Sold by
SentinelOne Singularity Cloud Security - AI Powered CNAPP
Block attacks and secure your entire cloud with SentinelOne Singularity Cloud Security, an AI-powered CNAPP providing deep visibility and robust, real-time protection to defend your AWS environment from initial access to mission target. It unifies proactive exposure management, and real-time protection to safeguard your AWS infrastructure, workloads (VMs, containers), and data with AI-powered detection and automated response. Try Cloud Security for free!
Reviews (239)
Abhishek Vilas Sawant
Automated threat detection has reduced response times and streamlines our incident investigations
Reviewed on May 22, 2026
Review provided by PeerSpot
What is our primary use case?
Our use case for SentinelOne Singularity Cloud Security is to use it for endpoint detection to safeguard our client's infrastructure, so we have deployed the use case as per our client recommendations. We are not a customer, partner, or reseller; we work as an MSSP and provide services for our clients.
What is most valuable?
In my scenario, the best features of SentinelOne Singularity Cloud Security are that it gives a very quick response and has rollback capability. The benefit for my customer is that it is fully autonomous where mostly everything is automated, and the threat detection engine operates on a real-time basis, so it is almost fully automated and that is the major capability that SentinelOne Singularity has.
Since implementing SentinelOne Singularity Cloud Security, it has detected alerts in real-time, which obviously has affected our client's security, so we can rely on that very much.
The impact on our MTTR for incident investigations has been quite positive because the investigation feature shows us detections in the UI only, as it detects threats in real scenarios, so it is much more reliable.
What needs improvement?
I feel there is room for improvement in SentinelOne Singularity Cloud Security, particularly in creating custom dashboards since it only has a default dashboard feature, and a capability for creating custom dashboards would help us a lot as analysts. Additionally, there is a high number of false positive alerts when new clients come, as the default use cases are only enabled for that client, resulting in resource consumption and increased CPU utilization, which could be improved in the future.
For how long have I used the solution?
I have been using SentinelOne Singularity Cloud Security for more than a year.
What do I think about the stability of the solution?
As for stability, I find it very much stable since we have not experienced any downtime for more than a year, and if we ever do, we connect with OEM customer support, getting a quick response for whatever the issue may be. I would rate the stability of SentinelOne Singularity Cloud Security a 10 because as of now we have not faced any stability issues.
What do I think about the scalability of the solution?
SentinelOne Singularity Cloud Security is very much scalable, as it charges on a per-endpoint basis, allowing us to scale up or down depending on any requirements. I would rate its scalability an eight.
How are customer service and support?
I would rate the technical support for SentinelOne Singularity Cloud Security a 10.
How was the initial setup?
It is easy to deploy SentinelOne Singularity Cloud Security.
What about the implementation team?
I have not been part of integration but know that it is very easy; we just install the agent on any endpoint.
What was our ROI?
SentinelOne Singularity Cloud Security saves a significant amount of time because it detects in real-time and is fully automated, thus allowing us to detect and respond to any threats efficiently compared to other solutions for SIM and SOAR products.
What's my experience with pricing, setup cost, and licensing?
Although I am not the person responsible for pricing, I know that SentinelOne pricing depends on how many endpoints the client is using, and it is discussed on a per-device basis.
Which other solutions did I evaluate?
Compared to other vendors, I would say the reliability of SentinelOne Singularity Cloud Security is higher; we can rely on it very much as the detection and remediation features are very quick, and it is much easier to grasp even for beginners due to its user interface and rollback capabilities, keeping SentinelOne at a top tier compared to other solutions.
What other advice do I have?
Our mean time to response, every time a malware or any malicious file is detected in an endpoint, the alert is generated, and as analysts, we take a response accordingly, so we try to respond to the alert as soon as 15 minutes for our client. Although SentinelOne automatically quarantines malicious files, our purpose as analysts is just to raise the alert with our client.
I would say the MTTR has reduced by about 50%. For MTTD, I would say it detects files in real-time, so as soon as the file is detected, it gives us an alert in real-time, so I would say about 80-90%.
For overall scanning, we conduct activities to check for any unknown devices that should not be present. During scanning, a higher number of alerts are generated, which is expected, but we can rely on scanning as it is crucial to check every endpoint or desktop.
SentinelOne Singularity Cloud Security's unified platform experience has helped streamline our security operations significantly because the threat detection and the incidents we manage daily, including checking hash and other factors, are greatly aided by the platform.
We are using it as an XDR, not for cloud, so I cannot provide a specific reduction amount for MTTR in cloud incident investigation. We have SentinelOne Singularity Cloud Security deployed in an on-prem model.
There are around five to six members managing more than 15 or 16 clients with SentinelOne Singularity Cloud Security. In our organization, many specialists work with SentinelOne Singularity Cloud Security; we are a large team working in SOC and SOAR, sharing the same infrastructure, totaling more than 40 members. Our clients are mostly medium-sized businesses.
SentinelOne Singularity Cloud Security does require maintenance, such as basic updates and patching for new versions.
I would advise anyone looking to implement SentinelOne Singularity Cloud Security to choose it if they want a very reliable product because it is fully automated and very reliable, and it is the best option within the price range everyone is looking for. I give this review an overall rating of 10.
Ashraf Razi
Behavioral detection has strengthened threat hunting and now improves incident response speed
Reviewed on May 20, 2026
Review provided by PeerSpot
What is our primary use case?
We were using SentinelOne Singularity Cloud Security as an endpoint security platform to get threat intelligence regarding malware and threats.
We have an MDR platform, and we are using it as a log ingester for log collection and then we are deploying webhooks for incident response.
What is most valuable?
Power Queries are useful in deep threat hunting and deep visibility.
SentinelOne Singularity Cloud Security maps any threat or incident with all the applicable MITRE ATT&CK techniques and also provides behavioral detection. This would be useful when an endpoint has a zero-day threat involved in the incident, as it will have better detection because of the behavioral detection engine and dynamic detection engine. The mapping of the MITRE ATT&CK techniques provides deep understanding of what the threat actor is trying to do.
