In my organization, we use SentinelOne Singularity Cloud Security to enhance our security posture. The platform provides alerts and recommendations on best practices, policies, and necessary updates to strengthen our infrastructure security.

We implemented SentinelOne Singularity Cloud Security to strengthen our security posture. Previously, we lacked clear guidance on best practices, including password reset policies, patching procedures, and VM updates. SentinelOne provides these best practices and recommendations, significantly improving our infrastructure security.

SentinelOne Singularity Cloud Security is user-friendly.

Evidence-based reporting helps prioritize and solve cloud security issues. When an issue occurs in my infrastructure, I receive an alert on their dashboard and a notification is sent to our common email address. SentinelOne Singularity Cloud Security provides a direct link to the affected resource in the AWS console, allowing me to navigate to the issue and resolve it quickly.

SentinelOne Singularity Cloud Security has improved my organization's security posture significantly. Before its implementation, we lacked an understanding of best practices for security. The solution has clarified our path by providing guidelines and alerts, which have helped us secure our infrastructure effectively.

It has reduced the number of false positives significantly, providing accurate data for our security processes.

SentinelOne Singularity Cloud Security has significantly improved our risk posture.

Prior to implementing SentinelOne Singularity Cloud Security, our mean time to detect ranged from 30 to 35 minutes. Now, with SentinelOne, our MTTD has significantly improved, falling within the range of 5 to 10 minutes.

Our mean time to remediate has been reduced to five minutes since implementing SentinelOne Singularity Cloud Security.

SentinelOne Singularity Cloud Security offers several valuable features, most notably the rapid vulnerability notifications that provide timely alerts regarding our infrastructure. Furthermore, the platform's intuitive interface enables even novice team members to navigate the dashboard with ease, minimizing the need for extensive documentation.

I believe the UI/UX updates for SentinelOne Singularity Cloud Security have room for improvement. While the current interface is excellent, enhancements could make it more user-friendly. Additionally, an improved notification system that sends alerts about vulnerabilities directly to our centralized console would allow for a more prompt response.

I have been using SentinelOne Singularity Cloud Security for almost one and a half years.

I rate the stability of SentinelOne Singularity Cloud Security as nine out of ten.

I rate the scalability of SentinelOne Singularity Cloud Security as ten out of ten.

I have contacted SentinelOne's technical support team once, and they were very helpful. Their communication and product knowledge were excellent.

The initial cloud-based deployment was straightforward, taking approximately two to three working days with a team of three people.

The implementation was handled internally by my team with guidance from a senior resource.

I rate SentinelOne Singularity Cloud Security nine out of ten.

We have 150 users of SentinelOne Singularity Cloud Security.

I recommend SentinelOne Singularity Cloud Security to others because it is very important from a security standpoint.

Working in a highly regulated space with stringent security requirements for money movement necessitates robust security measures. SentinelOne Cloud Security effectively secures our workloads, providing peace of mind and significantly reducing stress by addressing both security and regulatory needs.

The primary challenge we faced was achieving comprehensive visibility and observability across our extensive cloud environment, which comprises over 50 AWS accounts. It was difficult to determine the specific account and business entity associated with each workload. SentinelOne provided a centralized view of all workloads, enabling us to identify misconfigurations, pinpoint their location, and assess their potential impact. This clarity allowed us to prioritize responses based on the criticality of the affected account, such as production or highly regulated environments, thereby optimizing our response time.

To reduce noise and improve security monitoring, we implemented two key strategies. First, we leveraged the SentinelOne platform to identify internet-exposed assets and prioritize them for enhanced monitoring. SentinelOne's cloud-based capabilities significantly reduced false positives and helped establish a baseline for normal network activity. Second, we integrated the Infrastructure as Code module to automatically detect any deviations from the baseline or new misconfigurations. This proactive approach enabled us to efficiently address vulnerabilities and maintain a secure environment. After an initial cleanup, ongoing maintenance became much easier due to the continuous monitoring and automated alerts provided by SentinelOne and the IAC module.

Cloud security has helped reduce false positives by prioritizing vulnerabilities based on two factors: the criticality of the exposed asset and the environment it operates within. This prioritization metric helps eliminate false positives and allows teams to focus on fixing actual security issues.

