We have been growing, but we are still a pretty small team. We have integrated it with our other software, and we are getting logs out of it. We go into threat hunting and do a deep watch. We go in there, see those logs, and make more sense of things. It has been a real help.

In terms of its deployment model, we have private companies. It is mostly on-prem, but each plant is a little bit different. Anything and everything that touches our corporate environment gets it.

For the most part, it gives us time to react by getting things off the network and getting that account locked down for a minute. We can let a member of our team take a look at it and move on from there instead of letting something fly under the radar and letting the incident take place or continue to happen. We can put the spotlight on the incident, make someone take a look at it, and then we can get going.

The integrations I have been working with work great. They do exactly as advertised, and they have been helping me with my threat hunting and seeing what is out there. There are always things lurking in the weeds that you just do not know about, so being able to have that correlation and more insights is always helpful.

Singularity Complete has helped free up our staff for other projects and tasks. It is a small team. I am more of a one-man SOC. A lot of the incidents either come through me or someone else on the team if I am not there for vigilance, so being able to dive down and get an issue resolved quickly is helpful. I can then go back to another incident. Usually, they come in batches, so being able to go to the next one or go back to working on a major project has helped a great bit.

Singularity Complete has not helped to reduce alerts. To my knowledge, it stayed about the same. We have fewer false positives, but there are some other ones that I would rather look into. They are more on the identity side. Now that we have Singularity Identity, I am intrigued by what we will see there in terms of weird logins and other things. Now that we have the integration set up, I will get some alerts from there to go track down.

Singularity Complete has helped reduce our organizational risk. When you get these new tools, you see everything that is wrong, and then you are like, "Oh, man," but at least we are seeing them and fixing them. In that sense, it has helped to reduce risks. I do not have the metrics, but we have been able to tackle some vulnerabilities and issues that have been big known ones.

Singularity Complete would help our organization save on its costs if we were not trying to expand so much. We are into manufacturing, and we grow a lot by mergers and acquisitions, so anywhere we can get security funding is a great point. It has helped us identify some things that we can do without. We can either reduce or eliminate those other tools and cascade down, so overall, it has reduced costs.

The Microsoft integrations are most valuable right now. One that I still have in the testing is putting user accounts into the high risk and letting our policies on that take place, and then have SentinelOne put it into network isolation as well until an incident is resolved.

There could be more integrations with more software. We have been looking at Palos and getting those put into the data lake. If there was a native integration for that, that would help a lot. They can just continue adding more integrations with these big brands and software security products.

I have been with the company for two years, and it has been there since the time I have been there, so I can only say two years at most.

I would rate it a ten out of ten in terms of stability. It is great in terms of stability and agents working as long as you do your due diligence and you do not leave it there to run just like every other product. If you leave it there with no attendance, it is going to do what it does, but if you are in there, doing your due diligence and making sure things are set, it is great. Auto updates are something I know that was implemented. That has been super helpful, so if you are doing what you need to do, it is a ten out of ten.

I would rate it a ten out of ten in terms of scalability, especially because we have Ranger deployed. If we need to or if we have a merger, we can get them to put SentinelOne on a couple of devices for us and give us creds so that we can deploy to the rest from there in case they cannot get us in the SCCM or whatever else they are using.

Their support is great. Keith Fields and Mitch Milligan are always there. They have been super helpful. I knew Keith before Mitch was even part of our account. I have been working with Keith for a little bit, and he has been super insightful on different things that I did not know the tool could do or quicker ways to do things. Mitch has also been super helpful in getting us set up.

We just bought Singularity Identity, and Keith, Mitch, and Paul have been there to give us those meetings on what we need. They really understand what our business is, and they look into our console to help us out at times as well. It has been great. I would rate their support a ten out of ten.

It was already in place when I joined the organization. We run Defender as well. It is like a dual-stack. We have E5 for other reasons, and we use it because it is already there, but our team has gone for SentinelOne. We have had other people, especially the research teams, who want to use their own agent, but we are so comfortable with SentinelOne's abilities and what we have set up to keep us secure that we have looked away from those other SIEMs who want their agent. We have looked away from other software in the realm of MDR that may not work with SentinelOne. It is a staple piece for us that would be a hard buy to remove.

It works great. One thing I wish I had done more in college is hands-on with EDR agents. I went to Purdue for the cybersecurity network engineering major. They had classes and labs for forensics, but one thing we did not get too much hands-on was EDR. I believe they lived in the world of Microsoft for their operations there. Since I have been working here, Singularity Complete has been a great product. We are expanding. We have gone into these other modules and platforms, and we have always had a great experience.

It is a mature solution. It has been here longer than ten years. I graduated from college in 2021 and from high school in 2017. It has been around longer than I have known cyber practices. It is a good one. Always do your research and compare, but it is definitely a top one. I believe it is up there on the Gartner's Quadrants as well. It is up there for a reason.

We will use it more as we get more tools and integrate it. Currently, some of the things are still in beta. I am not leveraging it to its full capability because things are either in testing or we are looking at the software that is going to be connected. From what I have seen and based on the demos and how the beta is going, I have to give it a ten out of ten.

We use it as an EDR solution for all of our endpoints. We use it for our desktop servers, cloud, and Linux. We use it for all of it.

It showed us things that we were not even aware of. It went beyond malware and showed us behaviors. It showed the bad behaviors of a lot of our end-users.

The interoperability is all there. We are still at the beginning of our journey, but everything is kind of teed up and aligned for that integration. We are talking about the ServiceNow integration. It has been the early placement in our cloud clusters or nodes. Those are the things that have made interoperability, integration, and adoption easier.

Singularity Complete has not helped free up our staff for other projects and tasks because we are still at the beginning, and we still have a lot to deploy, but we will realize that. I am confident that we will realize those efficiencies.

Singularity Complete has changed what we are looking at. It has dramatically decreased our false positives. We are not chasing false positives. It does not save time as such, but it has helped us focus on what is actually important.

Singularity Complete has not helped reduce alerts, but it has changed what our analysts are looking at. We expected a spike in alerts. The product is showing things that we did not previously see, so the increase in alerts temporarily for a short duration or for the next six months is expected.

Singularity Complete has reduced our false positives, and it has helped us see the hygiene of our whole network in our environment.

