SentinelOne Singularity Complete is an endpoint protection solution that my company deployed on all workstations and servers to protect against ransomware, malware, and other types of infection.
SentinelOne Singularity Platform
SentinelOneExternal reviews
301 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Allows users to see and manage infections from the web-based admin panel, is reasonably priced, and has more advanced technology and multiple features
What is our primary use case?
How has it helped my organization?
SentinelOne Singularity Complete has saved us too many times to count. The most recent save happened shortly before 1:30AM. A user had downloaded a ransomware payload that tried to detonate in the middle of the night when no one was was awake to even notice. I woke up the next morning with a notification email from SentinelOne telling me that it had discovered the infected file and removed it before it could do any damage. I was beyond thankful.
What is most valuable?
What I like best about SentinelOne Singularity Complete is its web-based admin interface, which allows me to go into the platform, look at the entire organization, particularly all of the sentinels or endpoints, and manage everything from there. For example, if someone is infected, I can manage the whole operation and process from the admin panel.
I also find SentinelOne Singularity Complete beneficial in its interoperability with other SentinelOne solutions and third-party applications. This helps the solution stand out.
The ability of SentinelOne Singularity Complete to ingest and correlate across security solutions is also a great feature.
The solution has not reduced any of the alerts for my company, but I'm happy to see when the alerts come through on the platform. As for the mean time to detect, SentinelOne Singularity Complete helped reduce it by ninety percent.
I noticed the mean time to respond has been reasonably quicker after using SentinelOne Singularity Complete, plus the organizational risk has been reduced.
In terms of quality and maturity, SentinelOne Singularity Complete has been around for a while and is a trusted solution. I have a colleague who works for another organization that was hit with ransomware, and the consulting company working with his team recommended SentinelOne Singularity Complete as one of the changes to implement immediately so from that standpoint, I truly enjoyed hearing that knowing that my company is also a SentinelOne Singularity Complete customer.
As a strategic security partner, I found the solution great, primarily because all of its features work well.
What needs improvement?
Update: SentinelOne Singularity Complete now works much more efficiently inside of Google Chrome. The lag times are gone and I'm able to navigate without issue.
----------------------------------
SentinelOne Singularity Complete takes up a lot of memory in Google Chrome, which sometimes causes it to lag, so this is an area for improvement. The solution could be improved by increasing its efficiency within the web browser.
Another area for improvement in SentinelOne Singularity Complete is technical support, particularly the response time when dealing with non-critical issues.
For how long have I used the solution?
We've been using SentinelOne Singularity Complete for over two years now.
What do I think about the stability of the solution?
I didn't experience crashing and downtime from SentinelOne Singularity Complete, so I find it stable.
What do I think about the scalability of the solution?
For my company's use, SentinelOne Singularity Complete is great and has no issues scalability-wise.
How are customer service and support?
The technical support provided for SentinelOne Singularity Complete is a seven out of ten because the team takes longer to deal with non-critical support issues. Response time could be faster.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
My company was looking for a solution encompassing a wide range of protection, and SentinelOne Singularity Complete matched what the company was looking for. The company used another product, particularly Webroot, and then moved to this solution.
Moving to SentinelOne Singularity Complete was my company's decision as it had more features, was more advanced and was more suitable for an enterprise application. Hence, the solution was ultimately a better fit when compared to Webroot.
How was the initial setup?
I was involved in the initial deployment of SentinelOne Singularity Complete, which was very straightforward.
What about the implementation team?
SentinelOne Singularity Complete was implemented in-house. I did it all by myself.
What was our ROI?
Anytime my company doesn't get infected with ransomware, there's ROI from SentinelOne Singularity Complete, as being infected with ransomware is pretty costly.
What's my experience with pricing, setup cost, and licensing?
I find the licensing cost for SentinelOne Singularity Complete fair.
Which other solutions did I evaluate?
I evaluated CrowdStrike. They would not sell me the lower number of licenses that I needed at the time and priced them out of competing against SentinelOne.
What other advice do I have?
I've never used the Ranger functionality of SentinelOne Singularity Complete.
