We have it hooked up to our LogRhythm SIEM, which keeps track of all the events that are happening all around. That has been really helpful for us. We have SentinelOne Ranger that scans for devices on our network and finds the ones that do not have SentinelOne or the machines that we call rogues. The other function that we use is Deep Visibility. We pay for that, and it allows us to hunt for threats within our environment. It is also very important. We don't use Deep Visibility very often, but it is one of the more important things that we have in terms of the selection of products we pay for.

One of the big reasons we use it is for its ability to ingest and correlate across our security solutions. By virtue of going after an incident, we need to see step by step what happened. We have network solutions that show us where things came from network-wise. We have a vulnerability scanner for something that gets exploited, and then we have SentinelOne to see what is actually happening on machines. Maybe a process was launched. Maybe a file was clicked or an email was opened. That is a big part of how we use the tool.

Prior to having SentinelOne, we had CrowdStrike, which is a similar product. We decided to make the switch to SentinelOne because the biggest problem was that the previous endpoint detection response software we had did not support what we call legacy endpoints. Anything prior to Windows 7 was not supported by CrowdStrike. Being a manufacturing firm, we have quite a few old devices. That was one of the big things that sold us. SentinelOne also had significantly more competitive pricing than CrowdStrike, but the ability to protect older endpoints was the main motivating factor for us to make this switch.

We have been able to consolidate our security solutions. We had a handful of different solutions. SentinelOne Ranger scans for things. We used to have a product that did that, and we got rid of that. For deep visibility, we used to have a piece of software on each machine for historical data and events and things of that nature. We were able to get rid of that. Having an antivirus is also not really necessary because it is a next-generation AI-based antivirus. It does antivirus tasks, and it reduces the need for our traditional antivirus such as Kaspersky, Symantec, McAfee, etc. We were able to get rid of those as well, which is a good thing.

We have turned on the Ranger functionality. It is used for asset discovery, but only within a certain range and only if there are a certain number of machines. The way our settings are, if we have a cluster of five machines around it, it will essentially send out a signal and try to find the one without it. If we have five machines in our organization, it will look to see which one does not have SentinelOne around it. It can be helpful to find machines that were not deployed properly. It can also be helpful to find machines that were deployed by malicious actors and things of that nature. It also helps us to identify machines that have SentinelOne but are not responding right now.

It is a pretty big deal that Ranger requires no new agents, hardware, or network changes. We have deployed SentinelOne completely. There is probably no machine in our network that does not have it unless it has a very specific use case. Ranger helps us find those if they do exist. If need be, there is a setting within Ranger for deploying SentinelOne through Ranger. We have it turned off, but it is still useful. It is something we could use one day.

We typically use Ranger for vulnerability and not necessarily for the prevention of vulnerabilities, but it does give us a good idea of what is out there. For example, there is someone who is trying to do something malicious. It will heartbeat that, and it will see what is happening around that. If it sees, for example, command and control or something like that, it will identify it. It might quarantine it or turn your machine off to stop things.

Singularity Complete has helped to reduce alerts. One of the things we struggle with over time is trying to identify what is and what is not a real threat. It did take some tuning, but we went from having to investigate every little thing to being able to say, "Okay. This is a false positive. We know this. We have had this in our environment. We can exclude that." That frees up time for other things, so we can spend time focusing on malicious or bad things happening in our environment. We can work on projects and do some of the actual engineering.

Singularity Complete has helped free up our staff for other projects and tasks. We do not have to sit there and constantly monitor, which means that we can go ahead and do other things. We have a vulnerability scanner that we can use to start patching and tackling some of those vulnerabilities. We have our SIEM that we need to monitor for events and activities as well. We have network logs that should be gone through more. Because we have something that takes care of our endpoints, we can look at the focus of our business and do things there instead of having to worry about each machine individually.

The biggest thing that SentinelOne does is that it is constantly looking at our environment and other environments as a baseline of what should be happening or what could be happening. If something does not match the specific idea of what should be happening, it detects that and blocks that. If it is not sure what to do exactly, it quarantines a file or a folder or something like that until we have a chance to look at it. That is better than something getting through and causing damage before we can do anything about it. As long as a machine is connected to the network, it is pretty instant, but depending on what it is doing, it might take a little bit. There are some functions within it that do take a little more time to work. For example, the remediate and rollback functions do take time to work, but if it sees something as malicious, it will kill and quarantine that within a fraction of a second.

Singularity Complete has helped reduce our organizational risk. There is the part where it kills and quarantines things that are happening on machines, but there is also an element of visibility. Being able to see what we have gives us a better idea of what risks we have. From an inventory standpoint, everything is synced the second we deploy the image machine. Through that, we are able to see what is running on them, what they have installed, and things of that nature. We get a more holistic idea of what we actually have so that we know what to protect.