Singularity Complete compresses the triage time. It is all about the triage time. That life cycle going from information to action is what security operations are all about. SentinelOne does that because it helps analysts focus on those true things that are risk-behavior in our environment, rather than the validation that they were on more traditional signature-based platforms we had before.

Singularity Complete has not helped reduce our organizational risk, but it has absolutely increased our awareness of that risk. Knowing what your risks are is half the battle before an organization or a medium-sized organization, so being aware of the risk is the first step, which is available for the first time since we adopted SentinelOne.

As far as EDR goes, the behavior analysis of the incidents is my big thing.

Its non-signature-based capabilities and the heuristic analysis for dynamic threats are also valuable.

There should be full and complete integration in the single console of the mobile agent.

We have been using Singularity Complete for 18 months.

It is scalable, and it has scaled well.

So far, everything has been great. During our deployment, I have bugged them a lot, and it has been pretty good. I cannot complain. I would rate them a nine out of ten. There is always room for improvement. During their deployment, I relied on them to make sure that all of our things went fine. We had some hiccups, and they were there with us. They were there to help through everything. There were some things that took longer time to research and figure out, but for the most part, if I needed a solution, I got it.

We had a bit of a hiccup that was at the SaaS level. Keith W and the complete team made it right once they knew and understood the problem and its impact on our organization. I value that a lot.

We were using another solution before SentinelOne. We made the switch because of functionality, compatibility, interoperability, visibility, and ease of integration. It checked all the boxes that we needed. We definitely needed to go this way.

It was pretty straightforward, and it was pretty easy to get everything out.

We pushed through SCCM, and it went right in. I had very minimal issues with all of our endpoints. The ease was right there, and basically, there was not a disruption. It was one of the easier deployments that we have had. It roughly took half the time as our previous endpoint protection solution. We did it in about nine months, and we rolled from PoC straight into deployment. The previous solution took about 18 months to cover the same population with a lot more complications and finagling to make it work.

We implemented it in-house with some professional services from SentinelOne. Our experience with SentinelOne was good. We have no complaints.

It is hard to say, but I can say that we have seen an ROI because we have discovered things that we were not aware of. That alone is a return on the investment in my book, and my leadership understands that, and that is easy for me to make.

Singularity Complete has not saved us costs. We are not there yet. It will, but we are at the beginning of our journey. It is going to zero in on things that need to be corrected. For us, it is hopefully going to be that change agent or the catalyst for the change agent to our behavior. Technology can only go so far. We are starting to look at the behavior of how some of our business processes have been run because the risk has not been fully understood, so the costs are unquantifiable at this time, but I am sure they are there. I am confident that they are there.

It is comparable. Something that I look at for the long term is how sustainable it is. There is quite a bit in the security portfolio that I manage, and we will see.

We evaluated about seven other products through an evaluation score guard criteria in-house. It has been so long since I have looked at that matrix, but it came down to analysts evaluating it against our set requirements and evaluation criteria. After that, it becomes a number, and the numbers have a certain magic to themselves that makes things more objective. The numbers just came out where the score was clear and evident based on the analysts' analysis.

It is a good product, and it is something that has future-proofed me in my program for the organization.

I am pretty sure I made a super smart decision when I chose to buy it. The roadmap is sound. Based on the keynotes at SentinelOne OneCon23, there is a lot going on. They are dedicated to improving the product. There are a couple of things, such as SentinelOne Mobile, that cannot be forgotten. That is integral for us or our organization, but, overall, I feel pretty good about the strategic roadmap or journey that we will be on.

From a pragmatic level, it is very mature. There was a bit of a false start with the SentinelOne Mobile, which is important for us, but overall, the product is very mature and adaptable by a variety of talents and skill sets that you find in your SOCs or security operation centers.

I would rate it a nine out of ten because of the Mobile issue. This is something big, and I am a little worried that I did not see it in the keynotes SentinelOne OneCon23.

We deploy SentinelOne Singularity Complete as an EDR on our customers' endpoints for real-time monitoring and incident response.

SentinelOne Singularity Complete has reduced our alerts by up to 15 percent.

SentinelOne Singularity Complete has enabled our staff to redirect their time toward other projects and responsibilities. We do not have a dedicated SOC team, but we utilize SentinelOne to manage security incidents. The incident volume is manageable for our team to handle, and we do not require full-time staff solely dedicated to security tasks. Instead, we rotate incident management and response responsibilities among our team members.

SentinelOne Singularity Complete has reduced our MTTD and MTTR. The initial and immediate response required to collect foreign evidence or logs is handled by SentinelOne. This provides us with the locations or parts where the infection spread and where the incident originated, which helps us in troubleshooting or at least getting a vague idea of where to start. We can then dive into the threat setting to see what kind of information we can gather from the logs. So, I would say that SentinelOne has assisted us in this way. Additionally, we have Proofpoint in our environment because we use it as a backup defense.

The real-time alerts, deep visibility, and threat-hunting modules are the most valuable features.

I am particularly interested in the new app vulnerability module that is included with the Singularity Complete edition. We are currently evaluating its capabilities to determine its suitability for our needs.

Given that SentinelOne is primarily a host-based intrusion prevention system, I would appreciate it if they would consider providing a comprehensive vulnerability assessment report that goes beyond just application vulnerabilities. Currently, the scope of the vulnerability assessment seems limited, and I don't believe it adequately covers the full spectrum of vulnerabilities that may exist on endpoints. This is a capability that I feel SentinelOne is still lacking, and it's the reason why users still need to rely on other tools for certain isolated cases. If SentinelOne could provide this functionality, it would eliminate the need to look beyond their solution for vulnerability assessment. Apart from the vApp component of Singularity Complete, I believe SentinelOne is already excelling in other areas. However, this is one area where I believe they could introduce additional features to make SentinelOne a truly comprehensive security solution.

I would like to generate a vulnerability assessment report that leverages the national vulnerability database or, if possible, calculates the CDSS score by conducting an endpoint assessment using the SentinelOne agent that is already deployed and resides on endpoints 24/7. I prefer not to deploy additional applications solely for information gathering, as the SentinelOne agent provides ample data for this purpose.

I have been using SentinelOne Singularity Complete for three years.

I would rate the stability of SentinelOne Singularity Complete nine out of ten.

