SentinelOne Singularity Cloud Security - AI Powered CNAPP
Automated detection has stopped ransomware attempts and provides continuous cloud protection
What is our primary use case?
My main use case for SentinelOne Singularity Cloud Security is to protect our cloud workloads and infrastructure from cyber threats. I use it for continuous monitoring and detection of threats in our cloud environment, automated incident response to mitigate attacks quickly, visibility into the cloud security posture, and meeting compliance structures while protecting workloads across multiple cloud platforms.
SentinelOne Singularity Cloud Security provides automated threat detection and response capabilities. SentinelOne played a crucial role in improving our workflow, providing details on incident data after it has been resolved, and it has helped us in cases of suspicious activity.
What is most valuable?
Recently, SentinelOne Singularity Cloud Security detected a malicious deployment on one of our cloud workloads, indicating a potential ransomware attack. The platform's automated response immediately isolated the affected instance, stopping the threat's movement. Its threat detection alerted our security team in real-time, allowing us to quickly investigate and prevent any data exfiltration. This incident demonstrated the tool's significant ability to improve our response time and minimize the impact on our operations.
I chose a rating of nine for SentinelOne Singularity Cloud Security because it delivers strong and reliable protection with its advanced automated threat detection and response capability. It has significantly improved our ability to quickly identify and contain threats in our cloud environment.
My advice to others looking into using SentinelOne Singularity Cloud Security is to integrate its automated detection and response features. I recommend investing time in training your security team, integrating SentinelOne Singularity Cloud Security with your existing security tools, and regularly reviewing and fine-tuning alerts and policies.
SentinelOne Singularity Cloud Security offers a strong balance of automated threat detection and rapid response. Its relatively easy scalability makes it suitable for businesses of various sizes. The platform's integration capabilities are another advantage, allowing it to fit into existing security ecosystems.
For how long have I used the solution?
I have been using SentinelOne Singularity Cloud Security for about one year.
What other advice do I have?
I found this interview clear and well-structured, which made it easy to share my thoughts. For future interviews, perhaps a bit more room for open-ended feedback could help capture more detailed insights. I gave SentinelOne Singularity Cloud Security a rating of nine.
AI-Driven Cloud Threat Detection That Delivers Real-Time Protection
Faster incident resolution, reducing potential damages.
Simplified management of complex cloud environments.
Increased confidence in your security measures, allowing you to focus on core business activities.
Clear Cloud Visibility That Makes Security Easier
Cloud security has delivered strong detection, fast investigations, and user-friendly management
What is our primary use case?
My use case for SentinelOne Singularity Cloud Security involves servers on the cloud, and I needed something secured with a warranty kind of scenario. The agent is the same as an endpoint agent, but it was a better option.
What is most valuable?
When talking about Windows in relation to SentinelOne Singularity Cloud Security, the Rollback feature is definitely the most valuable.
SentinelOne Singularity Cloud Security is quite good, and the scan engine and the technology behind it gives us better output and detection as well as prevention, which I have observed other security tools fail to provide.
SentinelOne Singularity Cloud Security definitely reduces MTTR for cloud incident investigations because I have all the data available on the cloud itself.
The unified platform experience of SentinelOne Singularity Cloud Security definitely helps to streamline security operations.
What needs improvement?
Regarding points for improvement for SentinelOne Singularity Cloud Security, they are offering raw data only for two weeks. That should be increased to 365 days.
Usually, if there is some kind of web control also over and above, or a DLP built into SentinelOne Singularity Cloud Security, that will be a good advantage. Then I can always say it is a Singularity product and I would not need to go for a third-party product.
For how long have I used the solution?
I have been working with SentinelOne Singularity Cloud Security for almost four to five years.
How are customer service and support?
My mark for vendor support regarding SentinelOne Singularity Cloud Security is one.
In India, the team is very much used to getting immediate online support. SentinelOne is the only vendor that does not offer support and always avoids giving support. They will come on call and ask what the version is, tell me to change the version, and ask for logs. That is all they will do. They will never come online with me and resolve the issue in real-time. Even if it is a very critical issue, it takes months to resolve for SentinelOne because they never come on-site, meaning they do not provide remote support.
How was the initial setup?
The setup process for SentinelOne Singularity Cloud Security is simple.
What other advice do I have?
I rate the price for SentinelOne Singularity Cloud Security at five.
I always try to keep SentinelOne Singularity Cloud Security as number one in comparison, but competitors are there and can compete on pricing and cost. Otherwise, regarding technology, they do not have anything compared to what SentinelOne has.
