Our company relies on Cloud Native Security to fortify the security of our cloud accounts spanning various environments, such as AWS, AZURE and Google Cloud. Cloud Native Security provides timely alerts upon identifying vulnerabilities within our cloud infrastructure services, such as security groups and data encryption, empowering us to prioritize and address them promptly.

Cloud Native Security helps us discover vulnerabilities in a cloud environment like open ports that allow people to attack our environment. If someone unintentionally opens a port, we are exposed. Cloud Native Security alerts us so we can remediate the problem. We can also automate it so that Cloud Native Security will fix it.

Since implementing Cloud Native Security, our security team has engaged in robust discussions on enhancing compliance with key regulatory standards such as SOC, ISO, and other pertinent IT infrastructure-related guidelines. As a result of these proactive measures, our security posture has seen a remarkable improvement, reflecting our commitment to maintaining a secure and compliant environment.

Cloud Native Security plays a major role in compliance. IT companies must maintain our company's security level to achieve ISO-based certifications. We are so proud of the changes we have made using Cloud Native Security. We've implemented many of the controls Cloud Native Security recommended, helping us maintain a high security standard. Fintech companies must maintain security best practices overall in our infrastructure.

Cloud Native Security offers suggestions about best practices for security, and we've implemented them all. It's helpful for companies hosting their applications in the cloud configuration. This tool enables us to record unauthorized actors or security failures. Everything is reported in Cloud Native Security, allowing us to rectify mistakes and misconfigurations.

When security threats occur, Cloud Native Security immediately alerts us through various communication channels. It has several modules, including cloud misconfigurations, container security, Kubernetes, vulnerability management, infrastructure code scanning, and cloud detection and response. It also tells us when unauthorized API calls are occurring. Everything is recorded in Cloud Native Security, and it alerts us about what is happening in the account. The detection time for critical alerts is almost instant. We'll see it in under two minutes.

The solution saves the company a lot of time. Responding to alerts can take up a lot of our team's bandwidth. But there is a feature of their remediate that helps the bandwidth of our engineering team to fix the issues when we used Cloud Native Security as a team member. They helped us fix the issues and saved a lot of bandwidth for our team.

My top preferences revolve around infrastructure-as-code scanning and Kubernetes security. With infrastructure-as-code scanning, we catch errors or inadvertent inclusion of sensitive data in our code prior to deploying infrastructure via Terraform. As we continue to leverage Terraform for infrastructure deployment, alongside embracing new technologies to stay aligned with industry advancements, these features play a pivotal role in maintaining our security standards and workflow efficiency.

Cloud Native Security helps us detect vulnerabilities when deploying infrastructure. We use Cloud Native Security to monitor all our cloud infrastructure and accounts. It continuously scans whether or not we have the agent installed. It's something like a role. You can configure an IAM role that provides access to Cloud Native Security to scan. It enables seamless connectivity with any cloud environment.

The Offensive Security Engine has helped us to discover some breaches.
You can see across the cloud domain in Cloud Native Security. For example, the dot com map can cover multiple servers internally. Cloud Native Security flags all URLs exposed to the public and other vulnerabilities. When we get alerts from the Offensive Security Engine, it has some internal debugging tools the developers can use.

The Kubernetes scanning on the Oracle Cloud needs to be improved. It's on the roadmap. AWS has this capability, but it's unavailable for Oracle Cloud.

I have used Cloud Native Security for three years.

Cloud Native Security is highly stable.

Cloud Native Security is scalable.

I rate Cloud Native Security support nine out of ten. They solve issues within the agreed-upon period. They're impressive.

We previously used the native AWS tools like Inspector. Cloud Native Security is impressive compared to those.

It's easy to integrate Cloud Native Security and onboard all our cloud accounts. Before implementing, we tried to have all the security best practices in place. If you do that, it's easier to fix the vulnerabilities when Cloud Native Security detects them. Deployment took about five or six minutes.

We opted for Business Plan at an affordable rate, providing excellent value for your investment. While I'm not entirely certain, I believe the monthly cost is around 180,000 rupees.

We looked at Trend Micro and some other options.

I rate Cloud Native Security nine out of ten. Use this tool if you want to keep your cloud applications secure.