I would rate the scalability of SentinelOne Singularity Complete nine out of ten. I have not encountered any issues when deploying for our clients.

The technical support is generally good, but there are instances when they need to consult with the development team before providing a resolution, which is understandable. However, there have been occasional issues with the IVR system not functioning properly.

I have experience using Cisco Nexus and the Nmap Scripting Engine to identify vulnerabilities and strengthen security postures. I have also used Wazuh, primarily for its comprehensive PCIBSS SOC and GDPR compliance reports, which provide detailed vulnerability listings and mitigation strategies. I believe this focus on compliance is crucial as cybersecurity standards become increasingly mandatory for businesses.

We discontinued using Wazuh because we were unwilling to pay $25,000 annually for a product that provided only CIS benchmark support, a basic vulnerability report, and essentially replicated capabilities we already possessed. I believe a Nexus subscription would be a more cost-effective alternative, costing only a quarter of Wazuh's price while still fulfilling our vApp exercise logging requirements. I am capable of conducting vulnerability assessments, applying patches, re-scanning for vulnerabilities, and proceeding to penetration testing. Our primary goal is to provide vApp capabilities to our clients, and that is where we are seeking a solution. If SentinelOne offered this functionality, we would not need to explore alternative options. However, since SentinelOne lacks this crucial capability, we must seek solutions elsewhere.

The deployment is straightforward. We have scripts to do the automatic installation while onboarding. The deployment takes no more than ten minutes.

I would rate SentinelOne Singularity Complete eight out of ten. I've been using the solution for three years now. It's been generally reliable, but certain capabilities are needed in today's environment that are lacking.

Our clients primarily utilize Office365, we also assess Microsoft Defender for 365 to ascertain if it might be a more viable option, especially if clients intend to enroll with Intune and MDM. This option would be more cost-effective as it is already included within their existing licenses.

Most of our clients are small to medium-sized businesses. This is why the logs and the number of endpoints are not very high. So, unless we specifically require the use of Ranger, we don't need it. However, cybersecurity compliance standards are becoming increasingly stringent. As a result, we are looking into obtaining a solution that can help us perform at least the vulnerability assessment and patching tasks, along with complaint handling.

SentinelOne is an innovative cybersecurity solution. In terms of reputation, SentinelOne excels, particularly in passing third-party and independent audits. Having SentinelOne in our environment gives us the confidence to say that our EDR capabilities are well-managed. So, in that regard, SentinelOne is outstanding. Feature-wise, while SentinelOne's patch and new feature releases aren't always perfect, I would rate them an eight out of ten.

SentinelOne is a well-established product in the market. The addition of new features and modules to the existing platform is a significant step forward. The positive reviews of the product further reinforce its value.

The maintenance revolves around moving to the next stable version. Our standard practice is to always test the version before rolling it out. Therefore, internally, we generally update all the endpoints as soon as we have identified the next stable version. This is the only maintenance that is required, as we are using the cloud version.

SentinelOne is a reliable tool that we rely on. However, when it comes to strategic solutions, we need a tool that can provide us with the capabilities to have a broader discussion with the company's management. I'm not sure if SentinelOne can export reports that could be presented to upper management. If we are seeking management approval for a security budget, we can't simply base our conversation on an EDR solution. We need to address a wider range of security concerns as well. Another drawback of SentinelOne is its lack of support for SysLog from network devices. This is a limitation that often leads people to consider integrating SentinelOne with other solutions, such as a SIEM. My feedback is that if I have to deploy SentinelOne and pay $70,000, I would expect it to provide comprehensive capabilities so that I don't need to look for additional solutions. Otherwise, it becomes tough for technicians and the company as a whole to manage multiple solutions for different security modules.

I am part of the security team, and our strategy is to have this EDR deployed on all of the company's assets, all of our endpoints. We wanted a powerful platform in terms of detection and response to incidents.

It gives us a first layer of security. In addition, we have hired the SentinelOne Vigilance Respond team, a 24/7 SOC that monitors and mitigates. And, in case we need to escalate an alert on any of our assets, it allows us to do a bit of threat intelligence analysis and debug any asset on any topic.

It has helped reduce alerts thanks to the Vigilance service over the last two years. This includes all types of incidents, whether critical, medium, or low priority. Most of the alerts are managed by them, and we do not see them. We only see those that require some information that only our company has, but very few reach that level since Vigilance is directly in charge of managing them. If we had to manage the alerts that Vigilance manages, between 30 and 50 percent of my workday would go to reviewing alerts.

Overall, it has reduced our mean time to detect by about 70 percent, as that is the percentage in which it acts as an autonomous tool. And our mean time to respond has been reduced by 80 to 90 percent because we have SentinelOne's DFIR, Digital Forensics and Incident Response, team involved.

By providing that first layer of detection and response, SentinelOne allows us to have eyes on all our endpoints and, from there, to manage if a machine or a server has been compromised. We can directly isolate it from the network so that malware or ransomware cannot spread broadly.

It has helped us consolidate security solutions, although we did have some problems. The DFIR team responds quickly, and the Vigilance Respond team is continually working with us, managing the alerts. We do quarterly evaluations, and the support team always responds well, plus we interact with the tool ourselves.

The security team has gained a presence and control over the company's equipment that we did not have before.

Every device that does not have SentinelOne installed is a risk, and without SentinelOne, the difference would be significant. It has helped reduce our organizational risk by 70 percent.

SentinelOne has three services that are very well consolidated:

1. Technical support, through which they help you, suggest new configurations, and resolve questions.
2. The Vigilance Respond service, which is a 24/7 SOC that works on and manages all the alerts that are raised in SentinelOne on our devices. It’s a first layer of defense that filters a lot of the requests. Sometimes we end up escalating something because there are times when we need to understand if the alert is a false positive or not.
3. DFIR, Digital Forensics and Incident Response. This team is in charge of doing all the forensic analysis of an incident, and we have a certain number of hours contracted with them. Their advisors' technical level is very high and enables you to create a high-quality forensic report, in case you have to escalate or report it to senior staff. The DFIR team is excellent.

Another aspect that is very good is the solution’s ingestion and correlation across security solutions. We opted for SentinelOne because it gives you visibility and control over all the devices on which you have the agent deployed. That is very valuable because, in the end, all the attacks enter only through one gateway, which is usually a user's computer. If you do not have visibility over that computer and the ability to manage it, you cannot block it, restart it, or run a full scan to see if the user has clicked on a link or if any type of malware has been downloaded. This is a layer of visibility and basic management that any company needs.