Cloud security has improved incident response, primarily by enhancing observability. This allows for immediate identification of an IP address's host account and connected resources, which speeds up response time. Understanding the potential damage is also crucial, and this is achieved by knowing all resources accessible to the compromised asset. This comprehensive approach, combining identification and impact assessment, significantly strengthens security response capabilities.

SentinelOne Cloud Security reduces response times by providing context for assets, such as location, access details, and component interactions. This allows for quick identification of the responsible team and facilitates efficient damage assessment and remediation. Automated responses, like automatically fixing public S3 buckets, can be implemented, although caution is needed as some public access may be intentional.

SentinelOne Cloud Security has significantly improved team collaboration by simplifying the process of identifying the owner of a vulnerable or problematic component. Previously, this was a time-consuming task, but now the platform allows for quick identification of the responsible business entity and developer, enabling direct contact with the appropriate DevOps personnel. This streamlined process accelerates both detection and response times, ultimately enhancing overall security.

SentinelOne has released Purple AI, a tool with immense potential. It can analyze sentences and identify specific IP addresses or vulnerable machines, significantly aiding threat detection. This capability allows for rapid computation and complex query execution, delivering crucial answers in minutes and enhancing data analysis for security purposes.

Cloud Security has provided a single view to observe all workloads, prioritization for handling cloud assets, and reduced noise by distinguishing false positives effectively.

Once all components, including the cloud piece and container runtime piece, integrate further and incorporate an AI layer for better comprehension, it will greatly enhance the utility of Singularity Cloud Security.

I have been using SentinelOne's cloud piece for about three to four months.

SentinelOne has provided excellent support, enabling us to implement a robust solution customized to effectively meet our security and compliance needs.

Prior to implementing SentinelOne, we faced excessive false positives and an overwhelming number of findings, hindering prioritization. However, SentinelOne Cloud's offensive engine provides reassurance by automatically checking exposed assets for new threats, such as zero-day attacks, ensuring immediate awareness of any issues.

SentinelOne allows for customized prioritization, enabling changes based on specific accounts and the addition of further actions to misconfiguration adjustments. The graphing ability of SentinelOne CNAPP facilitates comprehensive chaining for in-depth analysis. The demos on misconfigurations and the prioritization matrix were particularly informative.

SentinelOne provided competitive pricing compared to other vendors, and we are satisfied with the deal.

When evaluating CNAPP vendors, several key considerations emerged. First, it was essential to assess the regulatory frameworks and ensure compliance. Second, the issue of false positives needed to be addressed to maintain efficiency. Finally, the prioritization capabilities, particularly the use of graphs to identify critical assets, were crucial factors in the selection process.

I would rate SentinelOne Cloud Security a nine out of ten. They are bringing all the pieces together, and once the Purple AI can interact with all the different components and correlate across them, I think that's where its real power will come from.

SentinelOne CNAPP was extremely helpful and chosen for three primary reasons: their responsive and efficient team facilitated a rapid deployment; the technology itself proved to be very robust and effective; and the platform's configurability allowed for seamless integration with our specific business needs.

For those evaluating SentinelOne CNAPP, it is advised to engage with their team for potential configuration changes. The tool offers comprehensive insights, providing productive usage from day one for penetration testers and security engineers.

As a senior IT security director, I oversee the governance and guidance of security deployments, including the development and implementation of use cases. My primary guiding principle, which is shared by my team, is to prioritize visibility. This translates into our use of SentinelOne Singularity Cloud Security to gain comprehensive visibility across our hybrid infrastructure including cloud, on-premises, and end-user workstations. Ultimately, visibility is the main driver of our security strategy.

Singularity Cloud Security significantly reduced our organization's threat detection time by providing immediate data visibility. This allows our team to analyze telemetry in real-time, query it, and identify anomalies or potential threats using the Singularity platform. We can create rules that automatically trigger alerts based on this real-time data, enabling immediate response. This instant threat detection and response capability is a major improvement over our previous reliance on multiple tools with delayed data flows. Singularity Cloud Security eliminates those delays, saving valuable time in incident response scenarios.

MTTR and MTTD are critical metrics for incident response processes. They measure the time it takes to fully address an incident, from initial detection to complete remediation. Minimizing these times is crucial to limit damage, as attackers can quickly exploit vulnerabilities and compromise additional systems. Rapid detection and response are essential to disrupt attackers and prevent further progression within the attack chain.