SentinelOne Singularity Cloud Security is number one in functionality when compared with competitors.
The management console of SentinelOne Singularity Cloud Security is very user-friendly.
The purchase process for SentinelOne Singularity Cloud Security is B2B. SentinelOne cannot directly sell in India, so it has to come through a distributor.
I have to take SentinelOne Singularity Cloud Security from the distributor and then provide it to the customer. There is no direct selling.
I rate the scalability for SentinelOne Singularity Cloud Security a ten.
The detection ratio of SentinelOne Singularity Cloud Security is way ahead of any other solution available in the market.
SentinelOne Singularity Cloud Security is integrated well with other security tools.
I would rate this review a ten overall.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Unified cloud security has improved posture visibility and simplifies identity risk management
What is our primary use case?
Cloud security is what I refer to when discussing SentinelOne Singularity Cloud Security. The main use case for SentinelOne Singularity Cloud Security would be getting the security posture through the CSPM module, understanding how the security posture of the cloud is configured. The second would be the identity piece, understanding from an identity perspective because in the cloud, even in the front end, you see one identity and the roles associated with it. However, in the back end, that identity is mapped to multiple roles, and if it gets compromised, you don't have visibility on how far the attack is or how deep the breach has happened. To have complete visibility of how the identities are mapped within the cloud and what are the misconfigurations and vulnerabilities associated with it, CSPM and CIEM are the main use cases that I am looking for concerning cloud configuration vulnerabilities and identity perspective.
What is most valuable?
Regarding the functionality part of SentinelOne Singularity Cloud Security, it is a unified platform. All the different modules which comprise cloud security, such as CSPM, CWPP, and CIEM, are unified and given in a single console which helps because I don't have to log in to different things and then check or do a lineage comparison. In a single console, I get everything. The AI feature is also quite good. The AI detection rate that I have found is much better than the other set of tools that I work on. From a Kubernetes perspective, it has some good in-depth sidecar-based scanning technologies that I have found to be good. From the reporting perspective, the reports are better. I can easily prioritize my risks based on the reports that are generated from the solution. At the back end, it also has a single data lake, so from the single console and single data lake, I am able to get some good reports. Overall, these are the benefits I would say from the solution perspective that I liked.
SentinelOne Singularity Cloud Security helps me understand the nitty-gritties of my environment. A few of its deployments are agentless, so that helps from the system perspective because it does not utilize any resources. Reporting is quite better, and it gives an in-depth picture of the overall cloud security posture of my environment. These are the factors that have defined my inclination towards going for SentinelOne Singularity Cloud Security.
SentinelOne Singularity Cloud Security helps reduce MTTR for cloud incidents, especially in the investigation part. My MTTR has reduced because of the AI detection capabilities and the risk prioritization. Because of the AI detection and its integration with third-party solutions for automation of remediations, plus the risk prioritization, I know which risks to address first even if there are one hundred risks. From an operationalized perspective, the agentless part, security prioritization, risk prioritization, and the AI detection have been very beneficial.
The unified platform experience helps to streamline some security operations, so the single console and single data lake at the back end have helped to streamline the operations, and the agentless part has made the operations part quite easier.
The AI detection engine of SentinelOne is quite powerful, and since it works on behavioral patterns rather than signatures, the detection of unknown threats is much better compared to the other solutions.
What needs improvement?
In my opinion, if you have worked on the SentinelOne platform, then SentinelOne Singularity Cloud Security is easier to manage. However, if you are new to it, understanding the console, the policies, and the integrations takes more time for an administrator. Compared to other solutions, the third-party integrations are currently less compared to other cloud security solutions. They may improve in the future, but as of now, they are less. They have entered the market a couple of years ago from a cloud perspective, so the maturity factor or the support perspective is still not that competitive compared to others. Support also needs to be improved; the ticket closing time or understanding of the issues is much longer, and the understanding of the issues from the support perspective is less.
The technical support is quite immature, so I would rate it as a six.
For how long have I used the solution?
I have used SentinelOne Singularity Cloud Security since last year.
What do I think about the stability of the solution?
I would rate the stability for SentinelOne Singularity Cloud Security a seven.
What do I think about the scalability of the solution?
Scalability for SentinelOne Singularity Cloud Security has no issues; it is good. I would rate it a nine, or 9.5 in fact.
Which solution did I use previously and why did I switch?
