I use SentinelOne Singularity Complete on our servers, specifically in our remote desktop services environment. I also use it alongside ESET for our workstations. Our environment isn't huge, with about 30 people, although we've had up to 50 users. I mostly use it as a security solution.

We have noticed a reduction in alerts since implementing SentinelOne Singularity Complete. 

The security aspect is the most valuable feature for me. Although SentinelOne Singularity Complete is marketed as providing superior blocking capabilities, my experience has varied. It has helped reduce alerts compared to other security solutions, which can be a positive feature since constant alerts tend to be overwhelming. However, this also leads to uncertainty about whether the solution is doing its job effectively.

The solution could improve its notifications and communications. For example, I don't receive much information about what threats have been blocked. A weekly report logging blocked threats would be helpful. Additionally, there should be a balance between too many notifications and no notifications at all, as neither product I'm familiar with strikes a comfortable medium.

An agent of ours clicked a link in an email that initiated what appeared to be a ransomware attack. The only thing that prevented the attack from succeeding was a free version of Malwarebytes that was running on the session, which effectively protected against it. The MSP confirmed that SentinelOne failed to detect the threat, but the free Malwarebytes version ultimately prevented it from impacting or compromising our systems.

Singularity Complete's interoperability with other SentinelOne solutions works well, but it doesn't work well with other third-party tools. Initially, it conflicted with the ESET we use on our workstations and the staff computers, and then they had to set up a white list for that.

I have a year and a half of experience with SentinelOne Singularity Complete.

SentinelOne Singularity Complete sometimes conflicts with third-party solutions. Initially, it conflicted with ESET on my workstations, requiring a whitelist setup. This indicates room for improvement in stability when interacting with other solutions.

My deployment is relatively small, and SentinelOne Singularity Complete works within those constraints. However, it is more of an add-on than a tool for consolidating security solutions within my organization.

My experience with SentinelOne's customer support has been mixed. We were performing a software upgrade for our Office Suite, which required temporarily disabling SentinelOne on the server. This was necessary because we were removing and reinstalling software. However, we couldn't simply request that our MSP disable it immediately. SentinelOne's policy required the MSP to contact their company and schedule the deactivation at least 24 hours before. Although we notified the MSP 12 hours before our intended start time, we could still not proceed as planned. Consequently, we had to postpone the project by an additional 24 hours.

Neutral

We previously used ESET on our servers, but our managed service provider recommended switching to SentinelOne Singularity Complete. ESET provided more frequent notifications, alerting us when it blocked something, which was helpful, although sometimes a bit excessive, similar to Norton products. While not quite as intrusive, finding a comfortable balance between ESET's transparency and Singularity Complete's lack of communication is challenging. Neither product offers the ideal middle ground; it's either an overwhelming number of notifications or none at all.

The initial setup was handled by the MSP, and I was somewhat against it from the start because I had heard rumours about it being a significant resource hog. My only concern was that I didn't want anything that would negatively impact the environment and slow it down, as the agents don't have time for that. Unfortunately, right from the start, we experienced the very impact I feared. Agent logins, which usually took around ten seconds, took six to seven minutes.

The deployment was completed in one day.

My implementation involved three people: myself, the marketing VP, and a former IT staff member. I had to reboot the servers, which caused minimal downtime.

Other than some delays initially with the agents and then during a software upgrade, there hasn't been any significant impact on ROI.

I did not notice a significant increase in cost after adding SentinelOne. It was close to the previous year's cost, which could be an annual increase unrelated to SentinelOne.

I rate SentinelOne Singularity Complete seven out of ten.

When we first deployed SentinelOne Singularity Complete with remote desktop services on our RDS server, we encountered problems. The software was running multiple instances of itself, one for each user session, in addition to the instance running on the actual server hardware. This caused the server to run extremely slowly, with users experiencing login times of six to seven minutes before reaching their desktops. To fix this issue, the MSP changed it to where it wasn't running independent sessions. It would just run on the server itself. It took the MSP half a day to make the changes.

SentinelOne Singularity Complete can be a decent solution for environments with newer hardware that can handle the overhead. It has a reputation for being secure, but its impact on performance was not suitable for my environment.

We use SentinelOne as an EDR solution and for our cloud-based endpoints.

