SentinelOne Singularity Cloud Security is deployed on all our servers except for user machines. When Singularity identifies a downloaded application as malicious, it triggers an alert sent to our SIEM console. We can then investigate the alert details, including associated logs, to determine if the malware is static or actively malicious. We can also investigate suspicious IP addresses or domains. Additionally, Singularity monitors process creation and can provide forensic data on security incidents, including information about backdoor connections and the applications involved, like Chrome or other browsers.

SentinelOne Singularity Cloud Security stands out for its user-friendliness compared to competitors like CrowdStrike, FireEye HX, and Microsoft Defender. Unlike these tools, which can be cumbersome for tasks like running queries or searching for logs, Singularity offers intuitive interfaces and delivers results in seconds, even for complex searches across various hash formats, like MD5, SHA256, etc., without needing conversion.

Our existing SIEM console allows us to analyze alerts triggered by the SOC team. We can investigate potential false positives or conduct tests directly within the console. Additionally, the console facilitates quick searches for IOCs to identify malicious communications. Furthermore, Singularity Cloud Security offers a central management console for automated machine reboots, containment, and even self-maintenance in response to high-severity security alerts. This eliminates the need for manual intervention.

We saw the benefits of SentinelOne Singularity Cloud Security within the first two months of transitioning from FireEye HX. Singularity was easy to manage, and we were able to identify vulnerabilities.

SentinelOne Singularity Cloud Security has helped reduce the false positives we receive by 15 percent compared to FireEye HX.

Singularity has helped reduce our mean time to detect. The automatic containment of the infected machine is done within the first ten seconds of detection.

Singularity has helped reduce our mean time to remediate. 

The user-friendliness is the most valuable feature.

SentinelOne Singularity Cloud Security offers a custom search function with a default 14-day limit. Extending this period to 30 days requires an additional license. A two-month grace period for extended searches would be a valuable improvement. Additionally, enhancements to the threat-hunting capabilities of the hunter module are recommended.

I have been using SentinelOne Singularity Cloud Security for two years.

We had an incident in which they pushed a patch without notifying us and without testing, damaging all of our security controls. 

Neutral

We previously used FireEye HX but shifted to Singularity because we saw the potential while the POC was going on. The top three endpoint security solutions are SentinelOne Singularity, Microsoft Defender, and CrowdStrike. FireEye HX is not one of them.

The initial deployment's complexity was moderate. The entire deployment took six months to complete.

The implementation was completed with the help of the vendor.

I would rate SentinelOne Singularity Cloud Security seven out of ten. The lack of a 60-day search option for the log source lowers the overall score.

The endpoint security team does the maintenance.

SentinelOne Singularity Cloud Security is a good product that is easy to use. 

We use Singularity Cloud Security to monitor our infrastructure and ensure it meets all security and compliance standards. The solution helps us maintain and strengthen our security posture. Singularity covers our AWS environment, Kubernetes clusters, and some of our GitHub repositories.

Our organization is growing steadily, so our infrastructure is expanding, and we're managing more technical resources. Singularity Cloud Security helps us track our resources so that we don't get lost in the overwhelming volume of things and ensures we follow best practices. The solution gives us better visibility into our resources and enables faster resolution. 

Another advantage of Singularity is compliance. I work in the payments industry, where regulations are strict.  Maintaining everything and ensuring all the resources meet compliance standards is challenging, but Singularity Cloud Security enables us to do that while saving a lot of time. 

Singularity has helped us reduce false positives, but it has also introduced some. Still, it's significantly less than many of the other tools we use. If we deal with fewer false positives, the technicians have more bandwidth to work on real issues. We don't need to spend time on the analysis and can focus on fixing the vulnerabilities and ensuring compliance. 

The solution has improved our security posture considerably. In the finance industry, we can't function if we aren't compliant. The better our security posture is, the more compliant we are. By reducing vulnerabilities, we have eliminated risk factors in our systems.

Our remediation time is shorter. It's easier to identify vulnerabilities. We don't need to do much analysis before fixing vulnerabilities. About 90 percent of the time, we can identify the correct problem instantly and begin remedying the finding. It has saved a lot of time. It takes us only one or two days to remedy critical issues, whereas it previously took two weeks. Our mean detection time has dropped from about a week to one or two days.

The solution has given us a lot of insight into cloud security. It shows us some best practices that many people in the company do not know. Singularity finds those weak spots and educates us on the latest best practices to follow. The next time we deploy changes to our infrastructure, we change our policies and designs based on the recommendations. 