I can compare SentinelOne Singularity Cloud Security with Google's Wiz, Palo Alto's Prisma Cloud, and CrowdStrike's Falcon Cloud. In my opinion, I rate SentinelOne Singularity Cloud Security number two, then Prisma, and then Wiz. I find CrowdStrike somewhat better from SentinelOne Singularity Cloud Security.
How was the initial setup?
The initial setup for SentinelOne Singularity Cloud Security is not that simple, but it is also not that complex. It is somewhere in between. If I understand cloud and if I have worked on the SentinelOne platform, it is easier comparatively. However, if not, then it becomes a tedious task. Since I have worked on SentinelOne before, it was not that complex. However, for someone new, it might be complex if they don't know.
What other advice do I have?
Regarding the pricing model for SentinelOne Singularity Cloud Security, I would rate it a six. I find it to be pretty reasonable money for the product, but it could be a bit cheaper.
I am totally satisfied with the functionality part of SentinelOne Singularity Cloud Security. The functionality is fine. They have some good feature sets. If you look at it from an individual perspective, it gives good reports and a good index of what my cloud posture is. From the agentless perspective, I have less overhead. From an operationalized perspective and from a security perspective, that is good.
Purple AI is very good; it is natural language, so I can easily ask questions and get those answers. I don't have to write some heavy codes or do some XML programming at the back end. With simple queries, I get all the results that are expected. My overall review rating for SentinelOne Singularity Cloud Security is eight.
Unified cloud security has improved misconfiguration detection and simplified compliance work
What is our primary use case?
I am an integrator and reseller of SentinelOne Singularity Cloud Security. Most of our customers are interested in cloud security posture management, including misconfigurations of different clouds, particularly AWS and Azure. We also use SentinelOne Singularity Cloud Security for compliance in the cloud and, rarely, with modules like Kubernetes security and IAC security posture management.
What is most valuable?
What I appreciate most about SentinelOne Singularity Cloud Security is how deeply the solution can identify misconfigurations with many different built-in rules for misconfigurations, probably around 2,000 if I remember correctly. Additionally, the solution has very good compliance modules with strong rules for standards such as PCI DSS.
From my experience, the unified platform of SentinelOne helps streamline security operations, and I propose to our customers that they move to the platform where they can choose different solutions such as EDR, SIEM, cloud security, and others, which I consider one of the biggest positives.
What needs improvement?
In one of my latest projects, I faced issues with the functionality of runtime protection for serverless functions for AWS, as SentinelOne currently does not have this functionality. However, the vendor promised that this functionality should be added by the end of this year, so it would be beneficial if SentinelOne adds runtime protection for serverless AWS.
For how long have I used the solution?
I am still working with SentinelOne Singularity Cloud Security for half a year.
What do I think about the stability of the solution?
The stability and reliability of SentinelOne Singularity Cloud Security are good enough. I believe the vendor does not have any problems with stability, which indicates it is a good factor for improvement in the future. I have not experienced any outages with SentinelOne Singularity Cloud Security when the product stopped working abruptly.
What do I think about the scalability of the solution?
When evaluating how scalable SentinelOne Singularity Cloud Security is, I find that if we need to scale, we just need to buy additional licenses; we do not need to deploy additional servers or consoles.
How are customer service and support?
I do not usually communicate with the technical support of SentinelOne Singularity Cloud Security. In some projects, we have communicated with their support due to specific customer infrastructure needs, but generally, the initial setup can be completed without support team communication.
Based on my interactions with the technical support of SentinelOne, I would rate them highly. As an integrator, I have communicated with many support teams and vendors, and I was impressed when we sent some technical requests and received answers within 30 minutes, although those were general questions, not high-priority ones.
How was the initial setup?
My experience with the initial setup of SentinelOne Singularity Cloud Security is that when we receive the license and do a full initial setup, it takes around one workday. After one workday, we can use this solution with all capabilities and get value.
Overall, I find the initial setup of SentinelOne Singularity Cloud Security straightforward due to good documentation and a really user-friendly interface. I do not use the documentation a lot other than during the initial setup, but I refer to it in specific cases.
What's my experience with pricing, setup cost, and licensing?
I think it is hard to say about the pricing, but projects with SentinelOne Singularity Cloud Security can start from probably 20,000 dollars per year. I do not know the current cost for one cloud resource for scanning, but I think if the customer has about 20,000 dollars for cloud security posture management solutions, we can proceed with SentinelOne.
What other advice do I have?
I have extensive experience with SentinelOne Singularity Cloud Security. The functionalities I get from SentinelOne Singularity Cloud Security mean the possibilities outweigh the price. It is not over-expensive; for the capabilities it provides, SentinelOne Singularity Cloud Security is truly not over-expensive.