Cloud Native Security offers the flexibility to create a customized solution that fits our specific needs. It's a comprehensive tool encompassing the central elements—PSC, PPP, and more.

It is advantageous in terms of time-saving and cost reduction.

There's an array of upcoming versions with numerous features to be incorporated into the roadmap. Customers particularly appreciate the service's emphasis on intensive security, especially the secret scanning aspect. During the proof of concept (POC) phase, the system is required to gather logs from the customer's environment. This process entails obtaining specific permissions, especially in terms of gateway access. While most permissions for POC are manageable, the need for various permissions may need improvement, especially in the context of security.

I have been using Cloud Native Security for the past six months.

I'd rate it an eight. It's a reliable solution that the organization is increasingly adopting for its robust features and security.

It is quite scalable. I would rate it an eight out of ten.

They are helpful.

Prisma Cloud seemed limited in its solutions and had to acquire other companies for broader offerings, while Cloud Native Security provided more comprehensive and tailor-made solutions, especially in terms of authentic security features.

The setup isn’t easy because it doesn't support Azure. It's something on the roadmap. It doesn't limit itself to a particular hypervisor.

For now, we don't handle the maintenance. It's all managed by the vendor for our customers.

It's not expensive. The product is in its initial growth stages and appears more competitive compared to others. It comes in different variants, and I believe the enterprise version costs around $55 per user per year. I would rate the pricing a five, somewhere fairly moderate.

I would rate it 8 out of 10.

We use Singularity Cloud Workload Security for our production and build workloads.

We implemented the solution to simplify the deployment of forensic tools, including EDR, into our cloud infrastructure, where it may be difficult to install an agent.

We have a hybrid deployment, with an estimated 8,000 to 70,000 cloud workloads. We serve a customer base of nearly one billion people, including 700 million current EA subscribers. Handling this workload is no small feat. The estimate is so broad because we do not own or control every AWS, Azure, or GCP account; studios use this infrastructure without our help. We are still in the discovery phase of trying to determine the exact number of workloads. There are thousands of Kubernetes clusters.

Singularity Cloud Workload Security's real-time threat detection capabilities are good. We recompeted SentinelOne against fifteen or twenty different AV vendors over the course of 2018 and 2019 and found SentinelOne to be superior in virtually every possible way.

Forensic capabilities are now excellent. When we started, we had a contractual agreement with SentinelOne to improve deep visibility to match our current toolset, Carbon Black Response. Over the course of two years, they delivered everything we could get from Carbon Black and even more.

The visibility of workload telemetry is excellent, and the hunting capabilities are second to none.

When no human intervention is required Singularity Cloud Workload Security detects and remediates nearly instantaneously.

Our MTTD is sub 30 days.

Our MTTR is seven days after detection for most instances.

The interoperability with third-party solutions is great.

The most valuable feature is the ability to gain deep visibility into the workloads inside containers.

Sometimes the Storyline ID is a bit wacky. It's not that the data is inaccurate, but the threat item that's flagged can sometimes point to a storyline that's not relevant to the hunting object we're looking for. In short, Singularity Cloud Workload Security can sometimes take us on a roundabout way to get to where we want to be when using Storyline ID.

I would like a public repository for CWPP. Having to request a script from SentinelOne to deploy CWPP is not ideal, and this is true for all of the tools, including the Linux agent. Without a public repository, when a deployment team needs something like a GPG key to validate the image, we have to request a signed copy of the software. This is not ideal because it removes our ability to self-serve. Therefore, if I had to ask for anything to make it easier, it would be signed images that are GPG signed and a public repository where we can get the bits from.

I have been using Singularity Cloud Workload Security for over four years.

Singularity Cloud Workload Security is stable. No lag, no crashing, no downtime. The joy of running as a container is that it doesn't break the other parts.

The Singularity Cloud Workload Security auto-scaling feature is great.

Technical support is excellent. One of the selling points of SentinelOne is the incredibly good support.

The initial deployment was straightforward, but only because I had to obtain a script from SentinelOne. I completed the deployment myself.

Our three-year renewal with SentinelOne this year was shockingly expensive. In fact, covering our 50,000 endpoints would have nearly bankrupted most security programs, even well-funded ones like ours. The sticker shock is real. I understand that SentinelOne is a market leader, but the bill we received was astronomical.