Meantime threat response is quite fast. There is no doubt about that. The reason we are migrating to Defender from SentinelOne Singularity Cloud Security is not because of the cost or features. It is just a managerial decision taken in order to save money as we are already having some other tooling with different licensing. There is no doubt that the MTTR and MTTD are quite great in SentinelOne Singularity Cloud Security and it is quite effective in detecting threats and responding to incidents effectively.
SentinelOne Singularity Cloud Security has a dynamic and behavioral detection engine which examines the files based on their behavior and tries to map it with the MITRE ATT&CK techniques. Even if there is a zero-day threat, it would be able to detect it because of its behavioral detection capabilities.
What needs improvement?
Pricing is on the higher side. I would rate it at seven or eight.
The price is high, and of course it could be lower. The market is changing and SentinelOne Singularity Cloud Security has a very good competitor in Microsoft Defender. SentinelOne Singularity Cloud Security should innovate more and come up with features which clearly justify the purchase if someone is already having Microsoft Defender inbuilt with Microsoft 365 licensing. Suppose my organization is moving to Defender because they already have Microsoft Defender in E5 licensing and opted for it in order to save money that was being spent on SentinelOne Singularity Cloud Security. SentinelOne Singularity Cloud Security should come up with innovative and new features that justify organizations staying with SentinelOne Singularity Cloud Security and not opting for a Defender-solution.
I would not say the functionality was missing. However, for example, Defender provides correlations from an identity perspective. In SentinelOne Singularity Cloud Security, the identity module was available, but it needed to be purchased separately and did not come with the base licensing.
SentinelOne Singularity Cloud Security should include the identity module in their base subscription so that their value gets increased. Nowadays the threats are evolving and moving towards identity-based attacks. If a customer has to purchase an identity module of SentinelOne Singularity Cloud Security separately, they will get hesitant because their competitor, Microsoft Defender, is providing that for free in their base subscription. SentinelOne Singularity Cloud Security must work on their subscription pricing in order to stay relevant in the market.
For how long have I used the solution?
I have been working with SentinelOne Singularity Cloud Security for five years.
What do I think about the stability of the solution?
Stability is a benchmark at ten, and I would rate it at eight.
What do I think about the scalability of the solution?
Scalability is also eight because it can be easily scaled up if more endpoints need to be covered. They just have to have the agent installed on them and the license should have that many seats.
How are customer service and support?
The technical support is acceptable, and I would rate it at eight.
Which solution did I use previously and why did I switch?
In the company where I work as a security engineer, we used to have SentinelOne Singularity Cloud Security in our environment, but the company has decided to migrate to Microsoft Defender. The reason is managerial, not technical. The migration is in process and we will soon stop using SentinelOne Singularity Cloud Security and use Microsoft Defender instead.
How was the initial setup?
The deployment is much justified as it is a cloud-based setup.
SentinelOne Singularity Cloud Security is a separate endpoint security technology. It does not come or integrate with other platforms such as email platforms or cloud platforms. Because it is a separate technology, the deployment is not particularly tough.
What's my experience with pricing, setup cost, and licensing?
If you want a comparative score, it will not be good because Microsoft Defender is coming as a free offering in the Microsoft E5 licensing. Whichever organization is having E5 licensing of Microsoft Office 365 is literally getting Defender for free. If they were using SentinelOne Singularity Cloud Security or CrowdStrike and are already having Microsoft E5 licensing, then this move will save a lot of money from their security budget. SentinelOne Singularity Cloud Security has aggressive pricing, but they will get an equivalent product or maybe better in the Windows environment. If they use Microsoft Defender, they will get correlation from Microsoft Defender for Identity, for cloud, for cloud apps, for endpoints, and Microsoft Entra ID and Active Directory. Threat intelligence and correlation would be better because most organizations are using Microsoft Office 365, so they will get two things if they use Microsoft Defender.
The first benefit is that they would not have to spend a lot of money on an endpoint security tool separately, because they will get the Defender endpoint security suite for free as they already have the E5 licensing. It comes with E5 licensing, so no additional money. Suppose an organization is spending ten thousand dollars on SentinelOne Singularity Cloud Security; if they were having Microsoft 365 E5 licensing, they would just straight save ten thousand dollars. The spending will come from ten thousand dollars to directly zero, as the license is already included in E5.
The second thing is that the threat intelligence will be enriched due to Microsoft Office 365 having various products such as Entra ID and Azure resources. Microsoft Defender integrates by default with all those Microsoft toolings, so the threat intelligence would be much enriched as compared to SentinelOne Singularity Cloud Security.
Which other solutions did I evaluate?
In the company where I work, we are migrating from SentinelOne Singularity Cloud Security to Defender.
I am using it, but it will soon go away from the organization where I work.
Microsoft Defender is the alternate solution.
What other advice do I have?
My recommendation depends upon the budget, client expectation, and their existing security stack.
Ranger is a module in SentinelOne Singularity Cloud Security which scans all the network and determines the OS, whatever devices there are, their OS, and their versions.
Integration is acceptable, neither easy nor tough.
I would rate this review at eight overall.
KetanPatel7
Advanced rollback and AI-driven insights have protected endpoints and simplified security operations
Reviewed on May 19, 2026
Review provided by PeerSpot
What is our primary use case?
I have recently used SentinelOne Singularity Cloud Security. We also have the CrowdStrike EDR tool, which is similar to SentinelOne Singularity Cloud Security and other EDR solutions. We used the CrowdStrike tool two to three months ago.
What is most valuable?
We can check multiple types of alerts and triggers, and we can analyze these. There are many types of functions such as Kill, Quarantine, and remediate rollback types of features, which we can use for client safety.
The rollback feature is the best feature because it is only used in SentinelOne Singularity Cloud Security. We have used multiple types of EDR, but the rollback feature is unique to SentinelOne Singularity Cloud Security. When many types of attacks happen in an organization, the rollback feature deletes all types of malicious files and other malware-type files and completely cleans your system. This feature is very interesting according to me.
