It is our primary software platform for endpoint detection and response and vulnerabilities.

Our overall fleet posture and our security have increased a lot. It is much easier to get the agents out onto machines no matter what their operating system is, and it gives equitable reports back no matter what our platform is.

So far, it is one of the most interoperable applications and platforms that I have seen. There is the ease of bringing things in with the marketplace and the willingness of the company itself to work with you to help you address anything that they do not currently have.

Singularity Complete has helped free up our staff for other projects and tasks. Being new in the department for a year and a half, I am not the one to say how much time it has saved, but it has made my life easier by several hours a week. It gives me a straight line and a story for what I am looking for, so I can quickly identify whether something is to be expected and just a false positive or if it is actually a problem. Usually, when it is a problem, SentinelOne would have already mitigated it.

Singularity Complete has absolutely helped reduce alerts. It has drastically reduced alerts across the board. There is a 40% to 60% reduction. This reduction is because it is tunable. It is very tunable, and you can tweak it to meet your needs where you are not just stuck with what a manufacturer or a software developer said in terms of the alerting that you are going to get.

Singularity Complete has definitely helped reduce our organizational risk. Our risk score has gone down by 15% to 20%. We have better coverage and better insight into what is being covered.

Singularity Complete has probably saved us costs. I do not have enough insight into those budget numbers, but they keep adding things to it, so my guess is that it has saved us costs.

SentinelOne is one of our most important partners. The help that we get from their engineers, success team, and support really and truly has been unparalleled.

I am going to be a little biased because I am a Mac guy. I have been a Mac guy for twenty years, and the feature parity and the capabilities of a Macintosh agent are unparalleled in the industry. It is the first anti-malware and antivirus that does not make you feel that you bought the wrong processor. It is really good and lightweight.

It seems like they are doing a lot with their automatic updates. They can maybe slow down the actual release cycle to make it easier to deploy the most recent and then do it using the live update. They can continue to work on that because trying to get agent changes through change management platforms and get approvals and testing can be quite difficult.

I have been using Singularity Complete for three years.

I am blown away by their support. Every time I reach out to my customer service manager, they are returning questions after hours. You do not see that from a lot of companies. I would rate their support a 10 out of 10.

We were not officially using a similar solution. We had other products that we were using, but we did not have a full solution like SentinelOne. We were using multiple things. One of them was McAfee. We switched because they got bought by Trellix, and nobody knew what was going to happen with them. That was our most recent one and what I am most experienced with.

I was involved in its initial deployment. I packaged the Jamf mobile device management installation package for our Macs. As far as security products go, it was the easiest one. The instructions were great. They were aligned with the vendor, which is something not common. Usually, it is like, "Here is what you have to do with your vendor." SentinelOne took that extra step, and it deployed right out of the box.

We have on-premises, public cloud, and private cloud deployment. Our cloud provider is primarily AWS, but we also have a little bit with Google and Mandiant, so we have a hybrid cloud. We are in the middle of a migration. The cloud is fairly new for us, and securing it has been a priority.

We have our deployment segregated on endpoint types, but our entire organization has it.

We did it directly on our own. We rolled it out very quickly. We had been dealing with McAfee before it, so this was like a breath of fresh air.

We had two or three people working on it, so it went out very smoothly.

I believe we have seen an ROI. If nothing else, the investment that they are making, as analysts, engineers, and architects, we feel that we can get more done in SentinelOne and have a better stance overall for our organization.

They evaluated a lot, but that was before I was in the department, so I do not know exactly which ones they did.

I would advise listening to your sales engineers and letting them give you ideas because SentinelOne can do things that you have no idea about.

For next-generation platforms, it is at the top of what is a small stack right now, and that puts them ahead of a lot of other people.

I would rate it a 10 out of 10. It has been fantastic for us.

We are an MSSP.

First of all, it helps us with a better response to the end users. Customers are depending on us to make sure we are making the right call, and then we are leaning on SentinelOne to make sure they are giving us the right call by giving us the right tools.

Singularity Complete has absolutely helped free up our staff for other projects and tasks. The amount of time that we are spending doing work that does not keep us on target is just a waste of time. The more it reduces that noise, the better it is for us and our customers. We have been using it long enough, so it is hard to tell how much time it has saved, but we feel that we have a better solution than most of the competitors that we are dealing with.

Singularity Complete has helped reduce alerts over time. We do not have a lot of the frustrations that some of our competitors do, which is our advantage. We have been using it for so long, so we do not have much to compare it to in terms of alert reduction. We are also partners with a competitor. We had to do that for a contract, and we get a lot of false positive noise coming out of that one.