SentinelOne's data integration has made the incident response process more efficient and faster The solution has decreased our response time. SentinelOne's third-party marketplace has connectors that enable the solution to integrate with many tools. We can monitor the data Singularity generates and seamlessly export it.

I come from a larger organization. Once we fully deployed and started tuning the tool, we began to see more of its potential. I worked with the tool for almost two years. It took about a year for us to deploy it into all of our systems fully. We realized its value once we started getting alerts and information.

It hasn't reduced our alerts. The tool is pretty noisy out of the box. If anything, it has increased our alerts, but we can address that through tuning. 

SentinelOne has many capabilities out of the box. The setup process is smooth. It's easy to install on various systems and keep track of them. It did not cause any major instability.

As with any security tool, SentinelOne has slight issues with our third-party tools, but it does a good job of providing exclusions. Their support team walked us through configuring the agent to handle other third-party tools properly.

I would suggest improving the RBAC for user access. It's challenging to prevent a user from manipulating their privileges or someone else's of others, and it's difficult to control what users can access at the organizational level. Additionally, the exclusions seem overly broad or very specific, making it hard to tune the SentinelOne agent. The solution is noisy out of the box, so you must tune it to weed out the noise and find what's useful. It's a complex process.

We have been using Singularity for almost two years now.

The agent itself does not cause any major instability, but it has caused problems with interoperability between third-party tools, which could lead to entire servers crashing or specific tools failing.

SentinelOne scales well. The tool's built-in automation for deploying the agents works well for large infrastructures like mine.

I rate SentinelOne support nine out of 10. Customer service is usually prompt with their responses. They do a great job of figuring out the problem and pointing you to generic documentation or working with you to fine-tune a solution.

Positive

I have used CrowdStrike and a tool called F5 Threat Stack. 

The initial setup was extremely easy. The total deployment took nearly a year due to the deployment processes and our large infrastructure, not SentinelOne. The maintenance includes addressing the false positives and tuning them as necessary. We also need to update the agents and the scanning engines that they use.

We handled the deployment with an in-house team of four developers and assistance from a SentinelOne team. No third party was involved.

Pricing seemed reasonable at first. However, the way SentinelOne handles its licensing did not work for our environments and led to secondary discussions around cost. They counted many of the instances and licenses as duplicates despite them only being alive once, which was frustrating.

I rate SentinelOne Singularity Complete seven out of 10. Singularity is a fairly mature solution, but there's still some growth to do. It's better than most competitors, but others have some features that SentinelOne lacks.

We use Singularity Complete for end-to-end endpoint security protection, including EDR integrated with other platforms for XDR. The ransomware rollback feature of Singularity is a key reason for its use. 

It is primarily for integration with SIEM to have a single pane of view, integration with web security for sharing insights, and automation of remediation tasks. Additionally, network discovery from the Singularity platform is used to identify rogue devices quickly.

Visibility is greatly improved with Singularity Complete as it allows visibility into endpoint devices and the processes running on them. 

The most valuable feature is the ransomware recovery and rollback feature. The platform's ability to easily integrate with various other platforms is also highly valuable.

It also enables integration with other technologies, saving costs associated with having point solutions. The integrated system allows for significant automation, reducing the time and effort needed for management.

The mean time to response has reduced from hours to minutes due to integrated automation systems.

Improvement is needed in terms of product support. The compatibility with new legacy systems should be enhanced as other EDR products support these systems, which Singularity does not.

I've been working with Singularity Complete for three years.

Singularity is a very mature product that supports most assets available in any enterprise environment. It runs seamlessly without challenges.

Singularity Complete is suitable for large and mid-scale enterprises.

Technical support could be better. I would rate it around six on a scale of one to ten.

CrowdStrike is a competitor. Singularity is better because it supports the ransomware rollback feature.

The setup process is simple and user-friendly.

Initially, anyone can deploy out of the box. When tuning aligned with the environment is required, assistance from a system integrator is recommended.

Integration helps save costs by reducing the need for point solutions.

Pricing is not pocket-friendly. It can be difficult for small-scale companies.

SentinelOne's main competitor in the market is CrowdStrike. However, Singularity Complete is preferred thanks to its ransomware rollback feature.

We used it only for six months. Initially, it turned out to be a good product, but then we had an issue, so we stopped using it. We are now using CrowdStrike.