SentinelOne Singularity Cloud Security provides many types of features such as Kill and Quarantine, which are very interesting features for security operations. There are deep visibility features, and Purple AI is also one of the best features. It is easy for security operations and incident response. We can check log analysis with the help of deep visibility, and any types of attacks, malware, and phishing attacks are detected by SentinelOne Singularity Cloud Security. Many types of security operations can be tracked and observed with the help of SentinelOne Singularity Cloud Security.
Purple AI is one of the interesting features in SentinelOne Singularity Cloud Security. Deep visibility is one of the best features in SentinelOne Singularity Cloud Security. You can find any types of logs and any types of devices through searching portals, similar to Google search. It gives you information regarding this. With deep visibility, you can search for any name. For example, we can search for any name and check what is happening with that person's laptops, what USB is connected or disconnected, and whether the network is connected or not. This is with the help of Purple AI.
What needs improvement?
According to me, there is one thing I dislike, which is the dashboard. SentinelOne Singularity Cloud Security does not provide a custom dashboard according to our mindset. There are more types of EDR that give custom dashboards, but SentinelOne Singularity Cloud Security does not provide the custom dashboard. This is the only area for improvement.
For how long have I used the solution?
I have been working in my current field overall for the last five years, but I have used SentinelOne Singularity Cloud Security for the last two years.
What do I think about the stability of the solution?
We do not observe any lagging or crashing.
What do I think about the scalability of the solution?
There is low maintenance because it is a cloud platform. It is very low maintenance according to my experience. We can observe our organization, and it is very low maintenance for small organizations. They can easily maintain this.
How are customer service and support?
Technical support is the best for my side. We can raise any ticket for help from the OEM side. It gives a 10 to 15-minute reply, and for anything that is emergency, they schedule a call and solve our problems. According to me, the technical support is good. I give them 10 out of 10 for technical support.
Which solution did I use previously and why did I switch?
SentinelOne Singularity Cloud Security provides the most features compared to other EDRs, and it is easy to understand. The features are very compact in SentinelOne Singularity Cloud Security, not vast types of features. It is easy to understand for both any fresher or any experienced person. The integration part is also easy compared to other EDR solutions. Newly joined persons can also integrate this because the steps are very easy. According to me, SentinelOne Singularity Cloud Security is the best compared to other EDR devices.
How was the initial setup?
It is easy. Any person newly joined or not belonging to the IT field can follow the steps very easily according to me. The integration parts do not require more types of servers and anything. It is very easy to deploy, and the installation part is also good. There is only one to two minutes installing SentinelOne Singularity Cloud Security agent in each and every endpoint. I think this is the best for SentinelOne Singularity Cloud Security.
What about the implementation team?
Our organization is an MSSP, not a client. We provide the license about our client base. We manage multiple clients through the MSSP portal. We also manage and resell. We provide this license for SentinelOne Singularity Cloud Security and also we manage. There are 8 to 10,000 agents installed on our client side. We manage around 20 to 30 clients, and there are 8 to 10,000 endpoints installed with SentinelOne Singularity Cloud Security on the client side.
What was our ROI?
Overall, I give it a 10 out of 10 because SentinelOne Singularity Cloud Security is the best for me. We have used multiple types of EDR, but SentinelOne Singularity Cloud Security provides the best features for our organization and client organization to safely do any activity or go to internet sites, which is why we can give 10 out of 10.
What's my experience with pricing, setup cost, and licensing?
The pricing is basically not very low and very high. It is in the middle range for easy buying for any small organization and big organization. According to me, it is the best price for the EDR. We can check multiple types of EDR, and their prices are so high, but SentinelOne Singularity Cloud Security is not. SentinelOne Singularity Cloud Security is not lesser and not more. It is in the middle range of price.
Which other solutions did I evaluate?
SentinelOne Singularity Cloud Security has multiple types of policies. One of them is the offensive security. There are also behavioral policies and static AI policies and suspicious policies. There are 10 to 11 types of policies. Anything that triggers the alerts belongs to these policies, which happen through behavioral analysis and offensive security analysis. There are multiple types of policies. Any alert triggered in SentinelOne Singularity Cloud Security comes with the help of these policies.
What other advice do I have?
I have been using this solution overall in my career for the last two years.
There is an AI-based feature. You can create any use case according to our side. Many organizations are not using RDP tools such as AnyDesk or TeamViewer. Most organizations do not allow these features. At that time, the AI gives you the most types of generated codes. With the help of this code, you can create according to your side for creating any custom rules to keep your organization and clients secure.
I give this solution a 10 out of 10 rating.
Danish Ansari
Rapid threat response has reduced client infections and supports real-time endpoint monitoring
Reviewed on May 14, 2026
Review provided by PeerSpot
What is our primary use case?
SentinelOne Singularity Cloud Security is an EDR product that we utilize. We operate as an MSSP and provide services to 25 to 30 customers. We manage SentinelOne Singularity Cloud Security with 30 to 40 people and have installed the agent on a total of 8,000 to 10,000 endpoints across our client side. Our team of 30 to 40 people continues to use it.
What is most valuable?
The most valuable features of SentinelOne Singularity Cloud Security are the deep visibility, real-time monitoring, and real-time threat detection. These features benefit both our customers and our organization significantly.
We have reduced client response time to 10 to 15 minutes. Early response prevents client infections and the kill and quarantine features are the most important in SentinelOne for reducing attacks.
SentinelOne Singularity Cloud Security has helped streamline our security operations because it is a fast tool. The threat detection time has improved and there are more features available, such as deep visibility, which allows us to check raw logs and user connectivity. We can check user activity per second, and this information helps customers make purchasing decisions.
What needs improvement?
One area for improvement is that the dashboards are not customizable. You cannot create dashboards according to your understanding as they are default dashboards in SentinelOne. Other tools such as CrowdStrike and Splunk allow you to create dashboards based on the number of incidents that happened and what types of alerts you can watch, allowing multiple changes according to your needs. SentinelOne does not provide these types of features, so I believe it could improve in this area.