Singularity Complete has helped reduce our organizational risk, but because we have been with it for so long, it is hard to compare it to others.

Singularity Complete helps us save on costs. We continue to get more volume, reduce our costs, and reduce our waste of time, but it is hard to compare the cost savings because we have been using it for so long. We have smooth operations, and we are just keeping it going. We are enjoying all the added features.

SentinelOne is our main strategic partner when it comes to the protection of our customer's data. We have not had a bad incident, and with the reputation that SentinelOne has in the vertical we deal with, it is the gold standard. We start with that, and then we are viewed as more of a serious partner than some of the lesser products that are out there.

In terms of Singularity Complete’s interoperability with other SentinelOne solutions and other third-party tools, we are an MSSP, so we have to deal with a lot of other tools. The integrations are huge for us. It sounds nice to say this is the only solution and you have to use x tools, but it does not work in the real world, so you have to have those integrations.

The overview is valuable. There are a lot of instances out there, but Singularity Complete cuts the noise down by giving us graphics and color-coding information instead of massive tech dumps. It helps us concentrate on what is actually needed versus just the noise. There is just so much noise. It brings us the information we need to look at quickly.

The improvement could be in terms of reducing more noise and continuing to cut that down. AI seems to be the big thing with Purple. We are excited to get our hands on that.

I have been using Singularity Complete since its inception. It was probably 2016.

Its stability is fantastic. We have no problems.

We have not hit the top end. We are probably running 10,000 agents and have not seen any degradation in the portal.

Their support is very good. We have not had anything come up against that, and our staff has learned to depend on SentinelOne, which, as management, is a little uneasy because we are operating without a net besides SentinelOne in some cases. What we are paying for it is worth it. There is this peace of mind. I would rate their support a ten out of ten.

Years ago, we were probably running four to five solutions, but then we kept comparing it with them. We were like, "This is the noise we are getting from X. Let us load SentinelOne." The noise reduced with SentinelOne. That proof of concept worked for us.

We currently have an agreement with a competitor where we have to pick up the remaining part of their contract. That is not a place where we are going to increase our expenditure, but we are waiting for that contract to come to an end. The customer knows SentinelOne, but they are tied into another solution till the end or mid of 2024. We are just waiting for that. What makes SentinelOne Singularity Complete different from others for us is the peace of mind. We know we are covered, and we feel that we are covered. Anytime we have had an incident or event, they have always been there for us. They have responded quickly, and we have not had any flashbacks or second attempts at it. Usually, we could stop it the first time, and that has worked for us in all the years we have been with SentinelOne.

It is easier now than it was back then. We deploy it every month on somebody new. We have enjoyed that.

Just yesterday, we had a customer convert from a separate partner to us, and that migration from company to company within SentinelOne was flawless. It was just us doing the migration. We have been there for so long, so we just bring it straight across. The process is very straightforward and easy. This partner of SentinelOne was going to uninstall the agents, and I paused them and asked them to just transfer. They had never gone through that before. We took that over and moved all the agents over without any loss of coverage to the actual customer.

For deployments, we have a staff of 40, but onboarding is a no-brainer.

We have seen an ROI. It is a very profitable investment for us. SentinelOne is very valuable, and with our price being lower than the expectations gives us a great margin.

We have not been beaten in the market by pricing, so we have been feeling good about that. The discussions we have had over the years keep us at a very low price per unit. It can always get better, but we also know there is a cost to the backend.

To someone who is researching Singularity Complete, I would say that you can read all the information, but the proof is in the actual work and the history that it has so far. We have got no complaints about the quality and maturity of this solution.

Make sure you are comparing it to whatever you have because that gives you comparative data. If you walk in, sometimes, you do not know you are getting the best of breed right there.

It is a ten out of ten for me, and it gives me peace of mind.

We have been growing, but we are still a pretty small team. We have integrated it with our other software, and we are getting logs out of it. We go into threat hunting and do a deep watch. We go in there, see those logs, and make more sense of things. It has been a real help.

In terms of its deployment model, we have private companies. It is mostly on-prem, but each plant is a little bit different. Anything and everything that touches our corporate environment gets it.

For the most part, it gives us time to react by getting things off the network and getting that account locked down for a minute. We can let a member of our team take a look at it and move on from there instead of letting something fly under the radar and letting the incident take place or continue to happen. We can put the spotlight on the incident, make someone take a look at it, and then we can get going.

