External reviews are not included in the AWS star rating for the product.
We utilize SentinelOne Singularity Complete to manage the endpoints, including workstations on both Windows and Mac platforms. This enables us to detect any anomalous behavior and threats on these workstations. Essentially, it empowers us to safeguard our enterprise, effectively replacing our conventional antivirus solution.
We aimed to bolster our security and achieve more comprehensive coverage, which is why we adopted SentinelOne Singularity Complete.
Singularity Complete's interoperability with third-party tools is good. The integration with the Singularity AI-SIEM platform enables us to collect logs from various other platforms and consolidate them into a single console. This greatly facilitates swift issue diagnosis and identification, making it an advantageous perspective.
We have recently begun using the ingestion and correlation functionalities of Singularity Complete. Currently, we are in the process of integrating it with our existing networking equipment, namely Palo Alto and Fortinet. Our objective is to ingest specific data from these sources and derive meaningful insights from the collected information. The integration processes are quite straightforward and user-friendly. It seems that any challenges we are facing might be attributed to configuration issues on our side, which we need to improve upon.
Singularity Complete has assisted us in consolidating our security solutions. With Singularity Complete, we now have a centralized platform for monitoring alarms. We are gradually phasing out the other solutions we had in place.
It has enabled us to gain more confidence and autonomy. The solution is comprehensive as it effectively manages both workstations and threats. Consequently, it significantly reduces the burden of dealing with operational issues and reacting to problems. This approach eliminates the need for excessive proactivity, as we trust the platform to handle these tasks on our behalf. Thus, we no longer need to spend time searching for threats, as the platform efficiently performs this task for us.
It helped reduce false positives. We fine-tuned the solution by creating some exclusions that have reduced the number of alerts.
Singularity Complete has freed up two to three hours per week of our staff's time to work on other projects and tasks.
Singularity Complete has reduced our MTTD by around five hours and has reduced our MTTR by around three hours on average.
It has indirectly helped save costs because we spend less time having to deal with configuration and proactively configuring alarms and alerts.
Singularity Complete has reduced our organizational risk by around 40 percent.
It is now a toss up between the AI-SIEM platform and the the rollback feature. There were instances when some workstations detected infections, and having the rollback feature proved to be incredibly valuable.
Native integration with the mobile console is an area that can be improved.
I'd like to see more operations with the XDR platform.
I have been using SentinelOne Singularity Complete for one year.
I would rate the stability of Singularity Complete a ten out of ten.
I would rate the scalability of Singularity Complete a nine out of ten.
The technical support is of high quality, strong, and responsive.
Positive
We previously used ESET but we were often missing threats and not finding out until after the fact.
The initial setup is straightforward. We collected several samples for each department, and subsequently, we distributed them to ensure their functionality among the users in different departments. After conducting the necessary tests, we proceeded to implement the final version.
Two individuals were engaged in the deployment: a Cyber Hunter and an administrator.
The implementation was completed in-house.
We have observed a return on investment through the time saved managing our workstations and addressing threats. This has provided us with additional time to dedicate to operational projects.
The pricing was very similar in terms of its competitors, but I believe SentinelOne's capability and willingness to attract new business allowed us to save some extra money. I think the pricing aligns well with the market. They encountered competition, so their pricing was slightly more adaptable. That's where we gained an advantage from it.
We evaluated CrowdStrike and Microsoft Defender. We didn't find microsoft Defender to be a strong enough technology. CrowdStrike was more expensive, while SentinelOne offered a combination of good technology and affordability.
I would rate SentinelOne Singularity Complete ten out of ten.
SentinelOne is ahead of the curve. They are certainly leading the way. When we consider the kinds of integrations being developed and the AI integrated into the platform, it's evident that they are the latest entrants to the market. This current position enables them to be more innovative in their approach.
SentinelOne Singularity Complete is extremely mature at this level.
We have 50 end users based out of multiple locations. A lot of our users work from home. Singularity Complete is deployed on laptops, workstations, and our servers.
The maintenance is minimal and is overseen by one person.
We're very satisfied with SentinelOne as a strategic partner. They've given us what we need, and we see a long-term future relationship with them.
Planning the rollout is crucial because we need to effectively manage the changes with the users. Therefore, meticulous planning of the rollout, organized by department, ensures a seamless transition and allows us to anticipate any potential issues. Adopting a staggered approach, rolling it out per department, is likely the most effective strategy for deploying Singularity Complete.