Also, there is the threat intelligence and activity correlation. They not only detect and respond to incidents but also prevent them.

We started using SentinelOne Ranger, but we found two problems. Perhaps they are particularities, but they should be addressed as they may change the minds of other companies that are considering this feature.

The first problem is that, while it scans all the assets that are on the network, when it comes to discerning whether an asset is a server or a laptop, it tends to fail. It does not have a very high level of precision. We have experienced problems when reporting these types of assets to those responsible for installing the agent, and then they tell us, "Hey, this is not a server, this is a fax," or "this is a printer." When things like that happen, we lose credibility.

The other issue that we saw with the functionality of Ranger is that if, for whatever reason, you have a product with SentinelOne installed but it is on a client's network, the SentinelOne agent starts scanning the ports and the network and goes to a honeypot. As a result, the client may think that it is being attacked because someone has reached its honeypot, when it’s actually us on the client's network. When you don't know that this is happening, it can generate conflict and tension with the clients. Once you know about the problem, you can deactivate that process, but sometimes it can have a negative impact.

Ranger does provide me with visibility of the network, but not completely because the assets it scans are often mistakenly identified regarding what type of device they are. A SentinelOne agent is worth a lot of money, and there is no point in putting it onto a printer, for example. It should have the ability to go a little further and be more precise.

Another very clear area for improvement, one that I don't understand why they haven't deployed it yet, is a self-updating SentinelOne agent. The agent has a version, and what SentinelOne proposed up until one year ago is that you had to be proactive in consulting the dashboard to see if your agent had reached end-of-life and then update it. Now, they've released a new feature where I believe you can schedule updates, so it makes perfect sense for the agent to update itself without any action on our part, and never go out of version. By simply connecting to the network it should be able to download and update.

This idea is not critical because SentinelOne updates many versions of the agent and, when one becomes obsolete, it does not mean that it no longer works. But this is something that SentinelOne should know how to work with. A solution could be that if you do not have the ability to auto-update the agent, SentinelOne would directly tell you which agents are not updated. That way, we would not have to go to the documentation, look at the dashboard, and filter the agents by version. It would be great if it were able to tell if the operating systems are unsupported so that we wouldn't have to look in the official documentation at whether the Windows Server is outdated or not.

If the agents self-updated, maintenance due to the update process would be minimal.

I have been using SentinelOne Singularity Complete for about two years.

SentinelOne is very stable. It has never dropped or caused any problems

We do not have it in any cloud. The agent is located on devices; we manage almost 10,000 computers. Our company has a presence in nine European countries, and SentinelOne is used in all of them. Our department is the group that supervises all regions, including Spain, France, the Nordic countries, Poland, Romania, the Czech Republic, Austria, and Switzerland.

We are continually deploying new agents because we detect more and more devices. SentinelOne will stay in our company until it dies, so to speak. With what it has cost us to get here, we will not change now.

Support responds in less than a day.

SentinelOne is a top partner in the industry.

Defender for Endpoint is more expensive than SentinelOne. Other solutions are more expensive and others are cheaper, but in terms of cost-benefit ratio, we’ll always stick with SentinelOne.

The detection and visibility over all assets, whether by the agent or Ranger, and the ability to take action as a result are worth it. It is all very intuitive, and for me, these elements are our return on investment.

All the portals, at the end of the day, are "first cousins", such as CrowdStrike and Palo Alto, although that's not exactly an EDR. We went to a global cybersecurity congress in London, and all the solutions were there: SentinelOne and its competition. At the portal, user, and other levels, they are practically the same. Each will have something that is better and something that is worse, but they are quite similar.

You have to do a cost-benefit analysis. Understand the context of your company. It is not the same for a bank or an insurance company compared to a company in the industrial sector that does not manage sensitive data. Understand your particular needs. After a cost analysis, if there is enough budget, choose SentinelOne.

The most important lesson I have learned using SentinelOne is to always listen to what the Vigilance Respond team says.

We are still chasing the benefits of the solution. The model is already deployed, but we are a very large company, and every day we find new devices that do not have SentinelOne. We are still in that phase of continual improvement, of improving the solution and achieving even more benefits. We are getting to the most isolated cases of, for example, servers that have little RAM, and we are debating if we should apply SentinelOne to them because, perhaps, the server will be affected more so.

We are dealing with these small cases and continuously improving. You don't get all the benefits in two months; it is an ongoing process.

I would recommend SentinelOne, and if, in the end, it is a question of budget, choose it. If I became a CSO tomorrow, that is what I would do.

Foreign Language:(Spanish)

¿Cuál es nuestro caso de uso principal?

Soy parte del equipo de seguridad y nuestra estrategia es implementar este EDR en todos los activos de la empresa, en todos nuestros puntos finales. Queríamos una plataforma potente en términos de detección y respuesta a incidencias.

¿Cómo ha ayudado a mi organización?

Nos da una primera capa de seguridad. Además, hemos contratado al equipo SentinelOne Vigilance Respond, un SOC 24 horas al día, 7 días a la semana que monitorea y mitiga. En caso de que necesitemos escalar una alerta sobre cualquiera de nuestros activos, nos permite realizar un poco de análisis de inteligencia de amenazas y depurar cualquier activo sobre cualquier tema.

Ha ayudado a reducir las alertas gracias al servicio de Vigilance durante los dos últimos años. Esto incluye todo tipo de incidentes, ya sean críticos, de prioridad media o baja. La mayoría de las alertas las gestionan ellos y nosotros no las vemos. Solo vemos aquellos que requieren alguna información que solo nuestra empresa tiene, pero muy pocos llegan a ese nivel ya que Vigilance se encarga directamente de gestionarlos. Si tuviéramos que gestionar las alertas que gestiona Vigilance, entre el 30 y el 50 por ciento de mi jornada laboral se dedicaría a revisar alertas.

En general, ha reducido nuestro tiempo promedio de detección en aproximadamente un 70 por ciento, ya que actúa como una herramienta autónoma. Ademas, nuestro tiempo promedio para responder se ha reducido entre un 80 y un 90 por ciento porque contamos con el equipo DFIR, análisis forense digital y respuesta a incidentes de SentinelOne involucrado.