The integrations I have been working with work great. They do exactly as advertised, and they have been helping me with my threat hunting and seeing what is out there. There are always things lurking in the weeds that you just do not know about, so being able to have that correlation and more insights is always helpful.

Singularity Complete has helped free up our staff for other projects and tasks. It is a small team. I am more of a one-man SOC. A lot of the incidents either come through me or someone else on the team if I am not there for vigilance, so being able to dive down and get an issue resolved quickly is helpful. I can then go back to another incident. Usually, they come in batches, so being able to go to the next one or go back to working on a major project has helped a great bit.

Singularity Complete has not helped to reduce alerts. To my knowledge, it stayed about the same. We have fewer false positives, but there are some other ones that I would rather look into. They are more on the identity side. Now that we have Singularity Identity, I am intrigued by what we will see there in terms of weird logins and other things. Now that we have the integration set up, I will get some alerts from there to go track down.

Singularity Complete has helped reduce our organizational risk. When you get these new tools, you see everything that is wrong, and then you are like, "Oh, man," but at least we are seeing them and fixing them. In that sense, it has helped to reduce risks. I do not have the metrics, but we have been able to tackle some vulnerabilities and issues that have been big known ones.

Singularity Complete would help our organization save on its costs if we were not trying to expand so much. We are into manufacturing, and we grow a lot by mergers and acquisitions, so anywhere we can get security funding is a great point. It has helped us identify some things that we can do without. We can either reduce or eliminate those other tools and cascade down, so overall, it has reduced costs.

The Microsoft integrations are most valuable right now. One that I still have in the testing is putting user accounts into the high risk and letting our policies on that take place, and then have SentinelOne put it into network isolation as well until an incident is resolved.

There could be more integrations with more software. We have been looking at Palos and getting those put into the data lake. If there was a native integration for that, that would help a lot. They can just continue adding more integrations with these big brands and software security products.

I have been with the company for two years, and it has been there since the time I have been there, so I can only say two years at most.

I would rate it a ten out of ten in terms of stability. It is great in terms of stability and agents working as long as you do your due diligence and you do not leave it there to run just like every other product. If you leave it there with no attendance, it is going to do what it does, but if you are in there, doing your due diligence and making sure things are set, it is great. Auto updates are something I know that was implemented. That has been super helpful, so if you are doing what you need to do, it is a ten out of ten.

I would rate it a ten out of ten in terms of scalability, especially because we have Ranger deployed. If we need to or if we have a merger, we can get them to put SentinelOne on a couple of devices for us and give us creds so that we can deploy to the rest from there in case they cannot get us in the SCCM or whatever else they are using.

Their support is great. Keith Fields and Mitch Milligan are always there. They have been super helpful. I knew Keith before Mitch was even part of our account. I have been working with Keith for a little bit, and he has been super insightful on different things that I did not know the tool could do or quicker ways to do things. Mitch has also been super helpful in getting us set up.

We just bought Singularity Identity, and Keith, Mitch, and Paul have been there to give us those meetings on what we need. They really understand what our business is, and they look into our console to help us out at times as well. It has been great. I would rate their support a ten out of ten.

It was already in place when I joined the organization. We run Defender as well. It is like a dual-stack. We have E5 for other reasons, and we use it because it is already there, but our team has gone for SentinelOne. We have had other people, especially the research teams, who want to use their own agent, but we are so comfortable with SentinelOne's abilities and what we have set up to keep us secure that we have looked away from those other SIEMs who want their agent. We have looked away from other software in the realm of MDR that may not work with SentinelOne. It is a staple piece for us that would be a hard buy to remove.

It works great. One thing I wish I had done more in college is hands-on with EDR agents. I went to Purdue for the cybersecurity network engineering major. They had classes and labs for forensics, but one thing we did not get too much hands-on was EDR. I believe they lived in the world of Microsoft for their operations there. Since I have been working here, Singularity Complete has been a great product. We are expanding. We have gone into these other modules and platforms, and we have always had a great experience.

It is a mature solution. It has been here longer than ten years. I graduated from college in 2021 and from high school in 2017. It has been around longer than I have known cyber practices. It is a good one. Always do your research and compare, but it is definitely a top one. I believe it is up there on the Gartner's Quadrants as well. It is up there for a reason.

We will use it more as we get more tools and integrate it. Currently, some of the things are still in beta. I am not leveraging it to its full capability because things are either in testing or we are looking at the software that is going to be connected. From what I have seen and based on the demos and how the beta is going, I have to give it a ten out of ten.