In my company, SentinelOne Singularity Complete has a hybrid deployment.
From a maintenance perspective, I have to ensure the solution is working and looks good, but I only have to go in and check occasionally. In SentinelOne Singularity Complete, the upgrade is automated.
My rating for SentinelOne Singularity Complete is nine out of ten.
I'd tell others looking into SentinelOne Singularity Complete that it provides complete protection and has yet to fail my company, so it's a solution that I recommend. I'd tell others to go with SentinelOne Singularity Complete.
My company is a SentinelOne customer.
Helps reduce alerts and organizational risks, and has helpful support
What is our primary use case?
The whole purpose of having the product is to have endpoint security and visibility with those endpoints as well. After an evaluation period, we determined the product would be a fit for our organization.
How has it helped my organization?
The security and visibility we have on all endpoints helped our organization immensely.
What is most valuable?
There's not one particular item that stands out the most besides the availability of the product itself. We're a small organization. Having the visibility and the protection that it provides helped out greatly. Plus, it fits with our requirements.
The product does not have to go across a lot of different solutions. We don't have a cloud or anything like that where we have to push it in terms of visibility. The deployment is fairly simple. In the end, the overall visibility of it is very simple and the usability has been very simple for us as well.
So far, it helped to reduce our alerts. Based on the application that we would utilize prior to this product, the alert reduction is similar. It is not 100% the same, just similar. They gave us some visibility into what was going on, which provided a 30%, if not more, alert reduction.
It helped free up staff time. Using this solution, we don't have to keep our eyes on it 100% of the time.
It reduced our mean time to detect and respond.
The product helped reduce organizational risk.
The overall product quality is good. I'd give it three and a half stars out of five. It checked all of our boxes. It met the requirements of the security we needed.
If for some reason, we were breached, it gave us the comfort of knowing that we could either automatically set the product to fix the issue or at least record it and let our team go in and resolve the issue. However, it also has the data to hunt the threat if need be. It's given us so much more than we would have expected from a product. Their dashboard is great. We log in and we get everything we need to know right out of the box on our dashboard. If we have anything that's infected it will tell us all of that information in real time. In our environment, it works without giving us any issues or slowing down our productivity in the process. The agent that runs on the system is not heavy. It's easily portable.
What needs improvement?
Initially, when we first deployed the solution, it caused some third-party connectivity issues. It would see it as an application that was not secure. However, we were able to put in a white listing, to help us operate well. We had to do that with around five applications that we ran. Once we applied those fixes, we haven't had any issues since.
I'd like them to make it easier to log in.
For how long have I used the solution?
I've been using the solution for 4 years.
What do I think about the stability of the solution?
I have not experienced any downtime with it. It has not crashed.
It won't run on our accounting server, and we're not sure why the agent caused the conflict with this particular server. Beyond that, it's fine.
****Update: This has been resolved since this review
What do I think about the scalability of the solution?
We deployed the solution to about 200 endpoints.
How are customer service and support?
We've only contacted technical support for the licensing portion of the process. They were very helpful and very straightforward. Everything was right on the money. Once we made the call over the ticket, we were contacted and it was resolved while we were on the phone.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We used Fortinet as well. We've used a few products and this solution does everything we've asked it to do. It was a good replacement for the free Fortinet solution and it protects against things Fortinet does not.
In the past, for some reason, we found that somehow or another, the agent was disabled, and we have not determined as to why that is just yet.
How was the initial setup?
I was involved in the solution's initial deployment.
The deployment was fairly easy. We had a product that allowed us to push the agents out there. It was time-consuming based on the fact that we didn't have full automation. The only other drawback was when it was going through and doing some form of machine learning, it would block certain applications that we had to whitelist with the system in order to get it to work. However, we deployed it in less than thirty days, and it's been running everything well since then.
Our team, comprised of four people, handled the implementation.
There isn't really any maintenance needed. All the agents update well. It is fairly automated.
What about the implementation team?
The initial onboarding was done with SentinelOne. After that, we took it from there.