From an endpoint perspective, we have a heterogeneous environment. We have Windows, we have Mac, and we have Linux endpoints. We deployed it on all the endpoints, all different operating systems, and cloud instances as well. Our AD was also integrated along with the identity solution, but the issues specifically get reported on the endpoints for open-source or Linux. That is why we decided not to move forward with it.

By implementing SentinelOne Singularity Complete, we wanted security for our endpoints. After COVID, endpoint security became even more critical because our perimeter was more exposed. It was expanding wherever the end users were, so endpoint security became much more critical. Previously, in terms of endpoint security, the traditional antivirus, anti-malware, and endpoint protection were disconnected systems. We did not have any offline correlation, log collection, or policy management, whereas SentinelOne, as well as CrowdStrike, come with a central console. For compliance requirements, such as ISO, SOC 2, or PCI, we have to provide evidence in terms of the status of the endpoint patches and security posture. That is possible through the central console. That was the motivation for us to move to one of these products. SentinelOne was our first choice, but we ran into a specific issue.

We had not specifically signed up for any risk management, but we were also looking to expand that to a completely managed SOC where we do the log correlation as well. When we initially started, we only started with the endpoint, identity, and cloud.

The main reason for getting this solution was that it was a new-gen endpoint solution for having an organization-wide view of security vulnerabilities or abnormal behavior. That was the main reason we got started with SentinelOne Singularity Complete. It gave us a lot of that information. It also helped us with compliance requirements. In the case of any specific instance or any abnormal behavior, its reports certainly helped us with the root cause analysis and collection of logs. It helped us in providing or collecting the evidence that we could use in our compliance reports to ensure proper reporting for relevant legal entities.

The ranger product helped us to do discovery of endpoints. We could identify our rogue devices.

SentinelOne Singularity Complete helped to reduce alerts. It groups the alerts. If you have similar alerts coming from the same server or a couple of servers at a similar time frame, it groups them and sends a single alert along with the device ID. This way, you have less number of alerts for the team to work on. If the agent itself is not in the running state or does not have the latest signatures available, it basically groups the alerts and tries to create a single alert. You have all the endpoints listed out, and you can take action against that particular issue rather than the same issue being reported from thousands of machines together. It is hard to provide the metrics, but generally, it helped quite a bit. I had around 8,000 endpoint licenses, and if 20% of the services started reporting the same issue, there would have been 1,500 to 1,600 alerts in a minute. It merges them into a single alert. We can also define a real-time action. A single alert helps our backend team to take action easily. The same is applicable to the SentinelOne support as well. If certain patches or certain actions are required to mitigate an issue, their team can do the mitigation in one shot and the fixes get pushed to all the servers that were reporting that particular issue. In one shot, you can automate and orchestrate your mitigation.

SentinelOne Singularity Complete helped reduce the mean time to detect and the mean time to resolution. There was at least a 10% reduction.

SentinelOne Singularity Complete did not help us save any direct costs, but there is an opportunity in terms of manhours saved in the backend because of having all these features integrated. There were indirect cost benefits. We saved a lot of hours because our engineers did not have to keep an eye on all the alerts. They could automate certain actions. That was an indirect cost benefit. I cannot list any direct cost benefits. These are costly products.

SentinelOne Singularity Complete absolutely helped reduce organizational risk. It is meant for that. We had different levels of reporting available. We could have an executive view. We could view the standards or framework that we were using. We could see the level of compliance to various standards in terms of percentage. We could also define the actions by accepting something as a risk or mitigating that by orchestrating.

There is centralized reporting and view. We can have role-based access management where technical people or monitoring people can have a central dashboard with a single view of all the endpoints. Whether our endpoints are running on Windows, Mac, Linux, or any flavor of operating systems, and even mobile devices, we can have a central dashboard through which we can do complete user management and policy management. We can have a complete security posture organization-wise, department-wise, or business-wise.

They have a good data lake kind of feature where you can ingest all the security logs. They can be from your endpoint, your identity management system, or your cloud. They can be from any of those services, so you get to do log analytics. That is one of the features that I liked about it. The same capability is also available with CrowdStrike which we are now exploring because of the issue with SentinelOne. However, at the time, with SentinelOne Singularity Complete, because of log analytics, we could do threat intel or sandboxing or have custom logic written for any specific kind of reaction. Those kinds of things were quite easy.