We use it as an EDR solution for all of our endpoints. We use it for our desktop servers, cloud, and Linux. We use it for all of it.

It showed us things that we were not even aware of. It went beyond malware and showed us behaviors. It showed the bad behaviors of a lot of our end-users.

The interoperability is all there. We are still at the beginning of our journey, but everything is kind of teed up and aligned for that integration. We are talking about the ServiceNow integration. It has been the early placement in our cloud clusters or nodes. Those are the things that have made interoperability, integration, and adoption easier.

Singularity Complete has not helped free up our staff for other projects and tasks because we are still at the beginning, and we still have a lot to deploy, but we will realize that. I am confident that we will realize those efficiencies.

Singularity Complete has changed what we are looking at. It has dramatically decreased our false positives. We are not chasing false positives. It does not save time as such, but it has helped us focus on what is actually important.

Singularity Complete has not helped reduce alerts, but it has changed what our analysts are looking at. We expected a spike in alerts. The product is showing things that we did not previously see, so the increase in alerts temporarily for a short duration or for the next six months is expected.

Singularity Complete has reduced our false positives, and it has helped us see the hygiene of our whole network in our environment.

Singularity Complete compresses the triage time. It is all about the triage time. That life cycle going from information to action is what security operations are all about. SentinelOne does that because it helps analysts focus on those true things that are risk-behavior in our environment, rather than the validation that they were on more traditional signature-based platforms we had before.

Singularity Complete has not helped reduce our organizational risk, but it has absolutely increased our awareness of that risk. Knowing what your risks are is half the battle before an organization or a medium-sized organization, so being aware of the risk is the first step, which is available for the first time since we adopted SentinelOne.

As far as EDR goes, the behavior analysis of the incidents is my big thing.

Its non-signature-based capabilities and the heuristic analysis for dynamic threats are also valuable.

There should be full and complete integration in the single console of the mobile agent.

We have been using Singularity Complete for 18 months.

It is scalable, and it has scaled well.

So far, everything has been great. During our deployment, I have bugged them a lot, and it has been pretty good. I cannot complain. I would rate them a nine out of ten. There is always room for improvement. During their deployment, I relied on them to make sure that all of our things went fine. We had some hiccups, and they were there with us. They were there to help through everything. There were some things that took longer time to research and figure out, but for the most part, if I needed a solution, I got it.

We had a bit of a hiccup that was at the SaaS level. Keith W and the complete team made it right once they knew and understood the problem and its impact on our organization. I value that a lot.

We were using another solution before SentinelOne. We made the switch because of functionality, compatibility, interoperability, visibility, and ease of integration. It checked all the boxes that we needed. We definitely needed to go this way.

It was pretty straightforward, and it was pretty easy to get everything out.

We pushed through SCCM, and it went right in. I had very minimal issues with all of our endpoints. The ease was right there, and basically, there was not a disruption. It was one of the easier deployments that we have had. It roughly took half the time as our previous endpoint protection solution. We did it in about nine months, and we rolled from PoC straight into deployment. The previous solution took about 18 months to cover the same population with a lot more complications and finagling to make it work.

We implemented it in-house with some professional services from SentinelOne. Our experience with SentinelOne was good. We have no complaints.

It is hard to say, but I can say that we have seen an ROI because we have discovered things that we were not aware of. That alone is a return on the investment in my book, and my leadership understands that, and that is easy for me to make.

Singularity Complete has not saved us costs. We are not there yet. It will, but we are at the beginning of our journey. It is going to zero in on things that need to be corrected. For us, it is hopefully going to be that change agent or the catalyst for the change agent to our behavior. Technology can only go so far. We are starting to look at the behavior of how some of our business processes have been run because the risk has not been fully understood, so the costs are unquantifiable at this time, but I am sure they are there. I am confident that they are there.

It is comparable. Something that I look at for the long term is how sustainable it is. There is quite a bit in the security portfolio that I manage, and we will see.

We evaluated about seven other products through an evaluation score guard criteria in-house. It has been so long since I have looked at that matrix, but it came down to analysts evaluating it against our set requirements and evaluation criteria. After that, it becomes a number, and the numbers have a certain magic to themselves that makes things more objective. The numbers just came out where the score was clear and evident based on the analysts' analysis.

It is a good product, and it is something that has future-proofed me in my program for the organization.