We have it hooked up to our LogRhythm SIEM, which keeps track of all the events that are happening all around. That has been really helpful for us. We have SentinelOne Ranger that scans for devices on our network and finds the ones that do not have SentinelOne or the machines that we call rogues. The other function that we use is Deep Visibility. We pay for that, and it allows us to hunt for threats within our environment. It is also very important. We don't use Deep Visibility very often, but it is one of the more important things that we have in terms of the selection of products we pay for.
One of the big reasons we use it is for its ability to ingest and correlate across our security solutions. By virtue of going after an incident, we need to see step by step what happened. We have network solutions that show us where things came from network-wise. We have a vulnerability scanner for something that gets exploited, and then we have SentinelOne to see what is actually happening on machines. Maybe a process was launched. Maybe a file was clicked or an email was opened. That is a big part of how we use the tool.
Prior to having SentinelOne, we had CrowdStrike, which is a similar product. We decided to make the switch to SentinelOne because the biggest problem was that the previous endpoint detection response software we had did not support what we call legacy endpoints. Anything prior to Windows 7 was not supported by CrowdStrike. Being a manufacturing firm, we have quite a few old devices. That was one of the big things that sold us. SentinelOne also had significantly more competitive pricing than CrowdStrike, but the ability to protect older endpoints was the main motivating factor for us to make this switch.
We have been able to consolidate our security solutions. We had a handful of different solutions. SentinelOne Ranger scans for things. We used to have a product that did that, and we got rid of that. For deep visibility, we used to have a piece of software on each machine for historical data and events and things of that nature. We were able to get rid of that. Having an antivirus is also not really necessary because it is a next-generation AI-based antivirus. It does antivirus tasks, and it reduces the need for our traditional antivirus such as Kaspersky, Symantec, McAfee, etc. We were able to get rid of those as well, which is a good thing.
We have turned on the Ranger functionality. It is used for asset discovery, but only within a certain range and only if there are a certain number of machines. The way our settings are, if we have a cluster of five machines around it, it will essentially send out a signal and try to find the one without it. If we have five machines in our organization, it will look to see which one does not have SentinelOne around it. It can be helpful to find machines that were not deployed properly. It can also be helpful to find machines that were deployed by malicious actors and things of that nature. It also helps us to identify machines that have SentinelOne but are not responding right now.
It is a pretty big deal that Ranger requires no new agents, hardware, or network changes. We have deployed SentinelOne completely. There is probably no machine in our network that does not have it unless it has a very specific use case. Ranger helps us find those if they do exist. If need be, there is a setting within Ranger for deploying SentinelOne through Ranger. We have it turned off, but it is still useful. It is something we could use one day.
We typically use Ranger for vulnerability and not necessarily for the prevention of vulnerabilities, but it does give us a good idea of what is out there. For example, there is someone who is trying to do something malicious. It will heartbeat that, and it will see what is happening around that. If it sees, for example, command and control or something like that, it will identify it. It might quarantine it or turn your machine off to stop things.
Singularity Complete has helped to reduce alerts. One of the things we struggle with over time is trying to identify what is and what is not a real threat. It did take some tuning, but we went from having to investigate every little thing to being able to say, "Okay. This is a false positive. We know this. We have had this in our environment. We can exclude that." That frees up time for other things, so we can spend time focusing on malicious or bad things happening in our environment. We can work on projects and do some of the actual engineering.
Singularity Complete has helped free up our staff for other projects and tasks. We do not have to sit there and constantly monitor, which means that we can go ahead and do other things. We have a vulnerability scanner that we can use to start patching and tackling some of those vulnerabilities. We have our SIEM that we need to monitor for events and activities as well. We have network logs that should be gone through more. Because we have something that takes care of our endpoints, we can look at the focus of our business and do things there instead of having to worry about each machine individually.
The biggest thing that SentinelOne does is that it is constantly looking at our environment and other environments as a baseline of what should be happening or what could be happening. If something does not match the specific idea of what should be happening, it detects that and blocks that. If it is not sure what to do exactly, it quarantines a file or a folder or something like that until we have a chance to look at it. That is better than something getting through and causing damage before we can do anything about it. As long as a machine is connected to the network, it is pretty instant, but depending on what it is doing, it might take a little bit. There are some functions within it that do take a little more time to work. For example, the remediate and rollback functions do take time to work, but if it sees something as malicious, it will kill and quarantine that within a fraction of a second.
Singularity Complete has helped reduce our organizational risk. There is the part where it kills and quarantines things that are happening on machines, but there is also an element of visibility. Being able to see what we have gives us a better idea of what risks we have. From an inventory standpoint, everything is synced the second we deploy the image machine. Through that, we are able to see what is running on them, what they have installed, and things of that nature. We get a more holistic idea of what we actually have so that we know what to protect.
