The primary use cases for SentinelOne Singularity Complete include endpoint security to detect, prevent, and respond to cyber threats in real-time using AI-based behavior analysis.

The second use case is that the SOC team will investigate incidents, automate response actions, and protect systems from malware and ransomware.

SentinelOne Singularity Complete has helped me consolidate my security solutions, and there is some improvement overall. SentinelOne Singularity Complete is a good feature that requires skilled analysts and a proper plan for implementation. SentinelOne Singularity Complete is good for S1 analysts and is helpful for analysts with a simple GUI base.

SentinelOne Singularity Complete has helped reduce alerts for my organization. In my organization, we are an MSSP and right now we manage 6,000 plus endpoints and provide services to 10 plus customers because we are a partner with SentinelOne, and our customers are buying from us while we are providing endpoint services. All customers from us are very happy because the biggest difference is that SentinelOne Singularity Complete gives us the support team and the TAC team. There is human intervention between us and the TAC team because SentinelOne Singularity Complete is a SaaS product. If we get a false positive alert or if we get stuck anywhere, the TAC team will resolve that. The biggest advantage is the support from the TAC team to us, which is very helpful. If there was no TAC team, I would not advise using SentinelOne Singularity Complete.

SentinelOne Singularity Complete has helped free up my staff for other projects and tasks. I will tell you how SentinelOne Singularity Complete helps our SOC team. First of all, we have implemented SOAR technology, the Shuffle technology, which is open-source. Whenever an alert comes on SentinelOne Singularity Complete, we have integrated the Shuffle SOAR technology. Automatically the alert will be killed and quarantined, and mitigating action will be taken from SentinelOne Singularity Complete. Before that, we had to raise the alert manually, but we integrated SOAR technology, and automatically the alert raises to the customer within one or two minutes. This reduces the false positive alerts. We give criteria for Sentinel Shuffle: if the alert is triggered and the hash value for that file is bigger than five seconds, a secondary vendor will mark it suspicious or malicious, and we will raise the alert. Before implementing this, we had to manually check and explore and manually check deep visibility to determine where the alert came from or what scheduled task was generated. After implementing SentinelOne Singularity Complete with SOC as Shuffle SOAR, it is reducing the time significantly.

The best features from my perspective are that SentinelOne Singularity Complete includes EDR, XDR, and next-generation SIEM, and additionally, they have also added Purple AI. SentinelOne Singularity Complete is an automated tool with minimal interactions required. Everything works if we install the endpoint SentinelOne Singularity Complete agent on the endpoint. We don't require anything else because all the work will be done from the SentinelOne Singularity Complete agent that conducts real-time monitoring. If malware is detected, the agent will take care of its kill and quarantine and automatically send the alert to the dashboard.

If the agent is online or the desktop is online, it will connect to the dashboards, and we will get the alerts. That is the best feature. The second feature is the rollback feature for Windows, such as VSS rollback feature. If the endpoint is malware infected, we can restore our files and important data. These are the two best features I appreciate about SentinelOne Singularity Complete.

My impressions of SentinelOne Singularity Complete's ability to ingest and correlate across security solutions are that they can ingest logs from all over the device. For example, we have integrated the Shuffle open-source SOAR tool that ingests the logs from that Shuffle tool. Second, we have also integrated different firewalls and additionally, we have integrated the AWS cloud. Ingestion is seamless and awesome from SentinelOne Singularity Complete.

Regarding the role Purple AI plays in amplifying team knowledge, I use Purple AI for advisory and IOC purposes in my organization. I explore it for research purposes and find it very good and fast for sending advisories every week regarding vulnerabilities found. I don't use Purple AI much for other uses because I have limited exposure to it.

Regarding mean time to respond, the improvements I see with SentinelOne Singularity Complete are that genuine files also get alerts. We are getting false positives, but we are also getting genuine true positive alerts. The improvement will be deep visibility because as I am using Splunk as a SIEM, I compare deep visibility with Splunk, but deep visibility has limited access with only a 14-day policy to retain logs. The improvement will be in overall policy management. The third point will be the complexity of policies. If we want some endpoints to use only USB or if we need to block USB on some points, the policy management is very complex. The fourth point will be that Mac OS and Linux don't have the rollback policy; that policy is only for Windows. These four points are improvements if SentinelOne Singularity Complete can address them.

Data privacy and security when utilizing Purple AI is crucial for SentinelOne Singularity Complete, and SentinelOne Singularity Complete lacks in data security. Data security is very important in this world. In my organization, if we deploy SentinelOne Singularity Complete and we have integrated all the firewalls, all devices, and AWS devices to SentinelOne Singularity Complete, logs will be forwarded to SentinelOne Singularity Complete through SentinelOne Singularity Complete. However, SentinelOne Singularity Complete doesn't have data security solutions such as Forcepoint DLP or 48 layer; SentinelOne Singularity Complete doesn't have that DLP solution. From the data security point of view, SentinelOne Singularity Complete is not good.