Singularity Cloud helps reduce false positives by allowing engineers direct access to data. This access enables querying, validation, and the creation of correlation searches for improved data analysis. Instead of a black box approach, Singularity provides full visibility into the code and syntax used, increasing confidence in the results. Ultimately, Singularity offers greater control over correlation searches, detection rules, and response scenarios due to the enhanced engagement and control it provides.

Singularity's ability to create custom correlation searches significantly reduces noise by avoiding reliance on generic, pre-built searches that often lead to false positives in diverse organizational environments. This targeted approach results in a high positive rate and efficacy, allowing for focused detection and response. By designing and running custom searches, Singularity minimizes the need to sift through irrelevant alerts, unlike systems using default rules that inundate analysts with noise. This translates to a very low noise-to-efficacy ratio, enabling efficient and accurate incident response.

Singularity Cloud offers valuable data and capabilities extending beyond security, benefiting various business units. For example, it helped troubleshoot a newly introduced service with limited telemetry. My team created custom correlation searches to track specific event types, confirming the software's functionality. This success garnered positive feedback throughout the company, reaching even the CIO and CSR, as it enabled the business to showcase the software's effectiveness in a way that was previously impossible.

SentinelOne improves our regulatory compliance by fulfilling the endpoint detection and response requirements of various frameworks. Many federal regulations require businesses to meet specific security standards, including those related to endpoint, identity, and cloud security. SentinelOne enables us to meet these requirements and assure potential partners that we have a robust security posture. This strengthens our partnerships and streamlines procurement processes, demonstrating how SentinelOne contributes to our compliance efforts.

SentinelOne's evidence-based reporting, particularly the CNS reports, fosters trust due to the transparency of the data source and the ability to understand the underlying mechanisms. Knowing the search criteria, data types, and information gathering process, especially when customized for detection engineering, creates confidence in the product and the relationship with SentinelOne. This transparency and customization allow users to delve into the mechanics of the reporting, understand its functionality, and ultimately trust the evidence provided.

AI is a crucial consideration for security strategies. While some view AI as a potential replacement for human analysts, others see it as a powerful tool to enhance their capabilities. The latter approach emphasizes AI's ability to accelerate incident response, improve threat detection, and provide valuable insights to analysts. This perspective suggests that AI should be used to augment human expertise, enabling analysts to make faster and more informed decisions, particularly in prioritizing threats and developing a sixth sense for identifying malicious activity. By integrating AI as an enabler, organizations can empower their security teams to become more efficient and effective, ultimately strengthening their overall security posture.

Singularity Cloud's ability to create custom correlation searches and reduce noise is highly valuable. It allows us to focus on specific detections with high efficacy, avoiding the noise typical with default rules, thus enhancing our incident response efficiency. Additionally, the engineer engagement enables us to have full visibility into the code and design effective correlation searches and detection rules.

While the future roadmap presented by SentinelOne appears promising, I hope the envisioned advancements are realistically achievable and that the gap between current offerings and long-term goals is not too significant. If SentinelOne can deliver on its vision, it will be truly impressive, and we will continue to support its efforts.

I have been using SentinelOne Singularity Cloud Security for four years.

Singularity Cloud has been stable over the course of our usage.

We have not faced issues with scalability and find the solution flexible enough to accommodate our dynamic environments.

SentinelOne has consistently provided excellent support. While there were some initial challenges when we first partnered with them four years ago, these were resolved over time with continued effort and communication. As with any relationship, investment leads to strong, positive outcomes, and we have maintained a great working relationship with SentinelOne ever since.

Prior to SentinelOne, we did not use an EDR vendor. Four years ago, ransomware became increasingly prevalent, transitioning from a niche topic in IT news to a major concern covered by prominent media outlets like CNN and the Wall Street Journal. This heightened awareness led to increased pressure from company leadership, demanding strategies to mitigate the risk of ransomware attacks. Consequently, we sought an EDR solution to bolster our security posture. SentinelOne was selected over two competitors due to its superior detection capabilities, customization options, and competitive pricing, all critical factors considering our budgetary constraints. In retrospect, I believe we made the correct decision.

The initial setup was straightforward and well-supported by SentinelOne.

We implemented the solution with the help of SentinelOne's support and engineering team.

By significantly reducing incident response time and false positives, the ROI has been evident in terms of optimizing our security operations and minimizing risks.