I cannot answer the question about the impact of SentinelOne Singularity Cloud Security on reducing MTTR for cloud incident investigations because I am not working as an analyst and this is not part of my experience. I have not worked closely with any different technology for the same use cases before SentinelOne Singularity Cloud Security.
I would rate this review a 9 out of 10.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Runtime protection has strengthened AWS workloads and simplifies Kubernetes threat detection
What is our primary use case?
Our current organization operates in an AWS-centric environment with SentinelOne Singularity Cloud Security. We use everything on AWS, and all our resources require vulnerability detection and dependency issue management. Those detections are straightforward, and any tool can identify vulnerabilities. However, SentinelOne Singularity Cloud Security provides an extension on top of basic detection. Any CNAP currently in the market can tell you about vulnerabilities, but how to detect them and whether an attack is continuously happening on our traditional systems—and how to stop them at that moment—is critical. Runtime vulnerability checks are very important for us and help significantly with Kubernetes workflows as well as cloud infrastructure level operations.
We have extensively used the Kubernetes security features in SentinelOne Singularity Cloud Security, specifically the KSPM. We followed that with cloud work through what is called Cloud Workload Protection. Because we receive substantial data from AWS, the CWP has provided us with good information around what is going wrong. When attacks happen, we understand what to do and how to identify our system's vulnerabilities before they are exploited, ensuring things work properly without any security issues.
In my use case with SentinelOne Singularity Cloud Security, what I have used extensively is for Kubernetes and other infrastructure components.
What is most valuable?
Runtime protection is exceptional. The initial setup of SentinelOne Singularity Cloud Security is one of the best available. I have never had an easier integration than this, as everything is cloud-managed.
The positive impact I have observed is that runtime issues, which SentinelOne Singularity Cloud Security solves, are very good. Many times with Kubernetes and infrastructure that have numerous vulnerabilities, those issues can only be caught at the runtime level. SentinelOne Singularity Cloud Security provides the best runtime protection I have seen. I have not faced any problems, and regarding the engineering aspect, I have not been worried about this. That is a very good thing.
What needs improvement?
When it comes to the maturity of SentinelOne Singularity Cloud Security, it is not currently at the level of more established solutions. For example, we previously used CrowdStrike, which has been established for ages. CrowdStrike had an incident with an agent issue that was catastrophic, and despite that, people did not unsubscribe. CrowdStrike has something called Falcon that helped us in great ways before. Investigation is easier with SentinelOne Singularity Cloud Security—you can go through the screen and check everything, whereas with CrowdStrike it was more of a headache. However, the ecosystem is more mature at CrowdStrike compared to SentinelOne Singularity Cloud Security. There are not many users that need this in the market, and the CNAP market is very large. SentinelOne is specifically targeting AWS-first companies and is not extending its solution to Azure or GCP, which might help potentially.
For how long have I used the solution?
We have been using SentinelOne Singularity Cloud Security for one and a half years now, following an incident with CrowdStrike where we experienced a complete blue screen crash. After that issue, we switched to SentinelOne Singularity Cloud Security.
What do I think about the stability of the solution?
We have never faced any outage or problem with SentinelOne Singularity Cloud Security. All the SLAs are in place. I don't think we have specific metrics to measure this, but if it had been down, we would have known. We have always received reports and have created a pipeline using a monitoring tool called Signoz that fetches everything from the SentinelOne report and provides that information to Slack every day at 8:00 a.m. IST. This has helped us identify any ongoing vulnerability and has never failed since its one-time setup. SentinelOne Singularity Cloud Security operates consistently, and that is how a product should work—you should not have to worry about it.
What do I think about the scalability of the solution?
We have not faced any scalability issues with SentinelOne Singularity Cloud Security, and since our organization is not large, this is acceptable.
How are customer service and support?
I do not communicate often with technical support regarding SentinelOne Singularity Cloud Security because our VP of Engineering handles that. My work focuses on the integration aspect. I am an end user in terms of how the solutions are working, and vulnerability catching happens in the code. If something goes wrong during infrastructure deployments, I need to investigate what happened and assess the problem. I need to check how things are looking and whether we have the visibility we need or if any threat hunting is happening, which is something very important.
Which solution did I use previously and why did I switch?