Log analytics and a couple of other things were also pretty good.

We ran into production issues related to CPU utilization on Linux endpoints. Our production environment's performance got degraded like anything. After a lot of debugging, we figured out that because it consumed a big percentage of the CPU and memory. Some of the applications were restarting automatically or randomly. We had an auto-healing infrastructure, so if the system memory was available, the application would restart on its own. When this issue got prolonged, we could see a lot of service failures because of being out of memory. This issue started hitting us wherever we had persistence connection requirements. Because existing connections were breaking completely, any transaction that somebody was doing online got terminated, and that was a big issue.

They should improve it for the open-source or Linux endpoints. They can provide customizations where we can limit the on-access CPU utilization or memory utilization. It should honor the specified limit and use only a limited percentage of CPU and memory rather than utilizing all the CPU or memory available on a system. 

Other than that, I do not have any input. There is a lot of potential. There are a lot of possibilities for orchestration and sandboxing. Because we hit one particular issue, we were not able to continue using it, but I see a lot of opportunities there.

With SentinelOne Singularity Complete, we did not work for a long time. We gave away this product within six months. There were some problems or issues reported, and that is why we discontinued using this product. We stopped using it nine to ten months ago. We have now migrated completely to CrowdStrike.

I discarded this product within six months. I would rate its stability a five out of ten.

Its scalability is fine. I would rate it a nine out of ten for scalability. 

We used it in a heterogeneous environment. We had about 8,000 endpoint licenses.

I would rate their support a six out of ten because the issues that I had reported were not resolved.

As a strategic partner, SentinelOne is pretty good. They are very proactive.

Neutral

Prior to SentinelOne Singularity Complete, we had multiple pieces. We did not have one single product for everything. For endpoint security, we had McAfee as an antivirus and anti-malware. For identity, there was a different application altogether. For SIEM, there was a completely different solution, and for log correlation, we had a different log management server. Dashboarding solutions were completely different. EPO was the tool that we had to orchestrate some of the endpoint and antivirus-related policies.

We were having some challenges with SentinelOne Singularity Complete, so we migrated to CrowdStrike. We are now also exploring CrowdStrike's SIEM solution.

From a maturity standpoint, both SentinelOne Singularity Complete and CrowdStrike are mature products.

We deployed it on-prem and on the cloud. Its deployment was straightforward. It was orchestrated via my backend tool.

It does not require much maintenance. The maintenance required is similar to an endpoint. One or two people are sufficient for 8,000 to 9,000 licenses because they need to just monitor the status. In case they find a rogue device, then only they have to take action. Otherwise, once they have a complete deployment done, they just need to automate reports and tasks. Those kinds of things certainly help.

It is expensive. There is no doubt about it. If one of the functions does not work, it becomes very difficult for any CIO to justify the cost.

I would not be able to share the exact price, but we had almost 8,000 endpoint licenses, and it was a huge cost.

CrowdStrike is not cheaper than SentinelOne. Both products go neck to neck. Both are costly products. 

I would advise going for this solution only if you have a clear use case.

I have only one recommendation. If anybody wants to use such a solution to its potential, they need to be very clear about their use case. They need to know whether they want to go for the complete solution or they are just focusing on the endpoint solution. If you have a complete use case that requires EDR, identity, cloud, and log analytics, then SentinelOne or CrowdStrike makes sense. If you only have an endpoint use case, then these solutions do not make sense. It would not be a cost-effective deal.

After the complete endpoint deployment, you have complete asset visibility. We never used the life cycle management piece. We were just using the EDR feature.

SentinelOne Singularity Complete did not help free up the time of our staff for other projects and tasks. It has a lot of potential to do that, but we used it for a very short duration. Because of the issue we had, we did not continue using this solution. However, it has a lot of potential.

I would rate SentinelOne Singularity Complete a six out of ten. After they improve the product and their support, I may increase the rating. At this time, I cannot rate it more than six.

SentinelOne Singularity Complete is an MDR solution. It is used mainly to detect advanced threats in our teams and on-site teams.

I have used two different vendors before Singularity. Each had its pros and cons. However, Singularity is the most complete tool for EPP and EDR. From a financial, operational, and performance point of view, it is very efficient to have a single solution.