What's my experience with pricing, setup cost, and licensing?
The pricing is good. It's a big factor for us. Their pricing comes in much less than Fortinet or CrowdStrike.
Which other solutions did I evaluate?
We looked at similar products, such as CrowdStrike and other versions of Fortinet.
What other advice do I have?
I'd rate the solution a ten out of ten.
I'd advise new users to do a proof of concept. That way, you get some time with the system before you deploy it into the environment, and you can iron out issues. If you have 1,000 endpoints and only 1% of the issues that we ran into, it would still be significant, and you'd want to deal with them head-on to make the full deployment easier.
Sentinel One Was best Product!!!
What do you like best about the product?
I like it's response to attacks and remediation methods against malware and also it gives overall visibility of IT Infrastructure with a beautiful user interface.
What do you dislike about the product?
It requires smaller improvements and also there are some rooms for improvement of the product has to be done and it is also quite difficult to understand for beginners.
What problems is the product solving and how is that benefiting you?
It will response to the massive attacks of malwares,worms, trojans and even Ransomwares also. It was also shows how it was responded to sophisticated attacks and also it has many autto remediation features.
Level of detection and visibility we get have vastly improved, and fewer alerts means more time for other work
What is our primary use case?
It is an all-in-one agent on multiple operating systems that can detect malicious and suspicious activities. You can also use it to respond to different threat signals that you get from the platform.
There are multiple engines that run different types of detection, such as behavioral-type activities, that it can detect. It can also detect malicious activity based on a hash. It's a pretty great tool.
How has it helped my organization?
Overall, the level of detection and visibility we get have vastly improved, and that means the protection for our company has improved likewise.
Singularity has helped reduce the number of alerts we get. We were using FireEye at one point, and it was producing a ton of false positives. We have seen a major reduction in false positives, and that has saved our team's time. We have time to do other projects now.
In my previous company, we were using a Cisco product, and there was a ton of time wasted. Out of a 40-hour week, about eight to 10 hours were wasted, and with Singularity, we were able to get back about nine of those hours. Obviously, there are alerts coming in, and you have to investigate them, but the number was greatly reduced. In my current company, about 15 hours a week were wasted with false positives and wild goose chases and alerts. Now, we may put an hour into investigations. The great thing about SentinelOne is that you can get right down to what's going on with the events and deep visibility. It has saved us around 12 to 14 hours a week.
It's pretty quick when it comes to time to detect because you're right on the endpoint. Some agents have a delay in terms of when they report back to a console or a reporting server, but with SentinelOne, it seems that the agent is talking to the console right away. There isn't a huge delay.
Our mean time to respond is also very quick once we see the threat come in. It depends on the policy that is in place and the type of threat. If it is something suspicious, which we don't always have a set response for with the platform, we are able to easily look at what's going on a couple of minutes before the threat and what comes after. We can see the artifact on the endpoint, what is executed and what the user was probably doing. That means we're able to respond really quickly with all that visibility.
When it comes to cost savings, in the first company where I used SentinelOne, man-hours were saved, and it was cheaper to use SentinelOne than the Cisco product.
One use case where we've reduced risk has been due to users using something risky. They were trying to use an application that's like a keylogger. We've blocked it, and we've also created a rule using a star to detect when people are trying to use it. We have also set up rules to detect downloads of risky software, and that's protecting us too. It's protecting us from risk, but there's not a lot of reduction other than some protections and blacklists.
What is most valuable?
The deep visibility is a valuable feature. I can use it during threats or alert signals that we get. I can also use it when we have alert signals from other security tools that we have. I can use the SentinelOne platform to dive into those, even though there's no alert from SentinelOne, and zero in with a timestamp using its deep visibility to look at an endpoint and see if there's anything going on that might be correlated to a threat.
And Singularity's interoperability with other solutions has been a major bonus. You can put exclusions in place for other security platforms. For example, if you're using Symantec, you could easily put in an exclusion for that. The way that you can put them in, with the scope and the different groups, is really great. Singularity also provides pre-baked exclusions for interoperability with other pieces of equipment. For instance, for Microsoft SQL Servers, it already has pre-baked exclusions that you can put in for interoperability. It's far beyond the other platforms that I was using before.