The licensing is easy to understand and implement, with some flexibility to accommodate dynamic environments. The combination of pricing and the ability to customize detection rules was a key factor in selecting SentinelOne.

We evaluated two other competitors before choosing SentinelOne based on detection capabilities, customization opportunities, and competitive pricing.

I would rate SentinelOne Singularity Cloud Security nine out of ten.

Currently, our cloud workload protection system is deployed for visibility only, without blocking capabilities or enforced policies. While we are not yet utilizing its full protection potential, this proactive approach allows our development, IT, and quality teams to gradually transition to containerized workloads over the next few years. SentinelOne's cloud workload protection tools provide the necessary functionality to secure our environment as teams adopt modern serverless methodologies. Although full implementation is an ongoing effort, having these tools in place ensures we can confidently secure our evolving infrastructure.

We've thoroughly enjoyed our four-year partnership with SentinelOne. Their account management and readily available engineering support have been exemplary, setting a high standard for customer service. While escalations can sometimes experience delays, their responsiveness has been the best we've encountered. The entire organization, from account managers and engineers to the managed detection response service, operates cohesively.

Cloud security is challenging, especially in multi-cloud environments, but as we use a single cloud provider, we leverage native security tools for detection and visibility. While we initially considered cloud-native protection unnecessary, we realized the limitations of relying solely on our provider's knowledge and visibility. Their data is inherently limited by their own experience. SentinelOne, with its global customer base across various cloud providers, offers broader threat intelligence. Learning from attacks across all cloud platforms, like Amazon, Azure, and Google, is crucial for a comprehensive security posture. By partnering with SentinelOne, we gain access to this wider threat landscape and benefit from a learned security environment.

Our organization relies on Azure services. A key advantage of SentinelOne is its ability to serve customers across various data centers, including those hosted by Azure and Amazon.

I recommend colleagues and professionals in information security give SentinelOne a try, as they will quickly see the benefits, especially if not working with modern cloud-based solutions. SentinelOne's capabilities in visibility and detection make it a valuable addition to any security strategy.

SentinelOne's openness to customer feedback is impressive. I've served on other customer advisory boards, even for competitors, but SentinelOne stands out. They actively involve customers in shaping their products, including the user interface, detection rules, and Singularity AI Cloud components. This customer-centric approach fosters a mutually beneficial relationship where customer feedback directly enhances the security solutions. I encourage all SentinelOne customers to explore opportunities like beta testing, advisory boards, or UX feedback programs. The company's success translates to improved security for organizations like mine, and the close collaboration builds a strong, valuable partnership. Seeing our feedback implemented in their products is truly remarkable.

We are running the entire cloud base on AWS infrastructure. The major use case for this product is cloud misconfiguration because a lot of changes keep happening in our environment. There are multiple teams and multiple verticals within our organization. We have different verticals across different business units. They have their local IT infrastructure teams, and all these teams are making changes.

We have IT admins at multiple locations. There is a team of 10 to 12 members. It was a challenge to manage cloud security when they made changes, spun up new servers, or created new instances for new projects. Cloud misconfiguration was one of the major areas where we saw issues because things were not getting created as per the process or security protocol. When they are creating instances, they are not aware of the implications and the security incidents that may happen by keeping certain ports open. They might not be aware of the security issues that may come up. So, cloud misconfiguration was one of the main reasons why we opted for this product.

Another reason was to have a dashboard for the management and for the centralized team. We are a part of the centralized team that is taking care of the entire platform. It is very necessary for us to keep track of the changes and see if any P1 or critical security incidents are open. They are a risk to our organization's security. We wanted to have such visibility. Manually keeping track of those changes and open issues was very difficult for us.

It highlights critical or high-priority incidents. That is helpful. When we have a lot of issues on the dashboard, we can at least prioritize them based on the severity. We target critical incidents first and then move to the high-priority incidents. We still have medium and low-priority incidents on the dashboard. We require some amount of time to fix them. From a reporting perspective, it helps us to prioritize accordingly. We know that at least from a high-impact point of view, we are secure.

We do generic vulnerability scanning whenever there are any new changes or we are building any new applications. We keep the generic vulnerability scanning on whenever any new instances are created, and we run the scan once a week for already created instances.

We have not explored evidence-based reporting much. It is a good feature, but we mostly look at the priority of the incidents. We fix them based on the criticality. The description of the issues and the categorization make it easy to utilize the reports.

