External reviews are not included in the AWS star rating for the product.
It is an all-in-one agent on multiple operating systems that can detect malicious and suspicious activities. You can also use it to respond to different threat signals that you get from the platform.
There are multiple engines that run different types of detection, such as behavioral-type activities, that it can detect. It can also detect malicious activity based on a hash. It's a pretty great tool.
Overall, the level of detection and visibility we get have vastly improved, and that means the protection for our company has improved likewise.
Singularity has helped reduce the number of alerts we get. We were using FireEye at one point, and it was producing a ton of false positives. We have seen a major reduction in false positives, and that has saved our team's time. We have time to do other projects now.
In my previous company, we were using a Cisco product, and there was a ton of time wasted. Out of a 40-hour week, about eight to 10 hours were wasted, and with Singularity, we were able to get back about nine of those hours. Obviously, there are alerts coming in, and you have to investigate them, but the number was greatly reduced. In my current company, about 15 hours a week were wasted with false positives and wild goose chases and alerts. Now, we may put an hour into investigations. The great thing about SentinelOne is that you can get right down to what's going on with the events and deep visibility. It has saved us around 12 to 14 hours a week.
It's pretty quick when it comes to time to detect because you're right on the endpoint. Some agents have a delay in terms of when they report back to a console or a reporting server, but with SentinelOne, it seems that the agent is talking to the console right away. There isn't a huge delay.
Our mean time to respond is also very quick once we see the threat come in. It depends on the policy that is in place and the type of threat. If it is something suspicious, which we don't always have a set response for with the platform, we are able to easily look at what's going on a couple of minutes before the threat and what comes after. We can see the artifact on the endpoint, what is executed and what the user was probably doing. That means we're able to respond really quickly with all that visibility.
When it comes to cost savings, in the first company where I used SentinelOne, man-hours were saved, and it was cheaper to use SentinelOne than the Cisco product.
One use case where we've reduced risk has been due to users using something risky. They were trying to use an application that's like a keylogger. We've blocked it, and we've also created a rule using a star to detect when people are trying to use it. We have also set up rules to detect downloads of risky software, and that's protecting us too. It's protecting us from risk, but there's not a lot of reduction other than some protections and blacklists.
The deep visibility is a valuable feature. I can use it during threats or alert signals that we get. I can also use it when we have alert signals from other security tools that we have. I can use the SentinelOne platform to dive into those, even though there's no alert from SentinelOne, and zero in with a timestamp using its deep visibility to look at an endpoint and see if there's anything going on that might be correlated to a threat.
And Singularity's interoperability with other solutions has been a major bonus. You can put exclusions in place for other security platforms. For example, if you're using Symantec, you could easily put in an exclusion for that. The way that you can put them in, with the scope and the different groups, is really great. Singularity also provides pre-baked exclusions for interoperability with other pieces of equipment. For instance, for Microsoft SQL Servers, it already has pre-baked exclusions that you can put in for interoperability. It's far beyond the other platforms that I was using before.
In terms of ingestion, it's definitely taking in a lot of information at the endpoint level. You still need a human to do some of the correlation of the activities. The SentinelOne platform is looking at the endpoint, but you still need a human on the other end to analyze what the human at the other end of the endpoint was doing. But overall the solution does pretty well at correlating activities. I have seen some serious threats come in, and it definitely detects them right away with a pretty good correlation to the threat.
During my use of it over the years, they've been continuously improving it.
My biggest complaint is that when you're logged into the console there is the Help section where you can review all the documentation. But when you log in to the support portal, there is documentation there as well. They need to sync those two into one place so that I don't have to search in two different locations for an answer.
And I'm on the fence about whether to keep the agents a little bit longer than they do, before they go end-of-support. That might be an improvement, but I'm not positive about that.
I have been using SentinelOne Singularity Complete for about four years.
Uptime is all the time.