I have been working with SentinelOne Singularity Complete for 2.3 years.

In terms of stability and scalability, I heard the news that 25,000 plus endpoints can be installed in one go, so scalability is very good. Regarding stability, I haven't heard of any issues with SentinelOne Singularity Complete. Before two years ago, we heard about a blue screen issue with CrowdStrike, but I haven't heard of such issues with SentinelOne Singularity Complete. Stability is important because even if the agent disconnects from our console, it will still protect the desktop or laptop. There aren't many stability issues; the agent handles everything including upgrades.

Regarding the technical support and customer service teams, I rate them 10 out of 10 on a scale of 1 to 10. The TAC team, which is available 24/7, is the reason for this rating. We are now in India, but if we get stuck at midnight, any other TAC team will be in GMT or Europe or America, and they will assign our support engineer and suddenly schedule a call for us and resolve the issue. The TAC team plays a major role and is very important for us.

Regarding cost-effectiveness and ROI, I will say it is cost-effective. In India, before the installation of SentinelOne Singularity Complete, all our organizations used CrowdStrike, which is a competitor to SentinelOne Singularity Complete. After SentinelOne Singularity Complete came into the picture, the cost is more competitive, and the cost of SentinelOne Singularity Complete will be cheaper than CrowdStrike. I also have some exposure to CrowdStrike, so from a price perspective, I would prefer SentinelOne Singularity Complete if my organization has a limited budget for EDR or XDR solutions.

Regarding the initial setup, I can say it is very easy to set up. We just need to create one tenant from my customer name and send and install the packets for Mac OS, Windows, and Linux servers. We take remote access, and within 5 to 10 minutes, one endpoint will be installed, although it takes some time to connect to the dashboard. The setup is very straightforward, and we have installed over 500 agents in one day. That is a very fast process we have accomplished.

For the deployment model, my organization has a tie-up with Amazon Web Services, AWS. We are using the cloud because of that tie-up with AWS.

Pricing-wise, it is very price-sensitive. My customers, enterprises, are buying from us. For small and medium enterprises, it is very costly. The pricing is approximately $7 to $10 per agent per month. My organization selling depends on the size of the endpoint we are dealing with, but the price is around $7 to $10 per agent per month. In terms of functionality compared to other EDR tools, it is the best price.

Regarding the key differences, both pros and cons of SentinelOne Singularity Complete compared to other technologies such as CrowdStrike or other EDR and NMI products, I have several pros and cons to discuss. The first pro is the fast response. The EDR will immediately get the malicious file, kill or quarantine it, and send the alert to our dashboard. The second is the rollback capability, which is a beautiful feature SentinelOne Singularity Complete gives us for Windows desktops and laptops. The third pro is the automation; 90% of actions will go through the agent. The agent will take all actions—kill, quarantine, alert—and everything is automated; we don't require anything else from our side.

However, cons would include the high false positive alerts; we get alerts for genuine files, and that creates noise, though we can whitelist it. Additionally, there is resource consumption; SentinelOne Singularity Complete uses more disk resources, which reduces the functionality of the desktop. The third con is that when we install the SentinelOne Singularity Complete agent, it takes time to reconnect to the dashboard due to network issues, and it can take 5 to 10 minutes for the endpoint to reflect.

Regarding SentinelOne Singularity Complete's Ranger functionality, I am an L1 analyst and I don't have much hands-on experience with Ranger, but I know that the Ranger is used for detecting rogue endpoints in our network. The Ranger functionality includes network discovery and control features. These two features are very important in Ranger because it ingests logs from network sources and captures the threat matrix including IOC. The most important functionality will be the Ranger's ability to detect rogue device detection. I cannot confirm that we can use Ranger to completely reduce the alerts because I don't have that heavy work as I am only an L1 analyst doing some basic admin tasks.

Additionally, right now we are implementing the next-generation SIEM of SentinelOne Singularity Complete, but this is in the initial phase. Regarding mean time to detect, SentinelOne Singularity Complete is immediately detecting the alerts and giving them to us on the dashboard. The problem is that when we install the agent on the desktop, it takes some time to show on the console. Otherwise, the agent is seamlessly running in the background; while the user is doing their job on desktops, the agent is doing its job greatly in the background.

For threat investigations, I don't have exposure because I am L1, and right now, I have L2. One of my seniors, a senior forensic analyst, uses Purple AI for threat investigation. I don't use Purple AI for threat investigation; I just use it for searching IOC.

