We use the solution basically for AD protection. We get to see at a deeper level the different processes that are being run on computers.

We've been able to stop any potential malicious actions that are being taken on various computers.

Their detection of potentially malicious stuff is probably the most beneficial feature and their new Singularity XDR is an awesome platform.

The solution's real-time detection and response capabilities are very good. Pretty much anytime that there is something that we might see as potentially malicious is caught. Depending on the type of computer it is, it does a great job of blocking those actions that are being taken.

It's really easy to configure enterprise-wide, which actions we want to stop. It's very easy to stop malicious stuff.

The solution's automated remediation is really good. We're doing the rollback also now. That way, if something does happen, it's able to roll back to the state before the process happens.

The solution's forensic visibility into our Linux kernel in regards to deep visibility is really good. It is very granular. It's able to show everything that it did.

The historical data record provided by the solution after an attack is great. You're able to search by different computers. You can get a whole scope of computers - as much as you want. You're able to get as granular as you want as well and can identify different cross processes than indicators and different files that were launched during a period of time.

It helped reduce our organization's mean time to detect very significantly. We had Endgame before this. It did not stop the processes in a manner of time that you would like it to. This definitely improved our response time to anything that we saw. It's very fast. It's improved the response time by 50% to 75% from just detection time to our response.

The solution reduced the organization's mean time to remediate. It is as fast as the potentially malicious process that's launched. It'll stop it right then and there. It'll remediate the action immediately.

It helped free other staff to work on other projects or other tasks. We basically just had to do a bunch of upfront configuring. With it, we do not have to spend as much time in the console.

The solution's impact on your organization's productivity has been impressive. We just had to put a bunch of time upfront. However, ever since then, we haven't had to really do much there besides analyzing threats.

There's the singularity marketplace, which they've expanded a bunch. However, there are some other APIs that I'd like to see. We'd like to be able to connect to them from a SIM perspective.

The Automation tab is an add-on that doesn’t work properly. They provide a list of scripts that don’t work and I have asked support to assist but they won’t help. When running on various endpoints the script doesn’t work and if it does, it’s only a couple. There are a lot of useful scripts that would be beneficial to run forensics, event logs, and process lists running on the endpoint.

I've used the solution for about a year and a half.

The stability is very good. I'd rate stability ten out of ten. I've never had issues. It's never been down.

We have four different properties on which agents are one and 1,700 workstations as well as 250 servers.

The product is scalable. We have about 2,000 endpoints. If we had 4,000 or 10,000 it really wouldn't be an issue. It's just a matter of configuring your groups. It's good at autoscaling based on workload demands.

Technical support is really good. Whenever a threat comes into our environment, they will comment and give analysis. That's been very helpful in covering items we're not totally sure of.

I previously used a different solution called Endgame. We did a POC with Crowdstrike and SentinelOne and SentinelOne was a much cleaner, easier-to-use console.

The initial setup did take some understanding on our part of how we wanted to split and group. We needed to figure out how to split our servers and workstations. That was the hardest part. After that, we had to get our policies in order.

We were able to get everything up within a week to where we were comfortable with how everything was running. We're still tweaking little things.

We had three people on our team and two people from professional services.

Maintenance is minimal, such as adding exclusions to threats or alerts.

We did initiate the setup with professional services.

We have noted a good ROI and haven't had a single incident since implementing the solution.

The solution is fairly priced for what they're offering especially compared to other platforms. It gives you great visibility into the different processes that are running on different computers. It's fairly priced, especially for a cloud platform.

We are customers and end-users.

If someone doesn't think they need a singularity cloud workflow protection platform because they have a continuous security monitoring solution, I'd say it depends on whether you're able to block potentially malicious stuff or not. This solution gives you just about the fastest understanding from a machine-learning perspective.

This is much better than our previous solution. They've innovated a lot in terms of their deep visibility and singularity XDR (which is more granular).

I'd advise potential users to do a POC no matter what. That said, this is a great product. I rave about it to everybody. It's likely my favorite product for our environment.

I'd rate the solution ten out of ten.

We are a relatively smaller organization of roughly 250 people. We utilize SentinelOne for patch management, vulnerability assessments, and remediation. So whenever one of our users has an issue on their machine, we get an immediate notification to let us know what that intrusion, infection, malware, whatever it might be, where it is, what file may have caused it, and then we can immediately take action.