In terms of ingestion, it's definitely taking in a lot of information at the endpoint level. You still need a human to do some of the correlation of the activities. The SentinelOne platform is looking at the endpoint, but you still need a human on the other end to analyze what the human at the other end of the endpoint was doing. But overall the solution does pretty well at correlating activities. I have seen some serious threats come in, and it definitely detects them right away with a pretty good correlation to the threat.
What needs improvement?
During my use of it over the years, they've been continuously improving it.
My biggest complaint is that when you're logged into the console there is the Help section where you can review all the documentation. But when you log in to the support portal, there is documentation there as well. They need to sync those two into one place so that I don't have to search in two different locations for an answer.
And I'm on the fence about whether to keep the agents a little bit longer than they do, before they go end-of-support. That might be an improvement, but I'm not positive about that.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete for about four years.
What do I think about the stability of the solution?
Uptime is all the time.
I've only had one experience where there was a disconnect between the agents and the console. It was pretty brief, but that is when I opened a case with support. I had never seen that before, so the uptime is awesome. It's up 99.9 percent of the time.
What do I think about the scalability of the solution?
It's very scalable. We are working on a special project, in which we want to set up a lab for a special event. I talked with our support, and they said we could set up another site. It's really scalable.
How are customer service and support?
As I mentioned, I recently had a case because there were a lot of agents offline for a moment. Their support responded within one minute. That was an outlier. Every other case that I've opened up with them has not been a priority-one issue, but they usually respond within about five to 10 minutes, and they have been really great. I have not had an issue yet with support.
Everyone I've worked with in support is awesome. They always have the answers. Even if it's a complex issue, we usually get right down to it. I'm really happy with support.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have used it in two different workplaces. Both workplaces were replacing platforms that just did not perform well and did not give you good visibility into what was going on on the endpoints. Both had a higher rate of false positives, and neither had the various detection engines that SentinelOne provides.
How was the initial setup?
I was involved in the initial deployment of the solution in my previous place of employment and it was straightforward. It was only made complex by our own IT department.
There is a little maintenance. I check on a daily basis because you can build out multiple groups. When a new agent is deployed, I have it start off in a specific group to get the agent installed, and then it does a full disk scan. There is a little maintenance—and maybe no one else does this—but I log in and check for new systems. Once they have their full disk scan completed, I'll move them over to the production policy. You could do that on a weekly basis but I do it daily. The morning maintenance is less than five minutes for me, and you could definitely do that weekly as well.
What about the implementation team?
I did it mostly by myself. I had another engineer working with me but that was it. It's really easy, a no-brainer. And that was for about 1,200 endpoints
What was our ROI?
I'm not a manager, but the return on investment may be in saving man hours.
What's my experience with pricing, setup cost, and licensing?
When we were checking out different platforms we did get a price from Microsoft and it was unreasonable. SentinelOne was definitely reasonable and worth the money.
Which other solutions did I evaluate?
I've used several different platforms. We had a demo of the Carbon Black EDR, and I've used the FireEye EDR, Symantec, and Cisco.
We did a comparison between CrowdStrike, Carbon Black, and looked at Microsoft's EDR products.
What other advice do I have?
As far as consolidation of security solutions goes, I have some suggestions for my leadership. I think we can definitely consolidate. For instance, we have a certain network segmentation where we have multiple security tools, including the SentinelOne agent and other agents on the devices. These devices are lower-end systems that don't have super-high specs like you might have on a power user's PC. In that area, we could eliminate one of the security agents and leave the SentinelOne agent. We would be covered in several different areas, such as FIM. I could create a custom rule to watch a certain configuration file, and if it changed, we would receive an alert. You can definitely use it to consolidate. Although we haven't done that yet, we're going to start because it's possible with the SentinelOne.
I believe we could save money by reducing the number of agents on those endpoints. If you walk that back to the yearly cost when we buy licenses, we should be able to save money on licensing for the other agent that we're using.