For how long have I used the solution?
I have been using SentinelOne Singularity Cloud Security for the last 2 to 2.5 years.
How are customer service and support?
I rate the technical support a 10 out of 10 because we can raise any ticket to OM and they respond very quickly, typically within 10 to 15 minutes.
Which solution did I use previously and why did I switch?
We have used CrowdStrike for approximately 7 to 8 months, around one year. The main difference between them is that CrowdStrike generates alerts on a slower basis, while SentinelOne Singularity Cloud Security detects alerts on machines quickly, catching them faster than other devices. The kill and quarantine feature, along with the rollback feature, is the best in SentinelOne.
We checked CrowdStrike multiple times and while both have their merits, the process of SentinelOne Singularity Cloud Security is superior for our needs. We installed test malicious files on two endpoints and SentinelOne Singularity Cloud Security detected alerts multiple times faster than CrowdStrike.
What's my experience with pricing, setup cost, and licensing?
SentinelOne Singularity Cloud Security is neither cheap nor cost-inefficient; it is in the middle range. While there are more expensive EDR tools available, SentinelOne Singularity Cloud Security is not very costly. It is easy for an organization to purchase for helping the client side.
What other advice do I have?
The solution was purchased through a partner project.
The built-in integrations are straightforward. Smaller franchises can also integrate it in a short time, as you can install the agent on one endpoint in a maximum of two to three minutes. The integration level is easy and smaller organizations can manage it.
We have used Purple AI for threat investigation because with Purple AI, you can use deep visibility. It allows you to check how many people are using tools such as AnyDesk and RDP by creating queries that can be pasted into deep visibility. This gives us details of whether agents are installed or not. Unlike deep visibility alone, Purple AI provides the command to help us run queries and trace multiple activities effectively.
There are a total of 11 types of engines in SentinelOne Singularity Cloud Security. These engines generate multiple alerts, enabling us to analyze them easily and trace the types of alerts and their footprint, aiding in effective scanning and monitoring.
Drift detection impacts our ability to detect unexpected processes or behaviors because the engine generates alerts based on 11 types of engines, which we can analyze and raise to the client in about 10 to 15 minutes. For instance, when detecting a malicious executable that appears harmful, we recommend to clients to delete them from their sites and we can also kill and quarantine these threats.
I would recommend SentinelOne Singularity Cloud Security to other users because there are many types of features available and it is compact in its offerings. Although many EDR solutions have numerous features, SentinelOne Singularity Cloud Security provides a compact feature set that is easy to understand, even for newcomers. Additionally, its full disk scan features, installation, and uninstallation are quick, taking a maximum of two to three minutes, and the integration is also reasonable for small MNCs and organizations on a budget.
I have IT experience of about 2.5 years from my first company job and we have been using SentinelOne Singularity Cloud Security for the last 2.5 to 3 years. I rate this solution 10 out of 10 from an overall perspective.
Rohit Jaiswar
Automated detection and swift MDR response have protected client endpoints from real threats
Reviewed on May 05, 2026
Review from a verified AWS customer
What is our primary use case?
The purpose of using SentinelOne Singularity Cloud Security is for endpoint security. We have deployed its agents on our client side to catch and quarantine any malicious script or malicious file identified, then we identify and quarantine it at the point of attack to safeguard our clients.
Although we can identify IOCs from SentinelOne Singularity Cloud Security, we provide quite a good vulnerability assessment report to our clients.
We are working with SentinelOne Singularity Cloud Security and we are providing MDR services to our clients.
What is most valuable?
The best features in SentinelOne Singularity Cloud Security are that it is user friendly and its user interface is very easy to understand. The biggest benefit that customers often mention is that its automation and threat detection are very impressive compared to other XDR solutions. Its auto-remediation rule feature and setup provide a very fast response, and the rollback capability outperforms many different solutions.
SentinelOne Singularity Cloud Security detects threats in real-time scenarios. At the point it detects any threat or malicious script running in the background, it notifies us so we can take action accordingly. If it is malicious, then we report it to the client. If it is a false positive, then we take action accordingly and fine-tune it by making appropriate changes in the rule.
It does help save time because as it is detecting in real time, it is very reliable. The average detection and response time is 15 minutes. We can take very quick action if any alert has been generated. Our average SLA is 15 minutes only. We respond very quickly; the moment SentinelOne Singularity Cloud Security detects any threat, we take action on it.
What needs improvement?
Creating a customized dashboard would have been better. There are default dashboards created on SentinelOne Singularity Cloud Security that we are using particularly, and it could have been better if we could customize them.
It sometimes produces a high number of false positive alerts. The resource consumption including CPU and disk usage gets very high at that point. It can work on reducing false positives as well.
Although integration is not my part, we can integrate it into any cloud platform or any other product. We feel it is very straightforward to integrate any other products with it.
For how long have I used the solution?
I have been using the solution for the past almost two years, deploying it in multiple client tenants.
What do I think about the stability of the solution?
SentinelOne Singularity Cloud Security is a very stable solution. We have not experienced any downtime as of now. It is very reliable.
What do I think about the scalability of the solution?
SentinelOne Singularity Cloud Security is very scalable. We can scale up and scale down as per our requirement. It depends upon what we need and what we have to deploy in our client. If our client is a bigger organization, then we scale up as per our requirement.
How are customer service and support?
I would rate the support a 10 out of 10.
Which solution did I use previously and why did I switch?
We have used other products for the same solution as SentinelOne Singularity Cloud Security, for SOAR and different other products. Other products are especially difficult to understand first of all. SentinelOne Singularity Cloud Security is much more reliable and an easy-to-learn tool. We can rely on it for security purposes. It catches any incident that happens, and we have several examples in our infrastructure. Recently, some ransomware happened on our client's side, but SentinelOne Singularity Cloud Security identified the source from where the attack originated and reported it to the client.