There are also default settings for ensuring the software that SentinelOne installs on all our client machines. The latest agent is up to date everywhere. They have a couple more insights, however, that's our main use case.

The big thing for us was just having optics on vulnerabilities, being able to ensure that we have a secure way to get month-over-month assessments of our security stats, and ensuring that there's something in place that can make sure that we're secure. We also wanted something that could keep up with current demands without having any sort of interference or impact on the user's end.

The biggest thing for us is the level of minimal intrusion on our user's experience. The previous EDR we were using, Sophos, was not ideal. Whenever an update came out, there would be different things that were affected. At one point, an update from Sophos had completely disabled public Wi-Fi for our users. And when dealing through their message boards, dealing with their support, they, unfortunately, did not have a resolution other than disabling security elements of their software. With SentinelOne, we have not seen a single instance of that. You can get down to the user level of tweaking different elements of their security system. You can even quickly add exclusions based on rules. Being able to tailor to our users and making sure that our users don't feel like something is running on their machine is the biggest advantage.

The remote shell and the remediation are the two that really stand out as valuable features. The remote shell function that it offers is something that I use almost daily. It allows us to quietly and discreetly sign in on a user's computer, but only as admin. It prevents any sort of security issues or security risks to a user, which would be probably our favorite.

The remediation is really nice as it gives a very clear understanding of where a file came from. For example, in our use of it, there are a couple of files that we had that we didn't even know that we had. There was software that no one was aware was installed on these machines more than three years ago; we actually learned about that software once SentinelOne was installed. The level of optics it gives you is just incredible.

With that software, as soon as we installed SentinelOne, there were a couple of different applications and software that were immediately flagged as tracking user information and things like that. We found out that there was actually some sort of remote surveillance software that the past iteration of the IT team had installed and tested that just never got removed. We ended up tracking down the vendor for that and getting their assurance that that was no longer being used.

The real-time detection and response capabilities overall are great. I've never used anything that was as fast as this. The software that we used to use, Sophos, was comparable, however, it had a noticeable impact on the user. The bigger thing for me is that there isn't an impact on my end users. When we are actually running a scan, let's say, if we find that there's an impact, it's very quick. We've tested it by throwing malicious software onto our test machines just to see how quickly SentinelOne actually picks it up. And it's literally within seconds. When you actually do a scan, you can scan your higher fleet, and it's done relatively quickly as long as those machines are powered on. And it will act the second that those machines power on and connect to the Internet again to get that signal. I've never used anything as quick, personally.

The forensic visibility into the Linux terminal is not something we use as we actually don't use any Linux machines ourselves, so I couldn't speak to that. As far as visibility goes, we're primarily a Mac organization, and we have ten percent of our users on PC. As far as Mac goes, the visibility is fantastic. Same with the PC side of things.

The historical data record, from what they had shown us in the demo, looks pretty incredible. We thankfully have not suffered an attack that required historical data.

In terms of our mean time to detect, I don't think we ever had it. Since we're a small organization, we haven't had any real issues with genuine malware attacks. I can't speak to a scenario where while we were on Sophos, we experienced one. When we've had security audits that have tried to pen test for us, we have not had any issues with SentinelOne whatsoever. Every time that we've attempted to see how accurate and how quickly it can detect an infection or intrusion, it's being caught immediately.

The same is true for mean time to remediate. Any remediation that we do, for example, as soon as we block off a file, the automatic remediations are nice. In the event that we want to have something behave differently on another machine, we can quickly change that once we see it in any incident log. Setting those permanent rules is very helpful since, if you know something's malicious, chances are you don't want it showing up anywhere else.

The product has helped free up your SOC staff to work on other projects or tasks. The work that we used to have to do with our previous provider in going through our vulnerability assessments on a monthly basis and in trying to track down the install path of different applications was a headache and a half. With SentinelOne, the application management, and vulnerability assessments, are easy. You can see directly to the file path. It cuts a significant enough time out of our day.

It's had a positive impact on our overall productivity. Being able to dig through and find applications faster has drastically cut down our vulnerability position. When we first started using Singularity, we were somewhere in the thousands. Within the first month of having used it for our vulnerability assessments, we were down to just 1600, and now we're sitting well under the 500 mark when it comes to critical vulnerabilities. It's been very drastic and exponential at that. Now, any time a vulnerability does pop up, it's very quick and easy for us to track down where it is and take immediate action.