I am pretty sure I made a super smart decision when I chose to buy it. The roadmap is sound. Based on the keynotes at SentinelOne OneCon23, there is a lot going on. They are dedicated to improving the product. There are a couple of things, such as SentinelOne Mobile, that cannot be forgotten. That is integral for us or our organization, but, overall, I feel pretty good about the strategic roadmap or journey that we will be on.

From a pragmatic level, it is very mature. There was a bit of a false start with the SentinelOne Mobile, which is important for us, but overall, the product is very mature and adaptable by a variety of talents and skill sets that you find in your SOCs or security operation centers.

I would rate it a nine out of ten because of the Mobile issue. This is something big, and I am a little worried that I did not see it in the keynotes SentinelOne OneCon23.

We use SentinelOne Singularity Complete to provide endpoint protection for all endpoint servers and Kubernetes clusters in our environments where SentinelOne is supported. We also use SentinelOne to help manage our systems and provide visibility into the assets in our environment.

We have found that Singularity Complete integrates well with our existing SIEM solution, Splunk, and some of our other system management tools, such as Okta and Armis. We are also looking forward to the additional future integrations that are planned.

I appreciate Singularity Complete's ability to ingest and correlate data across our security solutions. I use this feature quite often, either to perform deep visibility searches to correlate data across different sources if I have specific concerns about security events, or even to track running or operational issues as well. Singularity is not only a security product but it can also be used for troubleshooting non-security and related issues on devices.

Compared to the previous EDR solution, Cylance Protect, we had substantially fewer false positives when we implemented Singularity Complete.

Singularity Complete has reduced our MTTD.

Singularity Complete has reduced our MTTR somewhat compared to our previous EDR solution.

Singularity Complete has reduced our organizational risk by 20 percent, specifically the risk profile associated with malicious activities on protected devices.

The most valuable features, of course, are the protection and support for the devices. In addition to that, the ability to see the last log-on dates for time-tracking purposes has been helpful. The most useful feature of all is deep visibility. I think it was recently renamed to something else, but it is the ability to run IOC queries across all devices and gain information to look at any kind of potential events that might occur.

We have had cases where Singularity Complete has caused applications to malfunction. The existing interoperability rules have not necessarily been sufficient to resolve those conflicts. SentinelOne needs to work on interoperability with other systems and on the interoperability rule set.

I have been working with SentinelOne Singularity Complete for one year.

We have not had any stability issues in our environment with Singularity Complete.

Singularity Complete is scalable.

With any support service, it depends on the person we get on the line. Some are better than others. But overall, I find the technical support team to be good, comparable to other good technical support teams I've seen from other vendors.

We implemented SentinelOne Singularity Complete to move away from a legacy EDR platform, Cylance Protect, that did not perform as well as a modern EDR solution should.

The initial deployment was complex due to the complex environment. I would agree that deploying to a single device would be straightforward, but we have a manufacturing environment that requires bespoke applications, which makes any migration complex.

Fifteen people were required for the deployment.

The implementation was completed in-house.

The pricing and licensing make sense. We worked with a third party to help us with licensing, and the licensing we obtained through that process was ultimately reasonable and comparable to other products on the market.

We evaluated Microsoft Defender, CrowdStrike, and Cortex XDR by Palo Alto Networks.

I would rate SentinelOne Singularity Complete ten out of ten.

We are considering the possibility of using SentinelOne to consolidate some of our security solutions, but have not moved in that direction just yet.

Singularity Complete has not yet saved our staff time because it takes more time to deploy and migrate to the point where we have time savings. I think it will in the next couple of years.

We see a lot of innovation from SentinelOne. They are acquiring many other products that are integrating with the platform we looked to adopt in the next couple of years if it works out well. New features and functionalities are also regularly released. So, in terms of innovation, that's one of the reasons we chose SentinelOne Singularity Complete in the first place.

Singularity Complete is a mature product that can sufficiently protect our assets. I would say that the core features associated with that functionality are in place and work well.

Maintenance is relatively low, but systems need regular updates, and we need to troubleshoot all of them. So, there is some work involved.

SentinelOne is a good strategic security partner. We appreciate the direction of their product roadmap and its current coverage. One area where they could improve is in having their EDR support teams reach out to us. We don't believe we have an EDR or anything similar setup, but it would be helpful if they offered quarterly or semi-annual meetings to check in, see how we're doing, and give us an opportunity to provide feedback.

People researching Singularity Complete should first understand their environment and deployment goals to ensure compatibility between their existing solutions and the new product. They should also evaluate multiple competitors before making a commitment.