It has affected our risk posture. All the critical incidents and high-priority issues have been resolved. We are in a better place now in terms of risk posture. The medium-severity issues still need to be fixed, but earlier, we used to have critical incidents as well. We did not have any visibility into those things. We are now quite confident that we do not have any major security issues. We keep running the scan every week. It helps us to detect any new changes or vulnerabilities in our environment.

We could see its benefits immediately in terms of visibility. Previously, we did not have any visibility into where we were in terms of the security landscape. That benefit was immediate, and then we started fixing the problems and reduced critical issues and high-priority issues. We became confident in our security, and we were able to secure the environment wherever we had an incident. Its benefits were immediate from a visibility point of view, and then it took two to three months to have a direct impact in terms of security.

Singularity Cloud Native Security helped us to reduce false positives. We also have a managed service provider. We took their help to reduce false alarms and other issues. It also helped us to implement some of the best practices while creating any instances or making any changes to any particular instances. We created best practices and standard operating procedures for the infrastructure team. They follow the standard operating procedures while making any changes or creating any instances. We are seeing a drop in the number of issues compared to two or three years ago.

Our remediation time is reduced. Initially, it took some time to identify the remediation steps and what had to be done to fix the problems, but now we know what needs to be done. From a prevention point of view, we now know what we should not do. That has helped with changes that we keep on doing in the environment.

Singularity Cloud Native Security provides us with a platform to scan instances when they are getting created, and the dashboard helps us to identify the critical issues. We created a road map and prioritized the issues based on the criticality of the problem. We have reduced P1s. We have resolved any critical incidents that came up in the dashboard. We still get high-priority incidents, and we keep on prioritizing and fixing them. That is because we have visibility into the open issues that we have. Management is also happy. They are aware of the things that are coming up on the dashboard. They are aware of the impact and the risk. We did not have this visibility previously. All the teams that are a part of IT are aware of the importance of it. It has been included as part of our software development cycle.

It is very easy to use. The user interface or the dashboard is quite simple. It clearly shows you the type of issues that are there. It also breaks down and groups them into the types of issues. If I have 100 issues on the dashboard, it categorizes them. Out of these 100 issues, 50 of them might be related to the same category. If I choose one of the high-priority incidents and fix them, all 50 issues might get fixed. This way, it is a bit easier for us to target specific use cases and resolve a lot of underlying problems. The descriptions are helpful. It gives us information about how to resolve a particular problem. It is easier when the tool itself tells you what you have to do to fix an issue. You can then research more and get it done. It is quite simple. Even the leaders who are not very technical can understand what is the impact and what is causing the problem.

They can provide some kind of alert when a new type of risk is there. There can be a specific type of alert showing that a new type of risk has been identified.

We use Jira for pushing any changes. If any kind of integration is possible between Jira and the Singularity Cloud Native Security dashboard, it will be easier for us to track. Before approving in Jira, I can ensure that any issues in Singularity Cloud Native Security are closed. Such an integration will be helpful.

Its pricing model is a little bit inflexible. Different organizations have different structures. We have multiple business units. Based on the different verticals, we have to create different subscriptions for them. If I create a new subscription and add it to Singularity Cloud Native Security, as per the current licensing model, I have to pay more for that. It should not be like that. It should be based on the number of servers. This kind of flexibility would help customers like us.

It has been close to two years since we have been using this solution. Prior to this, we were working with CrowdStrike, and then we migrated to SentinelOne two years back.

I have not seen any issue with Singularity Cloud Native Security.

If any slowness is there, we will probably wait and run it after half an hour or one hour. Nothing major has been highlighted to me or has been a blocker as such. The pricing model is the only thing that would be a concern.

We take help from our managed service provider. If we have to fix any particular problem that we are not aware of or do not have the expertise for, we get help from the managed service provider. They have a service team with experts. They get it done for us.

We did not directly use any other solution. We have a managed service provider. We have taken their help, but it was more of a tool that they used at their end, and then they shared a report with us. Based on that report, we took action. It was not a regular thing that we used to do. Once in a quarter, we would probably allow them to scan and send us a report. Based on that, we used to take action. That was the process that we used to follow earlier.

Its implementation was a little bit difficult because it was a new tool that we were using. It takes time to understand the issues, specifically in terms of what has to be done to fix them. Aligning all the teams was a little bit difficult for the initial two to three months, but once we understood the product and what needed to be done for the issues that were getting highlighted in the dashboard, it was easy.