The terminating or killing remediation process that they use is top-notch. Pretty much anything that is even remotely malicious gets blocked by it within seconds. That is important for us. We have thousands of endpoints with tens of thousands of users. It is hard to do good security for that many people without some kind of automated detection and response. That is what SentinelOne does for us. It helps us automate that process.

Some of the reports that are exported through SentinelOne can be complicated for people who are not IT professionals. For example, we have some people within our leadership who would like to know why we are spending so much money on their product, and one of the ways that we are able to do that is through reports. Some of those reports are pretty easy to understand, and some of them are very complicated. Because they are not IT or security professionals, they may not have the same grasp. I wish their reporting feature was a little better. If they were able to export and make it a little more presentable, it would be great because this is something that we end up doing on our end where we take some of that data and make it look better. It would definitely save us time if it was a little prettier, for lack of a better word, from the beginning.

We have been using it for two and a half to three years. 

As far as I know, and I am the only one out of our three time zones who uses the tool, I have never had an issue with it. The only time we ever had problems was when someone made a change to some of the roles, but it was not a SentinelOne issue. For the most part, as long as you have set up the tool correctly, it functions pretty much 100%. I cannot think of a time when it was down.

We started out by having it deployed on a handful of machines as a proof of concept. From there, we were able to replicate it over and over in our environment. We are currently licensed for around 7,000 devices, and they made it pretty clear to us that if we decide to improve that or increase that, it would be a seamless process. They will just bump our licenses up and then we pay a little bit more. There is no real pain associated with that where you have to go back to the table, talk, and do things like that. It is a flip of a switch.

They were very helpful. They were knowledgeable. They definitely used the tool before. The questions they asked were good. They knew what logs to ask for. They knew what question to ask. They were pretty good. I would rate them a ten out of ten. They were knowledgeable. They were helpful. The turnaround time is good. They want to resolve the issue, and they are there to help.

Positive

We had CrowdStrike. We switched because of two things. One was the price. CrowdStrike was expensive, and the other thing was that we needed to protect legacy devices. As a manufacturing company, we have a lot of old software and hardware in our environment, and CrowdStrike did not protect those devices. We either had to come up with a solution where we network quarantine those machines or have them segmented somewhere so that they do not talk to anything else, or we just get SentinelOne and they function the same and require no extra work. As long as it is on there, it is protecting them, and it is much cheaper.

We have it almost entirely hosted in the cloud. We do deploy it via the deployment software that we use to deploy to our endpoints. We do have it in the cloud as well that we run through the command line and then point it to our management console, but we do not have it hosted on-premises. We like the idea of having things in the cloud at least for the specific instance.

I was not involved in its deployment. I came here a little bit later, but I got to talk to some of the people afterward. I am part of the deployment now, but I missed the boat by a handful of months.

It is pretty straightforward. The way it works is that you get what is called the management console URL, which is essentially when you install it, it tells you who the device belongs to. You put in your URL, you run a command from it on an executable, and then from there, it is on your machine. It is pretty straightforward.

The number of people involved in the deployment varies. We are a multi-continent and multi-country organization, so we had somewhere between 15 and 20 people working on it. In terms of the people who actually use it, there are probably five or six. We have one person who constantly works to deploy within North America and one person who works to deploy in APAC. We personally work to deploy it within EMEA and then the rest of it is us just working on maintaining it and making sure it is doing what it is supposed to be doing.

We previously had a different EDR solution called CrowdStrike, which was very robust but also very expensive. It did not have the features we were looking for from a legacy standpoint. My understanding is that we did a pretty good deal on SentinelOne. A part of that is because we were their customers very early on, and we also use their products a lot. We are interested in the new products that come out. We go to their demos, and we go to their events. We do save a lot of money. It is not cheap, but it is worth it. We spend a lot of money on a lot of things, and most of them do not do as much as SentinelOne.

It has gotten more expensive over time, but we have also gotten more features and value out of it. They have added things to it. From a pricing standpoint, it is expensive. It is one of the more expensive tools we have, but it also does more than almost every other tool that we have in our environment, so it makes sense.

We reevaluated CrowdStrike and realized that it was just not going to work for our purposes. I believe we looked at Sophos and Carbon Black. Carbon Black is a VMware product, and Sophos is a similar EDR solution.

From a quality standpoint, if you are willing to take the time to implement it and implement it well, it is a fantastic product. It is a massive part of our security posture. If you are looking to switch, doing a proof of concept will probably be good enough to make you realize the value it has. Sometimes, in the demos from vendors, you see the kind of things happening that are supposed to happen. It is, of course, going to block them, but during our proof of concept, we threw in different scenarios at it, and it handled every single one pretty flawlessly. That is a big part of why we ended up choosing it.