It's our main EDR solution on campus for our university. It's the main solution that we deployed to our host throughout the university.

I wasn't here for the initial implementation, however, it was to replace a previous product that we had, so we wanted to move to something cleaner, easier to use, and an overall better product.

Its basic use, which is just an EDR solution for actively hunting and killing threats, is good. It does what we had intended it to do, and that's what it does a great job of.

The main feature, its EDR capabilities, is the most valuable. It is great for security monitoring and blocking when needed. It offers good basic operations of an antivirus solution.

Singularity's ability to ingest and correlate across security solutions is good. It does not ingest as much as it gives out. Right now, for us, there is not any ingesting happening for it right now. We don't have that set up.

The interoperability with other solutions or other third-party applications has been pretty solid. It's pretty standalone by itself. We're exporting a little bit of data from it, however, and we haven't had any issues.

Our mean time to detect is good. I wouldn't have the numbers on that, however, it's relatively quick. From some of the stuff that we've done investigations on, it's within the minute. It responds when it sees something within minutes and runs through its normal process of blocking and then alerting us about whatever was done.

The response comes to us. That's a human response. It's just the detection and alerting system, and then the response falls on us, and that varies depending on workload.

The quality is obviously great. They are mature. They change, they adapt as any security tool would in response to the threats in the threat landscape.

Off the top of my head, I can't think of much that’s wrong with the product. It's a pretty solid tool from top to bottom. I've had some issues with the specific agents, however, we are moving off of that particular OS that we were having issues with. Other than that, it's been a pretty solid tool.

We had a problem on the Singularity side. So for that particular issue, I’m not sure why it didn’t work with the OS, a Windows Server. It was an issue with some of the clients connecting to the console. We’ve been working with them and haven't been able to find out a single cause of failure.

I've been using the solution for a year and a half.

We haven't had any issues. There is nothing that's noticeable and it's never offline for long periods of time.

It's pretty scalable. There are a few operating systems that we've had issues with. Other than that, everything else has been pretty scalable.

Technical support is super. They are very helpful and relatively quick to respond. Sometimes they take a little bit to respond, however, it's not super long.

The company also has good online knowledge and it's pretty helpful. Usually, we'll access the database knowledge first and then go to support.

We used CrowdStrike previously.

I was not involved in the initial setup.

I'm not hands-on. I'm more on the management side. Basically, we make sure that they connect, and I'll handle the management once everything's set up. I'm handling monitoring. Deployment is handled by another team. We have maybe ten team members who manage deployments.

The maintenance is minimal. It's pretty self-sufficient. We just do normal reviews.

From my point of view, the deployment is straightforward.

We use internal teams to handle deployment.

I'm not sure of the pricing. That's above me. I'm a technical person. It's not my arena.

They also have this feature called Ranger. That one we don't have implemented. That's an extra fee, so we don't have it.

Overall, I'd rate the solution ten out of ten. It's been a pretty solid tool.

I would probably recommend it over some of the other ones that I've seen only based on the ease of use. It does what it's supposed to do. It's been relatively fast and is also pretty complete from what we've seen. The product is not very difficult to learn.

We used SentinelOne because we needed a tool that would add extra visibility into the environment. We also wanted something that was easier to use than our existing product so we switched to SentinelOne.

Deep Visibility is a valuable feature. It lets us search across the environment and correlate things much more easily than we could have previously.

The learning curve was a little steep. The solution gives training we can go through, but we have to pay for that. We ended up paying for it so we could get everybody ramped up. The product must enable easier onboarding for less familiar or less formally trained people. It would've helped us adopt it quickly.

I have been using the solution for three months.

We had no stability issues.

The product is on a cloud-hosted instance. It can be integrated into everything that we use. It seems highly scalable.

Support is good. The support team is quick to respond and quick to resolve. We can't ask for anything more.

The product is cloud-based. The initial deployment was straightforward. We were able to rip and replace and do it all faster than our onboarding team had expected. It was done within a month.

We had the standard onboarding services, but we did all the lifting ourselves. It required four people from our side. Apart from agent upgrades, the tool doesn't need any major maintenance.

We currently see returns in getting our technicians' and engineers' time back.

The pricing makes sense to us. The pricing model is simple. It was easy to move forward from our previous products to the new bundle.

We've been using the tool mostly with third-party applications through Singularity Marketplace. Integrating it with our Microsoft environment has been helpful and convenient. The product is robust in ingesting and correlating across our security solutions. It is doing its job without us having to check it.