Initially, we had to do a lot of sessions to bridge the gap. That was because this initiative was taken by the Cloud Security team and the DevOps team. We needed a lot of patience to collaborate with the engineering or development team. A lot of the issues required help from the engineering team in terms of making changes at the core level as well. It took one or two months of time to do sessions with the developers and create SOP within the development life cycle itself. Overall, the support from the leadership was quite good. All the leaders agreed that this is a very important change that we are bringing into the organization, and it will be an ongoing thing that we need to follow. We have also added it as part of the SDLC. We use Jira to manage changes and defects. We have added security as one of the flags over there. Someone from the InfoSec team has to give a sign-off for any changes that are happening. If a project is going live, he has to check any open issues in Singularity Cloud Native Security. He has to give a sign-off before the project goes live. That is one of the changes that we have pushed in terms of the product life cycle itself, and that has helped to align different things. Unless they get a sign-off from the InfoSec team, it cannot be deployed. Everyone knows the process now. It is a part of the cycle.

It took at least 45 days to deploy and utilize all the features. We did not do it in one go. We did it phase-wise. We opted for one subscription, and then we slowly deployed it across other subscriptions.

It does not require any maintenance from our side. We have a managed service provider, and they are keeping track of it. There is no additional maintenance as such. We just have to keep track of things. It is more of a process adherence and making sure that we keep a check before we push anything into production.

I am personally not taking care of the pricing part, but when we moved from CrowdStrike to Singularity Cloud Native Security, there were some savings. The price of CrowdStrike was quite high. Compared to that, the price of Singularity Cloud Native Security was low.

Singularity Cloud Native Security is charging based on the subscription model. If I want to add an AWS subscription, I need to pay more. It should not be based on subscription. It should be based on the number of servers that I am scanning. There should not be an extra charge for adding a subscription, and the pricing should be based on the number of servers that I am scanning.

We are not using Singularity Cloud Native Security's Offensive Security Engine. We used the Infrastructure as Code (IaC) Scanning initially. When the demo was given, we had to use that scanning, but it is not something that we keep running on a regular basis.

Overall, I would rate it a nine out of ten. I am quite happy with the service and the value that it provides. The one point that I am not giving is because of the pricing model. If it had a more flexible pricing model, I would rate it a ten out of ten.

I use SentinelOne Singularity Cloud Security as an endpoint security tool. We have deployed it on multiple users' endpoints and multiple servers to protect them from security threats.

As a security engineer responsible for administering the SentinelOne Singularity Cloud Security, Kubernetes, and VR tool, I work in an organization with over 10,000 employees and numerous virtual servers and corporate network machines. To safeguard these systems from security threats, we've deployed Singularity across all endpoints and servers to monitor for and respond to incidents, gathering detailed information about their spread and affected machines.

Any security incident or malware detection is reported to security administrators within a fraction of a second. Basic rules and AI detections drive this rapid response. For example, suppose a file is flagged as suspicious based on its activity and alignment with the MITRE ATT&CK framework. In that case, the system identifies the file's behavior, categorizes it according to MITRE attackers, generates AI-based responses, and provides insights to security administrators for review and further investigation.

Automated remediation is highly effective, responding in mere fractions of a second to block, quarantine, or contain affected files or devices. Additionally, it can isolate endpoints from the network to prevent malware from spreading or containing compromised systems.

The Ranger feature is not exclusive to Linux systems. It scans all devices on a network, providing information about the types of machines and operating systems present within that specific network environment.

Workload telemetry visibility is valuable during incident response, triage, and analysis. Detailed information about the process is provided when an incident is reported, offering deep insights. For example, if a file is flagged as malware, the entire process behind its execution, including accessed files and invoked processes, is displayed. This comprehensive history effectively aids in determining file behavior and accurately classifying it as benign or malicious.

The benefits of SentinelOne Singularity Cloud Security are immediately visible through the quick response time.

The mean time to detection is under half a second.

The mean time to remediate is between one and one and a half seconds.

It provides an automated response, eliminating the need to block and investigate files manually. SentinelOne Singularity immediately blocks suspicious files, and subsequent investigation allows us to whitelist the file completely or maintain the block.

The most valuable features are automated threat response, AI detection, and static and dynamic detection. Monitoring all activities on the server's endpoint provides security administrators with deep visibility into endpoints, servers, and the incidents occurring on them.