Singularity Cloud Security's UI is clean, simple, and easy to use. When I started using it, I found it easy to learn what things are. Everything is explained in detail. It's always up to date with the latest technologies, such as AWS Kubernetes. They keep on top of trends with new features and updates.

The solution has a mapping feature that allows me to write my own queries and better understand my resources. It also offers some help with security controls on their end, suggesting best practices that you can use to write custom queries or standards. We have the flexibility to customize our infrastructure based on our needs. 

Singularity's evidence-based reporting rates my alerts so I can see which ones to prioritize and identify the critical vulnerabilities. It provides a highly detailed description of each vulnerability and the resolution steps. I can triage all the findings from one place and apply different filters based on my preferences.

The offensive security engine is another major feature. We use it for our infrastructure and machines to see if we have an exposure or liability. It takes some time, but the vulnerability reports are highly accurate. It saves us some time because we don't need to verify all the vulnerabilities. We just have to go fix them.

The detection time could be better. It takes a long time to scan. I'm not sure how long other tools take for the same amount of scanning, so I cannot compare it with other tools, but it takes us half a day to a full day to complete the scan. I want to get the reports faster so we can start fixing the problems. 

The proof of exploitability is another area for improvement. While I have all the information to troubleshoot the problem, it isn't detailed enough for an administrator. It has sufficient information for a general user, but an administrator would like to know all the ins and outs of the vulnerabilities that have been reported. 

I would like to see the map feature improve. It's good, but it isn't fully developed. It lets us use custom resources and policies but does not allow us to perform some actions. I would also like more custom integration and runtime security for Kubernetes.

We have used Singularity Cloud Security for about eight months. 

I haven't seen any major stability problems. There are some minor issues but they are rare. Overall, it has been a smooth experience.

Singularity is scalable. It has one UI that can be integrated easily with multiple backends, so we have all the data in one place and we can do whatever we want with it. 

I rate SentinelOne support eight out of 10. Their support team is proactive. It has been a while since I connected with them. They helped me with all my questions quickly. It was an excellent experience. 

Positive

I have worked on other infrastructure-as-code tools and other tools for various functions that Singularity performs, such an AWS Inspector, but now we use Singularity for most of it. 

The initial setup is not a very complex process. Because of the large number of resources, we have so many places where we need to integrate the solution repeatedly. It's easy to set up new places or add integrations. The initial setup took two to four weeks. That was how long it took to go back and forth and cover everything. 

We did a PoC first, which wasn't very hard. Our deployment team consisted of three or four people. The vendor team was very helpful when they deployed everything on our infrastructure. They helped us set up all the necessary permissions. 

The return on investment has been good. Singularity offers a lot of flexibility to focus on different aspects because it gives us a lot of information and helps us maintain the observability of all our resources. That is something that we value because of the sheer volume of resources we have. We couldn't do that manually or using some other tools. 

I rate SentinelOne Singularity seven out of 10. It's a solid product and I recommend checking it out. It has some excellent features, observability, metrics, etc. It's very cool.

We leverage SentinelOne Singularity Cloud Security for cloud security posture management, which continuously monitors our cloud configuration for vulnerabilities. When SentinelOne Singularity Cloud Security detects an issue, we prioritize the alert from our cloud-native security solution and route it directly to the DevOps team for remediation.

We have SentinelOne Singularity Cloud Security deployed on AWS, Azure, and GCP.

SentinelOne Singularity Cloud Security has significantly reduced the number of false positives in our cloud-native security environment from 30 percent down to five percent. This is especially helpful since we receive notifications and alerts from various sources like AWS and Cloudflare, all with their own security policies. With SentinelOne Singularity Cloud Security, I feel confident that these alerts are accurate, reducing the workload on our security team and giving us peace of mind for the past two years.

The threat detection capabilities have improved our overall security by safeguarding our cloud data transfers, and protecting both incoming and outgoing files.

With a large number of domains under our management, SentinelOne Singularity Cloud Security's incident response feature is crucial for identifying and swiftly addressing any data corruption issues that may arise within them.

SentinelOne Singularity Cloud Security has a user-friendly interface, making it a breeze to learn the fundamentals and navigate the dashboard.

Our Infrastructure as Code effectively identifies potential problems in templates and configuration files during the preproduction phase. This information is then relayed to our support team who can address these issues proactively.

Before implementing SentinelOne Singularity Cloud Security, our cloud security was inadequate, resulting in inaccurate data visibility. To ensure complete data encryption and client invisibility, we adopted SentinelOne Singularity Cloud Security, which successfully secured our cloud environment.