Before choosing SentinelOne Singularity Cloud Security, we were using CrowdStrike, and we also evaluated Wiz. Wiz was acceptable, but compared to SentinelOne Singularity Cloud Security, their pricing was higher. They also provide similar features and are known better because they have something called agentless cloud visibility, which would have been a better opportunity for us to adopt, but their costing is very high. We opted for the runtime aspects instead.
My organization is small in terms of the scale of use cases with SentinelOne Singularity Cloud Security, so we did not have any issues. Even with CrowdStrike previously, it was also performing well. However, due to constraints regarding our customers who specifically asked us not to proceed with it, we had to move to SentinelOne Singularity Cloud Security.
How was the initial setup?
The installation of SentinelOne Singularity Cloud Security was straightforward. First, we onboarded through AWS by connecting our AWS account from the SentinelOne console. We had to configure some privilege issues, and policies had to be configured beforehand. We created a cross-account IAM role before integrating SentinelOne, which helped ensure that SentinelOne could run on multi-cloud environments. After that, we enabled CloudTrail integration and configured some AWS configurations. Then we proceeded to Security Hub and enabled GuardDuty. We started the agent asset discovery, which helped us deploy the provided solution quickly.
For Kubernetes, each step was straightforward. We had one EKS cluster where we deployed a SentinelOne Kubernetes component via Helm chart. The admission policy of the controller had to be configured at that point, and we enabled the KSPM scanning. The onboarding aspect was something I completed extensively, and I remember the steps involved. It was very straightforward, I did not face many issues, and the documentation was appropriate and to the point.
What's my experience with pricing, setup cost, and licensing?
I am not the right person to provide details about the cost aspect of SentinelOne Singularity Cloud Security because the company has already integrated it. I evaluated the solutions and provided a report, but the costing aspect is handled by the cost analysis or FinOps team. From articles I have read, SentinelOne Singularity Cloud Security appears fairly priced, but when dealing with many vulnerabilities, the runtime cost becomes somewhat high. However, I do not have much exposure to the pricing aspect.
What other advice do I have?
As we are a smaller firm and need significant automation, we opted for SentinelOne Singularity Cloud Security. I would rate this solution a solid nine out of ten. Everyone has some room for improvement, but a nine is something I consider very good.
Automated threat detection has reduced response times and streamlines our incident investigations
What is our primary use case?
Our use case for SentinelOne Singularity Cloud Security is to use it for endpoint detection to safeguard our client's infrastructure, so we have deployed the use case as per our client recommendations. We are not a customer, partner, or reseller; we work as an MSSP and provide services for our clients.
What is most valuable?
In my scenario, the best features of SentinelOne Singularity Cloud Security are that it gives a very quick response and has rollback capability. The benefit for my customer is that it is fully autonomous where mostly everything is automated, and the threat detection engine operates on a real-time basis, so it is almost fully automated and that is the major capability that SentinelOne Singularity has.
Since implementing SentinelOne Singularity Cloud Security, it has detected alerts in real-time, which obviously has affected our client's security, so we can rely on that very much.
The impact on our MTTR for incident investigations has been quite positive because the investigation feature shows us detections in the UI only, as it detects threats in real scenarios, so it is much more reliable.
What needs improvement?
I feel there is room for improvement in SentinelOne Singularity Cloud Security, particularly in creating custom dashboards since it only has a default dashboard feature, and a capability for creating custom dashboards would help us a lot as analysts. Additionally, there is a high number of false positive alerts when new clients come, as the default use cases are only enabled for that client, resulting in resource consumption and increased CPU utilization, which could be improved in the future.
For how long have I used the solution?
I have been using SentinelOne Singularity Cloud Security for more than a year.
What do I think about the stability of the solution?
As for stability, I find it very much stable since we have not experienced any downtime for more than a year, and if we ever do, we connect with OEM customer support, getting a quick response for whatever the issue may be. I would rate the stability of SentinelOne Singularity Cloud Security a 10 because as of now we have not faced any stability issues.
What do I think about the scalability of the solution?
SentinelOne Singularity Cloud Security is very much scalable, as it charges on a per-endpoint basis, allowing us to scale up or down depending on any requirements. I would rate its scalability an eight.
How are customer service and support?
I would rate the technical support for SentinelOne Singularity Cloud Security a 10.
How was the initial setup?
It is easy to deploy SentinelOne Singularity Cloud Security.
What about the implementation team?
I have not been part of integration but know that it is very easy; we just install the agent on any endpoint.
What was our ROI?
SentinelOne Singularity Cloud Security saves a significant amount of time because it detects in real-time and is fully automated, thus allowing us to detect and respond to any threats efficiently compared to other solutions for SIM and SOAR products.