The interoperability with third-party solutions is fine. We don't currently use Kubernetes in our organization, however, we do utilize a VPN and it has no issues with adapting to that VPN. We also utilize different storage, including cloud storage accounts. There are no issues there either.

They've been fantastic at supporting innovation. We've had their support; they're always very responsive and very quick to give us the right advice on how we can execute what we're looking to do. Making sure that you have access to the necessary system without interrupting your user and without your user feeling at risk of their privacy being invaded is huge.

Currently, we would have to export our vulnerability report to an .xlsx file, and review it in an Excel spreadsheet, and then we sort of compile a list from there. It would be cool if there was a way to actually toggle multiple applications for review and then see those file paths on multiple users rather than only one user at a time or only one application at a time.

I've been using the solution for nine to ten months.

I've had no stability issues at all. We have not experienced any performance decreases.

As far as deploying to more devices, there's not a problem with scaling at all. We've automated in our MDM so any device that we start in our MDM automatically installs SentinelOne, and those devices immediately show up. If we spin up a new device on Mac OS, it shows within the set the SentinelOne console within seconds.

Their support has been fantastic. They are quick to respond.

I've never had an issue with their support. What little time I did have one scenario where it was not something that they could help with, they'd been able to provide us with all the articles and information necessary to act on it on our own, which is really all you can ask for.

We were previously using Sophos. The biggest issue that we had with them was the fact that we were a fully remote company, so a lot of our users would be traveling for client meetings or even traveling abroad for client meetings. Reliance on a secure public WiFi solution is a very big deal for us. When it comes to users on a VPN, Sophos with MacOS's more recent updates would completely cut off Wi-Fi - which was very difficult for us to work around as a remote company. Thankfully, with multiple different tests in multiple different scenarios, we've never had that issue with SentinelOne.

The other big thing is the capability to remove a device from the network. In the event that a significant intrusion or malware, malware, ransomware, whatever it might be, is detected the ability to just isolate that one user from internet access is huge. You would hope that that's how an EDR would behave instead of completely removing all internet no matter what.

The initial setup was pretty straightforward. Our organization uses Kagi MDM. And in using that MDM solution, it was very easy for us to just quickly put together an automated installer and deploy it.

We have multiple different groups of users, including PC and Mac. With the smaller percentage of PC users, we were able to just change the group ID in the installer, and that ensured that they were placed into the proper place for their groups. Being able to tweak and ensure that from the back end within the SentinelOne console, we could ensure that everything is set up the way we want it to be once that user gets that package installed, makes life a lot easier. You don't need to worry about signing on with a user and changing any of those settings. The installer package that they get is going to be everything that they need. Once that installs, that's it. It was very seamless. If anything, removing Sophos was the hardest part of the installation process.

We were able to deploy using a team of three people. Hypothetically, one person could do it alone as long as they are well versed in MDM.

As far as the application itself is concerned, there was no need for maintenance. You can control everything from the console. When there is a new agent to install you receive a notification when you log in to the management console. You can control when that update gets deployed to your organization. You can break it up into different groups within your organization. For ourselves, we always test on a smaller number of users. And then once we see stability, we deploy to the rest. That's what little maintenance is involved. It's a drastic improvement versus other solutions that I've used.

We were able to do the initial setup completely in-house. We were able to do that on our own. We were able to very, very quickly deploy SentinelOne to pretty much our entire fleet.

Our ability to get in and review our vulnerability stance, whether daily, monthly, weekly, or whatever it might be, has drastically improved over our prior provider. Our users have less of a performance drain when attempting to use it. That's always huge when it comes to EDR. It pretty much checks every single box for us. It's the one software in our stack that we are happiest with.

For us, the pricing is very fair. They were willing to meet our price point. With very little negotiation involved, we just let them know what we could pay and they were willing to meet us at slightly above what we paid with Sophos, which was still very fair for what we were looking at.

We reviewed quite a few solutions. The big selling point for this product was that they were willing to work with us on a price point as a smaller organization. That was a huge reason for us actually going with them. The fact that they were willing to work with us as far as the pricing goes was the main reason that we ended up going with them. It was nice to see that they work with the little teams.

We're a customer and end-user.

We thought something as good as SentinelOne would be out of the question for an organization of our size. We assumed it would be something that's suited to larger organizations - money, obviously, being the main concern. However, the fact that they were willing to work with us changed that. Seeing that they're willing to work with smaller organizations is cool. I like that they actually give back to the tech sector that way.