Reducing false positives has strengthened our security posture. While we transitioned from Prisma Cloud to SentinelOne Singularity Cloud Security for our GCP and AWS environments, Prisma offered more advanced features. However, SentinelOne Singularity Cloud Security prioritizes customer requests, addressing security needs faster than Prisma's release cycle, ultimately improving our security efficiency.

SentinelOne Singularity Cloud Security has strengthened our risk posture by implementing access controls to ensure only authorized personnel can reach our data, and by safeguarding it to minimize security risks.

SentinelOne Singularity Cloud Security has reduced our mean time to detection by 15 percent.

The implementation of SentinelOne Singularity Cloud Security has improved collaboration between our cloud security application developers and AppSec teams. By granting those teams write access, SentinelOne Singularity Cloud Security streamlines interaction and fosters a more efficient working environment.

Our engineering time has been saved thanks to the visibility that SentinelOne Singularity Cloud Security provides.

The visibility SentinelOne Singularity Cloud Security provides into the Cloud environment is a valuable feature.

The user interface is well-designed and easy to use, and retrieving data is smooth and effortless. 

SentinelOne Singularity Cloud Security's cloud filtering has a limitation: implementing single sign-on requires a pre-class account feature, which is currently not available.

I have been using SentinelOne Singularity Cloud Security for one year.

I would rate the stability of SentinelOne Singularity Cloud Security seven out of ten. It is stable when it comes to securing our data.

I would rate the scalability of SentinelOne Singularity Cloud Security eight out of ten. We have scaled many times.

The technical support team is both responsive and efficient, promptly resolving our issues.

Positive

While Prisma Cloud initially managed our cloud security, their slow feature implementation ultimately led us to switch to SentinelOne Singularity Cloud Security. SentinelOne Singularity Cloud Security's responsiveness in delivering the features we need has been a major improvement. Also, the visibility and dashboard of SentinelOne Singularity Cloud Security are superior.

The deployment of SentinelOne Singularity Cloud Security spanned several weeks as each cloud platform we deployed it on required one to two weeks for the process to complete.

SentinelOne Singularity Cloud Security is affordable.

I would rate SentinelOne Singularity Cloud Security seven out of ten.

We have around 20,000 users and have SentinelOne Singularity Cloud Security deployed in multiple locations.

While SentinelOne Singularity Cloud Security does require maintenance, our engineering team prioritizes keeping it up-to-date to ensure the accuracy and security of the data that underpins our cloud security posture.

I recommend SentinelOne Singularity Cloud Security to others.

We use SentinelOne Singularity Cloud Security to secure our IT infrastructure and fix vulnerabilities. For example, it tells us if our resources have been inappropriately made public. We provision our infrastructure on AWS and GitHub. SentinelOne Singularity Cloud Security finds vulnerabilities across our entire network and secrets in our GitHub repositories. It also helps us manage our cloud configurations and security groups. 

SentinelOne Singularity Cloud Security is integrated with Metabolic, Opsgenie, and Slack for notifications. It's also integrated with our security team. They are using a script to correlate the data from SysTrack. 

When I joined the organization, we didn't have this kind of security tool in our infrastructure. SentinelOne Singularity Cloud Security helps us secure any resources that were mistakenly made public and other vulnerabilities. Initially, we were primarily focused on projects, not on the security side, but we were dealing with some system vulnerabilities that hackers could exploit, like publicly accessible resources. The detection is highly granular. It gives you small vulnerabilities and very new types. 

The SentinelOne Singularity Cloud Security team will help you reduce false positives quickly. When we first used SentinelOne Singularity Cloud Security, false positives were high, so we contacted the team. They did some testing and modifications, and the problem was solved in one or two days. 

The mean detection time has drastically reduced. The detection time varies depending on what we're scanning. When we're scanning GitHub, it takes 7 to 10 minutes. On the cloud platforms, it depends on resource availability. It takes 10 minutes on the high end, but the mean is about 1 or 2. Overall, it has been reduced by about 10 percent. 

The remediation time is up to us. SentinelOne Singularity Cloud Security just detects it, but it gives us an assessment and recommendations, making it easier to resolve. When we fix a vulnerability for a particular resource, the issue will not occur again. 

SentinelOne Singularity Cloud Security can integrate all your cloud accounts and resources you create in the AWS account, We have set it up to scan the AWS transfer services, EC2, security groups, and GitHub. Using SentinelOne Singularity Cloud Security's evidence-based reporting, we can rank the severity of issues as critical, high, medium, etc. Having the ability to prioritize security issues is crucial for any organization. 

One good thing about SentinelOne Singularity Cloud Security is that it gives you a consolidated view of compliance and vulnerabilities. We can follow SentinelOne Singularity Cloud Security's guidance and comply with those use cases. When you get an alert, they explain how to resolve those issues. 