However, the client's problem was that they did not take any real-time action on it; therefore, the attack happened. There are different examples where SentinelOne Singularity Cloud Security has been very useful and captured these events well, compared to other products we are using that could not capture them, but SentinelOne Singularity Cloud Security did.
We can rely on it when it comes to security purposes.
What about the implementation team?
We are a team of six to eight people working with different roles and responsibilities.
What's my experience with pricing, setup cost, and licensing?
The costing is not that expensive compared to other solutions. They are very aggressive regarding the pricing module compared to what Microsoft and other CrowdStrike are providing. This is quite a bit better than any client could ask for. We can scale up and scale down, and its cost depends upon the per device basis, or in simple terms, per agent we have deployed at the endpoints.
What other advice do I have?
These are enterprise businesses.
Maintenance means we have to get connected with the OEM from time to time to patch any updates. If SentinelOne Singularity Cloud Security has any newer version, then we have to stay connected with the OEM.
We can use public cloud, private cloud, or hybrid cloud. We can deploy through AWS.
SentinelOne Singularity Cloud Security does streamline operations. We can deploy use cases as per our need. We can add any custom rule on our client's requirement. It depends on the requirement.
We scan our client's endpoints from time to time on the servers, desktops, or laptops. By doing so, the scanning sometimes generates quite a higher amount of false positive alerts. However, the scanning helps us identify if there are any vulnerabilities or exploits in the desktop, laptop, or server. There is a drawback in that it does generate a high number of false positives, but it is great from a security perspective because we get to scan every bit of file in the server, laptop, or desktop at any endpoint.
For AI workloads, we have been using Purple AI in SentinelOne Singularity Cloud Security. Although I have had limited experience with it, it gives us different features including a co-pilot feature wherein we can use a pull-down menu to identify based on the IOCs present in our client's endpoint with retrieval time. The retrieval time is very fast compared to other features it has, and the co-pilot feature is certainly faster compared to other features. I have had hands-on experience with Purple AI only.
I would give this solution an overall rating of 9 out of 10.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Randall D.
Easy Deployment, Seamless RMM Onboarding, and Great Value
Reviewed on Apr 23, 2026
Review provided by G2
What do you like best about the product?
Ease of managing and integrating and deployment of endpoint agent. No impact to the client. Onboarding was integrated with my existing RMM.
Pricing was WAY cheaper than the prior EDR agent
Pricing was WAY cheaper than the prior EDR agent
What do you dislike about the product?
Struggling with Log ingestion with with Entra but have a ticket in for that. Otherwise seems to be moving along well and intregrates with all other systems
What problems is the product solving and how is that benefiting you?
The current issue that I am having is with the log ingestion and Entra. There is a ticket in place and they have been working with me to resolve this issue. KB Articles and suggestions
Sreeraj Mohandas
Consolidated cloud security has reduced manual work and has automated vulnerability remediation
Reviewed on Apr 23, 2026
Review from a verified AWS customer
How has it helped my organization?
My customer saw benefits from using SentinelOne Singularity Cloud Security as we are able to actually fix the vulnerabilities. There are many infrastructure components that need to be properly patched. We have a hybrid platform with hyper-scaler components. My customer is into hyper-scaler environments, and there are many aspects that need to be properly patched. We have plenty of cloud native applications that have been hosted in both AWS and Azure. Governing all of this requires many employees to govern it. When we implemented SentinelOne, the team was shortened from 25 people to only 15 or 16 people. This reduction occurred because of the consolidated platform and all the vulnerabilities showing up in the console have been automatically patched. The vulnerabilities automatically go to the SIEM and are patched by the application team, and the vulnerabilities in the cloud are patched by the cloud department. This was much easier because the integration with the SIEM, which was LogRhythm on premise, was much easier than Trend Micro. Trend Micro would have required syslog servers, but SentinelOne only had three or four steps and just connected to the log server. LogRhythm was able to easily fetch the logs from it.
The role of SentinelOne's secret scanning feature is very important in tightening my company's cloud hygiene. In an infrastructure where there are hybrid cloud and different vendors of cloud such as AWS and Azure, maintaining both clouds and having a resource pool with the skill set of AWS and Azure is very difficult. After implementing CSPM, I could have a vulnerability management system under one roof where I could take the misconfiguration of Azure and AWS at the same place and get it done by a limited amount of users. SentinelOne CSPM knows how AWS configuration and Azure configuration work, so I can know about it and fix it all in one place. SentinelOne has eased the process of finding vulnerabilities in each cloud platform. I have vulnerability visibility for every tenant that I have hosted in different cloud hosting platforms, and it has eased my work of fixing the vulnerabilities.
The impact and effectiveness SentinelOne had in managing cloud identities and enforcing least privilege is evident in an incident where SentinelOne helped us. There were some identities which did not have two-factor authentication. In fact, they were not even linked to our Active Directory. It turned out that the cloud infrastructure had some identities from the company which implemented that cloud. We were able to find accounts which were not supposed to exist in the cloud infrastructure because it mapped itself with the Active Directory and fetched all the users who actually need access to the AWS server. We found out that these two users were not in there, identified the anomaly, and deleted the identities from the cloud platforms.
What is most valuable?
My experience includes implementing SentinelOne Singularity Cloud Security, specifically the Cloud Singularity as a marketplace for AWS and Azure. I only have to connect the connectors from the marketplace, and as soon as I get the license, I can deploy it from the marketplace and start using it. The deployment phase was actually easy when I connected with the connectors from AWS and Azure marketplace.
I compared Trend Micro and SentinelOne Singularity Cloud Security with two POCs for both of them. SentinelOne was at the higher price end, but my customer and the management opted for it because of the integrity and the better coverage. The ease of deployment mechanism in SentinelOne is not present in Trend Micro. In Trend Micro, for each cloud platform, such as AWS, I need to have another localhost web URL to access that particular dashboard. In SentinelOne, I can manage everything under one particular URL and there are different functions to it. I can easily navigate to any dashboard that I require, so the ease of using SentinelOne was easier than Trend Micro. The better coverage and easy deployment is the second part. Trend Micro had some manual intervention required and an extra server needed to be a jump server for all the traffic to be passed. SentinelOne had both on-premise and cloud options, which was another plus point for the customer.