I've only had one experience where there was a disconnect between the agents and the console. It was pretty brief, but that is when I opened a case with support. I had never seen that before, so the uptime is awesome. It's up 99.9 percent of the time.
It's very scalable. We are working on a special project, in which we want to set up a lab for a special event. I talked with our support, and they said we could set up another site. It's really scalable.
As I mentioned, I recently had a case because there were a lot of agents offline for a moment. Their support responded within one minute. That was an outlier. Every other case that I've opened up with them has not been a priority-one issue, but they usually respond within about five to 10 minutes, and they have been really great. I have not had an issue yet with support.
Everyone I've worked with in support is awesome. They always have the answers. Even if it's a complex issue, we usually get right down to it. I'm really happy with support.
I have used it in two different workplaces. Both workplaces were replacing platforms that just did not perform well and did not give you good visibility into what was going on on the endpoints. Both had a higher rate of false positives, and neither had the various detection engines that SentinelOne provides.
I was involved in the initial deployment of the solution in my previous place of employment and it was straightforward. It was only made complex by our own IT department.
There is a little maintenance. I check on a daily basis because you can build out multiple groups. When a new agent is deployed, I have it start off in a specific group to get the agent installed, and then it does a full disk scan. There is a little maintenance—and maybe no one else does this—but I log in and check for new systems. Once they have their full disk scan completed, I'll move them over to the production policy. You could do that on a weekly basis but I do it daily. The morning maintenance is less than five minutes for me, and you could definitely do that weekly as well.
I did it mostly by myself. I had another engineer working with me but that was it. It's really easy, a no-brainer. And that was for about 1,200 endpoints
I'm not a manager, but the return on investment may be in saving man hours.
When we were checking out different platforms we did get a price from Microsoft and it was unreasonable. SentinelOne was definitely reasonable and worth the money.
I've used several different platforms. We had a demo of the Carbon Black EDR, and I've used the FireEye EDR, Symantec, and Cisco.
We did a comparison between CrowdStrike, Carbon Black, and looked at Microsoft's EDR products.
As far as consolidation of security solutions goes, I have some suggestions for my leadership. I think we can definitely consolidate. For instance, we have a certain network segmentation where we have multiple security tools, including the SentinelOne agent and other agents on the devices. These devices are lower-end systems that don't have super-high specs like you might have on a power user's PC. In that area, we could eliminate one of the security agents and leave the SentinelOne agent. We would be covered in several different areas, such as FIM. I could create a custom rule to watch a certain configuration file, and if it changed, we would receive an alert. You can definitely use it to consolidate. Although we haven't done that yet, we're going to start because it's possible with the SentinelOne.
I believe we could save money by reducing the number of agents on those endpoints. If you walk that back to the yearly cost when we buy licenses, we should be able to save money on licensing for the other agent that we're using.
SentinelOne is very mature as an EDR platform. I would definitely put it in my top two. Across the breadth of everything I've dealt with using SentinelOne, even support, it's definitely top-two and you should check it out. I don't have a bad thing to say about it.
You definitely have to check out SentinelOne. They are firing on all cylinders for multiple areas that you want to consider when buying a tool like this. They're at 100 percent. When it comes to visibility, they present the information so that it's easy to read and understand. Responding is really easy to do. Support, which is a big factor nowadays, has faltered at some companies over the past four years, but support from SentinelOne has been awesome. Put SentinelOne in your PoCs. If you're looking at a couple of companies, you have to look at SentinelOne.
SentinelOne as a provider is a major player in hardening the protection of our environment.
We utilize SentinelOne Singularity Complete to manage the endpoints, including workstations on both Windows and Mac platforms. This enables us to detect any anomalous behavior and threats on these workstations. Essentially, it empowers us to safeguard our enterprise, effectively replacing our conventional antivirus solution.
We aimed to bolster our security and achieve more comprehensive coverage, which is why we adopted SentinelOne Singularity Complete.