For advice or recommendations for organizations considering SentinelOne Singularity Complete, I suggest that before implementation, first, train your SOC on how to handle alerts and investigate. When I started with SentinelOne Singularity Complete, my manager told me to sit with the MBA team and learn about it, which was confusing at first. Start with the pilot deployment instead of deploying thousands of endpoints at once; install a few endpoints to check the performance. Third, integrate SentinelOne Singularity Complete with all your SIEM tools or SOAR tools. We as customers integrate SentinelOne Singularity Complete with Shuffle SOAR and get benefits such as triggering alerts quickly, so implementation is crucial for SentinelOne Singularity Complete to be a powerful tool. Training SOC, proper configuration with skilled analysts, and a well-defined strategy are the key recommendations.

I rate this review 9 out of 10.

I mostly use Singularity Platform in incident response time, especially when there is a ransomware attack or when we want to recover any previous files. My other use case is when I have to investigate any files or EXE files that have been on the PC to deeply investigate what services they are using and what type of network connections they are establishing on the PC.

I use the Pro-detection feature in financial services, and it is a very good feature. There is no need to manage any complicated cases because the Pro-detection feature works by simply analyzing over time. It takes two to three days to investigate a specific issue thoroughly, and then it gives a conclusion based on that analysis, which helps determine the actions to take.

One of the likely features of Singularity Platform is that it is very user-friendly and easy to understand. The UI is indeed very user-friendly. Alerts and writing long queries are somewhat challenging. The predefined queries of SentinelOne can be very jargony to configure and hectic to write.

Singularity Platform's real-time personalization feature is a time-taking process and not a single setup process. It takes at least six to seven months to train the platform so it can be aware of the environment, after which there is some visibility over personalization setups.

The personalization feature has been good for customer experience strategies. People are very positive about that personalization feature because the machine learning offered by Singularity Platform is very good and easy to use. Once it fully adapts to the environment, customers don't even need to monitor their endpoint protection landscape, as it can automatically learn and mitigate any threats or problems with minimal human interaction.

Risk management efforts have improved significantly with Singularity Platform. Previously, a lot of time was spent investigating issues, but now this process has reduced investigation time from days to hours. The focus is on what type of recommendations and remediations to implement, which can be completed within an hour.

Singularity Platform's real-time monitoring capability has significantly improved decision-making. Previously, decision-making was more manual, but after integrating something called Purple AI, it doesn't hallucinate and provides accurate real-time decisions, pinpointing exact problems and suggesting what changes need to be made.

One of the main benefits from using Singularity Platform is that there are no over-alerts; there are very few false positives. Most triggers are by true positives, which helps manage alert fatigue effectively and allows focus on actual threats.

Singularity Platform could be improved by providing a more comprehensive analysis part, particularly on the threat dashboard. If automated analysis in simple terms could be received to explain to customers what exactly is happening, it would be a great addition to the product.

Regarding customizable dashboards, there are predefined dashboards that provide good visibility, but customized dashboards are not that helpful. I would not recommend using them as they can become messier.

My advice for organizations considering Singularity Platform is to encourage the addition of a threat analysis part that integrates with their Purple AI, allowing explanation of specific threats in a simpler way for customers.

I have been using Singularity Platform for three years.

Experience with customer service and technical support has been primarily with tech support because, during the initial configuration time, there were many doubts. Tech support was mostly used, while customer service has not needed to be contacted. Direct contacts for technical support were available.

On a scale of one to ten, the technical support of SentinelOne would be rated as an 8.5.

The initial setup process for Singularity Platform is straightforward across all three platforms—Mac, Linux, and Windows—and doesn't require any prerequisites. It is a very lightweight agent, and the setup is easy to handle.

Singularity Platform does bring a good return on investment. First, proofs of concept are shown for the two EDRs, comparing what they offer. Large enterprises that can afford it often choose SentinelOne for its ease of management compared to other platforms.

Regarding the pricing, Singularity Platform is very high compared to other platforms that have been worked with, such as CrowdStrike and other Sophos EDRs. While it offers very good features at the enterprise level, it comes at a premium price. Licensing includes various tiers like Pro and Singularity, and while highly customizable, it is indeed expensive.

In comparison to other products, a key difference in Singularity Platform is the ability to push customizable scripts, which other platforms offer in their tiers. If detailed analysis were received instead of just a graph, showing a step-by-step explanation of each threat or process would enhance the digital forensics perspective.

From a features perspective, there are no missing functionalities in Singularity Platform; the features are quite good for now. The overall review rating for Singularity Platform is 8.

SentinelOne Singularity Complete is an XDR solution for endpoint protection and EDR. I am an integrator and reseller of both their SIEM and XDR platform.