In Cloud Singularity, there is a cloud native application, and in that, there is CSPM. We also used to have CWSPM. In CSPM, we only used to get the vulnerabilities in the cloud configuration, just the misconfiguration. In SentinelOne CWSPM, the attack map and the graph that it created inside the dashboard gave me a better idea for myself and the management to fix the most vulnerable issues. There might be some vulnerabilities with a higher risk rate, but some CVE IDs with lesser risk rate could have caused major damage to the company's infrastructure than the CVE with the higher risk end. The attack graph which CWSPM showed in SentinelOne was the best thing I have come across because it gave me a better visibility of the whole infrastructure and what vulnerabilities can be impactful and more critical to any customer.
SentinelOne's runtime protection is lightweight. I would say it is very lightweight and it does not even feel that I am running a SentinelOne agent in the systems. Compared to Checkpoint EDR, SentinelOne is a lot better because the Checkpoint agent takes a major chunk of the RAM of the desktop. SentinelOne barely takes around 25 MB of the RAM, so it is very easy and lightweight.
Regarding SentinelOne Singularity Cloud Security advanced SIEM capabilities, we had log servers. There were only EDR part and the CSPM, and it actually created the attack graph matrix and created it as a SIEM. We have actually used it. The logs are very much in real time and the false positive was less compared to the LogRhythm ones.
What needs improvement?
I elaborate on my rating of SentinelOne support by mentioning that there was some time where the troubleshooting took a longer time. In fact, there were many meetings going on. The availability of the document on the internet is on a lesser side because as an engineer, I would want to know about the troubleshooting aspects of this particular tool. When I am facing a customer, I do not prefer to bring the vendor to every call and try to resolve it, as it takes months and months. It would be better to have a training session with the engineer on site to explain and train properly. This is not the case with SentinelOne, so this is the only thing I have a complaint about.
I do not have any other room for improvement to suggest within SentinelOne itself. However, I would really want the AI assistant for the threat hunting part to be more accessible. They have it, but they are making it licensed, so it is a bit on the higher end.
What do I think about the stability of the solution?
Regarding stability and availability of SentinelOne Singularity Cloud Security, it has been on and stable every time I have opened it. There are no issues for me with respect to the availability of it, so it is going good.
What do I think about the scalability of the solution?
SentinelOne Singularity Cloud Security scalability does grow well with the growing needs of my company and my client's company. We are trying to make every other component SentinelOne so that we can have a better attack map walkthrough and have clearer visibility for where the attack can be associated with. We are trying to replace whichever security solutions are necessary to create a consolidated attack map vector which we call the Singularity, the Cloud Singularity, so that everything comes under one and we can get a better overview of all the vulnerabilities and fix it accordingly.
How are customer service and support?
Regarding the level of support I am getting from SentinelOne, I would rate it a seven out of ten.
Which solution did I use previously and why did I switch?
Since switching to SentinelOne, I have been able to eliminate three tools or solutions. The first was Trend Micro EDR, which SentinelOne replaced. The second one was Tenable Synapse, which we replaced with CSPM from SentinelOne. The third one was the SIEM LogRhythm.
Which other solutions did I evaluate?
I compared Trend Micro and SentinelOne Singularity Cloud Security.
What other advice do I have?
SentinelOne CSPM also eliminates misconfiguration on its own after one approval, which is a very good thing that I actually liked about SentinelOne CSPM.
The rating of nine is because of some false positives that I found recently. There was some misconfiguration from cloud servers which I thought was not necessary. That is the one point that I reduced for. They can improve, but they are better than other solutions, which is the reason it received a nine and not a ten.
If someone is considering and evaluating SentinelOne Singularity Cloud Security, I want to advise them to opt for SentinelOne because if you want integrity and faster driven insights on your whole infrastructure, you should really opt for SentinelOne because it has ease of access, easy deployment, and you would require only fewer engineers to deploy it because it is not a big Checkpoint level complex integrity that you have to do in SentinelOne. I gave this review an overall rating of nine out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Rakesh Das
Unified cloud security has reduced alert fatigue and improves response with AI-driven protection
Reviewed on Apr 19, 2026
Review from a verified AWS customer
What is our primary use case?
I have been using SentinelOne Singularity Cloud Security for the last two years.
My main use case for SentinelOne Singularity Cloud Security is Cloud Security Posture Management, cloud data security, and unified visibility.
A specific example of how I use SentinelOne Singularity Cloud Security for cloud data security management is with cloud object storage such as Amazon S3.
I continuously monitor and audit my environment for misconfigurations as part of my main use case for SentinelOne Singularity Cloud Security.
What is most valuable?
The best features SentinelOne Singularity Cloud Security offers in my experience are cloud Open-Sip Security Engine and a very tight expert path, as well as AI-powered runtime protection. This feature provides clear evidence of exploitability, allowing security teams to focus on fixing critical issues rather than chasing noise and false positives. It uses behavioral AI to detect ransomware, zero-day exploits, fileless attacks, and NDR attacks.
For visibility, SentinelOne Singularity Cloud Security has a Singularity Data Lake, where telemetry from cloud workload endpoints identifies into a single repository for rapid querying and analysis. It also has Graph Explorer, which visually maps the relationships between cloud assets, endpoints, and identities to help analysts understand the blast radius and root cause of the incident. It correlates related events into a single storyline, providing full historical context for deeper forensic analysis.
SentinelOne Singularity Cloud Security positively impacts my organization by reducing alert fatigue and decreasing false positives. The platform allows security analysts to focus strictly on actionable, verified risk rather than manual triage. It also provides faster response times, helping my organization see a reduction in mean time to respond and mean time to detect. It includes autonomous resolutions and eliminates blind spots, providing unified visibility across multi-cloud environments, endpoints, and enterprise risk, reducing the likelihood of major security incidents.
What needs improvement?