If you were a company that has legacy devices, it is a no-brainer as far as EDR solutions are concerned. If you are looking forward to an EDR solution in general, and you do not have legacy devices, SentinelOne is incredibly competitive. It has a lot of great features. It is priced very competitively. Their support is great, and the tool works. It does take some fine-tuning, but the tool works very well.

As a strategic security partner, SentinelOne is always trying to get us to work with some of their partners as well. From an integration standpoint, it does give us some options going forward where if, for example, we wanted to use a mobile device solution, they do have some integration with them. If you are a part of their ecosystem and you have a tool that you are interested in, they will let you know whether they have a partner that they work with. They will let you know that they have this tool. It works so far, and if you have a question or something like that, they can get you acquainted, which I appreciate.

Overall, I would rate it a ten out of ten. It is probably my favorite security tool from the ones we have.

We use SentinelOne Singularity Complete to manage incidents that come in. 

We wanted a solution that could help protect all of our endpoints. SentinelOne Singularity Complete is on all of our servers, and all of our endpoints, to protect against threats to the university.

SentinelOne Singularity Complete has aided our organization by offering a centralized platform for comprehensive visibility. It has enabled us to conveniently monitor all threats and manage our devices through the antivirus, all within a single interface.

SentinelOne Singularity Complete has certainly reduced the number of alerts over the past two years in my experience. We receive very few alerts now, which is excellent.

It has helped us free up our time to focus on other tasks. The solution is very helpful for configuring various exclusions. This ensures that the alerts we do receive, which are false positives, will not pester us in the future. This definitely provides us with more freedom and time to work on other matters.

Singularity Complete has helped reduce our MTTD and our MTTR, which is now just a few minutes after detection.

It has helped our organization save costs.

Singularity has certainly reduced the risk for our organization. With its installation across all endpoints and servers, we are confident that it will effectively protect us against malware or intrusions attempting to breach our environment.

I find the application inventory feature to be extremely useful. We utilize GreenMile for MAC management, and it's not as straightforward to locate the inventory of the applications installed on our computers. As a result, I have been using the application inventory feature more frequently to accurately identify the programs installed on each machine.

One aspect to consider is the SentinelOne network firewall they have in place. I believe they implemented it approximately a year ago. Initially, we faced challenges during the setup phase, which consumed a considerable amount of time. Although the SentinelOne firewall seems to offer potential benefits, in reality, it hasn't proven to be very helpful. While the idea behind it appears promising, I think SentinelOne should consider removing it.

I have been using SentinelOne Singularity Complete for almost two years.

Singularity Complete is stable and I have not seen any downtime.

We don't possess as many endpoints in comparison to, I suppose, other companies and universities. However, I believe that if we were to double them today, scaling Singularity Complete would become quite effortless.

The times I've contacted customer support, it has been really good. There was only one instance when the support was very poor. However, after my concern was escalated to a supervisor or someone on the management team, my issue was resolved. So, I believe that was the only occurrence out of numerous customer interactions.

Positive

We previously used ESET. 

I would rate SentinelOne Singularity Complete a nine out of ten.

We currently only have a couple of integrations with Singularity Complete. I believe there is potential for more integration. As of now, we have only installed two apps that integrate with Singularity Complete.

No maintenance is required from our end.

SentinelOne is excellent as a strategic security partner. There have been numerous advancements, and since I began using the platform two years ago, they have undergone substantial changes. They have introduced many new features, and I have witnessed significant company growth over the past two years.

I suggest examining the various features available in SentinelOne's complete version. We have experienced numerous advantages with it. Often, when SentinelOne introduces new features, we don't notice them until they are fully developed. It's beneficial to explore some of the new features that are in beta. This allows us to experiment with them and assess how they can enhance our environment.

We need to provide a form of antivirus for our cybersecurity insurance. The new term now is EDR or endpoint detection response. I tested out several vendors including CrowdStrike, SentinelOne, and Cisco. SentinelOne definitely stood out. My use case is pretty for much protecting all of my end-user devices and all of my servers on-premise and in our virtual environment.

We were trying to solve for visibility and license management. We used to use other products, and licensing became an issue. We would have issues where clients would not really be connected all the time. They would just randomly lose connection. And that was with McAfee. 

ESET was another one that we used in the past, and we just kept running the issues with the physical server. So having a cloud-managed EDR solution, the agent-based, cloud-managed solution, has worked very well for a few years now at multiple companies. It's the first thing I bought when I came to my new company.

I really like Ranger. I like the deep dive of Ranger in an incident section. Diving into each incident and being able to see complete visibility of when the action was taken against something that it deemed a threat is valuable. Using those incidents in Ranger is definitely up there on my list of favorite features. I have multiple locations all across the globe. Being able to separate my devices, per location, is super helpful.