SentinelOne also has an AI SIEM that operates as a different solution on top of the XDR platform, which is very useful especially for organizations that do not have any SIEM but already have the XDR platform. With the XDR platform, I am able to correlate data from other solutions.

Their AI SIEM consolidates everything under one platform. The way it is very easy is that one agent does everything. Whether it is cloud, on-prem, or endpoints, one agent handles that part. If you have the SIEM as well, you can ingest logs from your cloud workloads, from your on-prem devices, whether it is a security device or other devices like your network switches and applications. It is able to ingest data from all platforms.

SentinelOne Singularity Complete is your endpoint platform that covers everything. It covers Linux, Mac, and Windows environments as well as your cloud workloads and Kubernetes workloads. If you are looking to integrate other solutions or devices, you need the AI SIEM, which will take care of third-party solutions, firewalls, identity access, PAM, and other integrations. If you want to bring those feeds onto that platform, you need the AI SIEM part for it. In terms of XDR, it covers the major platforms including Linux, Windows, and Mac.

The Ranger functionality is good, though I believe they have renamed it recently. If you want to do network discovery on your network to know what is running on it, Ranger is very good.

Purple AI is built into SentinelOne Singularity Complete platform. Purple AI helps engineers perform threat hunting without requiring SOC analyst experience. You are able to threat hunt and respond to threats using normal language conversation.

Because you are able to converse with it using natural language, you are able to build out responses using Purple AI that it will enact autonomously.

It is priced by endpoint device, making it one of the well-priced solutions. It is not too expensive and is a very good enterprise solution.

The most valuable feature is rollback on ransomware and malware because it is one of the only solutions that can do real-time rollback on ransomware and malware.

With SentinelOne Singularity Complete, you have virtually 99.9% zero false positives, which means when it is doing its detection, it is very good at it.

Because the detection engine can be fully autonomous and AI-based, the IT team is not bogged down looking for threats or hunting for threats. Most of the threats will be detected and remediated autonomously, which makes it very useful.

Because of the false positives and the detection engine that it uses, it vastly reduces the detection time because it is AI-based.

Because it is autonomous, you have more or less instant response if it detects a threat.

It is doing most of the work currently. The only thing that would help complete the solution is the ability to execute and perform patching from the system since it is able to discover vulnerabilities and CVEs on the system. That is the one improvement that I have had from clients.

Five years plus.

I have not had any issues personally. I do not know everyone's experience, but I have not experienced any yet.

It is extremely scalable, so it is very good. I would rate it a ten out of ten. You can use it for very small organizations all the way to extremely large organizations.

I have not had to contact them for troubleshooting. When we are doing proof of concept, I speak with the SentinelOne team. In terms of them having to come in and troubleshoot something, that has not happened yet.

The material is readily available for anyone, and mostly they have what I need. I do not need to refer anywhere else.

The only new solution that I have added is SentinelOne, not any other.

The setup is very straightforward and not difficult to do. All you need to do is deploy the agent onto the endpoint machines and then configure the detection and response policies. Other than that, it is not much and is very easy.

Setup is normally done by SentinelOne, but deployment is handled by us. The setup is an online setup unless it is on-prem. For on-prem, I am involved, but most users will not get on-prem deployments. Cloud deployment is done by SentinelOne themselves, and then we come in to do the deployment.

SentinelOne Singularity Complete is being used comprehensively for all capabilities. It is being used for endpoint detection and response, and for XDR purposes. For example, Entra data is being ingested into the platform to get a more complete picture, and also for non-incident-based threat hunting.

The ability to ingest and correlate across various security solutions is impressive. It could be a bit more widespread, but fortunately it is using OCP, and the built-in Purple AI understands more and more of it. On a scale of one to ten, I would rate this a seven to eight.

SentinelOne Singularity Complete has helped me and my clients consolidate security solutions absolutely. I have clients who are no longer using old school SIEMs and they have moved everything into SentinelOne. It has been replacing old AV or non-performative EDR solutions.

The best features in SentinelOne Singularity Complete have to be Purple AI. SentinelOne has not been doing AI for only the past three years, but they have done it since they started. They do have a more realistic grasp on their technology. Using Purple AI, it is very easy to quickly get a grasp on your data, to get the data that you want, and get it properly formatted.

Writing the parsers for data ingestion can be a bit annoying in SentinelOne Singularity Complete. When you do not have a native integration, parsing to OCP or OCF can be a bit tedious. Nothing major aside from that data ingestion aspect.

I have been using SentinelOne Singularity Complete since 2020.

I would rate the technical support for SentinelOne Singularity Complete a nine.