In terms of improvement for SentinelOne Singularity Cloud Security, users and industry analysts identify several areas where the platform can be enhanced, including administrative setup experience and operational tuning and performance.
The user interface of SentinelOne Singularity Cloud Security is quite good. I do not have any additional improvements needed for SentinelOne Singularity Cloud Security that I have not already mentioned.
For how long have I used the solution?
I have been working in my current field for two years.
What do I think about the stability of the solution?
SentinelOne Singularity Cloud Security is very stable.
What do I think about the scalability of the solution?
SentinelOne Singularity Cloud Security's scalability is quite good, as it is very scalable.
How are customer service and support?
I rate the customer support for SentinelOne Singularity Cloud Security a ten out of ten.
What other advice do I have?
I observe an approximate 88% reduction in mean time to respond as a specific metric around the reduction in false positives and response times.
I chose a rating of ten out of ten for SentinelOne Singularity Cloud Security because of its autonomous threat detection and response, comprehensive visibility, operational efficiency, and lightweight performance. It also demonstrates proven industry leadership.
SentinelOne Singularity Cloud Security's unified platform experience has helped streamline my security operations, functioning as a single pane of glass. My users appreciate having one source of truth for endpoints and cloud workloads, such as virtual machines and containers across AWS and other clouds. It has verified exploit paths, not just listing vulnerabilities but identifying which ones are actually reachable and exploitable by an attacker, helping my team focus only on high-priority risks.
I use Purple AI for threat investigations, and it is a game-changer.
SentinelOne Singularity Cloud Security's runtime protection is quite good in terms of adaptability to new and unknown threats compared to other solutions I have used.
It is significant for my team to have built-in integrations that unify various aspects of cloud security, resulting in superior threat detection and faster response, along with improved operational efficiency and security posture.
Drift detection significantly impacts my organization's ability to detect unexpected process behavior in containerized environments by reducing response times. The system can automatically share information and responses across different aspects to improve incident response time significantly. The automation of tasks and built-in integration enables automated compliance audit and risk remediation, reducing manual efforts and human error in managing security configurations.
SentinelOne Singularity Cloud Security drastically reduces the mean time to remediate for cloud incidents by shrinking investigation and response time from hours to seconds or minutes. The platform offers an autonomous AI-driven approach.
We measure the time savings in terms of SecOps operations achieved through SentinelOne Singularity Cloud Security by focusing on metrics, where automation reduces manual investigation and expedites incident response time. My organization frequently achieves significant efficiencies, with some customers achieving a 95% reduction in mean time to detect and an 88% reduction in mean time to respond. The reduction of false positives by using AI contextualized alerts allows teams to spend less time investigating non-malicious findings. The verified exploit paths feature helps my team prioritize vulnerabilities with a critical exploitable route, reducing time spent patching non-critical issues.
I advise others looking into using SentinelOne Singularity Cloud Security to prioritize the visibility feature, utilize the AI-driven Purple AI for cross-environment threat analysis, and adopt a least-privilege IAM model to maximize the security impact.
SentinelOne Singularity Cloud Security is a recognized Singularity Cloud system and a premier cloud-native application protection platform, heavily emphasizing autonomous and AI-driven protection over manual, policy-based detections. I rate this product ten out of ten.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Anniki Iskandar
Unified endpoint protection has simplified real-time threat blocking and policy-driven control
Reviewed on Apr 15, 2026
Review provided by PeerSpot
What is our primary use case?
I use SentinelOne Singularity Cloud Security to collect endpoint data from the company, such as servers, computers, and mobile phones. The solution functions similarly to Cortex XDR and provides antivirus protection that safeguards devices from viruses and malware.
What is most valuable?
SentinelOne Singularity Cloud Security offers real-time protection, anti-tamper capabilities, and a centralized platform with a good user interface. The UI is intuitive enough that even people without cybersecurity knowledge can understand how to use it.
The policy feature is valuable because it tells the product what to do with new files, such as whether to scan them or leave them untouched. One single tab covers all the features, so I do not have to open another tab or window to turn settings on or off. The simplicity of the product itself makes it better than competitors.
The real-time protection is quite valuable. If any attack occurs or if an employee tries to download something malicious, SentinelOne Singularity Cloud Security directly blocks it for us without requiring manual intervention. For example, if an employee accidentally clicks on a link that tries to download something malicious, SentinelOne Singularity Cloud Security directly blocks it and quarantines it, notifying us on the console about the employee's name and what they attempted to download. We can then check the file or ask the user, and if they did not download it intentionally, we can close the case. If it was critical for them, we can release it directly from the console.
The unified platform experience of SentinelOne Singularity Cloud Security is good. The dashboard, settings menu, policy menu, user menu, and endpoint menu are all well organized. I can say it is one of the best user interfaces I have used, and it is very user-friendly.
What needs improvement?
Integration could be improved because not all solutions can be integrated with SentinelOne Singularity Cloud Security or vice versa. I was in a project where the company wanted to integrate SentinelOne Singularity Cloud Security with another solution product. When I checked, it turned out that integration was possible but could not be directly connected. It had to go through middleware before reaching that product, which is more complicated.
SentinelOne Singularity Cloud Security is a newer product compared to Palo Alto Cortex, so perhaps some product solutions cannot be integrated yet. SentinelOne Singularity Cloud Security does not have as large a portfolio of integrations as Cortex XDR.
SentinelOne Singularity Cloud Security is more sensitive compared to other solutions. While all solutions perform well when it comes to real-time protection, SentinelOne Singularity Cloud Security tends to generate more false positive events due to its high sensitivity. For example, some companies use older types of WinRAR, which may get blocked by SentinelOne Singularity Cloud Security directly.
I would appreciate it if they introduced a filtering or archive feature where we could add applications that should not be marked as threats.
Many features in SentinelOne Singularity Cloud Security have additional costs, which limits our exploration of the full product.