The user interface is excellent because we see everything in a single panel and can manage all the operations from one portal. It's integrated with Slack, so we can coordinate on the open tickets. We can also mute notifications. The interface is straightforward and easy to use. Anyone can use it.

The offensive security engine is a helpful feature in cases like when a developer leaves some API element exposed, and we can view the potential exploit path. It's helpful when we are deploying any AWS account or service because all our systems depend on AWS.  When the service is initially deployed, we can see what happens and get all the details about anything that depends on it. 

When you find a vulnerability and resolve it, the same issue will not occur again. I want SentinelOne Singularity Cloud Security to block the same vulnerability from appearing again. I want something like a playbook where the steps that we take to resolve an issue are repeated when that issue happens again. 

We have used SentinelOne Singularity Cloud Security for more than 2 years.

I rate SentinelOne Singularity Cloud Security 9 out of 10 for stability. We've never had any glitches. 

We've had no issues with scalability. We've onboarded about 6 or 7. There is no digital investment. You can integrate multiple accounts from various providers. 

The support team was valuable during the initial stages. SentinelOne Singularity Cloud Security contacted us every three weeks. They checked our infrastructure and reviewed all the issues that we were incorporating into the system. They took direct responsibility for the system and could solve queries quickly.

Positive

Previously, we were using the native tools of each cloud provider. For example, we used GuardDuty on the AWS.

Deploying SentinelOne Singularity Cloud Security is straightforward. You can onboard new AWS accounts in five to 10 minutes, and it will start scanning very quickly. They give you a script to run on AWS. You can enroll your accounts based on the template, and it starts collecting data. We onboarded six or seven accounts. It hardly took any time. It's a SaaS solution so we don't need to maintain it. We only need to do the onboarding. 

I rate SentinelOne Singularity Cloud Security 7 out of 10. SentinelOne Singularity Cloud Security isn't a unique solution. Other solutions have the same features, but I like SentinelOne Singularity Cloud Security because it's simpler to use. It doesn't require any maintenance and the scalability is good. However, I think other solutions can give the same level of detail and insight. 

We use SentinelOne Singularity Cloud Security as our CSPM. Integrated with our environment, SentinelOne Singularity Cloud Security scans for vulnerabilities and recommends remediation.

We implemented SentinelOne Singularity Cloud Security to monitor our cloud security for vulnerabilities in the configuration.

SentinelOne Singularity Cloud Security is easy to use.

The evidence-based reporting provides details of the vulnerability and the steps we need to take to resolve it.

The SentinelOne Singularity Cloud Security scanning engine provides valuable evidence by identifying and reporting vulnerabilities that could be attacker targets. This evidence of exploitability is crucial because it allows us to prioritize and patch vulnerabilities effectively. Without this information, we might not be able to address critical vulnerabilities promptly.

Thanks to SentinelOne Singularity Cloud Security, our security posture has improved significantly. Our team has been able to effectively address all critical and high vulnerabilities identified by the platform.

SentinelOne Singularity Cloud Security has improved our mean time to detection. Without a CSPM tool, we would not be able to identify vulnerabilities.

SentinelOne Singularity Cloud Security facilitated collaboration between our cloud security, application development, and AppSec teams. The evidence provided by SentinelOne Singularity Cloud Security streamlines collaboration and vulnerability resolution across these teams.

The collaboration has saved engineering time by up to 40 percent.

SentinelOne Singularity Cloud Security's improved compliance monitoring capabilities have helped us achieve a more secure posture.

All the features we use are equal and get the job done.

We encountered issues with some of the configured security rules. The vulnerability recommendations provided by SentinelOne Singularity Cloud Security were inaccurate. In some cases, the rules are strictly enforced but do not align with real-world use cases. To address this, I recommend revising the security rule definitions to better reflect practical scenarios and provide clearer explanations.

We encountered a problem with SentinelOne Singularity Cloud Security. They required a broad security policy, but we requested that they implement least privileged access and grant fewer permissions than they initially required. It took them over six months to respond to our request.

I have been using SentinelOne Singularity Cloud Security for 1.5 years.

I would rate the stability of SentinelOne Singularity Cloud Security 8 out of 10.

I would rate the scalability of SentinelOne Singularity Cloud Security 9 out of 10.

The technical support teams' response time was good but they were lacking a deep understanding of the different environments which caused delays in resolving our issues. 

Neutral

The initial deployment was straightforward and took 2 days to complete.

Two people from our team were involved in the deployment.

I would rate SentinelOne Singularity Cloud Security 7 out of 10.

