Every five years, we research tools that could replace our old software. We combine our AV and intrusion detection. We were trying to find out if there’s an agent for the whole nine-yard, and we came across SentinelOne.

The product has an automated process where we find security issues. It’s a 24/7 behavior analytical tool to execute certain actions. The tool deletes the problem-causing process and prevents issues. It discovers, kills, and protects. The software is good. I don't see much of an issue with it.

They should train their own people so that they can train us better. The theory is good. If the product is good, but we cannot rely on it or pass it along to the customer, it's useless. When we purchased the solution, we were told that certain functions could be done. I understand it is part of sales, but I feel like I'm being fooled. We couldn't test it because it was in production. We first had a proof of concept but didn't connect it to our Azure portion.

I have been using SentinelOne Singularity Complete since February.

The product's stability is okay.

The tool's scalability is average.

The support people of SentinelOne do not know the different products offered by SentinelOne. How can they support their customer if one person knows one thing and the other doesn't? They tell us the issue does not come under them and point us to a different team.

There is a SentinelOne support team and a Singularity support team. SentinelOne's support team is okay. Once, the technical support and help desk director got involved with all our issues. However, the director got involved after we strongly complained about the issues. That's not the way it's supposed to be.

I have used Arctic Wolf.

The initial deployment was good. The solution is cloud-based.

We took help from SentinelOne to deploy the solution. We paid for it, but it was not worth the money we paid for. Two people from our company are required for the deployment. The solution requires maintenance.

The licensing is okay. I don't see any issues with it.

We evaluated other options. We were trying to have one solution for everything. We heard that SentinelOne purchased another company. Other products like Rapid7 provide multiple solutions and products for our needs. We saw that SentinelOne provided us with one product and one support system. However, even while using SentinelOne, I have to contact different teams.

When we purchased the solution, it did not do what we expected. We didn't use all of the features. It has quite a few options. There are a bunch of more add-on modules. Other products from SentinelOne are not good. I am really disappointed with them. The user must understand the solution by just reading the training documents. The team claims it is professional, but it lacks a lot of functions.

The integration is fine, but the feature is not how they market it. It looks good on paper, but it's not what we think it is. It's not a ready product in marketing. I am disappointed with it. The interoperability is still under development. Not many people know or understand it, including people from SentinelOne. When we call and try to figure out what's going on with the solution, not many understand what it is. There is a lack of training on their products and services.

The Ranger functionality is fine. It’s only been six months since we started using it. We're still learning as it goes. I think Ranger is probably better than Singularity. Sometimes, they send false positives. It's not really a big feature for us. It's good. They're trying to prevent any networking attack, but I don't think it’s there yet. They're just trying to discover what is on the network, but we already have other tools for that.

It is important for us that Ranger requires no new agents, hardware, or network changes. Ranger is just trying to discover whatever issues we have. I don't think it can prevent it. I don't think it can block issues or protect our devices.

Overall, I rate the product a seven out of ten.

We use it at our enterprise to protect all of our endpoints. We needed an EDR tool, and this product was one of the top options that we looked at at the time.

We definitely get a lot more insights into incidents. When we get an alert, we can go a lot deeper into the information and investigate.

The deep visibility is really important for us. With it, we can really look deep into some of the incidents.

Singularity's interoperability with other SentinelOne is okay. It does an okay job. We can tie it into some of our other tools.

The solution's ability to ingest and correlate across our security solutions is okay. We can tie it into messaging solutions so that we can get alerts directly rather than logging into the console.

It reduces alerts. There are not a lot fewer false positives. I'm not sure the percentage it has reduced, however in comparison to before, it is definitely less.

The product does save a lot of time and we are able to get to tasks and respond quicker. It's helped reduce our mean time to respond.

It's helped us save costs in some areas. It would be based on hours saved. While the solution itself is a little more expensive, operationally, it helps us reduce costs.

We did use the Ranger functionality. However, there was some scanning going on and it caused a lot of noise, so we had to disable it.

The remote console is currently an add-on. Having the remote console without having to pay a huge fee would be ideal. They could reduce the cost a lot.