Al proporcionar esa primera capa de detección y respuesta, SentinelOne nos permite vigilar todos nuestros puntos finales y desde allí, gestionar si un equipo o un servidor se ha visto comprometido. Podemos aislarlo directamente de la red para que el malware o el ransomware no puedan propagarse ampliamente.

Nos ha ayudado a consolidar soluciones de seguridad, aunque si tuvimos algunos problemas. El equipo de DFIR responde rápidamente y el equipo de Vigilance Respond trabaja continuamente con nosotros, gestionando las alertas. Hacemos evaluaciones trimestrales y el equipo de soporte siempre responde bien, además interactuamos con la herramienta nosotros mismos.

El equipo de seguridad ha ganado una presencia y control sobre los equipos de la empresa que antes no teníamos.

Todo dispositivo que no tenga SentinelOne instalado es un riesgo y sin SentinelOne, la diferencia sería significativa. Ha ayudado a reducir nuestro riesgo organizacional en un 70 por ciento.

¿Qué es lo más valioso?

SentinelOne cuenta con tres servicios que están muy bien consolidados:

1. Soporte técnico, a través del cual te ayudan, sugieren nuevas configuraciones y resuelven dudas.

2. El servicio Vigilance Respond, que es un SOC 24 horas al día, 7 días a la semana, que trabaja y gestiona todas las alertas que se generan en SentinelOne en nuestros dispositivos. Es una primera capa de defensa que filtra muchas de las solicitudes. A veces terminamos escalando algo porque hay ocasiones en las que necesitamos entender si la alerta es un falso positivo o no.

3. DFIR, Análisis Forense Digital y Respuesta a Incidentes. Este equipo se encarga de hacer todo el análisis forense de un incidente, y tenemos contratada una determinada cantidad de horas con ellos. El nivel técnico de sus asesores es muy alto y te permite crear un informe forense de alta calidad, en caso de que tengas que escalar o informar a tu personal superior. El equipo de DFIR es excelente.

Otro aspecto que es muy bueno es la incorporación de la solución y la correlación entre las soluciones de seguridad. Optamos por SentinelOne porque te brinda visibilidad y control sobre todos los dispositivos en los que tienes implementado el agente. Esto es muy valioso porque, al final, todos los ataques entran sólo a través de una puerta de enlace, que suele ser la computadora del usuario y si no tienes visibilidad sobre esa computadora o capacidad de administrar, no podrás bloquear, reiniciar o ejecutar un análisis completo para ver si el usuario ha hecho clic en un enlace o si se ha descargado algún tipo de malware. Esta es una capa de visibilidad y gestión básica que cualquier empresa necesita.

Además, cuenta con una gran inteligencia de amenazas y correlación de actividades. No sólo detecta y responde a incidentes sino que también los previene.

¿Qué necesita mejorar?

Empezamos a utilizar SentinelOne Ranger, pero encontramos dos problemas. Quizás sean particularidades, pero conviene abordarlas ya que pueden hacer cambiar de opinión a otras empresas que estén considerando esta característica.

El primer problema es que, tal vez escanea todos los activos que hay en la red, pero la hora de discernir si un activo es un servidor o un portátil, tiende a fallar. No tiene un nivel de precisión muy alto. Hemos experimentado problemas al informar este tipo de activos a los responsables de instalar el agente y luego nos dicen: "Oye, esto no es un servidor, esto es un fax" o "esto es una impresora". Cuando suceden cosas así, perdemos credibilidad.

El otro problema que vimos con la funcionalidad de Ranger es que si, por cualquier motivo, tiene un producto con SentinelOne instalado pero está en la red de un cliente, el agente SentinelOne comienza a escanear los puertos y la red y va a un honeypot. Como resultado, el cliente puede pensar que está siendo atacado porque alguien ha llegado a su honeypot, cuando en realidad somos nosotros en la red del cliente. Cuando no sabes que esto está pasando, puede generar conflicto y tensión con los clientes. Una vez que conozcas el problema, puedes desactivar ese proceso, pero a veces puede tener un impacto negativo.

Ranger me proporciona visibilidad de la red, pero no completamente porque los activos que escanea a menudo se identifican erróneamente con respecto al tipo de dispositivo que son. Un agente SentinelOne vale mucho dinero y no tiene sentido ponerlo en una impresora, por ejemplo. Debería tener la capacidad de ir un poco más allá y ser más preciso.

Otra área de mejora muy clara, una que no entiendo por qué no la han implementado todavía, es que el agente de SentinelOne sea autoactualizable. El agente tiene una versión, y lo que SentinelOne proponía hasta hace un año es que había que ser proactivo al consultar el panel para ver si su agente había llegado al final de su vida útil y luego actualizarlo. Ahora, han lanzado una nueva función en la que creo que se pueden programar actualizaciones, por lo que tiene mucho sentido que el agente se actualice sin ninguna acción de nuestra parte y nunca se quede sin versión. Simplemente conectándose a la red debería poder descargarse y actualizarse.

Esta idea no es crítica porque SentinelOne actualiza muchas versiones del agente y cuando una queda obsoleta, no significa que ya no funcione. Pero esto es algo que SentinelOne debería saber cómo ejecutar. Una solución podría ser que, si no tiene la capacidad de actualizar automáticamente el agente, SentinelOne te indique directamente qué agentes no están actualizados. De esa forma, no tendríamos que ir a la documentación, mirar el panel y filtrar los agentes por versión. Sería fantástico si pudieras saber que sistemas operativos no son compatibles para que no tuviéramos que buscar en la documentación oficial si Windows Server está desactualizado o no.

Si los agentes se autoactualizaran, el mantenimiento debido al proceso de actualización sería mínimo.

¿Durante cuánto tiempo he usado la solución?

He estado usando SentinelOne Singularity Complete durante dos años aproximadamente.

¿Qué pienso sobre la estabilidad de la solución?

SentinelOne es muy estable. Nunca se ha caído ni ha dado ningún problema.

¿Qué pienso sobre la escalabilidad de la solución?

No lo tenemos en ninguna nube. El agente está ubicado en los dispositivos; Gestionamos casi 10.000 ordenadores. Nuestra empresa tiene presencia en nueve países europeos y SentinelOne se utiliza en todos ellos. Nuestro departamento es el grupo que supervisa todas las regiones, incluidas España, Francia, los países nórdicos, Polonia, Rumanía, República Checa, Austria y Suiza.