Four people in our organization utilize SentinelOne Singularity Cloud Security.

No maintenance is required from our end.

I recommend SentinelOne Singularity Cloud Security to others for CSPM. 

We use it in different ways. The number one use case is related to vulnerabilities, which includes cloud misconfiguration, the Offensive Security Engine, and the management screen itself. That is our primary use case. Then comes the graphical representation of interfaces, and the third use case is the inventory that it allows, which is very nice.

By implementing this solution, we wanted to watch the security vulnerabilities in our organization. We wanted to watch them in the code that gets checked in. We wanted the latest and refreshed list of vulnerabilities in, for example, Log4j or any other software to be highlighted. SentinelOne Singularity Cloud Security keeps updating its database and highlighting any issues.

We use agentless vulnerability scanning. It is cool. It operates on our cloud. All we need to do is authenticate and authorize our agents to read from our cloud infrastructure, which is cool.

SentinelOne Singularity Cloud Security includes proof of exploitability in its evidence-based reporting. This is very important because it gives the entry point to the entire process.

We use SentinelOne Singularity Cloud Security's Infrastructure as Code (IaC) scanning. All of our Terraform code and Git repositories are checked in, identified, and scanned. It helps us identify any issues way before production.

SentinelOne Singularity Cloud Security has not reduced the number of false positives. We have very few false positives in our organization. We have a very specific structure.

SentinelOne Singularity Cloud Security has reduced our mean time to detect. It has helped us a lot. It is quite quick, and that is why we put it in our sprint at every agile site. In terms of its effect on the mean time to remediate, we have not crossed the remediation phase. Remediation is okay. I would want it to go a little bit more specific on remediation, but I understand that it is just an engine that can scan.

We were able to realize the benefits of SentinelOne Singularity Cloud Security in about a month.

SentinelOne Singularity Cloud Security has not affected the collaboration among our cloud security, application developers, and app sec teams. The access to SentinelOne Singularity Cloud Security is less. The number of roles that SentinelOne Singularity Cloud Security provides is very low. I cannot segregate a particular account or a particular user. It is difficult for a lot of people to get. It is just the development, operations, and infrastructure teams that are currently working with it.

It is pretty simple. It is very straightforward. It is not complicated. For the information that it provides, it does a pretty good job.

Its reporting is bad. I export CSV. I cannot export graphs. Restricting it to the CSV format has its own disadvantages. These are all machine IP addresses and information. I cannot change it to the JSON format. The export functionality can be improved.

The graphical representation of different resources is super cool, but the problem is that you cannot do anything with it. For example, if you just take the subnets and VPN and put them in a diagram, it becomes so big. I pretty much cannot use it. There is no point. If I am drawing a graph or bringing up a graph, but I am not able to show it to a person, what is the use of that? It is pointless.

Its scalability can be improved.

In this organization, I have been using SentinelOne Singularity Cloud Security for 6  months. Overall, I have about 4.5 years of experience.

I have not had any issues. I have been lucky enough to not notice any issues.

We have a parent organization, and then we have child accounts, but they have to be configured separately in SentinelOne Singularity Cloud Security, which makes it difficult to add accounts. You have different pages, so a comparative study about account usage is not possible. I am not a fan of its scalability. Its scalability can be better. 

I have interacted with them a couple of times. They have been very helpful. Their speed is pretty good. They are faster than AWS support. They are quick. The support quality is good. I did not see any lack of quality. I do not have anything bad to say about them.

Positive

We have CloudFront, which is a security measure by AWS for a very specific purpose. I have used SonarQube. It is pretty decent. It is code-specific, whereas SentinelOne Singularity Cloud Security falls under code and IaC. I have used the Trivy scanning mechanism. Semgrep is an open-source tool. GitLab has its own set of static code analysis and static infrastructure analysis tools. These are some of the tools that I have used before.

SentinelOne Singularity Cloud Security is very specific to the cloud-native environment. It lets you plug in more than one cloud. My organization has a multi-cloud strategy. With SentinelOne Singularity Cloud Security, we can have Google Cloud and AWS under the same umbrella, which is cool. It has its own unique place, and I like it.

It was very easy. The only problem was getting the RBAC roles. After we had the roles, it was straightforward. It was very simple.

We have a 47-cluster environment. It took about 1.5 hours. It is quick enough. It is as good as CloudFormation.

It does not require any maintenance from our side. Because it is fully managed on the cloud SA, we do not have to do anything.

It was implemented in-house. We have a development and operations team with 5 people.

