory setup.

We use Ranger and Ranger AD. We incorporate the data from our SentinelOne Singularity into our SIEM. Moreover, in terms of Ranger, they are both accessible through the same console. When I click, the information is readily available. It's quite straightforward. Furthermore, concerning the transmission of logs to our SIEM, I don't believe we've ever encountered any problems with the initial setup or ongoing functionality.

Ranger offers visibility into our network and assets, which is quite significant. While other tools are available, having this functionality integrated is advantageous since we have it incorporated into a couple of our tools. This covers everything from our switches onward; although there are different options available, Ranger stands out because we are already using Singularity for other purposes. Hence, having it included is beneficial. While it may not be a decisive feature, it's something we always keep enabled.

It is important that Ranger does not necessitate new agents, hardware, or network changes. The fact that it's present, and functions seamlessly, alleviates any need for concern on my part. Furthermore, it effectively identifies new elements.

SentinelOne Singularity Complete has helped improve our response time. In areas where we don't have twenty-four-seven support, VigilanceOne will take over. We use VigilanceOne through SentinelOne, and it ensures constant monitoring. This makes me feel more at ease, knowing that there's continuous surveillance. With the addition of Ranger, Ranger AD, and VigilanceOne, I believe we have gained better insight into our entire network. This combination offers us an added layer of comfort.

It has helped reduce our MTTD and MTTR.

It has helped reduce our risk overall.

SentinelOne Singularity Complete is exceptionally proficient at alerting and identifying any anomalies or unusual behaviors on the machines. While we do encounter false positives, it has successfully detected several instances of malicious activities on the machines. Having the capability to gain insights across our network, observe all our machines, and have a centralized view of what's protected and where things are is incredibly advantageous.

The process of uninstalling and reinstalling older agent updates needs improvement. I am aware that the newer versions of SentinelOne that they have been working on are more effective. One of our major frustrations arises when we attempt to remove SentinelOne Singularity Complete from a machine and it only partially uninstalls.

The initial tier of support, when we call or engage with them in conversation, assigns a representative to assist us. However, we have occasionally encountered difficulties with the initial person, either due to their lack of knowledge or failure to follow through. In such cases, we have had to seek assistance from others or navigate through basic support on our own. Despite this, it appears that everything is progressing in the right direction. This is why we chose to renew our contract with them and even expand our range of products with their company.

I have been using SentinelOne Singularity Complete for three years.

I would rate the stability a nine out of ten.

I would rate the scalability a ten out of ten.

My feelings are moderate towards the technical support.

We had Sophos Intercept X Advanced Cloud Security initially. We had acquired all these tools through a different program. Despite having these tools, a virus managed to get through and bypass all our defenses. This is why we opted for SentinelOne Singularity Complete – we wanted to test the effectiveness of the AI-based approach compared to the traditional signature-based method.

The initial setup was quite straightforward. During the initial phases of deployment, we had a couple of helpful individuals assisting us with the solution deployment, which resulted in a relatively smooth process.

The deployment was carried out by two administrators collaborating with one or two individuals from SentinelOne. Subsequently, we needed to initiate the installation and verify the installs. Consequently, I assembled a team of technicians for this task as well. To be specific, there were around two administrators and possibly four to six technicians dedicated to checking and ensuring the proper functionality of the setup. This was necessary due to the replacement of the old solution across twelve hundred machines within a limited timeframe.

The implementation was completed in-house.

I believe that the current pricing and licensing structure is fair. While it may not be a budget-friendly solution, I think it's reasonable considering what we are receiving.

We evaluated other solutions through online research, but we were recommended SentinelOne Singularity Complete by a company with which we were collaborating. Since the solution performed effectively during our cleanup process, we decided to continue using it.

I would rate SentinelOne Singularity Complete a nine out of ten.

SentinelOne Singularity Complete has matured over the last two years and is a more complete product.

Moderate maintenance is required to keep up with the end users.

I do consider SentinelOne a partner. I do believe that their program is developing, but I wouldn't use them for all purposes everywhere. This is due to my mindset. Nonetheless, I do perceive that SentinelOne is increasingly becoming more of a partner.