Continuamente implementamos nuevos agentes porque detectamos cada vez más dispositivos. SentinelOne permanecerá en nuestra empresa hasta que muera, por así decirlo. Con lo que nos ha costado llegar hasta aquí no vamos a cambiarlo ahora.

¿Cómo es el servicio y soporte al cliente?

El soporte responde en menos de un día.

SentinelOne es un socio líder en la industria.

¿Cómo calificaría el servicio y soporte al cliente?

Positivo

¿Cuál fue nuestro Retorno de Inversión?

Defender for Endpoint es más caro que SentinelOne. Otras soluciones son más caras y otras más baratas, pero en términos de relación coste-beneficio, siempre nos quedaremos con SentinelOne.

La detección y visibilidad de todos los activos, ya sea por parte del agente o del Ranger y la capacidad que tiene de tomar medidas valen la pena. Es todo muy intuitivo y para mí, estos elementos son nuestro retorno de la inversión.

¿Qué otras soluciones evalué?

Todos los portales, al fin y al cabo, son "primos hermanos", como CrowdStrike y Palo Alto, aunque no sean exactamente EDR. Asistimos a un congreso global de ciberseguridad en Londres y todas las soluciones estaban allí: SentinelOne y su competencia. A nivel de portal, usuario y otros niveles son prácticamente iguales. Cada uno tendrá algo mejor y algo peor, pero son bastante similares.

¿Qué otro consejo tengo?

Tienen que hacer un análisis coste-beneficio. Comprende el contexto de tu empresa. No es lo mismo un banco o una compañía de seguros que una empresa del sector industrial que no gestiona datos sensibles. Comprende tus necesidades particulares. Después de un análisis de costos, si hay suficiente presupuesto, elije SentinelOne.

La lección más importante que he aprendido al utilizar SentinelOne es escuchar siempre lo que dice el equipo de Vigilance Respond.

Todavía estamos descubriendo más beneficios en la solución. El modelo ya está implementado, pero somos una empresa muy grande y cada día encontramos nuevos dispositivos que no tienen SentinelOne. Todavía estamos en esa fase de mejora continua, de mejorar la solución y lograr aún más beneficios. Estamos llegando a los casos más aislados de, por ejemplo, servidores que tienen poca RAM y estamos debatiendo si debemos aplicarles SentinelOne porque, quizás, el servidor se verá más afectado.

No obtienes todos los beneficios en dos meses; es un proceso continuo.

Yo recomiendo a SentinelOne. Si al final es una cuestión de presupuesto, elígelo. Si mañana me convirtiera en un OSC, eso es lo que haría.

We have deployed SentinelOne Singularity Complete on all of our internal employee workstations. It is our endpoint solution for extended detection and response and all of the components within that scope.

We implemented SentinelOne Singularity Complete to help us address our cybersecurity challenges, mitigate threats to our machines and organization, and protect our data.

SentinelOne Singularity Complete integrates well with other third-party solutions, such as Palo Alto Networks, which we use for VPNs, and Zscaler, which we use for content filtering. The fact that it is not an invasive program is great. Therefore, staying in alignment with what SentinelOne is currently doing with the platform is something I would definitely recommend. Something to avoid when choosing an endpoint protection solution is resource consumption. People develop a bad reputation for a product when they detect it impeding their workflow. So, as long as SentinelOne can avoid this, they are on the right track.

It ingests and correlates data across all of our security solutions. It is a modern solution that I am extremely satisfied with.

SentinelOne Singularity Complete has helped us consolidate our security solutions. It is an extended detection and response solution that provides us with detection and response capabilities, as well as heuristic-based protection. It is a very modern endpoint protection solution. I think it is very competitive with other software such as Trend Micro.

SentinelOne Singularity Complete is a modern endpoint protection solution that addresses the cybersecurity needs of the organization realistically and from a compliance perspective. Since I joined the team a year ago, I have seen the benefits.

SentinelOne Singularity Complete reduces the number of alerts because it is an easy-to-manage solution without thousands of data sources. When we do receive alerts, Singularity Complete provides concise and actionable information.

SentinelOne Singularity Complete is a manageable solution that scales and does not require a dedicated person to handle it.

I am satisfied with SentinelOne Singularity Completes MTTD.

SentinelOne Singularity Complete helps reduce the MTTR because it provides actionable steps when something is detected. It also helped us reduce our organizational risk. It uses modern techniques to identify threat actors and helps us maintain compliance. As a large international company involved in governance, it is important to us that Singularity Complete reduces our organizational risk.

SentinelOne Singularity Complete does not consume many resources compared to the competition, like McAfee. The external drive scanning is great.

I am not a fan of the UI and feel it has room for improvement.

Heuristic analysis can always be improved. Many companies need to work on this. So, I think the sooner SentinelOne, for example, can get ahead of the curve on that, the sooner we can count on it as a realistic enterprise solution.

I have been using SentinelOne Singularity Complete for over one year.

SentinelOne Singularity Complete is one of the most stable solutions we have in our stack.

SentinelOne Singularity Complete is scalable.

The few times I have used the technical support it has been a good experience.

I would rate SentinelOne Singularity Complete eight out of ten.

Although we can use a multifaceted approach with different products, this has both advantages and disadvantages. For example, if one product fails, the entire system does not. However, it would be an advantage if SentinelOne offered other tools, such as VPN and encryption. SentinelOne Singularity Complete is a cutting-edge, modern solution that offers a multifaceted approach to XDR. It is not outdated like many other programs. As long as SentinelOne continues to innovate and evolve in the cybersecurity landscape, it will remain a leading solution.

One of the things that really impressed me about SentinelOne Singularity Complete compared to other solutions was their commitment to taking cybersecurity practitioners seriously. This is anecdotal, as I met some of the most technical professionals working at their booth at Black Hat, while many other booths were staffed by sales representatives. As a practitioner, the fact that I can't ask many sales representatives very technical questions is not a good reflection on the company. SentinelOne was different. I was able to have very technical discussions with their staff, which shows that they take their approach very seriously.