The terminating or killing remediation process that they use is top-notch. Pretty much anything that is even remotely malicious gets blocked by it within seconds. That is important for us. We have thousands of endpoints with tens of thousands of users. It is hard to do good security for that many people without some kind of automated detection and response. That is what SentinelOne does for us. It helps us automate that process.
Some of the reports that are exported through SentinelOne can be complicated for people who are not IT professionals. For example, we have some people within our leadership who would like to know why we are spending so much money on their product, and one of the ways that we are able to do that is through reports. Some of those reports are pretty easy to understand, and some of them are very complicated. Because they are not IT or security professionals, they may not have the same grasp. I wish their reporting feature was a little better. If they were able to export and make it a little more presentable, it would be great because this is something that we end up doing on our end where we take some of that data and make it look better. It would definitely save us time if it was a little prettier, for lack of a better word, from the beginning.
We have been using it for two and a half to three years.
As far as I know, and I am the only one out of our three time zones who uses the tool, I have never had an issue with it. The only time we ever had problems was when someone made a change to some of the roles, but it was not a SentinelOne issue. For the most part, as long as you have set up the tool correctly, it functions pretty much 100%. I cannot think of a time when it was down.
We started out by having it deployed on a handful of machines as a proof of concept. From there, we were able to replicate it over and over in our environment. We are currently licensed for around 7,000 devices, and they made it pretty clear to us that if we decide to improve that or increase that, it would be a seamless process. They will just bump our licenses up and then we pay a little bit more. There is no real pain associated with that where you have to go back to the table, talk, and do things like that. It is a flip of a switch.
They were very helpful. They were knowledgeable. They definitely used the tool before. The questions they asked were good. They knew what logs to ask for. They knew what question to ask. They were pretty good. I would rate them a ten out of ten. They were knowledgeable. They were helpful. The turnaround time is good. They want to resolve the issue, and they are there to help.
Positive
We had CrowdStrike. We switched because of two things. One was the price. CrowdStrike was expensive, and the other thing was that we needed to protect legacy devices. As a manufacturing company, we have a lot of old software and hardware in our environment, and CrowdStrike did not protect those devices. We either had to come up with a solution where we network quarantine those machines or have them segmented somewhere so that they do not talk to anything else, or we just get SentinelOne and they function the same and require no extra work. As long as it is on there, it is protecting them, and it is much cheaper.
We have it almost entirely hosted in the cloud. We do deploy it via the deployment software that we use to deploy to our endpoints. We do have it in the cloud as well that we run through the command line and then point it to our management console, but we do not have it hosted on-premises. We like the idea of having things in the cloud at least for the specific instance.
I was not involved in its deployment. I came here a little bit later, but I got to talk to some of the people afterward. I am part of the deployment now, but I missed the boat by a handful of months.
It is pretty straightforward. The way it works is that you get what is called the management console URL, which is essentially when you install it, it tells you who the device belongs to. You put in your URL, you run a command from it on an executable, and then from there, it is on your machine. It is pretty straightforward.
The number of people involved in the deployment varies. We are a multi-continent and multi-country organization, so we had somewhere between 15 and 20 people working on it. In terms of the people who actually use it, there are probably five or six. We have one person who constantly works to deploy within North America and one person who works to deploy in APAC. We personally work to deploy it within EMEA and then the rest of it is us just working on maintaining it and making sure it is doing what it is supposed to be doing.
We previously had a different EDR solution called CrowdStrike, which was very robust but also very expensive. It did not have the features we were looking for from a legacy standpoint. My understanding is that we did a pretty good deal on SentinelOne. A part of that is because we were their customers very early on, and we also use their products a lot. We are interested in the new products that come out. We go to their demos, and we go to their events. We do save a lot of money. It is not cheap, but it is worth it. We spend a lot of money on a lot of things, and most of them do not do as much as SentinelOne.
It has gotten more expensive over time, but we have also gotten more features and value out of it. They have added things to it. From a pricing standpoint, it is expensive. It is one of the more expensive tools we have, but it also does more than almost every other tool that we have in our environment, so it makes sense.
We reevaluated CrowdStrike and realized that it was just not going to work for our purposes. I believe we looked at Sophos and Carbon Black. Carbon Black is a VMware product, and Sophos is a similar EDR solution.