Initially, we had only detection and response on each endpoint where we installed the agent. Now, we are expanding from detection and response to action. For example, if it finds something on the endpoint, it will not only detect and report it, but it will also respond and block it or isolate the endpoint.

It's all about protecting our endpoints and devices, including servers, Windows and Mac machines, whether laptops or desktops.

As a security guy, I don't need to have a VMware or Windows expert help me deploy this environment because it's purely cloud-based.

We had Trend Micro with an on-prem server from which we were pushing updates on a daily basis. We have connectivity between our head office and regional offices, but if that connection was overutilized, those updates would not be pushed in a timely manner. Now we don't have that issue. A laptop, for example, just pulls the updates automatically, and they don't need to come through a congested connection.

Overall, it has reduced our risk by 50 to 60 percent.

It is purely cloud-based, meaning you don't need to have something installed, such as a server on-prem. You have cloud management and can access it from anywhere, with integration with SSO, with one click. It's also very lightweight. It provides granular control as it is cloud-based, and there is no on-prem hardware or software to manage.

It protects against malware, suspicious activities, and suspicious people on the endpoint itself. The endpoint can be a user machine, a server, or an IoT device.

Another feature I like is that when there are indicators of compromise, such as hash files, IP addresses, or domain names, you can add them straight away with one click, and, boom, everyone will have them blocked right away.

The detection is very good and very fast. Once we install it, files or malicious software that are installed on the system are quarantined or deleted right away. The response is also fast.

We have many old machines with outdated software that have been compromised, with malicious software installed on them. It detects all these issues, including that the software is not updated and that they have all these malicious files. It helps us identify those endpoints. All those machines are sent to be upgraded and to have things removed or installed—whatever actions are needed. And for servers that are running software for the business and that can't be upgraded on-the-fly, isolated, or shut down right away, we create an isolated network for them and give access only to the particular users who need them.

Since SentinelOne Hologram was an Attivo Networks product acquired by Microsoft, I have to install a different agent on endpoints for that product. It would be better if the same SentinelOne agent could be used for both the EDR and deception technology. I don't want to have to install an additional agent on all 5,000 of our endpoints. If the SentinelOne EDR agent could be used for both Hologram and SentinelOne, that would be ideal.

It's been a year since we started using this product. We recently extended it to XDR for instant response. We have expanded with SentinelOne EDR.

It is very stable. So far, we haven't faced an issue.

The scalability is a nine out of 10.

The support is excellent.

As a strategic security partner they are a nine out of 10.

We tried CrowdStrike. The issue with it was that it was not compatible with older iOS and Windows OSes. We have some old servers in our data center that are now undergoing a migration process. On top of that, we have some Windows machines that are running on Windows 8, and it did not support them. We had to switch to SentinelOne since it supports those clients. CrowdStrike is also a very expensive solution.

Trend Micro is not smart; sometimes it's unable to detect malicious files.

SentinelOne is faster. It scans and detects issues and vulnerabilities on endpoints in real time. That's the main thing you look for when it comes to EDR.

The initial deployment was straightforward and simple for us. We just needed to install the agent on the end-user machines, open communication to their cloud URLs through our firewalls, and do some initial configuration on the console with help from their team.

We have a hybrid structure, not only on-prem. We have services running in the cloud as well as on-prem. We have multiple locations across regions and in different countries.

It's not difficult to maintain since it's purely on the cloud. If there are updates, they notify us. That is the maintenance activity. They update our services. Once all the environments move to the cloud, we won't need to worry about maintenance anymore. It depends on the vendor; there's nothing much to do on our end. They push any end-user updates, or they make them available to us and we push them out from the console.

It was not done in-house. We worked directly with SentinelOne support. They provided trial versions for two to three months and assigned SentinelOne engineers to help deploy it on some machines as a PoC. There were three or four people involved in total, including their engineers. After that PoC we bought the product.

We have a SOC solution as well, and we are trying to integrate playbooks. With the SIEM solution, we are able to run multiple playbooks without issues. Using our proxy gateway and detection technology, we have pretty good options to create playbooks without any hard configuration.

The quality and maturity of the solution are excellent. I would recommend SentinelOne.