Singularity Complete's interoperability with third-party tools is good. The integration with the Singularity AI-SIEM platform enables us to collect logs from various other platforms and consolidate them into a single console. This greatly facilitates swift issue diagnosis and identification, making it an advantageous perspective.
We have recently begun using the ingestion and correlation functionalities of Singularity Complete. Currently, we are in the process of integrating it with our existing networking equipment, namely Palo Alto and Fortinet. Our objective is to ingest specific data from these sources and derive meaningful insights from the collected information. The integration processes are quite straightforward and user-friendly. It seems that any challenges we are facing might be attributed to configuration issues on our side, which we need to improve upon.
Singularity Complete has assisted us in consolidating our security solutions. With Singularity Complete, we now have a centralized platform for monitoring alarms. We are gradually phasing out the other solutions we had in place.
It has enabled us to gain more confidence and autonomy. The solution is comprehensive as it effectively manages both workstations and threats. Consequently, it significantly reduces the burden of dealing with operational issues and reacting to problems. This approach eliminates the need for excessive proactivity, as we trust the platform to handle these tasks on our behalf. Thus, we no longer need to spend time searching for threats, as the platform efficiently performs this task for us.
It helped reduce false positives. We fine-tuned the solution by creating some exclusions that have reduced the number of alerts.
Singularity Complete has freed up two to three hours per week of our staff's time to work on other projects and tasks.
Singularity Complete has reduced our MTTD by around five hours and has reduced our MTTR by around three hours on average.
It has indirectly helped save costs because we spend less time having to deal with configuration and proactively configuring alarms and alerts.
Singularity Complete has reduced our organizational risk by around 40 percent.
It is now a toss up between the AI-SIEM platform and the the rollback feature. There were instances when some workstations detected infections, and having the rollback feature proved to be incredibly valuable.
Native integration with the mobile console is an area that can be improved.
I'd like to see more operations with the XDR platform.
I have been using SentinelOne Singularity Complete for one year.
I would rate the stability of Singularity Complete a ten out of ten.
I would rate the scalability of Singularity Complete a nine out of ten.
The technical support is of high quality, strong, and responsive.
Positive
We previously used ESET but we were often missing threats and not finding out until after the fact.
The initial setup is straightforward. We collected several samples for each department, and subsequently, we distributed them to ensure their functionality among the users in different departments. After conducting the necessary tests, we proceeded to implement the final version.
Two individuals were engaged in the deployment: a Cyber Hunter and an administrator.
The implementation was completed in-house.
We have observed a return on investment through the time saved managing our workstations and addressing threats. This has provided us with additional time to dedicate to operational projects.
The pricing was very similar in terms of its competitors, but I believe SentinelOne's capability and willingness to attract new business allowed us to save some extra money. I think the pricing aligns well with the market. They encountered competition, so their pricing was slightly more adaptable. That's where we gained an advantage from it.
We evaluated CrowdStrike and Microsoft Defender. We didn't find microsoft Defender to be a strong enough technology. CrowdStrike was more expensive, while SentinelOne offered a combination of good technology and affordability.
I would rate SentinelOne Singularity Complete ten out of ten.
SentinelOne is ahead of the curve. They are certainly leading the way. When we consider the kinds of integrations being developed and the AI integrated into the platform, it's evident that they are the latest entrants to the market. This current position enables them to be more innovative in their approach.
SentinelOne Singularity Complete is extremely mature at this level.
We have 50 end users based out of multiple locations. A lot of our users work from home. Singularity Complete is deployed on laptops, workstations, and our servers.
The maintenance is minimal and is overseen by one person.
We're very satisfied with SentinelOne as a strategic partner. They've given us what we need, and we see a long-term future relationship with them.
Planning the rollout is crucial because we need to effectively manage the changes with the users. Therefore, meticulous planning of the rollout, organized by department, ensures a seamless transition and allows us to anticipate any potential issues. Adopting a staggered approach, rolling it out per department, is likely the most effective strategy for deploying Singularity Complete.