It's good at ingesting data and correlating. It has zero issues with ingesting data with the agents installed. I've had no issues with that. Being able to go through and create exclusions for specific types of data, like SQL has been really tough in our environment. Being able to just go through and customize those exclusions and working with the support team is great. We also have Vigilance, which is another SOC that they offer. That's a fantastic service.

Everywhere I have an agent, it sees everything, and it does so when I deep dive into a threat or a proposed threat. It does pick out host names, and IP addresses, and it just gives you a really clear picture where you can read it.

I like that Ranger requires no new agents or hardware. Anytime you can keep it lightweight enough. If you add a function and you only pay for your yearly fee for an extra function without making changes in your environment, that's huge. 

I love the reporting. The reporting definitely helps me see the entire network and find what open ports are out there. I can work with my network team to get those things closed, which is fantastic. I like the ease of looking at the graphs and the reports.

The solution has helped reduce our alerts. Instead of waiting on a monthly basis and then executing a plan, I'm able to keep up with it all throughout and day to day. That granular control has left me very impressed.

It gives me peace of mind. My staff isn't really using it. I know I have 24/7 eyes on it. 

It has helped me reduce my mean time to detect. I would be lost without the tool. It definitely helps me figure things out really quickly. I can figure out the whole story very quickly. 

It helps with my mean time to respond. It definitely helps with that. I get an alert in my email immediately, which lets me just know that something happened to my environment. That's something that I previously did not have in my old tool set.

I do want to see Vigilance reach out with that Identity. I don't have Identity, however, it's a very good tool. There is another tool that I use called Purple Knight that does very similar things. I'd like to see adding Vigilance to the visibility of Identity. 

One thing I don't like is the exportable report. They're not as useful as I'd hoped they would be. I always feel like I have to finagle them a little bit before I can present them to the executive board. The reporting needs to be beefed up a bit more. Everything feels a little lacking. They're trying to keep it simple, yet it is a little oversimplified. 

I really wish it could be an app on my phone. If I could open up an app on my phone and get all the alerts or look at my environment and see the health real quick, that would be ideal. It doesn't have to be a full feature.

I'd like the ability to have text alerts, for example, if something gets quarantined. 

The website, if you are trying to figure out what all the products are, it's kind of busy. I don't know what all the products are. The marketing is a little tough to follow. 

I've been using the solution for three years.

I haven't experienced any stability issues. 

The solution is extremely scalable. It's super easy to push out to thousands of clients if you really need to. I haven't had any issues. It scales very well.

Usually, technical support is very good. They are very knowledgeable. It's usually 24 hours for a response. I've had a couple of phone conversations with them. Right now, we're going basically through email. They give me a ton of information. They're open to working with my third-party MSP. Right now, the MSP brought up a concern about a very specific function that needs a little bit more tending to in the exclusion arena. 

Positive

We had Defender at this company before.

I was involved in the initial setup.

The deployment is very straightforward. It's super easy to just download your agent, and you get your site token, you install, and you push it out. We use the PDQ at my last company. Here, we use SCCM. We push it out with the MSI, with the site token pre-installed. I see it on my dashboard. It's easy.

My last deployment was handled by myself.

The solution does not require any maintenance anymore. It used to be kind of a headache to go through and have to update the agent. And just to remember to do it. Now I get the email. It tells me there's a new agent out there. I go read up on what the changes are, which is great. Then I go in there and set up the auto-install on the agents, and it just hits them on the schedule. You only have to really pay attention to it once in a blue moon when a new agent is installed or there's a general release.

I installed the solution myself.

I can pay, for my environment, between $30,000 and $40,000 a year, and that's a pretty good deal.

I'm a customer and end-user.

I haven't really done any third-party tools. I've looked into their Identity tool which is one of the newer offerings that they have. It's a very nice offering. It is rather expensive. That said, it is very nice to be able to see Active Directory all in one pane of glass. Honestly, the hardest thing about my job as a security professional is having all these different tools so the more I can see everything in one area, the better it is.

The quality and maturity are important. The company is relatively new in the space, however, they are pretty mature in the market and pretty well-respected. 

SentinelOne is a great strategic partner. I can't see myself doing security without them at this point. They are one of the backbones of my security platform. They were the first pieces even before I bought Cisco Duo or Meraki. 

I'm excited to see where this will be in the next ten years. I can just see this platform just going crazy. I would love to see maybe a little bit more focus. We have to deal with a lot of sensitive equipment that run specific jobs and I love how SentinelOne, and specifically Ranger, is very passive in its ability. It complements our OT. I would love to see some way of getting away from the super expensive platforms of Tenable and bringing in some of these functions that Tenable offers from a scanning platform fully into SentinelOne in the future.

I'd rate the solution nine out of ten.

This is a best-in-breed solution. If you're looking at anything in comparison, do your due diligence, do proof of concept between whatever companies you're looking into. However, SentinelOne is the best-in-breed.