SentinelOne is very mature as an EDR platform. I would definitely put it in my top two. Across the breadth of everything I've dealt with using SentinelOne, even support, it's definitely top-two and you should check it out. I don't have a bad thing to say about it.
You definitely have to check out SentinelOne. They are firing on all cylinders for multiple areas that you want to consider when buying a tool like this. They're at 100 percent. When it comes to visibility, they present the information so that it's easy to read and understand. Responding is really easy to do. Support, which is a big factor nowadays, has faltered at some companies over the past four years, but support from SentinelOne has been awesome. Put SentinelOne in your PoCs. If you're looking at a couple of companies, you have to look at SentinelOne.
SentinelOne as a provider is a major player in hardening the protection of our environment.
Long time user of Sentinel One
What do you like best about the product?
I have been using Sentinel One Singularity for over 6 years and with multiple companies and roles. Using Sentinel One Singularity on our endpoints gives us confidence that our end points are secure. The granularity we have when customizing our deployment of our agents is very important to us.
What do you dislike about the product?
We do occasionally get false positives, and we have experienced some difficulty whitelisting certain legacy applications. I think this is to be expected with any XDR product though.
What problems is the product solving and how is that benefiting you?
Sentinel One Singularity secures our endpoints which are spread all over the world. We have confidence that our endpoints are secured when protected by Sentinel One Singularity.
SentinelOne has been great
What do you like best about the product?
I really enjoy the visibilty that the skylight and deep visibilty feature offers along with the integration sentinelone offers with other security products we utilize to ingest and strengthen our tools.
What do you dislike about the product?
Search queries in deep vis. at times can be a bit confusing, however it seems the new update skylight has addressed this issue and has been search queries very simple to perform.
What problems is the product solving and how is that benefiting you?
The XDR platform has been great in identifying threats and remediating false positives in a few clicks. The way SentinelOne visualizes attacks makes the alerts and investigations much easier than previous products I've utilized.
a really positive exp. S1 it's a very comfortable EDR platform
What do you like best about the product?
the way the incidents are notified. It´s for me easy to catch an eye in the daily incidents, agents, DV and so more.
What do you dislike about the product?
the evolution of the plattform. The version realeses are very quick. It take some time to get used when the new version is already online
What problems is the product solving and how is that benefiting you?
mitigations
updates
deep visibility
rangers
applications
scans
fetch logs
updates
deep visibility
rangers
applications
scans
fetch logs
SentinelOne Singularity solution is really doing its' job as expected .
What do you like best about the product?
One of most important and helpful feature that SentinelOne has it a threat detection which work based on AI . And with this component you are able to reduce risks against any type of attack .
What do you dislike about the product?
During my work with SentinelOne I had not seen any cons based on which I can provide any expreience which I had in previous .
What problems is the product solving and how is that benefiting you?
For me it is solving problem with hidden attacks . When no any EDR is not able to detect it . Solution also saving my time as IR specialist .
The evolution of the S1 AI-SIEM is a game changer
What is our primary use case?
We utilize SentinelOne Singularity Complete to manage the endpoints, including workstations on both Windows and Mac platforms. This enables us to detect any anomalous behavior and threats on these workstations. Essentially, it empowers us to safeguard our enterprise, effectively replacing our conventional antivirus solution.
We aimed to bolster our security and achieve more comprehensive coverage, which is why we adopted SentinelOne Singularity Complete.
How has it helped my organization?
Singularity Complete's interoperability with third-party tools is good. The integration with the Singularity AI-SIEM platform enables us to collect logs from various other platforms and consolidate them into a single console. This greatly facilitates swift issue diagnosis and identification, making it an advantageous perspective.
We have recently begun using the ingestion and correlation functionalities of Singularity Complete. Currently, we are in the process of integrating it with our existing networking equipment, namely Palo Alto and Fortinet. Our objective is to ingest specific data from these sources and derive meaningful insights from the collected information. The integration processes are quite straightforward and user-friendly. It seems that any challenges we are facing might be attributed to configuration issues on our side, which we need to improve upon.