There was an issue a few months ago where the agent kept getting shut off, however, now there's a newer agent and that's not happening anymore.

I've used the solution for almost two years now.

The stability has gotten better and better over the last two years.

The solution is deployed across 2,000 machines in four properties.

It can scale well. We keep deploying it further and it works.

Technical support does a good job. I've never had to work with support a ton. They do a decent job.

We had previously used a few solutions, including FireEye and Endgame. We left Endgame when they got bought out shortly after we bought them and it felt stagnant.

The deployment was pretty straightforward. We deployed it originally in a reduced state until we had an outline for a majority of machines when we could protect the environment better.

We had two or three staff members who handled the deployment.

There is some maintenance required. We do have to monitor and fix agents and occasionally update the product. There are two to three people who perform occasional maintenance duties.

We set up the product ourselves.

We have witnessed an ROI, although I can't speak to the exact number or percentage.

I don't have any visibility on the pricing.

We did evaluate other options. We looked into CrowdStrike and SentinelOne and maybe one other option, however, it wasn't considered very long. We demoed CrowdStrike and went with SentinelOne as it was more user-friendly and had a better flow. CrowdStrike felt thrown together and was hard to navigate.

SentinelOne's ability to be innovative is good. They've done a good job. Over the last two years, the product has continued to improve, change, and add valuable features.

The quality of the product is good. It feels mature and is well-developed. I don't have any concerns with its technology.

They are a good strategic security partner. They are a growing company and one of the leading EDR tools in the space.

I'd rate the solution nine out of ten. I would recommend it to others.

This is our primary and only EDR in our environment. We have this deployed to corporate workstations and servers, utilizing a variety of operating systems including Windows, macOS, and various Linux distributions. The data ingested into Deep Visibility provides great insight into what is going on in our environment. The XDR capabilities in there almost make you not even need a traditional SIEM anymore. The Identity solutions involing Active Directory security provide great information on our environment for continuously auditing and remediating threats.

SentinelOne's ability to prevent, detect, and respond to threats like ransomware and zero-days without requiring immediate human intervention saves us a lot of time and manpower. We have seen multiple occasions of rogue applications, suspicious downloads, and unauthorized USB drives get flagged and quarantined before anything could happen.

We have gained 2-3x more visibility into our endpoints with the benefits from Deep Visibility. The timelines created from incidents paint a very accurate picture of what happened in a given time window.

The platform has significantly enhanced our security posture through three key areas:

1. Unified Visibility and Simplified Integration (XDR):
   • Excellent Data Correlation: The solution excels at ingesting and correlating data across multiple security tools (we integrate it with three to four other platforms) inside of Deep Visibility. It doesn't just receive data; it processes it to provide actionable insights, saving us significant manual parsing time.
   • Seamless Integration: We rarely need custom API work due to its strong native integration support with our common platforms, streamlining our security architecture and allowing us to consolidate several tools into the platform itself.
2. Network Visibility (Ranger):
   • The Ranger functionality provides comprehensive network and asset visibility without requiring new agents, hardware, or network changes.
   • Ranger has enabled us to quickly identify and manage numerous unknown endpoints, successfully reducing our unknown endpoints count from hundreds down to single digits.
3. Improved Security Metrics and Risk Reduction
   • Thee solution has measurably improved our Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR), giving our SOC quick alert times and the ability to react almost immediately to incidents.
   • We estimate it saves us several days' worth of analyst time overall. While direct financial savings are hypothetical, the platform has clearly and significantly reduced our organizational risk compared to our previous security posture.

The grouping feature needs improvement. There are many times I've wanted to do blacklisting or exclusions for specific people in a group, however, I don't want to remove them from the group itself. Giving admins the ability to create subgrouping would allow for all parent exclusions to be applied without the need to create all new scopes.

The integration of an MFA push when signing into the admin console. I know this is a small thing but it is much more convenient to accept a push versus scroll through my many 2FA profiles to find the code for SentinelOne's platform.

I've been using the solution about 5 years while being on both an IT support team and Cyber Security team.