We evaluated a few application security tools, but CWBB is only a software opportunity. SentinelOne has become our primary solution for all aspects of endpoint security. Therefore, when we considered adding detections for cloud workloads, it made sense to choose SentinelOne as the ideal solution.

I would rate Singularity Cloud Workload Security nine out of ten.

To someone who doesn't think they need CWPP because they already have a continuous security monitoring solution in place, I would say, Consider the old security adage that they are not currently free of malicious items. They have them, but they just don't know where they are.

We have an upgrade policy for maintenance purposes. We need to implement the upgrade policy, but we do this through Chef automation. Writing Chef automation for this can be a bit complex, but it is not impossible.

SentinelOne Cloud Workload Security's ability to be innovative is excellent. I'm a big fan of SentinelOne's API, which has allowed me to develop some creative solutions. I'm actually the only SentinelOne administrator at my organization, so in terms of innovation, it's probably the best tool I've ever used. I've been able to create an automated "one-man army" using SentinelOne.

I recommend deploying a test environment. Do not try to deploy this into an existing environment and test there. It's a bad idea. Not from a SentinelOne perspective, but I'm not much of a Kubernetes expert. I know it can be dangerous, and we tried to do this in a test environment of a live production environment and had a lot of trouble. Not because of SentinelOne, but because of our Kubernetes deployment. Having to complete a bad Kubernetes environment with little knowledge of CWPP basically made getting it working very difficult. So my advice would be to build a clean, industry-standard test environment that can be broken with no risk.

We use Singularity Cloud Workload Security to protect all our servers from malware, both present and future. We also use it to protect our user endpoints, such as workstations and employee laptops.

We recently switched from Windows Defender to SentinelOne endpoint protection after a few of our laptops were infected with malware. SentinelOne has been protecting our laptops, endpoints, and servers for two years now, and it has performed well in internal and external audits.

We currently have a hybrid Active Directory environment. SentinelOne itself is a SaaS-based product, so it is fully cloud-based. However, we need to install agents on all of our endpoints and cloud services.

Singularity Cloud Workload Security has real-time threat detection capabilities. We have tested it with multiple clients and ourselves, and it has detected malware every time we have been attacked. Compared to other major security vendors, Singularity Cloud Workload Security had the best detection rates for all the malware we threw at it during our proof of concept.

Automated remediation is policy-based, which makes it very useful. The SentinelOne platform gathers all information about how the threat played out and all the changes that were affected on our system. Using this information makes it very easy to remediate all the damage because we know what happened. Automated remediation is amazing and a key differentiator from other competitors.

For Linux kernels, the agent supports almost all platforms, including legacy Windows, macOS, and Linux. We have a few Linux servers, and the mitigation and all the other features work just as well as on the other operating systems.

Using the Deep Visibility Console, we can thoroughly investigate everything that was called or changed on a computer. This gives us visibility into virtually everything that happens on all of our endpoints at all times, in real-time. This has allowed us to find threats that other vendors would have missed. We can also use the Deep Visibility Console to perform threat hunting. For example, if a threat has been moving around our network, we can track it down to see exactly where it is moving to and how it is working.

The historical data record provided by Singularity Cloud Workload Security after an attack is good. For data retention in terms of threats, we have a one-year retention period. This is a long time, and it is very useful for our insurance policies, as we often need to comply with them. For compliance purposes, the one-year retention period is perfect for us. For visibility logs, for example, we are ingesting some logs, and I believe the retention rate is actually fourteen days.

Singularity Cloud Workload Security has reduced our MTTD. Previously, with Defender, it would sometimes fail to detect threats. Now, we detect and remediate many more threats automatically, almost instantaneously. For example, if we download a malware file, we usually cannot even open it because Singularity Cloud Workload Security detects it automatically with a super-fast response time.

Our MTTR is automatic. As soon as a threat is detected, remediation is performed automatically, according to our policy. We can even generate a report of the remediation and all affected files. This allows us to see everything and ensures that remediation is performed quickly.

Singularity Cloud Workload Security has freed up our SOC staff's time to work on other projects. Before, we were considering hiring a 24/7 SOC team, but with SentinelOne's vigilance package, they take care of almost everything for us. We no longer need an employee to monitor logs and threats 24/7.