What's my experience with pricing, setup cost, and licensing?
Although I am not the person responsible for pricing, I know that SentinelOne pricing depends on how many endpoints the client is using, and it is discussed on a per-device basis.
Which other solutions did I evaluate?
Compared to other vendors, I would say the reliability of SentinelOne Singularity Cloud Security is higher; we can rely on it very much as the detection and remediation features are very quick, and it is much easier to grasp even for beginners due to its user interface and rollback capabilities, keeping SentinelOne at a top tier compared to other solutions.
What other advice do I have?
Our mean time to response, every time a malware or any malicious file is detected in an endpoint, the alert is generated, and as analysts, we take a response accordingly, so we try to respond to the alert as soon as 15 minutes for our client. Although SentinelOne automatically quarantines malicious files, our purpose as analysts is just to raise the alert with our client.
I would say the MTTR has reduced by about 50%. For MTTD, I would say it detects files in real-time, so as soon as the file is detected, it gives us an alert in real-time, so I would say about 80-90%.
For overall scanning, we conduct activities to check for any unknown devices that should not be present. During scanning, a higher number of alerts are generated, which is expected, but we can rely on scanning as it is crucial to check every endpoint or desktop.
SentinelOne Singularity Cloud Security's unified platform experience has helped streamline our security operations significantly because the threat detection and the incidents we manage daily, including checking hash and other factors, are greatly aided by the platform.
We are using it as an XDR, not for cloud, so I cannot provide a specific reduction amount for MTTR in cloud incident investigation. We have SentinelOne Singularity Cloud Security deployed in an on-prem model.
There are around five to six members managing more than 15 or 16 clients with SentinelOne Singularity Cloud Security. In our organization, many specialists work with SentinelOne Singularity Cloud Security; we are a large team working in SOC and SOAR, sharing the same infrastructure, totaling more than 40 members. Our clients are mostly medium-sized businesses.
SentinelOne Singularity Cloud Security does require maintenance, such as basic updates and patching for new versions.
I would advise anyone looking to implement SentinelOne Singularity Cloud Security to choose it if they want a very reliable product because it is fully automated and very reliable, and it is the best option within the price range everyone is looking for. I give this review an overall rating of 10.
Behavioral detection has strengthened threat hunting and now improves incident response speed
What is our primary use case?
We were using SentinelOne Singularity Cloud Security as an endpoint security platform to get threat intelligence regarding malware and threats.
We have an MDR platform, and we are using it as a log ingester for log collection and then we are deploying webhooks for incident response.
What is most valuable?
Power Queries are useful in deep threat hunting and deep visibility.
SentinelOne Singularity Cloud Security maps any threat or incident with all the applicable MITRE ATT&CK techniques and also provides behavioral detection. This would be useful when an endpoint has a zero-day threat involved in the incident, as it will have better detection because of the behavioral detection engine and dynamic detection engine. The mapping of the MITRE ATT&CK techniques provides deep understanding of what the threat actor is trying to do.
Meantime threat response is quite fast. There is no doubt about that. The reason we are migrating to Defender from SentinelOne Singularity Cloud Security is not because of the cost or features. It is just a managerial decision taken in order to save money as we are already having some other tooling with different licensing. There is no doubt that the MTTR and MTTD are quite great in SentinelOne Singularity Cloud Security and it is quite effective in detecting threats and responding to incidents effectively.
SentinelOne Singularity Cloud Security has a dynamic and behavioral detection engine which examines the files based on their behavior and tries to map it with the MITRE ATT&CK techniques. Even if there is a zero-day threat, it would be able to detect it because of its behavioral detection capabilities.
What needs improvement?
Pricing is on the higher side. I would rate it at seven or eight.
The price is high, and of course it could be lower. The market is changing and SentinelOne Singularity Cloud Security has a very good competitor in Microsoft Defender. SentinelOne Singularity Cloud Security should innovate more and come up with features which clearly justify the purchase if someone is already having Microsoft Defender inbuilt with Microsoft 365 licensing. Suppose my organization is moving to Defender because they already have Microsoft Defender in E5 licensing and opted for it in order to save money that was being spent on SentinelOne Singularity Cloud Security. SentinelOne Singularity Cloud Security should come up with innovative and new features that justify organizations staying with SentinelOne Singularity Cloud Security and not opting for a Defender-solution.
I would not say the functionality was missing. However, for example, Defender provides correlations from an identity perspective. In SentinelOne Singularity Cloud Security, the identity module was available, but it needed to be purchased separately and did not come with the base licensing.