Singularity Complete has assisted us in consolidating our security solutions. With Singularity Complete, we now have a centralized platform for monitoring alarms. We are gradually phasing out the other solutions we had in place.
It has enabled us to gain more confidence and autonomy. The solution is comprehensive as it effectively manages both workstations and threats. Consequently, it significantly reduces the burden of dealing with operational issues and reacting to problems. This approach eliminates the need for excessive proactivity, as we trust the platform to handle these tasks on our behalf. Thus, we no longer need to spend time searching for threats, as the platform efficiently performs this task for us.
It helped reduce false positives. We fine-tuned the solution by creating some exclusions that have reduced the number of alerts.
Singularity Complete has freed up two to three hours per week of our staff's time to work on other projects and tasks.
Singularity Complete has reduced our MTTD by around five hours and has reduced our MTTR by around three hours on average.
It has indirectly helped save costs because we spend less time having to deal with configuration and proactively configuring alarms and alerts.
Singularity Complete has reduced our organizational risk by around 40 percent.
What is most valuable?
It is now a toss up between the AI-SIEM platform and the the rollback feature. There were instances when some workstations detected infections, and having the rollback feature proved to be incredibly valuable.
What needs improvement?
Native integration with the mobile console is an area that can be improved.
I'd like to see more operations with the XDR platform.
For how long have I used the solution?
I have been using SentinelOne Singularity Complete for one year.
What do I think about the stability of the solution?
I would rate the stability of Singularity Complete a ten out of ten.
What do I think about the scalability of the solution?
I would rate the scalability of Singularity Complete a nine out of ten.
How are customer service and support?
The technical support is of high quality, strong, and responsive.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We previously used ESET but we were often missing threats and not finding out until after the fact.
How was the initial setup?
The initial setup is straightforward. We collected several samples for each department, and subsequently, we distributed them to ensure their functionality among the users in different departments. After conducting the necessary tests, we proceeded to implement the final version.
Two individuals were engaged in the deployment: a Cyber Hunter and an administrator.
What about the implementation team?
The implementation was completed in-house.
What was our ROI?
We have observed a return on investment through the time saved managing our workstations and addressing threats. This has provided us with additional time to dedicate to operational projects.
What's my experience with pricing, setup cost, and licensing?
The pricing was very similar in terms of its competitors, but I believe SentinelOne's capability and willingness to attract new business allowed us to save some extra money. I think the pricing aligns well with the market. They encountered competition, so their pricing was slightly more adaptable. That's where we gained an advantage from it.
Which other solutions did I evaluate?
We evaluated CrowdStrike and Microsoft Defender. We didn't find microsoft Defender to be a strong enough technology. CrowdStrike was more expensive, while SentinelOne offered a combination of good technology and affordability.
What other advice do I have?
I would rate SentinelOne Singularity Complete ten out of ten.
SentinelOne is ahead of the curve. They are certainly leading the way. When we consider the kinds of integrations being developed and the AI integrated into the platform, it's evident that they are the latest entrants to the market. This current position enables them to be more innovative in their approach.
SentinelOne Singularity Complete is extremely mature at this level.
We have 50 end users based out of multiple locations. A lot of our users work from home. Singularity Complete is deployed on laptops, workstations, and our servers.
The maintenance is minimal and is overseen by one person.
We're very satisfied with SentinelOne as a strategic partner. They've given us what we need, and we see a long-term future relationship with them.
Planning the rollout is crucial because we need to effectively manage the changes with the users. Therefore, meticulous planning of the rollout, organized by department, ensures a seamless transition and allows us to anticipate any potential issues. Adopting a staggered approach, rolling it out per department, is likely the most effective strategy for deploying Singularity Complete.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Simple and Solid
What do you like best about the product?
It's simplicity quickly identies issues and has always been reliable. Never impacting production and light enough to never be noticed!
What do you dislike about the product?
I haven't found anything to dislike yet!!! Been using it for over 5 years
What problems is the product solving and how is that benefiting you?
Early detection which equates to more time for Administrators
showing 41 - 50