Ranger is a good feature. The XDR functionality provides the timeline of the attack. The product provides deep analytics for threat hunting. My team uses it to detect incidents and for threat hunting. I like the app inventory feature. It is very good for detecting unauthorized apps by our security policy.

I have raised a couple of comments regarding the speed of investigating incidents and performing analysis by the MDR service team. We are a telecom company. We are sensitive to the information of the users. The speed of investigation of the MDR service team must be improved.

I have been using the solution for one year.

The product is pretty stable. It didn't create any issues on the endpoints, laptops, and PCs.

We haven't tried to scale the tool yet, but the solution will be scalable after we increase our license.

The support team is very collaborative. We have a dedicated account manager who is also a part of our support line. We do not face any delays or major inconveniences from the support team. I rate the support an eight out of ten. I will give it a ten out of ten when SentinelOne has better coverage in the Middle East.

Positive

I have used Kaspersky, CrowdStrike, and Carbon Black. After using these solutions for a year, I chose Singularity Complete. The other solutions are existing products and are leaders. However, Singularity Complete is better than them from a financial and technological perspective.

The initial setup is not complex. It's similar to any endpoint solution implementation. We require one staff to deploy the solution. We mainly use AWS as our cloud provider. We also use GCP.

We did the implementation ourselves. It was like any other solution. We faced similar issues. They were not big issues, though. It doesn't require a lot of technical expertise.

We have seen a return on investment because we have saved at least 50% to 60% since we bought the tool. It is an achievement when we get one solution instead of two at 50% less cost. It improved our KPIs.

The licensing is convenient, straightforward, and very clear. I care more about the breakdown of the license than the licensing itself. Some vendors have very complex licensing schemes. SentinelOne's licensing scheme is very clean.

Carbon Black has a competitive version of Singularity Complete, but it is not at the same level as Singularity Complete. It lacks features like threat hunting and Ranger. So, I chose Singularity.

We didn't have any major issues related to the integration. However, we had some issues related to the implementation on the server site. It was solved by upgrading the agents. Initially, we had a couple of issues related to integration, but after that, it was solved.

The solution gives us more visibility into alerts but doesn't reduce them. It might help after we conduct the patching and vulnerability management, but we haven't tested it yet.

Singularity Complete has helped free up our staff for other projects and tasks. We have a full-fledged SOC team that uses SIEM tools. We use it to complement our SOC and our XDR and MDR solutions. We have Singularity Complete as a technology for further investigation and threat hunting.

When we get an alert from the SOC team, we use the tool to do the analysis and threat hunting in 30 minutes per incident. It is a considerable saving in the team's time because we have limited engineers and security analysts. The tool saves 50% of the staff's time.

The product has helped us save on operation and acquisition costs by 70%. We have replaced two solutions from other vendors with Singularity Complete. Singularity Complete has surely helped reduce our organizational risk. We had a lot of alerts from the previous vendors. Now, we see fewer alerts.

Compared to its competitors, Singularity Complete is very mature. It exceeds in some areas, especially in threat hunting. I have seen other solutions. They have very strong capabilities in detection but not in threat hunting. Singularity Complete makes a difference with our analysts when they perform threat hunting and threat analysis.

I like the product's vision very much. Everything has to be on a single agent, and the integration is very much worked on. It has a very good integration roadmap. It has a very complete and strategic vision. It doesn't sell only endpoint products. I like the completeness of its vision.

People who want to buy the tool must test all the features to see how they will get value from the product because it's very complex and feature-rich.

Overall, I rate the solution a seven out of ten.

We use SentinelOne Singularity Complete as our endpoint security solution to detect malicious activity and unusual behavior. It is a great tool for analytics and forensic investigations, and it has a good feature for catching threats. I was particularly impressed with this feature.

We implemented SentinelOne Singularity Complete to secure our endpoints.

SentinelOne Singularity Complete has helped us consolidate our security solutions. We can create use cases and workflows in SentinelOne, and analyze alerts and logs. We can also create custom policies based on our needs. For example, we can create workflows for post situations, or detect specific types of attacks, such as persistence or defense evasion techniques. We can use these techniques to create our own custom use cases, which can then be deployed in production to detect these types of threats.

After deploying SentinelOne Singularity Complete, we were confident we would not face any endpoint security threats. SentinelOne was able to block the type of events that were a true positive. Sometimes, we have also received false positives, but SentinelOne should detect this activity. So, that was the expectation, and SentinelOne has met it. This is very helpful.