Its pricing is constant. It has been constant over the previous year, so I am happy with it. However, price distribution can be better explained. That is the only area I am worried about. Otherwise, the pricing is very reasonable. As the cloud vendors change their pricing, SentinelOne Singularity Cloud Security also has to change its pricing. I understand that. I am happy with it, but the split up can be better explained.

To those evaluating SentinelOne Singularity Cloud Security, I would advise understanding SentinelOne Singularity Cloud Security's licensing metrics. You should understand how SentinelOne Singularity Cloud Security calculates. That is very important because it is not straightforward. You should understand that, and you can talk to the support people. They are very good. They clearly explain it. The person who is dealing with it should have a technical background. He cannot be a business analyst.

Make sure that you put in all the configurations on day one. You will find it difficult to compare if you keep building on top of it.

Overall, I would rate SentinelOne Singularity Cloud Security a 7 out of 10.

We use the solution for security posture management. It's a safeguard for our cloud. It helps flag misconfiguration or any kind of vulnerability. There are also remediation capabilities, although we're only subscribed to alerts.

It's a safeguard tool for our cloud. When I'm using my cloud I need to make sure whatever I'm doing is secure. So we needed a gatekeeper or something acting as a gatekeeper, to keep an eye out since people can sometimes make mistakes. If there is any kind of event error, it helps us get alerted.

It's a real-time monitoring tool that runs 24/7.

I like the security capabilities. The availability and stability are very good. 

It is very easy to use, and the graphical user interface is nice. It's great that they provide information regarding issues on the front end. The evidence-based reporting is good. There is some heavy investment there. The user interface and ease of use for security operations are very helpful. Everything is easily available, and that's very impressive. 

It works within a certain set of rules. It has enough information to cover 100% of the services we are using. For most of my expectations, the product has covered my needs. They are also adding new features and functionality.

We use the infrastructure as code scanning, which is good. There's very good security scanning. We can scan non-production environments and get a report. We get notifications of issues immediately. Before moving to production, we always look at reports to check for issues. 

We're almost 99% compliant based on the compliance regulations we follow. It's helpful to have good compliance scanning. 

We've been dealing with fewer false positives. It's improved over time. It's too early to say, percentage-wise, how many fewer we're seeing; however, it is noticeable. 

It's lowered our risk posture. We have been satisfied so far. It covers what we need to be covered.

The mean time to remediate has been lowered by about 20% to 30%.

We now have very good collaboration between our cloud security, application developers, and AppSec teams. There's better communication in terms of response. We haven't calculated if it's saved us any engineering time, however. 

They could improve their mean time to detect. It's good, however, it could be lowered further. Detection should be in near real-time. We need these alerts fast as security is our greatest concern.

They could improve reporting and offer better, faster notifications. 

I've used the solution for almost 2 years.

I'd rate the stability 8 out of 10.

We have 10 to 15 people using the solution. 

I'd rate the ability to scale 8 out of 10.

We've had our support directly reach out to theirs. Sometimes they address items slowly; sometimes they are faster. The support response time could be improved. 

Positive

We did use something prior to PingSafe. We had a few things on-premises and on our private cloud. We liked the pricing and feature offering of PingSafe and decided to implement it. 

The initial setup was pretty straightforward. We had to do some integration and it was simple. The deployment itself hardly took an hour. It's integrated with our AWS and that was pretty seamless. 

I don't worry about maintenance. I don't take care of that aspect. However, PingSafe works in the background, maintaining and upgrading the system directly. 

We had a few people from PingSafe involved in the implementation. 

I'm a customer and end-user.

It's a 100% available solution. It covers most of our cloud security requirements and has a nice interface. Support could be faster, though. When we're dealing with security, we don't want lots of time between responses. 

I'd rate the solution 7 out of 10.

My company uses Cloud Native Security as our CSPM solution to discover vulnerabilities in cloud-based configurations. We take alerts from Cloud Native Security and forward them to the DevOps team to remediate them manually. 

Cloud Native Security helps reduce the number of false positives we receive. We receive notifications and alerts from various channels, such as AWS CloudTrail and Microsoft Defender. These products generate alerts based on their policies. I can feel confident that Cloud Native Security isn't giving any false positives. We get a few, but they are rare, and I can immediately alert the team to redefine their policies. 

Cloud Native Security's most valuable feature is its offensive security engine. I have worked with many CSPM solutions. What sets Cloud Native Security apart is the security engine's ability to provide evidence about the potential for vulnerabilities to be exploited or endpoints exposed with credentials.  