SentinelOne Singularity Complete is at the forefront of cybersecurity protection. I consider it a great solution option, and I strongly recommend comparing it to other offerings. I believe it will stand up well against the competition.

We are a Fortune 500 company, and SentinelOne Singularity Complete is deployed on tens of thousands of endpoints.

SentinelOne Singularity Complete is a set-and-forget solution when it comes to maintenance.

I have good impressions of SentinelOne as a strategic security partner.

Organizations should research any solution before implementing it. The price of one product may make sense for some organizations but not others. Apply the same due diligence to any solution that will affect the organization's overall security posture.

We use SentinelOne Singularity Complete for incident management planning to protect against insider and outsider threats, monitor threats, block websites across our branches, and manage assets.

Before implementing SentinelOne Singularity Complete, we could not track our assets, manage the threat insights, or block USB devices. Now we can manage and handle all our assets and keep them healthy. We can also protect our data from malware and ransomware attacks.

The SentinelOne Singularity Complete reporting suite is essential for providing comprehensive visibility into the security posture of an organization.

We realized the benefits of SentinelOne Singularity Complete two months after we deployed it. We knew after the proof-of-concept that SentinelOne Singularity Complete would be useful in our environment.

SentinelOne Singularity Complete helps our organization track all our systems. We receive an automated weekly threat report on our systems, which helps us manage incidents before they occur. We automatically receive insight threat reports in our emails, which is a great way to identify and track issues so that we can remove the affected asset from the environment to protect our systems and network.

SentinelOne Singularity Complete has helped reduce our organizational risk.

SentinelOne Singularity Complete has a valuable feature that allows us to install the agent on every endpoint and extract all asset information for reporting purposes in our live inventory.

SentinelOne's XDR service is valuable. We use them to find the root cause of an issue.

I would like to have a remote desktop feature added so we can remotely access our endpoints.

I have been using SentinelOne Singularity Complete for six months.

We previously used Kaspersky, but we found that it could not clearly identify all of our assets and risks. With SentinelOne Singularity Complete, our environment is more secure.

The initial deployment was straightforward.

We used a third party for the implementation.

SentinelOne Singularity Complete is expensive, but we must be willing to pay for it if we want a high level of protection.

I would rate SentinelOne Singularity Complete nine out of ten.

We recommend that people evaluate SentinelOne Singularity Complete before buying it. At a minimum, they should compare it to their current solution and other products to see the difference. They should do a small comparison of the major points that each product covers and does not cover. Once they have a good understanding of the options, they can have a demo or proof-of-concept before making a purchase. Additionally, it is helpful to check which companies are currently using SentinelOne Singularity Complete in their live environment for a long period of time without experiencing any challenges.

We use SentinelOne Singularity Complete as an antivirus product. We also use SentinelOne's product called Vigilance, which monitors and takes action on active threats in the environment. So, basically, if someone clicks a file, Vigilance recognizes it and takes action for us, providing recommendations and remediation steps. This is a huge value add, and it's in addition to Singularity Complete's ability to monitor threats on devices from the cloud and offer remediation steps.

Our previous antivirus solution was not providing adequate protection. Threats are evolving and mutating rapidly, making it difficult for older antivirus solutions to keep up.

We have not experienced any interoperability issues. Initially, SentinelOne flagged some older software that was trying to run, but we could allow an exception to continue using the software. SentinelOne would still scan the software's location, but it would not block the processes from running. This flexibility is very useful.

SentinelOne Singularity Complete gives us peace of mind when it comes to day-to-day threats, knowing that nothing will get past them and they are always vigilant in detecting and responding to active threats on the network. It helps us sleep better at night.

It does not produce many alerts, but it has reduced the number of threats we have. Alerts are good, but only if they are not too frequent. When there is an active threat, the alert is clear about what is happening, who is affected, and the name of the machine. The alerts are also concise.

It allows our staff to focus on other more important items.

SentinelOne has helped reduce our MTTD and our MTTR because we pay for Vigilance.

SentinelOne Singularity Complete reduces our risk of major attacks, lowering costs.

SentinelOne Singularity Complete has reduced our organizational risk.

The fact that SentinelOne is actively looking for threats and runs them against the hash on the Internet to determine if they are malicious or not, is what takes it to the next level compared to other antivirus products. SentinelOne is more than just an antivirus software, it provides insights into threats and shows the flow of attacks. It also allows us to set policies in the cloud so that any other system that is affected by the same bug or virus will be automatically killed, removed, and rolled back. Cloud automation is truly amazing.

I would like to see a privilege access management feature added to SentinelOne Singularity Complete. This would allow us to generate alerts when users try to run applications as administrators to approve or deny these requests and create policies within SentinelOne. I think this would be a great addition to the suite, as it would eliminate the need to purchase a PAM solution from another vendor. It would also give us greater visibility into user activity, as the SentinelOne portal is already very good.

SentinelOne needs to improve its endpoint deployment process. To illustrate, compared to ConnectWise, a remote management software that also has some security features. In ConnectWise, we can generate an installation package based on a group and deploy the software to all endpoints in that group without the need for a script.

I have been using SentinelOne Singularity Complete for three years.

I would rate the stability of Singularity Complete ten out of ten.

I would rate the scalability of Singularity Complete ten out of ten.

We pay for Vigilance, which is a 24/7 instant response team. However, if we did not pay for Vigilance and I had a question for technical support, they would usually respond within a few hours or the next business day, depending on the issue. I feel that they ask too many irrelevant questions when we are generating a ticket, but I understand why they do it.

We were using Carbon Black before, but SentinelOne Singularity Complete is much easier to use. The portal is more intuitive, the email alerts are more intuitive, and everything about it is easier on the eyes. It has a simpler view. Their cost was comparable to Carbon Black, but the solution was much better.

The initial deployment was moderate. It would be much better if SentinelOne had a better way to induct the site token into the installation process, rather than requiring users to create a script.

The deployment took a couple of weeks to complete and required two people. We captured 80 percent of the endpoints within the first day, and then it took a couple of weeks to catch the more subtle ones.

Nothing good is cheap, and SentinelOne is no exception. However, as a market leader with a great product, they don't have to be so timid with their pricing. I would like to see lower prices, but I understand why they charge what they do. It is what it is when it comes to SentinelOne Singularity Complete.

I would rate SentinelOne Singularity Complete nine out of ten.