They are pretty stable. The company is expanding at a good rate and they are releasing new features to maintain the stability effectively. Downtime on their end has been very minimal.

Technical support is quick and helpful. They do a good job of addressing issues at level one and escalating if needed.

We are at about 98% deployment. There are endpoints that pop up that don't have the agent to get it, however, we're past the deployment phase or past the initial configuration phase. It's all just maintaining and tweaking, and as new features come out, we adjust.

I wasn't here for the initial deployment process. I've done a lot of configurations for new features that they've implemented.

Our team does general maintenance. They do a really good job of giving you the information you need to troubleshoot. Their knowledge base is very helpful to those brand new to the console and even more experienced users of SentinelOne.

The solution seems to be quite innovative. They are coming out with new features every month and continue to roadmap impressive products for the future as well.

This is a great product. If a company is unhappy with its current EDR, SentinelOne is a good choice. They are acquiring a lot of companies and solutions to add to their roster in order to provide a more centralized platform. I look forward to what they will bring in the future.

I'd rate the solution nine out of ten. It's going to be a good one-stop-shop and I enjoy working with them.

We use the solution for antivirus protection. We do know it does more, however, we're trying to just get the antivirus program up and working and functioning at this point.

It's allowed us to really cover all of our endpoints, including servers, Macs, and services. We're hoping to do a kiosk mode in some of these services for our labs and facilities, and we're hoping that SentinelOne can actually do that. We're going to work with them to make sure we can get that rolled out.

The fact that they have a lot of search features is very helpful. We can go into their filters and we can filter out by specific computer name, for example. We can specify if we want Macs or we want Windows computers, or if we want just laptops, or desktops. There's just a lot of versatility as to how we can look up the devices and really drill down.

The interoperability with other SentinelOne solutions and other third-party tools is good. For other third-party tools, I've used other antivirus software that doesn't have this type of interface. This gives you a lot more latitude to control the computer to basically push out updates and monitor what's going on with the endpoints immediately. It really helps with everything that you need to be on top of quickly, and it really helps that we can monitor everything in real-time.

It integrates smoothly with other solutions. We were able to push out the software and the agent to all the endpoints rather easily. There were only a few stragglers who just weren't physically on and weren't getting the endpoint, however, the rollout went pretty smoothly. The few endpoints not covered were ones that weren't turned on or not in use.

My impressions of the solution's ability to ingest and correlate across our security solutions are positive. It works really well.

We like the fact that we actually have a dedicated person at SentinelOne that we can talk with and work with.

It's helped to reduce alerts. The alerts have really gone down. We've actually had a lot of good coverage. There really haven't been that many alerts or issues. They've actually caught a lot of issues and threats before it's even been a problem. It's really helped cut down on the amount of work that we have to do on our end for troubleshooting and the prevention of viruses or phishing attempts.

This solution helped us to free up the time for other projects and tasks for your team members. We just rolled out a new software program, and it allowed us to focus on that more rather than having to deal with virus alerts that come through from our previous virus program. They've really managed it for us and really helped us find more time to work on the projects that we really need to focus on to advance our business rather than worry about threats that are coming through. It's been quite a time saver.

It helped to reduce our organization's mean time to detect. It's got a much nicer interface to work with, and it's really helped to have them as a working partner rather than our previous vendor which was just a little harder to get a hold of and not as easy to work with.

The mean time to respond is much quicker than what we did have.

It has helped to reduce our organizational risks. We save a lot of hours by not having to deal with all the alerts and managing them. It has saved us many hours of work and really helped us focus on what we really are there to do rather than working on the threats that come our way.

The solution does allow us to be innovative. The product has a nice interface and is quite robust in comparison. We like the options and availability and how it allowed us to manage our endpoints.

Using the filters takes a little bit of time to get used to. There are so many. You have to scroll from side to side in the filter section to find them. It's not very user-friendly.

Some of the options they have up top are a bit much. It is a bit daunting. It minimizes, and then you have to click on select filters for it to completely open, and then you've got a scroll to the right or scroll to the left. Even if you maximize your screen from left to right, there are still more filters to scroll through. They're not well laid out.