The deployment process for SentinelOne Singularity Complete is easy. The documentation for it is really well-made. I might have overengineered it a bit to always automatically deploy the latest version via the API, making it perhaps more complicated than it needs to be, but once you have it set up, you do not need to worry about it again.

The initial deployment for SentinelOne Singularity Complete depends on the size of the customer, but usually half a day for full deployment is very doable.

I still work with SentinelOne Singularity Complete as well. I am partnered with SentinelOne.

I absolutely use SentinelOne Singularity Complete's Ranger functionality. It is awesome to get a quick grasp on shadow IT, to know what you really have in your environment and what you perhaps do not even know about, what is covered, and what is not covered. The quick rollout feature or the deployment feature via Ranger is differentiated. In my opinion, when you see a device not having SentinelOne Singularity Complete in the Ranger overview, that indicates an issue with the process. You can use the band-aid by quickly deploying it, but in my opinion, that is a band-aid and you need to look at the process first.

It is hard to put into numbers how much SentinelOne Singularity Complete has helped reduce alerts. If it was just a percentage, I would have to say 90% and above. SentinelOne Singularity Complete correlates alerts. If something is happening in the same general incident, it is added to that incident rather than being a new alert. I remember being in the rollout for a larger client and they had another solution still in place at the time. They were running simultaneously for a while. In their old solution, they got hundreds and hundreds of alerts for a single occurrence, 99% of which were false positives. In SentinelOne Singularity Complete, we had a single notification, a single alert, making it much easier to quickly work through and finish.

Regarding my false positive rate reduction, I would say roughly 80%.

SentinelOne Singularity Complete absolutely saves time for me and my clients.

In numbers, I would say 80%. It is a lot of automation, and you can trust in the product to pretty much work. After you have set it up, you can essentially leave it running until you get an alert. That can mean you can leave it alone for a couple of weeks, and that is completely fine.

I would say roughly 70% for how much it has helped reduce my mean time to respond. Getting the alert is only half the benefit. Being able to quickly get all the information you need and then make an appropriate decision is simplified so much. Going back to the topic of XDR, because you can integrate pretty much any data you want into the console. You do not have to have 20 different tabs open. You can have SentinelOne Singularity Complete open and that is it. You can have all the information right there, even within the threat page itself. That simplifies things so much.

So 70% for detection and 70% for response.

Regarding Purple AI, data privacy and security when utilizing AI are important, and it meets my requirements and needs. Every time I interact with someone who is not from Germany, it is always the topic of data security and privacy for Germans. I think Germans are a bit different on that topic. Purple really does meet all the criteria for that. There has never been a single complaint.

With Purple AI, I would assess the capabilities in providing synthesized threat intelligence or contextual insight at six to seven out of 10. There is room for improvement. In a lot of cases, it might just be seeing issues where there potentially are none. If you look at a single event, for example, it may give you the information that this might be threat-related, but when you look into the data, it might also not be. Generally, it does perform really well and if there is something definitely malicious in an event, it will tell you. There is room for improvement.

SentinelOne Singularity Complete helps streamline threat investigations by making it so easy. It is actually unbelievable. Anyone can get started. For example, I recently introduced a new apprentice to the threat hunting capabilities via Purple AI, and that same day he was able to use it because the barrier to entry is so low. You do not need to learn a new query language. You do not need to learn the syntax. You can get right to it and get started.

In my thoughts on pricing for SentinelOne Singularity Complete, it is cost-efficient, definitely. Being pretty much solely on the technical side, I am a bit removed from that.

I would compare SentinelOne Singularity Complete favorably with other solutions or other vendors. It is easy to set up. It is easy to administrate. As with all solutions, you do need to put some effort into the initial deployment. That is going back to the whole beauty of it. It is easy. It takes a workload away from your team. You do not need to worry about so many things after you have it deployed.

My clients have mainly deployed SentinelOne Singularity Complete in the cloud, on-premises, and hybrid models.

I deploy SentinelOne Singularity Complete for myself and for my clients using the cloud for the console, but the agents on all the endpoints.

It is super easy to maintain SentinelOne Singularity Complete. When there is a new agent version, I do ring testing, for example, I do an internal deployment first before I roll it out to my clients. New versions come out every couple months. Beyond that, if there is an arising issue, if a client starts using new software, that also may come up if there are issues in interoperability with SentinelOne. In banking software for example, that is a common thing. Beyond that, it is super easy to maintain.

My advice to those looking into SentinelOne Singularity Complete is to do a proof of concept. Do a small-scale deployment across all your departments. See how it performs and see if there are any issues.

This is an Umbrella platform that provides endpoint security as well as cloud security and provides ingestion like identity and network protection. These are the use cases we work with our clients as per managed security services. It provides great endpoint and cloud security services.