It would be more convenient if SentinelOne Singularity Cloud Security could be integrated with other solution tools such as firewalls or SIEM, as it would be more comfortable for us to avoid checking the console every single time. In our SOC, we have many tabs open on our screen, and it is confusing; we might miss some alerts. With better integrations, we could go in one tab and have everything provided for us.
For how long have I used the solution?
I have used SentinelOne Singularity Cloud Security for almost one year.
What do I think about the stability of the solution?
SentinelOne Singularity Cloud Security is very stable, and there are no errors, even compared to Cortex where there were errors on the agent. We have not experienced any issues with SentinelOne Singularity Cloud Security. The platform is more convenient, and for the server, they choose the nearest one from Indonesia, so when we go to the console or when the devices try to connect, there are no errors. Even during power outages, the system remains stable.
What do I think about the scalability of the solution?
From the licensing perspective, it is very easy to scale. When a company wants to add more licenses, they simply call the provider or a consultant, and they can add it within one or two months from the time they request it. They will then receive the license instantly.
SentinelOne Singularity Cloud Security is more resource-friendly, so it does not consume a lot of RAM or storage. This is excellent because even companies with older devices can run SentinelOne Singularity Cloud Security. In Indonesia, especially in financial-related companies, there are regulations stating that some servers or programs can only run on older servers. SentinelOne Singularity Cloud Security can directly create a custom build for that specific server.
In the case of custom builds, the company itself has to contact SentinelOne Singularity Cloud Security, as this is not publicly available.
How are customer service and support?
I have experience with the technical support and customer service of SentinelOne Singularity Cloud Security.
During implementation, when we encounter any issues, we call support. The implementation process has only involved minor issues, so we have not needed extensive support. We simply email them, and they respond directly with documentation if available. Otherwise, they provide comments to help resolve the issue.
What other advice do I have?
After implementation, the process is fast. SentinelOne Singularity Cloud Security provides cloud hosting itself. If we choose the cloud option, they will set it up, and we simply wait until we have our domain and account. When we go to that domain and log in, our console is already there.
Regarding the deployment model, I recommend the cloud option for SentinelOne Singularity Cloud Security.
As far as I know, SentinelOne Singularity Cloud Security has one license for the cloud itself and another license for the devices. If the company size is one thousand people, they can buy one thousand or one thousand one hundred for a backup. If they need more, they can add more licenses, and the company will buy it and update it directly to the console. SentinelOne Singularity Cloud Security is much cheaper than Palo Alto Cortex.
SentinelOne Singularity Cloud Security is simpler than Cortex XDR. The process is similar to Cortex, but the difference is that Cortex integrates the package file with the license or token. With SentinelOne Singularity Cloud Security, we have to manually insert the token or copy it from the console to a notepad. When we try to install, we click the installer and open the notepad to paste the token.
Abdelattim Abdelattim
AI-driven protection has improved endpoint security and currently saves significant analyst time
Reviewed on Apr 13, 2026
Review provided by PeerSpot
What is our primary use case?
Our main use case for SentinelOne Singularity Cloud Security in our company is using the endpoint for the machine.
What is most valuable?
In my opinion, the best features of SentinelOne Singularity Cloud Security are the integration with AI capability and more powerful performance; this is the future.
I find these features the best for my organization because the feature protects the machine.
SentinelOne Singularity Cloud Security has impacted my company positively as it provides good protection for the company and for the services.
What needs improvement?
In my opinion, SentinelOne Singularity Cloud Security can be improved by acknowledging that it has a good future with good capability for integrating with AI capability; it increased the high speed and performance for taking action.
For how long have I used the solution?
I have been using SentinelOne Singularity Cloud Security for one year.
What do I think about the stability of the solution?
SentinelOne Singularity Cloud Security has been very stable so far.
What do I think about the scalability of the solution?
My impression of SentinelOne Singularity Cloud Security's scalability is that it has high scalability and grows well.
How are customer service and support?
I would evaluate SentinelOne Singularity Cloud Security's customer service or technical support by giving them an eight.
I give them an eight because it is not quite exceeded to reach a ten.
For them to get a ten, I still do not have any notes to give them to improve their service.
Which solution did I use previously and why did I switch?
Before choosing SentinelOne Singularity Cloud Security, we evaluated other solutions and we are using Microsoft Defender.
The main differences between SentinelOne Singularity Cloud Security and Microsoft Defender, both pros and cons, are that SentinelOne Singularity Cloud Security has AI capability and is faster for performance and detection.
How was the initial setup?
My experience with the pricing, setup costs, and licensing of SentinelOne Singularity Cloud Security is that the pricing is good; it is not expensive, it is medium.
What about the implementation team?
I did not purchase SentinelOne Singularity Cloud Security through the AWS Marketplace.
What was our ROI?
I have not seen a return on my investment so far.
What's my experience with pricing, setup cost, and licensing?
My experience with the pricing, setup costs, and licensing of SentinelOne Singularity Cloud Security is that the pricing is good; it is not expensive, it is medium.
Which other solutions did I evaluate?
Before choosing SentinelOne Singularity Cloud Security, we evaluated other solutions and we are using Microsoft Defender.
The main differences between SentinelOne Singularity Cloud Security and Microsoft Defender, both pros and cons, are that SentinelOne Singularity Cloud Security has AI capability and is faster for performance and detection.
What other advice do I have?
There has been no impact on reducing our MTTR until now.
I do use Purple AI for threat investigations.
Its impact on understanding the root causes of security incidents is good; it understood the root cause for security.
SentinelOne Singularity Cloud Security's runtime protection compares well to other solutions I have used in terms of adaptability to new and unknown threats, as SentinelOne Singularity Cloud Security is a stable solution.
I am not using the Offensive Security Engine feature.
The role of SentinelOne Singularity Cloud Security's Secret Scanning feature in tightening my company's cloud hygiene is that it is a good one; it is very heavy and not too much load from the endpoint.
We measure the time savings achieved through SentinelOne Singularity Cloud Security as a good achievement.
I save time for my security operations by using SentinelOne Singularity Cloud Security.
I have saved approximately one year of time. I gave this review an overall rating of eight.