Since we are freeing up some time from the operations side, our IT administrators and security personnel do not have to constantly monitor the console to see what is happening. Because we trust the product to take care of malware for us, our productivity has definitely increased. We only check the logs once a week.

Singularity Cloud Workload Security works well with other vendors, so we can even have two EDR solutions if we want to. The exclusions can be done through the console, which is very easy to use. It gives us a list of all the applications that we have installed on all our systems and makes it easy to create different types of exclusions. For example, we can create exclusions for performance reasons or to suppress alerts. There are a lot of options, and they are all very easy to use.

My favorite feature is Storyline. It creates a neat graph that shows us how any threat played out, in real time. We can see all the information about what was modified or changed on our system, such as files that were modified, created, or deleted, and register keys that were created or edited. For a SOC analyst, this information is super useful. We can deep dive into all the information and see exactly what happened on each computer individually.

The second feature is actually part of the SDR platform, and it provides native integrations with other security software vendors, such as Okta or Azure AD. This allows us to ingest all of our audit logs for security events and to take action on them. For example, we can set up an automation alert so that if a threat is detected on an endpoint, we can automatically take action on our Okta or AD environment, such as locking the account that was signed in or forcing a password reset.

I know that SentinelOne is working on additional integrations for their XDR platform, and I would definitely prefer more integrations. I understand that many more integrations are coming soon but by the end of the year. I would like additional integrations. Currently, we have integrations with Azure AD, Okta, Mimecast, and Netscope. Many of our clients and we also use firewalls from Cisco, Juniper, and so on. It would be helpful to be able to retrieve audit logs or actionable items from these firewalls.

I have been using Singularity Cloud Workload Security for two years.

Singularity Cloud Workload Security is stable, and we have not experienced any downtime.

The stability of Singularity Cloud Workload Security is similar to that of Microsoft Defender.

Singularity Cloud Workload Security is infinitely scalable, with a multi-tenancy feature that allows us to have multiple sites, such as physical sites. For example, if we have two locations, we can easily create admins who have access to only one site or to all sites. It scales really well, regardless of our environment.

The auto-scaling feature is user-friendly. As we install more endpoints, they will simply show up in the console, allowing us to create our own physical sites with their own admins and different policies.

My interaction with technical support was pleasant. They gave me a few tips on how to integrate the new system. They also sent me some documentation, which was already available to me, but they saved me the time of searching for it. They even offered to schedule a team call to discuss the integration and have a team member help us directly. The only downside is that the entire interaction was text-based, so it could be difficult to get a definitive answer to some questions.

We previously used Microsoft Defender, but some of our laptops were infected with malware anyway. Because of this, we had to redeploy all of our laptops. We therefore concluded that the solution was not working as well as it should in terms of detection and response so we switched to Singularity Cloud Workload Security.

Deployment was straightforward. The agent is simple to deploy, and we only need to deploy it to all of our endpoints. It is a simple installation that requires our site token. We can deploy it through group policies, Intune, or any mass deployment software. I completed the deployment myself.

We evaluated CrowdStrike, Carbon Black, and Bitdefender, and found that Singularity Cloud Workload Security had a much better remediation process. This is because Singularity Cloud Workload Security uses AI-powered detection and remediation, instead of relying on human analysts. This means that threats can be detected and remediated much faster than with traditional security solutions. Another factor that influenced our decision was pricing. SentinelOne is not too expensive compared to other providers, and it offers a wide range of integrations with other security products.

I would rate Singularity Cloud Workload Security nine out of ten.

Maintenance is minimal, requiring only occasional updates. When a major update is available, we receive an email notification. We then accept and deploy the update to all eligible endpoints through the console.

Singularity Cloud Workload Security is very easy to deploy and has one of the best detection rates among vendors. It has a very user-friendly UI that provides a high-level overview of current threats and system status, as well as the ability to drill down into analytics and threat indicators using the visibility console. It is so user-friendly that anyone can use it, regardless of their expertise level. However, for more experienced users, there is also the option to dig deeper into the data.

Singularity Cloud Workload Security helps us spend less time on threats and more time on our core competency, which is consulting work. This definitely improves our productivity and innovation.