I would focus more on how the product is delivered and maintained. Maintenance of any type of antivirus product is always an important question when it comes to how to maintain this product and how to use it without dedicating a lot of resources to it. SentinelOne has just introduced an automatic upgrade feature for their client agent that allows us to set a policy to always keep our agents on the general mobility version. This will automatically upgrade our agents for us, saving IT a lot of time. Before, we had to manually upgrade our agents from the cloud, but now this process is fully automated. This is a huge value-added feature, and the agent is not very disruptive.

We have SentinelOne Singularity Complete deployed on our Windows servers across the country. Around 15 people are using the solution.

We must constantly monitor the portal to review items that Singularity Complete has blocked. Occasionally, we must decide whether to allow or deny access. We must definitely stay engaged with the portal, as it is not a fully hands-off solution. This is appropriate, as some interaction is necessary. However, the level of interaction required does not bother me.

If I were to recommend SentinelOne Singularity Complete to anyone else, I would definitely help them understand these types of products. People who are looking at cloud antivirus are usually coming from on-prem antivirus, so they may be shocked by the price. I would help them understand that yes, cloud antivirus products cost more than normal antivirus, but they offer peace of mind. Once they understand this, they can start to appreciate the value of the product.

We use SentinelOne Singularity Complete to protect all of our servers and cloud workloads, whether they are on-premises or hosted in the cloud.

We were transitioning from our legacy antivirus protection system, which required a lot of overhead to maintain, ensure they were up to date, and verify their performance. It also tended to hurt system performance. We therefore sought to move to a modern EDR solution that did not rely on that type of outdated technology. We migrated to SentinelOne, which gave us better protection without the adverse consequences of legacy AV products.

SentinelOne Singularity Complete is deployed on workstations, data centers, servers in the public cloud, and all of our mobile devices, which are very numerous.

The integration between SentinelOne and IBM QRadar, our security operation center SIEM, is important and works extremely well. It means that if there are any alerts on the SentinelOne platform, they will be sent to QRadar, where a stack analyst will review them. This allows us to start working on incidents quickly, without having to have people continuously monitoring the SentinelOne console. Another benefit of the integration is that it makes it easy to deploy new or upgraded versions of the SentinelOne software to all of our endpoints and servers. We simply notify the data center run by the customer success team, and they take care of the deployment. This eliminates the need for IT overhead to keep everything up to date, which is important from a governance perspective.

The integration with other SentinelOne products and third-party tools is very good.

SentinelOne Singularity Complete's ability to ingest and correlate data from our other security solutions is good. If we look at a diagram of our security operation systems, we can see that the SIEM is at the center of everything. All other products, such as SentinelOne, Chain, patch management, and abnormal security for email, feed into the SIEM, which is where the stack measures everything. Therefore, SentinelOne does not integrate with other solutions directly, but rather through the SIEM.

In the three years since we began using SentinelOne Singularity Complete, we have not had a major security incident. We have observed malware entering browsers through websites, but SentinelOne has always dealt with it effectively. Therefore, we see the benefits of the platform in the absence of any significant events. As long as SentinelOne Singularity Complete continues to operate quietly, we are happy with its performance.

SentinelOne Singularity Complete alerts when it should, and those alerts are sent to the SIEM. I don't approach EDR or SentinelOne from the perspective of wanting to reduce alerts, because I want those alerts. I rely on peripheral systems like SentinelOne to always tell the SIEM anything it needs to know. So, I'm not approaching this from an alert minimization perspective. Instead, I approach it from this perspective: If we have a high, medium, or low alert, it's up to us to decide how we're feeding our highest rate and mediums, but we don't need to feed in the lowest alerts because we don't see the benefit of that. It's up to us to make that judgment. And obviously, our high and medium alerts will be smaller, and our lows will be higher. It's up to the customer to decide how much they want to send over to the team.

SentinelOne Singularity Complete has helped free up our staff time around one day per week.

SentinelOne Singularity Complete helps reduce our MTTD.

SentinelOne Singularity Complete has reduced our MTTR by 25 percent. It is a more reliable product, so we receive alerts and respond to them more quickly than we did with the previous product.

SentinelOne Singularity Complete has reduced our organizational risks by five percent.

The most valuable aspect of SentinelOne Singularity Complete is the protection it provides. We get endpoint protection without the IT team workloads and the negative impact on end-user rotation servers. This is because of the way SentinelOne has implemented the technology.

One of my criticisms of SentinelOne is the Ranger functionality. If Ranger were part of the core product, we would be able to identify endpoints or servers that need to be protected with our licenses. However, to get Ranger, we need to buy more licenses, which doubles our costs. I would like to have Ranger, but I challenge the way that SentinelOne licenses it. I believe that Ranger should be a core part of the product. If we run Ranger today and find that 100 devices on our network are not protected by SentinelOne, we would then need to add on those 100 licenses to cover them.

The licensing model is too complex, whether we agree with all parts of it or not. Everything is now offered as a service, so the console and the licensing model can be improved to make things easier, especially when updating new versions of the software.

I have been using SentinelOne Singularity Complete for three years.

SentinelOne Singularity Complete is stable.

SentinelOne Singularity Complete is highly scalable.

We are happy with SentinelOne's technical support.

We previously used a legacy solution. The migration over to SentinelOne Singularity Complete was relatively trouble-free.

Once all testing was complete, the deployment was straightforward. Eight part-time employees completed the deployment in three months.

The only return on investment we can point to with any EDR is that we have not been attacked.

SentinelOne Singularity Complete is reasonably priced. Compared to other products I've used in the past, such as CrowdStrike, it is significantly less expensive. I can easily find evidence of this price difference, so I believe that SentinelOne is a fairly priced product.

I would rate SentinelOne Singularity Complete eight out of ten.

SentinelOne Singularity Complete is a mature solution of the highest quality.

We have deployed SentinelOne Singularity Complete worldwide in airlines from Australia, throughout Europe, and across Africa in a complex environment.

We have 4,500 endpoints and around ten active users.

The maintenance level for SentinelOne Singularity Complete is relatively low.

SentinelOne is good as a security partner. They do exactly what we expect of them and it protects us.

I would always conduct a proof of concept for these types of products, as each environment is different. Even though SentinelOne Singularity Complete works well, a POC should always be done.