I request that SentinelOne investigate this false positive, as SentinelOne has a higher false positive rate than other XDR solutions. While false positives are an expected part of incident response, excessive numbers can indicate accuracy issues with the tool.

I have been using SentinelOne Singularity Cloud Security for two years.

Cloud-based stability is beneficial because it eliminates downtime for business owners, ensuring uninterrupted operations.

Scalability is relatively straightforward as it primarily involves installing agents on additional machines and addressing licensing requirements.

Auto-scaling based on workload demands is beneficial, for example, when a hundred machines are added to the corporate network. We need to deploy the SentinelOne agent to these additional machines and confirm that the license accommodates the increased number of devices.

We previously used Crowdstrike Falcon but prefer SentinelOne Singularity Cloud Security because it is user-friendly. The GUI is easy to understand, operate, and administer.

Due to SentinelOne's cloud-based nature, initial deployment is straightforward. Simply installing the agent on the endpoints we wish to protect is sufficient, making setup within our existing corporate network infrastructure relatively uncomplicated.

The deployment time varies depending on the number of endpoints and servers accessible within the network, but it typically takes one to two months to complete and transfer responsibility.

Two people are necessary for deployment: one to handle administrative tasks and another to manage the SCCM component, such as pushing agents to multiple machines.

I would rate SentinelOne Singularity Cloud Security eight out of ten.

Sometimes, Singularity incorrectly flags legitimate files as malware or suspicious, which can disrupt the work of some project users. However, we understand the importance of protecting against potential threats and appreciate Singularity's proactive approach. We can easily whitelist false positives, minimizing productivity impact and ensuring our system remains secure.

SentinelOne Singularity Cloud Security is a valuable tool for organizations with the budget to invest in it. It offers robust protection for servers and endpoints, which are primary targets for security breaches. Given the critical nature of endpoint security, this software should not be overlooked. SentinelOne has a strong reputation, provides rapid response times, and includes features such as deep visibility into malicious files, enabling security administrators to isolate threats in the cloud through sandboxing directly.

The only maintenance required is for agent upgrades.

I'm taking a look and digging into applications. I use it for general analysis.

The visibility is very good. It allows me to go deeper into my investigations. It gives me the information I need.

I do use the vulnerability scanning every day. It's excellent. I have no complaints.

We do get false positives, however, it can be from downloading from dodgy sites or whatever the case may be.

The mean time to detect is good. It's very fast.

It's good as is. From a beginner's perspective, while it's not necessarily complicated, it can be confusing. However, once you get the gist of it, it's pretty clear. For example, when you first go on it, you don't know what's going on. A few YouTube videos could be helpful. There isn't a lot of information out there to look at.

I've been using the solution for roughly six to seven months.

The stability of the solution is good. There is no lagging, crashing or downtime. This year we haven't had any downtime with the solution.

The solution is very scalable.

I've never contacted technical support.

I did not previously use a different solution.

When I joined the company, it was already being used; I did not set up the solution.

It doesn't need ongoing maintenance, although there are occasional agent updates.

I don't know about the pricing or licensing.

I'm an end-user.

I've never used the evidence-based reporting or the offensive or infrastructure-as-code scanning yet.

I'd rate the solution nine out of ten.

We are a channel partner of SentinelOne in Brazil. We have a distributor that we use to sell SentinelOne. We are very happy and very proud to represent SentinelOne here.

SentinelOne Singularity Complete helps consolidate security solutions. There is a hot discussion about the future of the Security Operations Center. Security Operations Centers generally use SIEM and SOAR, but SentinelOne Singularity XDR can also help there because you can see what is happening not only on the endpoints but also in the network. In other words, you can replace the NDR solution. We also see it going all the way to include all the clouds. This ecosystem is very important to us. In the near future, we see it being used for all the problems related to detection and response in cybersecurity.

Our customers use the Ranger functionality. There are two Ranger versions. There is Ranger AD, and there is Ranger Pro. SentinelOne Singularity platform has its own security ecosystem. You do not have the need to buy other solutions. For example, we sell a ZTNA solution. If you have ZTNA, you do not need to buy a PAM solution. You do not need to buy a NAC solution. The ZTNA technology has replaced all the other solutions. It is the same thing with Singularity. If you buy the ecosystem of Singularity, you do not need to buy several different technologies.