SentinelOne Singularity Cloud Security should include the identity module in their base subscription so that their value gets increased. Nowadays the threats are evolving and moving towards identity-based attacks. If a customer has to purchase an identity module of SentinelOne Singularity Cloud Security separately, they will get hesitant because their competitor, Microsoft Defender, is providing that for free in their base subscription. SentinelOne Singularity Cloud Security must work on their subscription pricing in order to stay relevant in the market.
For how long have I used the solution?
I have been working with SentinelOne Singularity Cloud Security for five years.
What do I think about the stability of the solution?
Stability is a benchmark at ten, and I would rate it at eight.
What do I think about the scalability of the solution?
Scalability is also eight because it can be easily scaled up if more endpoints need to be covered. They just have to have the agent installed on them and the license should have that many seats.
How are customer service and support?
The technical support is acceptable, and I would rate it at eight.
Which solution did I use previously and why did I switch?
In the company where I work as a security engineer, we used to have SentinelOne Singularity Cloud Security in our environment, but the company has decided to migrate to Microsoft Defender. The reason is managerial, not technical. The migration is in process and we will soon stop using SentinelOne Singularity Cloud Security and use Microsoft Defender instead.
How was the initial setup?
The deployment is much justified as it is a cloud-based setup.
SentinelOne Singularity Cloud Security is a separate endpoint security technology. It does not come or integrate with other platforms such as email platforms or cloud platforms. Because it is a separate technology, the deployment is not particularly tough.
What's my experience with pricing, setup cost, and licensing?
If you want a comparative score, it will not be good because Microsoft Defender is coming as a free offering in the Microsoft E5 licensing. Whichever organization is having E5 licensing of Microsoft Office 365 is literally getting Defender for free. If they were using SentinelOne Singularity Cloud Security or CrowdStrike and are already having Microsoft E5 licensing, then this move will save a lot of money from their security budget. SentinelOne Singularity Cloud Security has aggressive pricing, but they will get an equivalent product or maybe better in the Windows environment. If they use Microsoft Defender, they will get correlation from Microsoft Defender for Identity, for cloud, for cloud apps, for endpoints, and Microsoft Entra ID and Active Directory. Threat intelligence and correlation would be better because most organizations are using Microsoft Office 365, so they will get two things if they use Microsoft Defender.
The first benefit is that they would not have to spend a lot of money on an endpoint security tool separately, because they will get the Defender endpoint security suite for free as they already have the E5 licensing. It comes with E5 licensing, so no additional money. Suppose an organization is spending ten thousand dollars on SentinelOne Singularity Cloud Security; if they were having Microsoft 365 E5 licensing, they would just straight save ten thousand dollars. The spending will come from ten thousand dollars to directly zero, as the license is already included in E5.
The second thing is that the threat intelligence will be enriched due to Microsoft Office 365 having various products such as Entra ID and Azure resources. Microsoft Defender integrates by default with all those Microsoft toolings, so the threat intelligence would be much enriched as compared to SentinelOne Singularity Cloud Security.
Which other solutions did I evaluate?
In the company where I work, we are migrating from SentinelOne Singularity Cloud Security to Defender.
I am using it, but it will soon go away from the organization where I work.
Microsoft Defender is the alternate solution.
What other advice do I have?
My recommendation depends upon the budget, client expectation, and their existing security stack.
Ranger is a module in SentinelOne Singularity Cloud Security which scans all the network and determines the OS, whatever devices there are, their OS, and their versions.
Integration is acceptable, neither easy nor tough.
I would rate this review at eight overall.
Advanced rollback and AI-driven insights have protected endpoints and simplified security operations
What is our primary use case?
I have recently used SentinelOne Singularity Cloud Security. We also have the CrowdStrike EDR tool, which is similar to SentinelOne Singularity Cloud Security and other EDR solutions. We used the CrowdStrike tool two to three months ago.
What is most valuable?
We can check multiple types of alerts and triggers, and we can analyze these. There are many types of functions such as Kill, Quarantine, and remediate rollback types of features, which we can use for client safety.
The rollback feature is the best feature because it is only used in SentinelOne Singularity Cloud Security. We have used multiple types of EDR, but the rollback feature is unique to SentinelOne Singularity Cloud Security. When many types of attacks happen in an organization, the rollback feature deletes all types of malicious files and other malware-type files and completely cleans your system. This feature is very interesting according to me.