With the AI-based capabilities and the high detection rate, the mean time to detect and mean time to resolve the complete dwell time is less on that particular point. This really directly helps in that area.

The feedback is very good. Detection time and mean time detection, all the security metrics like mean time to detect and dwell times, make SentinelOne Singularity Complete great from the Sentinel point of view. It also provides the MITRE ATT&CK metrics on the dashboard, which helps us to understand tactics and techniques.

There are multiple features such as network controls and device control. We can manage the device as well as detect any unprotected or rogue identity and rogue endpoints across the enterprise. All of these are great features from SentinelOne Singularity Complete.

It reduces the manual intervention time. It reduces the alert noise and now has the AI capabilities to drill down that particular event or incident.

In terms of enhancement, SentinelOne Singularity Complete may increase to include some agent for email protection.

I have demo experience, not production work on the AI Purple where we can take the data from multiple vendors or from Sentinel, and it will provide the enhanced observability and visibility. I have a couple of demo level experiences because that product we are not using right now.

Scalability is also a nine.

Technical support is also good. I would rate it around nine. When we have any escalation or something, it is very helpful in that area.

It is a simple process.

We are the managed service provider, so we help our clients. Sometimes it requires some advanced level of configuration or implementation.

CrowdStrike is the main competitor, along with Palo Alto Cortex and Microsoft Sentinel. These are the three main competitors for the product range from SentinelOne.

It is very hard to compare on this point until we have any kind of detailed one-to-one comparison. It actually depends on the use case on how we are implementing and which services we are opting. SentinelOne provides MDR and EDR detection, so it is a very great portfolio when compared. However, every peer competitor is also evolving day by day, so it is very hard to tell on that point.

It is helpful because it provides the data ingestion from other vendors also. SentinelOne Singularity Complete, from the end user perspective, provides the complete security protection, which is the first thing we are looking for. It has very few false positives. With device control, we can manage the device inventory as well as compliance as per the standard working. These are the features which SentinelOne Singularity Complete provides.

SentinelOne Singularity Complete is a very great product. Network discovery and device control and these features are very helpful for administrators and cybersecurity analysts to help the cybersecurity portfolio correctly.

I would rate this review a nine overall.

I create policies based on the regarding policy, which means I created custom rules regarding the use case and customer use case.

Most of my use cases are related to the event ID and the process event, so it is easy to use.

My impressions of SentinelOne Singularity Complete's ability to ingest data and correlate across the security solutions is that it is better for blocking the hash value and generating the rules manually. It is easy to use.

Overall, SentinelOne Singularity Complete helps me consolidate my security solutions, being the best in endpoint, cloud, and identity.

The best features in SentinelOne Singularity Complete are in the SIEM solution, including the block list in hash value block list and anti-tampering mode.

The best part of the Ranger functionality is that it helps find known and unknown devices, locate IoT devices, and determine how many agents have not been installed in SentinelOne, making it easy to count how many machines are not installed and find IoT devices.

SentinelOne Singularity Complete has helped reduce alerts for me, with the best part being the exclusion, as it has already marked most of the alerts in the cloud as false positives.

SentinelOne Singularity Complete has helped free up my staff for other projects and tasks.

In the SIEM solution, I would like to see improvements in the data injection process, as it is very fast, and the log collector option is very nice. However, there are issues in blocking the hash, which is complicated due to different segregation for Windows, Linux, and macOS, so I ask for an improvement in this hash blocking function and the manual generation of how many VSS snapshots.

I have been working with SentinelOne Singularity Complete for the last two years.

The performance issue with SentinelOne Singularity Complete is very good, but the hash blocking remains complicated and generating many snapshots manually is a recurring challenge.

I work with the Ranger functionality in SentinelOne Singularity Complete, which is used to identify known and unknown devices both in and out of networks.

I evaluate the customer support team of SentinelOne Singularity Complete highly, stating that they provide good support with 24/7 availability.

I decided to switch to SentinelOne Singularity Complete because it offers a single solution for the endpoint SIEM and singularity purpose, and the console is very easy to handle.

There were challenges during the setup, particularly with the custom rule as the customer asked for application-level blocking that I did not fully understand.

The project time is not the means full completely solution but it saves up to 40 days.

Apart from the escalation matrix, I have seen improvement in the mean time to respond, with critical alerts raised below up to 15 minutes and false positive alerts raised in up to one hour.

I mostly use the custom rule and small things for the event type, event query, and searching in event query, focusing on endpoint based solutions in SentinelOne Singularity Complete and the SIEM solution.

I would rate the technical support of SentinelOne Singularity Complete a nine.

I have no recommendations for improvement regarding SentinelOne Singularity Complete as a product or solution.

I rate this review a nine overall.