From a quality standpoint, if you are willing to take the time to implement it and implement it well, it is a fantastic product. It is a massive part of our security posture. If you are looking to switch, doing a proof of concept will probably be good enough to make you realize the value it has. Sometimes, in the demos from vendors, you see the kind of things happening that are supposed to happen. It is, of course, going to block them, but during our proof of concept, we threw in different scenarios at it, and it handled every single one pretty flawlessly. That is a big part of why we ended up choosing it.
If you were a company that has legacy devices, it is a no-brainer as far as EDR solutions are concerned. If you are looking forward to an EDR solution in general, and you do not have legacy devices, SentinelOne is incredibly competitive. It has a lot of great features. It is priced very competitively. Their support is great, and the tool works. It does take some fine-tuning, but the tool works very well.
As a strategic security partner, SentinelOne is always trying to get us to work with some of their partners as well. From an integration standpoint, it does give us some options going forward where if, for example, we wanted to use a mobile device solution, they do have some integration with them. If you are a part of their ecosystem and you have a tool that you are interested in, they will let you know whether they have a partner that they work with. They will let you know that they have this tool. It works so far, and if you have a question or something like that, they can get you acquainted, which I appreciate.
Overall, I would rate it a ten out of ten. It is probably my favorite security tool from the ones we have.
In most cases, the product is used as an XDR or MDR for our customers internally as well. It is used for us to provide some customers with a light SOC service so we could also manage that solution. So as an example, if they don't have dedicated resources to look or monitor it offers that ability for them to do the monitoring for you or for some customers. That is very handy. But most of the time, we use it as an MDR XDR solution for our customers.
We mostly provide customers with MSSP services. We do not resell it as a standalone.
The ease of use and has some integrations within their marketplace. Those come in handy. The GUI is really easy to use.
The storyboarding gives you a play-by-play of how an instance or alert came to be.
Some of the automation tools are really good.
Singularity's ability to ingest and correlate across our security solutions is great. I don't see a platform that does it better. At least from an MDR standpoint. It really is a central tool to ingest that data to begin with and correlate and then it's pushed out other solutions like Splunk or other solutions.
Singularity has helped reduce alerts. The automation tools have been able to lower the number of alerts. We desensitized alerts as there are too many of them. Sentinel One has helped repair it with our team to do that. Just the ability for the automation tools to be in use has been really helpful.
Singularity has helped free up our staff for other projects. The automation tools have really helped there.
Our security team is about ten people. Two people no longer have to worry about anything. We've saved about 20% to 30% of our labor, our staff.
Singularity helped reduce our organization's mean time to detect. We're able to detect or even dive in and look for issues. We have the freedom to look and inspect. We're proactive now.
Our mean time to respond is good. It helped us fill operational procedures.
Singularity helped save costs. We've saved in terms of operational costs or even salary in terms of time-savings. We didn't save on platform to platform, yet we saved on time.
It's helped us reduce organizational risk. We're able to monitor our networks better.
They are probably the most mature product at the moment. For the price point, we're getting a good middle ground of price and value.
I would hope that they would increase their prebuilt migrations. As an example, they have one Active Directory in Azure Cloud, which is really good. If they can expand that to other pretty well-known software, some platforms, that'd be great. What they have now is good for some of the key players like Azure, Google, and Splunk. I would just like to see that being expanded.
We'd like to have a network map or scan to cover network security. That would be good to have.
I've used the solution for five to six years.
The stability is great. I'd rate the stability nine out of ten. They are never really down. It's usually up and running.
The solution is very scalable and very easy to scale.
Every time we have an issue, we get somebody who knows the product and can talk us through it. We can resolve issues pretty quickly.
Positive
We had used Crowdstrike and Trend Micro a bit.
We first switched to Sentinel One based on an audit. It was a next-generation antivirus. There are new options on the market now. We continue to use it due to the fact that are always improving their offering and I don't see a better option on the market.
I was part of the deployment. The initial setup is pretty straightforward.
We have three people involved in the deployment of the product.
There isn't too much maintenance. It just works.
We did use a consultant to assist with deployments in the past. At this point, we just do it ourselves.
The pricing is good. They are in line with the market.
We looked into Crowdstrike, Carbon Black, and Microsoft.
In terms of Ranger, I've used it. I have not used it recently. I'm actually trying to get back into and play with that again.
Sentinel One is good as a strategic security partner. The platform is great and there are a lot of features. Using their managed service really does help. We can partner with them to provide that service to our customers.
I'd rate the solution ten out of ten.
I'd advise others considering the solution to get with a good MSP or MSSP. Users should try the complete version and all the features to find out about the entire system. Get the higher feature set and go down from there. I'd also advise at first new users get a good MSP to work through the initial installation process.