The evidence-based reporting is helpful. It shows us all these details that help us do more research. We are working with various stakeholders to remediate those misconfigurations immediately. No other solutions provide this feature. We can research other resources affected by the same kind of vulnerabilities or misconfigurations. We can prioritize fixing them and work on them immediately. That's beneficial to everyone on the team, and they are learning a lot with this feature from Cloud Native Security itself.

While Cloud Native Security is mostly easy to use, the interface has a few trouble areas. We have faced some challenges with filtering. The Cloud Native Security team is working on that, and they're fixing it immediately. They take feedback seriously. There is no break-glass account feature. They should implement this as soon as possible because we can't implement SSO without a break-glass feature. 

We have been using Cloud Native Security for one year.

Cloud Native Security is stable. 

I rate Cloud Native Security 9 out of 10 for scalability. There is no lag, and the application doesn't break down. 

I rate Cloud Native Security support 8 out of 10. We contacted them about adding some policies and creating plugins based on our requirements. 

Positive

We previously used Prisma Cloud. Each has its own feature set. Prisma is on a higher level, and Cloud Native Security is a startup that's building its feature set and taking feedback from all the customers. That's one advantage Cloud Native Security has. They're responsive to feature requests. If I suggest a feature for Prisma, I will need to wait until the next release on their roadmap. Cloud Native Security will add it right away.

Deploying Cloud Native Security wasn't too easy or difficult. It was manageable. I did the deployment by myself. I'm the Cloud Native Security admin for my organization responsible for onboarding all the cloud accounts for AWS, GCP, and Azure. 

We also looked at Orca Security. Like Prisma, Orca is one of the top solutions on the market. Most of the CSPM solutions have the same features. Cloud Native Security stood out for two reasons: One is the offensive security engine. That is the main thing. The second thing Cloud Native Security offers is evidence-based reporting. That helps us a lot. These two features are unique, which is why we chose Cloud Native Security. 

I rate Cloud Native Security 7 out of 10. 

When we receive a ticket about a SentinelOne detection on a specific host, we will first go to the SentinelOne console and look up the endpoint and the case. If there are any threats related to the host, we will then review the activities that have taken place within a specific time frame. We can look at the processes that have run, and how they have propagated from one process to another. We can also look at the timeline of events, from the top down, to see what happened when each process was run. This will help us to determine if any malicious activity has taken place.

We use the cloud-based management console to install SentinelOne on each employee's or host's device. SentinelOne can be installed through the cloud.

Singularity Cloud Workload Security provides us with better security detection and more visibility. It is another resource that we can use to detect vulnerabilities in our company's systems. For example, it can help us detect new file processes that we are not familiar with, which could be used by attackers to exploit our systems. Singularity Cloud Workload Security can also help us diagnose and analyze data to determine whether it is malicious or not. Singularity Cloud Workload Security is like another pair of eyes that can help us protect our systems from cyberattacks.

The real-time detection and response capabilities of Singularity Cloud Workload Security are very helpful. When we receive alerts in real-time, we can take action immediately. Within Vigilance, they look at things for us in real-time and let us know if they detect something malicious. This allows us to investigate the incident and see what is happening. If it is a zero-day attack, we can take action immediately to try to mitigate the damage. Having real-time alerts helps us take action more quickly than waiting for a few days for something to happen.

The automated remediation feature works from a database. We upload anything that we have detected before or anything that we can filter into this database. For example, we would upload the known IP addresses of analysts who do penetration testing for us within the company. If one of these IP addresses comes in and is malicious to the company, the solution will detect it. Singularity Cloud Workload Security will check the IP address and automatically classify it as benign. This saves us time because we don't have to manually review the IP address or contact our colleagues. This frees up our time so that we can focus on other things, such as investigating more malicious threats. IP addresses are just one type of data that can be filtered. File processes can also be filtered. Any type of automated filtering helps us reduce the time it takes to investigate a ticket so that we can focus on the most malicious threats.

The historical data record provided by SentinelOne after an attack is helpful in identifying what we can do to protect ourselves from future attacks. We can use this data to understand the cause of the attack and put in place preventive measures, such as educating employees about security best practices. SentinelOne allows us to access up to three or four months of historical data without a request. For data that goes back six months to one year, we need to submit a request. This data can be specific to a particular host, if necessary.

Singularity Cloud Workload Security is a great product. It is very robust and versatile. There are many things we can do with it, even things I have explored in the past two years. We can use different types of queries to narrow down our searches. It is a very powerful tool that has been very helpful to our SOC in analyzing specific incidents.

The solution has decreased our mean time to detect through the automated response process and visuals that give us time to focus on other important things. It definitely gives us the actual time to look at other things instead of focusing on one ticket that may take us 30 minutes to an hour to resolve. This could definitely decrease the coverage time.