Our customers are primarily seeking an XDR platform with Singularity Platform, which combines their EDR, next-gen antivirus, vulnerability management, and integration with their existing security portfolio. Singularity Platform is used for XDR requirements, extended detection and response, for their EDR, next-gen antivirus, vulnerability management, and the requirement to integrate with their existing security solutions like their firewalls and proxies from an XDR perspective.

From an overall security perspective, it is not related to supply chain processes as specific to the supply chain process. When customers have interactions or business relationships with their vendors or the third parties that they use as part of their business, Singularity Platform can be used to scan the internet traffic or through their XDR functionalities to determine what kind of data they are sending, if any vulnerabilities exist in their systems, and whether those vulnerabilities are exploitable or not. Those kinds of features can be mapped to a supply chain from Singularity Platform's perspective.

Singularity Platform's functionality for ransomware rollback is quite useful because if you have a ransomware attack, most EDR solutions do not have the feature to do a rollback and bring the system to its earlier state, but that is one of the unique features that Singularity Platform has which can be a game changer for customers.

Singularity Platform's customization feature is also strong; we were able to customize the dashboards and reports based on the different compliances that the customer has. We have customers in BFSI, manufacturing, and pharma, so based on their requirements, because every customer or every business has a different set of requirements, the customization of dashboard and reporting perspective is good in Singularity Platform. From an analyst level to a C-level executive, we can have different sets of dashboards with a specific set of purposes aligned with what roles they play.

The real-time monitoring capabilities in Singularity Platform are good. Some enhancements that could be made are to make it more readable or understandable to the person who is monitoring those dashboards, because sometimes what happens is it becomes too verbose or too much data is displayed from the monitoring perspective, especially from the EDR perspective. Analysts have to make sense of what logs or what alerts they are monitoring; they have to go through a lot of data before they can take any decision on whether it's a false positive or an actual threat that they should look at. If they make it easier and more understandable for the analyst, they can make an informed decision quickly. Currently, what Singularity Platform has is a bit clunky, verbose, and has too much data that might be useful or might not be useful based on the analyst, so if they simplify it, it will be more effective.

From the end user perspective regarding Singularity Platform, the deployment is very easy, which makes life easy for the administrator. Implementation doesn't require a reboot or these kinds of things after installing the agent, which is one more advantage. Additionally, it doesn't use many system resources and doesn't make the system heavy, but still works in a good way, so you're not using much of the CPU or RAM. The detection ratio is good, and we haven't seen many false positives or many attacks at our customers where Singularity Platform has been deployed. This is one added advantage because you need to spend less time on alerts or incidents, allowing your administrators to focus on different jobs rather than spending time analyzing on Singularity Platform. The deployment and installation are easy, which saves time and money from bandwidth and network perspectives and from the time that an analyst or administrator spends on deploying or installing the agent.

I do not recall a real-time personalization kind of feature in Singularity Platform.

If ranking is applied, I would rank CrowdStrike as one, Singularity Platform as two, and Palo Alto's Cortex as three. The issues mentioned in Singularity Platform are well taken care of in CrowdStrike, and CrowdStrike now has a bigger portfolio in terms of data security, identity security, and AI security. The new-age integrations are better in CrowdStrike, and I'm sure Singularity Platform will catch up, but as of now, CrowdStrike has an added advantage.

From an XDR perspective, if Singularity Platform could expand their existing set of supported log sources, that would be better. As of now, they have a limited set of security solutions that can be integrated as part of their XDR platform, and if they increase that, it would be better because not all customers will have the set of supported log sources that they have. Additionally, they don't have a scheduled scan feature; you have to do it through a different mechanism. If they can bring it as part of the platform, the scheduled scan feature would improve usability. Apart from that, from an operations or overall security perspective, we haven't found any such issues with the platform.

I have been working with Singularity Platform for three plus years.

I would rate stability for Singularity Platform as an eight from a better perspective.

Scalability is not an issue for Singularity Platform because it is delivered as a SaaS service, so scalability is taken care of by SentinelOne. I would rate it as a nine.

Technical support from SentinelOne is somewhat dependent on the engineer you are assigned. Some TAC cases are solved in a good time, but some cases faced challenges because the engineer was not competent or was not able to understand the issue or take it to its logical conclusion. I would rate it around six.

From the end user perspective regarding Singularity Platform, the deployment is very easy, which makes life easy for the administrator. Implementation doesn't require a reboot or these kinds of things after installing the agent, which is one more advantage. Additionally, it doesn't use many system resources and doesn't make the system heavy, but still works in a good way, so you're not using much of the CPU or RAM. That is one more benefit; additionally, the detection ratio is good, and we haven't seen many false positives or many attacks at our customers where Singularity Platform has been deployed. This is one added advantage because you need to spend less time on alerts or incidents, allowing your administrators to focus on different jobs rather than spending time analyzing on Singularity Platform. The deployment and installation are easy, which save time and money from bandwidth and network perspectives and from the time that an analyst or administrator spends on deploying or installing the agent. That is where I see more of the benefits.