Previously, we had a few different endpoint solutions on a single asset. The product helped us rip and replace multiple solutions with one. We did a POC on Ranger but didn't go with it. The solution hasn't reduced any alerts, but it has at least given us more actionable data. We need to do tuning because we're so early in the adoption.

The tool has certainly saved the staff's time. It's able to correlate data a lot better and bring it all onto a single pane of glass, which helps save time. It's hard to quantify right now because we're so early in the adoption. We're definitely able to see more bandwidth for other projects. SentinelOne has helped reduce our mean time to detect.

We have seen the most improvements in our organization’s mean time to respond. We would have had to balance between different solutions or portals to correlate data. Now, the tool is just bringing everything into one place. Taking action within the solution has helped us respond and resolve. Our mean time to respond has been reduced by more than half.

We were using multiple products. We replaced them with SentinelOne. Getting a better solution for the same price was a no-brainer for us. Singularity Complete has helped reduce our organizational risk. The solution's quality is top-tier. The maturity was as good as our current solutions. It was easy to make the choice to move over.

SentinelOne is closely aligned with what the actual responders need to do. It seems like the vendor is building tools and solutions for people in the thick of it, which is a big reason why we went with their product. They are making tools for those who need to use them.

If someone were to evaluate or do a proof of concept, the bigger their initial POC, the better. We found some oddities after expanding the initial POC, which would have been nice to work through before the deployment. The vendors set up a capture-the-flag type of event that really helped us learn the environment, where to go for what, and how to use the tools. I highly recommend having everybody go through the capture-the-flag trial they set up.

Overall, I rate the tool a ten out of ten.

It is an all-in-one agent on multiple operating systems that can detect malicious and suspicious activities. You can also use it to respond to different threat signals that you get from the platform.

There are multiple engines that run different types of detection, such as behavioral-type activities, that it can detect. It can also detect malicious activity based on a hash. It's a pretty great tool.

Overall, the level of detection and visibility we get have vastly improved, and that means the protection for our company has improved likewise.

Singularity has helped reduce the number of alerts we get. We were using FireEye at one point, and it was producing a ton of false positives. We have seen a major reduction in false positives, and that has saved our team's time. We have time to do other projects now.

In my previous company, we were using a Cisco product, and there was a ton of time wasted. Out of a 40-hour week, about eight to 10 hours were wasted, and with Singularity, we were able to get back about nine of those hours. Obviously, there are alerts coming in, and you have to investigate them, but the number was greatly reduced. In my current company, about 15 hours a week were wasted with false positives and wild goose chases and alerts. Now, we may put an hour into investigations. The great thing about SentinelOne is that you can get right down to what's going on with the events and deep visibility. It has saved us around 12 to 14 hours a week.

It's pretty quick when it comes to time to detect because you're right on the endpoint. Some agents have a delay in terms of when they report back to a console or a reporting server, but with SentinelOne, it seems that the agent is talking to the console right away. There isn't a huge delay.

Our mean time to respond is also very quick once we see the threat come in. It depends on the policy that is in place and the type of threat. If it is something suspicious, which we don't always have a set response for with the platform, we are able to easily look at what's going on a couple of minutes before the threat and what comes after. We can see the artifact on the endpoint, what is executed and what the user was probably doing. That means we're able to respond really quickly with all that visibility.

When it comes to cost savings, in the first company where I used SentinelOne, man-hours were saved, and it was cheaper to use SentinelOne than the Cisco product.

One use case where we've reduced risk has been due to users using something risky. They were trying to use an application that's like a keylogger. We've blocked it, and we've also created a rule using a star to detect when people are trying to use it. We have also set up rules to detect downloads of risky software, and that's protecting us too. It's protecting us from risk, but there's not a lot of reduction other than some protections and blacklists.

The deep visibility is a valuable feature. I can use it during threats or alert signals that we get. I can also use it when we have alert signals from other security tools that we have. I can use the SentinelOne platform to dive into those, even though there's no alert from SentinelOne, and zero in with a timestamp using its deep visibility to look at an endpoint and see if there's anything going on that might be correlated to a threat.

And Singularity's interoperability with other solutions has been a major bonus. You can put exclusions in place for other security platforms. For example, if you're using Symantec, you could easily put in an exclusion for that. The way that you can put them in, with the scope and the different groups, is really great. Singularity also provides pre-baked exclusions for interoperability with other pieces of equipment. For instance, for Microsoft SQL Servers, it already has pre-baked exclusions that you can put in for interoperability. It's far beyond the other platforms that I was using before.