I haven't used the reporting feature much, however, having a little bit more options in reporting would be helpful.

I started using the solution about six months ago.

The solution is very stable.

We have about 400 endpoints. They are all deployed in one location.

It is a scalable product. If we need to add more endpoints, we can. That said, we have yet to scale.

Technical support has been really good.

We had a current vendor called Carbon Black who did our antivirus software, however, it wasn't it wasn't working as well as we would have liked. So we went with SentinelOne to give us a more complete solution.

There is just a lot of functionality on the end of SentinelOne that we just didn't have with Carbon Black, and it just made a lot more sense to go with this. Even though it was priced a little bit more.

I was involved in the deployment of the solution. The process was very simple. SentinelOne took care of most of it for us.

SentinelOne pushed out the agent for us.

We did not need a lot of resources in terms of staff members. We were involved in the planning yet not too much of the implementation. We're still working on covering the last few machines.

There is some maintenance, however, they are mostly updates and those are pushed out by SentinelOne.

We had a representative from the vendor who helped with the deployment.

I can't speak to the exact numbers in terms of ROI. However, other programs do not have as much support and in that sense, support, along with savings, has provided some form of ROI.

My understanding is the pricing is reasonable.

We evaluated other options as well. We looked at Norton, McAfee, and Avast, which were built-in. We went with this product based on the support we would get and the fact that they were personable and easy to work with. We have a dedicated customer service rep that we can talk with about any issues.

We do not use the Ranger feature at this time. We would need to upgrade if we wanted to use that, apparently. So we just decided not to go with that.

The quality is good. I like the way it works and the amount of options it has. However, it has so many options and functionalities you need to really figure out how it works. It takes care of a lot of things for you. You can just set it and forget it.

They are great as a strategic security partner. They worked closely with us and were good at explaining the layout and how the solution would work. They are very helpful.

I'd recommend the solution for users looking for antivirus or endpoint management. It's got great features for both small and large companies. I'd talk with SentinelOne about a company's individual needs. They are quite flexible.

I'd rate the solution eight out of ten.

I use SentinelOne Singularity Complete for endpoint protection and remediation. It protects all computers in my company and sends real-time alerts about malware, viruses, etc., that may have found a way through all of my company's defenses.

SentinelOne Singularity Complete has benefited my organization through its rapid ability to find new and existing malware that I must act on. As the solution uses AI technology, it's able to find both known and unknown threats.

My organization realized the benefits from SentinelOne Singularity Complete quickly from the time of deployment.

What I found most valuable in SentinelOne Singularity Complete is the ability to connect to the terminal remotely. The solution is pretty handy because it allows my company to do investigations and whatnot, wherever the person may be. After all, I belong to a hybrid organization, which means you never know if someone will be in the office.

It is another tool in the tool belt for looking at some of the files, which means that even if the file is not a virus, you can go in and do some investigation.

SentinelOne Singularity Complete has excellent interoperability with other SentinelOne solutions, including third-party tools. I was pleasantly surprised with how in-depth the APIs go because it's almost integrated with my company's SOAR solution, consolidating all alerts in one place and triangulating more per case. In my company, SentinelOne Singularity Complete is integrated with a third-party tool.

My impression of the ability of SentinelOne Singularity Complete to ingest and correlate data across security solutions is good so far, though right now, my company only set up SentinelOne Singularity Complete. Still, it's good that the integration option exists because, in the future, who knows? My company might do some integration depending on what the timing allows.

My company has not consolidated solutions yet because SentinelOne Singularity Complete is just one of the many tools used within my company. It's a helpful tool, but it's not the only player.

SentinelOne Singularity Complete helped free up staff for other projects and tasks and is time-saving, though I don't have specific data on that.

The tool has also helped reduce my organization's mean time to detect. However, I can't give an approximation just because SentinelOne Singularity Complete is the only solution my organization uses. The tool has also helped reduce my organization's mean time to respond because, together with the SOAR solution, SentinelOne Singularity Complete allows my company to go in and correlate everything to find out where the threat came from, so my company can go in and take the appropriate measures to shut down threats more reliably.