Ranger can do all the hardware inventory. It can point out the versions of the operating systems and then you can apply patching to update the versions of the operating systems. You can use Ranger in different ways. For a security professional, it is a very powerful tool.

It sends you alerts and warnings about possible incidents, but you do not get too many false positives. It is precise. You get real information about an incident.

It is very important to have good hygiene of your endpoints and your network. The uptime of the endpoints and networks is very important. SentinelOne Singularity Complete provides a good uptime. Incident identification is very important and having fewer false positives is also important. The SOC staff knows that if SentinelOne Singularity points out an incident, they have to pay attention to the threat. It is a very good checker.

SentinelOne Singularity Complete reduces the organization's risk.

ITDR or Ranger AD is an important feature for me.

It integrates very well. We sell different products from different vendors. We know that the SentinelOne Singularity platform can be integrated with several different solutions from different vendors. We sell products of a Spanish company, and they support the integration of logs produced by SentinelOne into their platform. We see the capacity to integrate SentinelOne with the solutions of other vendors. It is very important because you can get not only a more integrated ecosystem but also a more powerful ecosystem.

All EDRs are made of different modules. There is a firewall module, an IPS module, and an application module. The application module focuses on the different codes and libraries that can be run on the machines. It is very important for Singularity EDR to detect what type of codes and what type of libraries can run in the machine. If they can implement a white list or a black list of codes or libraries that can be used in the machine, it would be very helpful. They can focus more on the application module.

It is a short duration because we started to be a channel partner of SentinelOne two months ago, but we are very focused on SentinelOne.

Their technical support for me is good. I am not involved in the deployment of the solution, but I have not heard any kind of complaint about the support.

We are currently using McAfee in our company, but we are going to move to SentinelOne.

I am a very experienced security professional. I have got the CISSP certification and other specific certifications. I see too many different products. I have good experience with Trend Micro, but I find SentinelOne Singularity more comprehensive.

We are trying to replace the solutions from other vendors. Customers are trying to use more powerful tools such as CrowdStrike or SentinelOne. We do not believe that Microsoft has a very good solution. There are a lot of people who speak about problems with Microsoft Defender and other components of the Microsoft ecosystem. The technical side is not the only factor. Price too is important, but we are trying to replace it. We have some good prospects to replace EDRs or other malware detection tools with SentinelOne Singularity.

I am a security architect. I am not involved in the deployment of the solution. Some other guys in the technical area are involved in the deployment, but from what I hear, there is no problem. You have to do some configurations.

The deployment duration depends on the customer. If you have an SMB customer, it takes less time than to deploy it for a big customer.

We have a team of technicians who are specialized in different kinds of companies. They are specialized in the cloud and other things. We have about 10 people. They take care of the deployment and configuration of the solution. We can also count on the specialist from the distributor for support and vendor support.

You get good support. You get a good product and you are going to be protected. The technology can be integrated with different tools. This is important. We do not live alone in this world. There are other vendors, so the capability to integrate is very important. Singularity Complete is going in the right way.

The price depends on the extension of the solution that you want to buy. If you want to buy just EDR, the price is less. XDR is a little bit more expensive. There are going to be different add-ons for Singularity. This is important for customers because they can add some new features. They do not need to change the product. They can simply add a new feature.

My company is a reseller of SentinelOne. It is one of the top solutions as per Gartner's Magic Quadrants. I am always interested in everything that comes from SentinelOne. I have watched the recent webinars about the latest launch of SentinelOne. There is going to be Purple AI. They have a new console, and we are waiting for it.

What we see here is that companies or customers want more features. The gap between EDR and XDR is too large. XDR includes cloud workloads of the systems and network and not only the endpoints. SentinelOne EDR is a very good solution. You do not need to monitor the Windows operating system. SentinelOne can do this for you. For example, the registry of Windows is the most important part of the operating system. SentinelOne EDR can see what happens in the registry. It can warn about any modification in the registry.

The Singularity ecosystem is very powerful. SentinelOne is very focused on expanding the reach of Singularity and making it a more comprehensive solution. SentinelOne is doing a very good job to get there. We believe that there will be a consolidation of the market, and SentinelOne will survive this consolidation because SentinelOne Singularity is a very powerful and very good solution.

I would rate SentinelOne Singularity Complete a nine out of ten. We have a very good relationship with SentinelOne.