SentinelOne Singularity Complete met our business needs and requirements. It was easy to deploy and manage as an administrator, and we can manage the console without having to constantly connect to the user or machine. We can do many things from the console alone, such as taking remote sessions, uninstalling any other solutions or products, and performing cleanup activities. This has been very helpful. We saw these benefits within one month of deploying Singularity Complete.

SentinelOne Singularity Complete helped reduce the number of false positive alerts we were receiving with our previous solution.

SentinelOne Singularity Complete has helped us save three hours per day of our staff's time. The single console makes it easy to manage compliance, including health check reports and the applications we are managing. We were able to identify and remediate malicious files through the console, without having to resolve the issue directly with users or other teams. This is a significant improvement.

SentinelOne Singularity Complete has helped reduce our MTTD and our MTTR.

SentinelOne Singularity Complete has helped reduce our organizational costs by eliminating the need for other endpoint security solutions. It is a cost-effective solution that provides comprehensive protection.

It has reduced our organizational risk by 90 percent.

The threat detection and prevention capabilities are valuable, providing development programming support that enables us to perform fair investigations. SentinelOne also provides security for installed devices for all operating systems, including Mac, Windows, and Linux, for users who cannot install SentinelOne themselves and need to connect with the administrator.

SentinelOne Singularity Complete needs to support more common development languages, such as PowerShell and Python so that we can better use the solution.

In the release, I would like to have application management features and pre-defined command features that allow us to take control of the system. 

SentinelOne needs to provide more documentation for administrators and analytics.

I have been using SentinelOne Singularity Complete for six months.

I would rate the stability of Singularity Complete eight out of ten.

I would rate the scalability of Singularity Complete eight out of ten.

We have 24/7 support, but it is just moderate.

Neutral

SentinelOne is more secure and offers better scope for threat hunting on Linux than other security solutions, such as CrowdStrike and Microsoft Defender for Endpoint. SentinelOne Singularity Complete allows us to consolidate solutions and is easy to administer from a single console.

The initial setup is straightforward. After completing the proof of concept, we deploy the Singularity Complete solution for our clients. We install the agent and create group policies for detection and prevention. We use a configuration management solution to deploy Singularity Complete within five to ten minutes.

One person can complete the deployment.

We implemented the solution in-house.

I would rate SentinelOne Singularity Complete seven out of ten.

I would rate SentinelOne Singularity Complete's ability to be innovative eight out of ten.

SentinelOne Singularity Complete has a mature GUI.

We deployed SentinelOne Singularity Complete in one of our client environments with 13,000 machines and 1,000 servers.

SentinelOne Singularity Complete maintenance consists of daily monitoring for updates and prioritizing policies and requires around five administrators.

SentinelOne is a good strategic partner.

SentinelOne Singularity Complete makes it easy to perform operations and investigations.

We use it as an Enterprise EDR solution for threat detection, anti-malware, and security investigations.

SentinelOne Singularity Complete has greatly enhanced our security posture. We feel that our endpoints are more secure. We are in the know of what is happening within our company from a security perspective. We are confident in the ability to detect untrue positives. It has also helped us in achieving industry certifications such as SOC 2.

SentinelOne Singularity Complete has absolutely helped reduce our organization's mean time to detect. There has also been an impact on our mean time to respond. With the integrations that we have set up with Splunk and other products, we are able to respond to incidents as soon as they alert us.

We have a couple of integrations with it. They are alright. I am not blown away by its integration capability.

SentinelOne Singularity Complete has not helped reduce alerts. If anything, we create more alerts with it. We are able to fine-tune the product to reduce noise and alerts, but without it, we would not have any alerts. It is the piece of software that provides that alerting capability for us.

SentinelOne Singularity Complete has not helped free up staff. In a way, it creates work for us, but that is the purpose of the product.

The deep visibility and the ability to perform security investigations and assess our endpoint security posture are the most valuable features.

There should be Terraform support for console administration. Dynamic tagging would be also useful. 

The auto-upgrade capability should be improved.

I have been using SentinelOne Singularity Complete for two years at this company. My company has been using it longer than that.

Its stability is pretty good. I like the stability of their agent.

It is extremely scalable.

Their technical support is pretty good. I would rate them an eight out of ten.