SentinelOne Singularity Complete has helped reduce organizational risk because it's one of the modern architecture tools, which gives more confidence in the detections my company sees. The tool also reduces the number of false positives and false negatives, so my company knows that if the tool shows a hit, then that truly warrants further investigation.

I'd give SentinelOne Singularity Complete an eight out of ten in terms of its ability to innovate because it's very much on par with a few other options out there, though I can't recall the names right now.

SentinelOne is an excellent strategic security partner that quickly incorporates my organization's feedback. My organization hasn't had any problems. If my team is looking for a feature, for example, SentinelOne either edits a roadmap or makes the change pretty quickly if there's bandwidth.

They say there is an investigation function in the interface of SentinelOne Singularity Complete, but it's not absolutely available for use. It's a function I've been looking for, but my company can't use it yet for some reason, so this is an area for improvement.

Another area for improvement in the tool is the larger learning curve that stems from it being full-featured, so there's a more significant learning curve in figuring out the environment versus using a more traditional antivirus. It's a lot more than just installing it on the machines.

The other disadvantage of SentinelOne Singularity Complete is that the agent doesn't auto-update, and my company found it more complicated than usual to get the agent updated and keep it updated.

I've been working with SentinelOne Singularity Complete for six months as an end user.

We didn't have any problems with the stability of SentinelOne Singularity Complete.

For the most part, SentinelOne Singularity Complete is scalable, but with my company's problem with auto-updates, it just means needing to rely on other tools to get new agents pushed out to the endpoints. It would have been better and more scalable if there was a way to update on the directory.

We found the technical support for SentinelOne Singularity Complete one of the best we've ever had to deal with, surprisingly, so we'd rate it as ten out of ten. If we open a ticket, we'll typically get some answers quickly, but for more complex issues, we have standing meetings with them that are set once a week so that they can go more in-depth.

My current organization only uses SentinelOne Singularity Complete, but in my previous organizations, more traditional antivirus was used, like BitDefender, and it was fine.

With SentinelOne Singularity Complete, I'm more confident that it can detect threats better and will miss fewer incidents coming in because of the more modern ways it detects malware.

I was not involved in the entire setup process for SentinelOne Singularity Complete, but it was mostly straightforward. However, getting the agents onto the machines was more complicated than the team would have liked.

The team started with a test machine and then expanded after issues arose, including figuring out how to fix the issues.

We implemented SentinelOne Singularity Complete in-house, with the support of the SentinelOne team, whenever we had questions.

I have seen ROI from SentinelOne Singularity Complete.

I have no information on the pricing or licensing cost for SentinelOne Singularity Complete.

I wasn't involved in evaluating solutions, so I'm unsure if the company evaluated other solutions before choosing SentinelOne Singularity Complete.

The organization I'm working for doesn't use the Ranger function of SentinelOne Singularity Complete. It uses a homegrown solution for network visibility.

I don't believe SentinelOne Singularity Complete has helped reduce alerts within the company, and it's not because it can't but because the SOAR solution handles the alerts and sends the alerts. Still, there is potential to improve the process.

I've not observed cost reduction or money saved from SentinelOne Singularity Complete just because it's such a small aspect in the grand scheme of things. It's tough to put a number on that.

Many people were involved in deploying SentinelOne Singularity Complete for the organization.

I'm the one maintaining the solution, and for my organization, in terms of scale, one person is sufficient to maintain SentinelOne Singularity Complete.

The solution is deployed on three thousand endpoints worldwide on both MacOS and Windows machines, along with an agent on the servers.

I advise others looking into implementing SentinelOne Singularity Complete to be prepared to work with the SentinelOne support team. Implementation is not hard to do, but the support team is there to help with much of the work and is happy to help. My standard advice is to ensure you're also checking out other providers. Just because the solution works for my organization, it doesn't mean it will work for yours. You have to find a solution that checks all the boxes for your organization.

I would rate SentinelOne Singularity Complete as eight out of ten.