SentinelOne Singularity Cloud Security provides many types of features such as Kill and Quarantine, which are very interesting features for security operations. There are deep visibility features, and Purple AI is also one of the best features. It is easy for security operations and incident response. We can check log analysis with the help of deep visibility, and any types of attacks, malware, and phishing attacks are detected by SentinelOne Singularity Cloud Security. Many types of security operations can be tracked and observed with the help of SentinelOne Singularity Cloud Security.
Purple AI is one of the interesting features in SentinelOne Singularity Cloud Security. Deep visibility is one of the best features in SentinelOne Singularity Cloud Security. You can find any types of logs and any types of devices through searching portals, similar to Google search. It gives you information regarding this. With deep visibility, you can search for any name. For example, we can search for any name and check what is happening with that person's laptops, what USB is connected or disconnected, and whether the network is connected or not. This is with the help of Purple AI.
What needs improvement?
According to me, there is one thing I dislike, which is the dashboard. SentinelOne Singularity Cloud Security does not provide a custom dashboard according to our mindset. There are more types of EDR that give custom dashboards, but SentinelOne Singularity Cloud Security does not provide the custom dashboard. This is the only area for improvement.
For how long have I used the solution?
I have been working in my current field overall for the last five years, but I have used SentinelOne Singularity Cloud Security for the last two years.
What do I think about the stability of the solution?
We do not observe any lagging or crashing.
What do I think about the scalability of the solution?
There is low maintenance because it is a cloud platform. It is very low maintenance according to my experience. We can observe our organization, and it is very low maintenance for small organizations. They can easily maintain this.
How are customer service and support?
Technical support is the best for my side. We can raise any ticket for help from the OEM side. It gives a 10 to 15-minute reply, and for anything that is emergency, they schedule a call and solve our problems. According to me, the technical support is good. I give them 10 out of 10 for technical support.
Which solution did I use previously and why did I switch?
SentinelOne Singularity Cloud Security provides the most features compared to other EDRs, and it is easy to understand. The features are very compact in SentinelOne Singularity Cloud Security, not vast types of features. It is easy to understand for both any fresher or any experienced person. The integration part is also easy compared to other EDR solutions. Newly joined persons can also integrate this because the steps are very easy. According to me, SentinelOne Singularity Cloud Security is the best compared to other EDR devices.
How was the initial setup?
It is easy. Any person newly joined or not belonging to the IT field can follow the steps very easily according to me. The integration parts do not require more types of servers and anything. It is very easy to deploy, and the installation part is also good. There is only one to two minutes installing SentinelOne Singularity Cloud Security agent in each and every endpoint. I think this is the best for SentinelOne Singularity Cloud Security.
What about the implementation team?
Our organization is an MSSP, not a client. We provide the license about our client base. We manage multiple clients through the MSSP portal. We also manage and resell. We provide this license for SentinelOne Singularity Cloud Security and also we manage. There are 8 to 10,000 agents installed on our client side. We manage around 20 to 30 clients, and there are 8 to 10,000 endpoints installed with SentinelOne Singularity Cloud Security on the client side.
What was our ROI?
Overall, I give it a 10 out of 10 because SentinelOne Singularity Cloud Security is the best for me. We have used multiple types of EDR, but SentinelOne Singularity Cloud Security provides the best features for our organization and client organization to safely do any activity or go to internet sites, which is why we can give 10 out of 10.
What's my experience with pricing, setup cost, and licensing?
The pricing is basically not very low and very high. It is in the middle range for easy buying for any small organization and big organization. According to me, it is the best price for the EDR. We can check multiple types of EDR, and their prices are so high, but SentinelOne Singularity Cloud Security is not. SentinelOne Singularity Cloud Security is not lesser and not more. It is in the middle range of price.
Which other solutions did I evaluate?
SentinelOne Singularity Cloud Security has multiple types of policies. One of them is the offensive security. There are also behavioral policies and static AI policies and suspicious policies. There are 10 to 11 types of policies. Anything that triggers the alerts belongs to these policies, which happen through behavioral analysis and offensive security analysis. There are multiple types of policies. Any alert triggered in SentinelOne Singularity Cloud Security comes with the help of these policies.
What other advice do I have?
I have been using this solution overall in my career for the last two years.
There is an AI-based feature. You can create any use case according to our side. Many organizations are not using RDP tools such as AnyDesk or TeamViewer. Most organizations do not allow these features. At that time, the AI gives you the most types of generated codes. With the help of this code, you can create according to your side for creating any custom rules to keep your organization and clients secure.
I give this solution a 10 out of 10 rating.