In terms of ingestion, it's definitely taking in a lot of information at the endpoint level. You still need a human to do some of the correlation of the activities. The SentinelOne platform is looking at the endpoint, but you still need a human on the other end to analyze what the human at the other end of the endpoint was doing. But overall the solution does pretty well at correlating activities. I have seen some serious threats come in, and it definitely detects them right away with a pretty good correlation to the threat.

During my use of it over the years, they've been continuously improving it.

My biggest complaint is that when you're logged into the console there is the Help section where you can review all the documentation. But when you log in to the support portal, there is documentation there as well. They need to sync those two into one place so that I don't have to search in two different locations for an answer.

And I'm on the fence about whether to keep the agents a little bit longer than they do, before they go end-of-support. That might be an improvement, but I'm not positive about that.

I have been using SentinelOne Singularity Complete for about four years.

Uptime is all the time.

I've only had one experience where there was a disconnect between the agents and the console. It was pretty brief, but that is when I opened a case with support. I had never seen that before, so the uptime is awesome. It's up 99.9 percent of the time.

It's very scalable. We are working on a special project, in which we want to set up a lab for a special event. I talked with our support, and they said we could set up another site. It's really scalable.

As I mentioned, I recently had a case because there were a lot of agents offline for a moment. Their support responded within one minute. That was an outlier. Every other case that I've opened up with them has not been a priority-one issue, but they usually respond within about five to 10 minutes, and they have been really great. I have not had an issue yet with support.

Everyone I've worked with in support is awesome. They always have the answers. Even if it's a complex issue, we usually get right down to it. I'm really happy with support.

I have used it in two different workplaces. Both workplaces were replacing platforms that just did not perform well and did not give you good visibility into what was going on on the endpoints. Both had a higher rate of false positives, and neither had the various detection engines that SentinelOne provides.

I was involved in the initial deployment of the solution in my previous place of employment and it was straightforward. It was only made complex by our own IT department.

There is a little maintenance. I check on a daily basis because you can build out multiple groups. When a new agent is deployed, I have it start off in a specific group to get the agent installed, and then it does a full disk scan. There is a little maintenance—and maybe no one else does this—but I log in and check for new systems. Once they have their full disk scan completed, I'll move them over to the production policy. You could do that on a weekly basis but I do it daily. The morning maintenance is less than five minutes for me, and you could definitely do that weekly as well.

I did it mostly by myself. I had another engineer working with me but that was it. It's really easy, a no-brainer. And that was for about 1,200 endpoints

I'm not a manager, but the return on investment may be in saving man hours.

When we were checking out different platforms we did get a price from Microsoft and it was unreasonable. SentinelOne was definitely reasonable and worth the money.

I've used several different platforms. We had a demo of the Carbon Black EDR, and I've used the FireEye EDR, Symantec, and Cisco.

We did a comparison between CrowdStrike, Carbon Black, and looked at Microsoft's EDR products.

As far as consolidation of security solutions goes, I have some suggestions for my leadership. I think we can definitely consolidate. For instance, we have a certain network segmentation where we have multiple security tools, including the SentinelOne agent and other agents on the devices. These devices are lower-end systems that don't have super-high specs like you might have on a power user's PC. In that area, we could eliminate one of the security agents and leave the SentinelOne agent. We would be covered in several different areas, such as FIM. I could create a custom rule to watch a certain configuration file, and if it changed, we would receive an alert. You can definitely use it to consolidate. Although we haven't done that yet, we're going to start because it's possible with the SentinelOne.

I believe we could save money by reducing the number of agents on those endpoints. If you walk that back to the yearly cost when we buy licenses, we should be able to save money on licensing for the other agent that we're using.

SentinelOne is very mature as an EDR platform. I would definitely put it in my top two. Across the breadth of everything I've dealt with using SentinelOne, even support, it's definitely top-two and you should check it out. I don't have a bad thing to say about it.

You definitely have to check out SentinelOne. They are firing on all cylinders for multiple areas that you want to consider when buying a tool like this. They're at 100 percent. When it comes to visibility, they present the information so that it's easy to read and understand. Responding is really easy to do. Support, which is a big factor nowadays, has faltered at some companies over the past four years, but support from SentinelOne has been awesome. Put SentinelOne in your PoCs. If you're looking at a couple of companies, you have to look at SentinelOne.

SentinelOne as a provider is a major player in hardening the protection of our environment.