The solution has decreased our mean time to remediate. We have many detection systems in our organization, and it takes a lot of manpower to focus on all of them. Integrating SentinelOne into our organization has given us more time to focus on other things, rather than having to look at minor incidents, such as low-severity incidents. SentinelOne detects and remediates these incidents for us, so we don't have to worry about them. This has been a great help, and we no longer need to dedicate as much manpower to these incidents.

The solution helps to free up our SOC staff time to work on other projects and tasks. Thousands of false positive tickets no longer have to be looked at by our SOC team, saving them a lot of time.

The solution has helped our organization become more productive by allowing us to focus on more severe issues instead of wasting time on minor ones.

The management console is the most valuable feature. It offers a variety of options for us to view. If a threat is detected, there is a specific area where we can view the different incidents that have occurred. This is the threat that is associated with that host.

We can also have deep visibility into the activities within the host within a specific time frame. This is very useful, especially when we can view the process tree. This allows us to see how one process propagates to another process, and so on. We can then look back to the beginning of the process to see where it came from. How was it downloaded? Which URL did it come from? Was it internal or external? This information has been very helpful when we are diagnosing a specific incident.

The File Fence feature is also useful. When we view a file within Singularity Cloud Workload Security, we can put it into our sandbox to see what type of file it is and whether it is malicious or not. There is also the scan feature, which is very helpful. When we scan a host remotely, it can return to us with information about the detections that were made on that host. This can help us to identify and alert others about any potential threats.

Whenever I view the processes and the process aspect, it takes a long time to load. I think this is because the dashboard or management console is slow, especially during downtime or when updates are being applied. Even when I search for a specific query, it takes a while to load. I believe that increasing the bandwidth for query processing would help.

I have been using SentinelOne Singularity Cloud for three years.

I think the stability is decent. However, if they fixed the bandwidth issue, it would be a top contender. Sometimes, when I need to look at the process timeline, it is very difficult to load and takes a long time. We don't always have the time to wait for it to load. I think the stability is okay, but it could be improved.

We used Carbon Black. Carbon Black's stability is pretty good. Its downtime is not as high as SentinelOne's. Carbon Black is a little bit easier to use than SentinelOne. Its user interface is a little bit easier than SentinelOne's. In terms of stability, I think SentinelOne is just a little bit behind Carbon Black. Not by much, but just a little bit.

The scalability is fine.

The technical support is very responsive, and courteous, and provides great customer service. If we need something right away, they will definitely put us on the priority list. We have a special chat channel or a specific team dedicated to our company. We can also email them, and they will usually respond quickly.

Positive

I previously used Carbon Black and Tanium for a short time. When I first started at my current organization, they were using both Carbon Black and SentinelOne. However, SentinelOne provides the same level of security as Carbon Black at a lower cost, so the organization stopped using Carbon Black.

If I were to compare SentinelOne to Carbon Black, I would say that they have the same functionality, but Carbon Black has a faster response time. If SentinelOne could improve its bandwidth in this area, it would be a more competitive product.

I would rate Singularity Cloud Workload Security a seven out of ten. I noticed some lagging, especially when loading a specific storyline. I also experienced some lag when I had too many windows open.

Based on the company's size and infrastructure, SentinelOne offers different tiers of service for small, medium, and large businesses. For a really small company that doesn't generate a lot of logs, a robust system like SentinelOne may not be necessary. However, for a medium-sized company, SentinelOne can be a valuable asset. It has helped us to reduce our response time, gain more visibility into our security posture, and receive alerts if any devices are lost or stolen. SentinelOne is also more versatile than other solutions in terms of the resources it uses to detect malicious activity. I would recommend that any company considering SentinelOne do their research and talk to other users to see if it is the right fit for their needs.

Singularity Cloud Workload Security is a cloud-based solution that does not require much maintenance. The only maintenance required is to keep the filtering list up to date. This can be done with the help of the SentinelOne team.

The interoperability of the solution is fine. I don't have any issue with it.

In my line of work, we innovate by detecting and analyzing specific incidents. Singularity Cloud Workload Security definitely helps us out a lot in terms of detection, creating new queries, and creating new filters.

I suggest they research the solution and test it out. I believe SentinelOne offers a trial version, so they can try it before they buy it. See how they like it. We love it and don't think we can live without it. It gives us so much free time to focus on other things. It's like a home security system. If we miss something, they contact us. If the doors unlock, they let us know. If the battery is dying, they let us know. It has helped us out a lot. It gave us the visibility we didn't have before and continues to give us the visibility we need. I don't know what we would do without it.