From an XDR perspective, if Singularity Platform could expand their existing set of supported log sources, that would be better. As of now, they have a limited set of security solutions that can be integrated as part of their XDR platform, and if they increase that, it would be better because not all customers will have the set of supported log sources that they have. Additionally, they don't have a scheduled scan feature; you have to do it through a different mechanism. If they can bring it as part of the platform, the scheduled scan feature would improve usability. Apart from that, from an operations or overall security perspective, we haven't found any such issues with the platform.

It's a shadow process; they require our help during the initial implementation stage for Singularity Platform, but since it's quite easy to configure, it's a plug-and-play kind of thing. You just have to enable or disable the toggle buttons, and then you are good to go. From the deployment perspective or from the help perspective, at the initial level, they require our assistance. Once the training and handover process are done, they can easily manage it on their own.

I would compare Singularity Platform with CrowdStrike and Palo Alto's Cortex XDR.

My use cases include protecting my cloud security and endpoint security workloads with SentinelOne Singularity Complete.

The biggest benefit I get from SentinelOne Singularity Complete is that it protects my cloud security workloads and my on-premises server workloads against ransomware attacks and zero-day attacks.

SentinelOne Singularity Complete has a legacy API integration to connect my existing log management tool and my endpoint protection tool to interconnect my SOAR and SIEM platforms. This ability to ingest and correlate across my security solutions has been valuable.

SentinelOne Singularity Complete helps with the consolidation of security solutions. Previously, we used multiple products such as Trend Micro and McAfee, and we have consolidated into a single platform with SentinelOne Singularity Complete.

SentinelOne Singularity Complete definitely helps reduce alerts in my case because it has AI functionality that investigates and detects threats. This detect and investigate capability from AI has helped us reduce alerts by almost twenty-five to thirty percent.

SentinelOne Singularity Complete helps reduce mean time to detection as it has an important feature called auto-remediation, which is a one-click rollback that allows us to restore identified files. This feature also helps on the false positive front.

SentinelOne Singularity Complete reduces my mean time to respond and protects my environment, thereby reducing the workload of my engineers and security analysts by at least thirty-five percent.

SentinelOne Singularity Complete helps free up my staff for other projects and tasks because it is easily scalable and managed with a single platform, allowing us to concentrate more on DevSecOps and providing visibility across endpoint, cloud workload protection, and my server environment in one platform.

Purple AI in SentinelOne Singularity Complete is important for data privacy and security as it provides granular level information on where I need to go and fix issues, which helps accelerate my operations for better performance.

The contextual intelligence feature of Purple AI in SentinelOne Singularity Complete helps me get the threat intelligence platform across my environment and allows me to share the advisories with my other platforms as well.

Purple AI amplifies team knowledge as I can use it in the manner of a managed detection and response service, allowing me to create a use case with my existing security analyst in response to alerts or triggering information. This provides me complete visibility across my security landscape.

Purple AI impacts SecOps workflows by providing complete end-to-end visibility across my channels and reducing manpower. The agentic workflows created by AI allow my analysts to have an easier job.

I have encountered an issue related to the alerting mechanism in SentinelOne Singularity Complete. Sometimes I need to depend on one more module to get alert visibility. The alerting mechanism shows alerts on a single page, but I have to navigate to another page to get detailed visibility, which could be improved in the user interface.

I have been using SentinelOne Singularity Complete for two years.

I have never seen any issues such as glitches, downtime, or latency with SentinelOne Singularity Complete.

I do not face any scalability issues with SentinelOne Singularity Complete since it is a SaaS platform.

The technical support for SentinelOne is good. I would give them eight points for support on a scale from zero to ten. To reach ten points, they could improve on threat intelligence and provide faster responses.

SentinelOne Singularity Complete has helped with the consolidation of security solutions. Previously, we used multiple products such as Trend Micro and McAfee, and we have consolidated into a single platform with SentinelOne Singularity Complete.

I find the installation and deployment of SentinelOne Singularity Complete very easy.

The deployment of SentinelOne Singularity Complete was done with a partner.

In terms of return on investment for SentinelOne Singularity Complete, I find it better since I am using the AI platform to reduce manpower costs, which helps with the return on investment.

SentinelOne Singularity Complete is less costly compared to CrowdStrike. From a technical side, I do not see much difference between SentinelOne Singularity Complete and other vendors.