Positive

I was not here when they bought this solution, but I know why we bought the tool. We replaced another EDR solution, and then we used it as our enterprise EDR solution for ransomware prevention, threat hunting, and security investigations. We were using CrowdStrike previously. SentinelOne Singularity Complete also saved us money. It is very competitive compared to CrowdStrike.

I have used a couple of EDR solutions. SentinelOne Singularity Complete is less mature than CrowdStrike, but it is definitely one of the top players in the industry.

SentinelOne Singularity Complete has not helped reduce our organizational risk. It is about the same as CrowdStrike in this aspect.

We have it on our laptops and the cloud, so our setup is hybrid. I am in charge of deployment, and it is as simple or complex as any other solution. 

It requires maintenance on our end.

We have a team, but I do most of the work. I am in charge of it.

It is hard to define the ROI. It does not save us money, but it prevents security breaches. In the grand scheme of things, it is definitely worth investing in. 

Its pricing is competitive. 

It has competitive pricing and great support. It is a complete solution.

As a strategic security partner, they collaborate with us quite a bit on our overall posture. They constantly have webinars and education sessions for us to deepen our security knowledge and how to use their product. They have assisted us on various PoCs for different offerings that they have and different services they offer. They help us to understand how each of those components integrates into our overall security posture. We did a PoC of the Ranger functionality.

I would rate SentinelOne Singularity Complete a seven out of ten.

Every five years, we research tools that could replace our old software. We combine our AV and intrusion detection. We were trying to find out if there’s an agent for the whole nine-yard, and we came across SentinelOne.

The product has an automated process where we find security issues. It’s a 24/7 behavior analytical tool to execute certain actions. The tool deletes the problem-causing process and prevents issues. It discovers, kills, and protects. The software is good. I don't see much of an issue with it.

They should train their own people so that they can train us better. The theory is good. If the product is good, but we cannot rely on it or pass it along to the customer, it's useless. When we purchased the solution, we were told that certain functions could be done. I understand it is part of sales, but I feel like I'm being fooled. We couldn't test it because it was in production. We first had a proof of concept but didn't connect it to our Azure portion.

I have been using SentinelOne Singularity Complete since February.

The product's stability is okay.

The tool's scalability is average.

The support people of SentinelOne do not know the different products offered by SentinelOne. How can they support their customer if one person knows one thing and the other doesn't? They tell us the issue does not come under them and point us to a different team.

There is a SentinelOne support team and a Singularity support team. SentinelOne's support team is okay. Once, the technical support and help desk director got involved with all our issues. However, the director got involved after we strongly complained about the issues. That's not the way it's supposed to be.

Neutral

I have used Arctic Wolf.

The initial deployment was good. The solution is cloud-based.

We took help from SentinelOne to deploy the solution. We paid for it, but it was not worth the money we paid for. Two people from our company are required for the deployment. The solution requires maintenance.

The licensing is okay. I don't see any issues with it.

We evaluated other options. We were trying to have one solution for everything. We heard that SentinelOne purchased another company. Other products like Rapid7 provide multiple solutions and products for our needs. We saw that SentinelOne provided us with one product and one support system. However, even while using SentinelOne, I have to contact different teams.

When we purchased the solution, it did not do what we expected. We didn't use all of the features. It has quite a few options. There are a bunch of more add-on modules. Other products from SentinelOne are not good. I am really disappointed with them. The user must understand the solution by just reading the training documents. The team claims it is professional, but it lacks a lot of functions.

The integration is fine, but the feature is not how they market it. It looks good on paper, but it's not what we think it is. It's not a ready product in marketing. I am disappointed with it. The interoperability is still under development. Not many people know or understand it, including people from SentinelOne. When we call and try to figure out what's going on with the solution, not many understand what it is. There is a lack of training on their products and services.

The Ranger functionality is fine. It’s only been six months since we started using it. We're still learning as it goes. I think Ranger is probably better than Singularity. Sometimes, they send false positives. It's not really a big feature for us. It's good. They're trying to prevent any networking attack, but I don't think it’s there yet. They're just trying to discover what is on the network, but we already have other tools for that.

It is important for us that Ranger requires no new agents, hardware, or network changes. Ranger is just trying to discover whatever issues we have. I don't think it can prevent it. I don't think it can block issues or protect our devices.

Overall, I rate the product a seven out of ten.