I'd rate the stability ten out of ten.

I'd advise new users that they're going to need to invest a little bit of time upfront in order to make sure that their organization is set up for proper deployment. We probably spent about a week or two configuring everything and getting it to work the way we wanted. However, after that initial investment of time, the maintenance that you have to do is pretty minimal.

We have an environment in the cloud where we have a bunch of EC2 instances and S3 buckets. We have the SentinelOne agent installed on all of our EC2 instances, to monitor our environment, so we use it quite frequently.

We needed cloud-based endpoint protection that we could install to get a single pane of glass into our security environment. Specifically, we needed to see the version usage of the applications to ensure we didn't have any outdated applications.

It has definitely helped reduce our mean time to detect. It's much quicker than with our last platform. Singularity has also helped free up our staff to work on other projects. We don't usually come into the console unless we get an alert. In that sense, we have been working on many other projects in the last year. Now that everything is set up and running smoothly, we haven't had to spend as much time in the console as before.

And when I consider the solution's impact on overall productivity, features such as the reporting have helped. When we need to run a report on how many endpoints we have in our environment for regulatory requirements, we use the reporting feature of Singularity because we know it's installed on every endpoint, giving us full visibility. From a reporting standpoint, it has certainly helped us.

We really appreciate the Slack integration. When we have an incident, we get an instant notification. We also use Joe Sandbox, which Singularity can integrate with, so we can verify if a threat is legitimate. The third feature we use most often is the VirusTotal integration. That allows us to take the hash of a threat or virus and open it up in VirusTotal.

Also, it's amazing how quickly its real-time detection and response capabilities come through. There have been multiple times where either my coworker or I will be working on something—even in our elevated environment, and even just running a script. We wouldn't expect a pop-up, but it's good to know that it's checking for those anomalies, detecting them, and notifying us of them instantly. We love that feature.

In terms of the historical data record provided by Singularity after an attack, we like to use the Storyline feature for deep dives and threat hunting if needed. It has been very useful in our operations. We can see different event types on each endpoint, which comes in handy. Using the Storyline feature, we can dig in much quicker, connect the dots, and see what caused the alert. So it has quickened remediation.

And the SentinelOne Cloud engine detection types are useful when trying to determine whether a threat could be legitimate or a false positive.

One of our use cases was setting up a firewall for our endpoints, specifically for our remote users. We have a firewall on-premises that comes into play when someone is at our main campus. But we needed something more for our remote users. We were hoping to utilize SentinelOne's firewall capabilities, but there were limitations on how many URLs we could implement. Because of those limitations on the number of URLs, we weren't able to utilize that feature in the way we had hoped to.

I have been using SentinelOne Singularity Cloud for about two years.

Singularity has been very stable. It has never lagged or crashed that I've noticed. In my experience, there has been 100 percent uptime.

The interoperability with AWS has been very straightforward and streamlined, without any major bugs or issues that I've come across.

Its scalability is one of the main reasons we chose SentinelOne. Because it's hosted in the cloud, we can install as many agents as we're licensed for. We've never gone over that limit. As new servers and endpoints come online, it's easy to deploy. It's built into the image.

We do have a unique use case regarding scalability. We use a VDI environment in Azure, and it works. We haven't had any issues. But when we need to run updates on those machines, we have to rebuild the image. We can't have the agent built into the image because of our rebuild process. That makes it a manual process for us every month when we redeploy those desktops. We have it scripted out with a PowerShell script that helps, but it's a manual step for us. That's one area we're trying to address from a scalability standpoint.

As for auto-scaling, we're more of a static environment for most of our endpoints. The VDI is our only more fluid environment, since our VDI endpoints go up and down based on usage. Once the agent has been deployed to those images, the auto-scaling works flawlessly, and we haven't had any issues there.

We used ESET, but the decision to go with Singularity was made before my time with the company.

We have a couple different deployments: our end-user endpoints and our server fleet. I was involved with the server deployment. It was very straightforward, and we didn't run into any issues during that deployment.

The only maintenance involved is when we need to whitelist an application. For example, if a new user installs an application, we might get a false-positive pop-up. That's really the only maintenance we have to do.

We did it ourselves, and there were four people involved.

It's a fair price for what you get. We are happy with the price as it stands.

My advice is that if you want an easy-to-deploy solution where you can have a single pane of glass to get visibility into all of your endpoints and applications, and run reports on those application versions, Singularity makes it a very easy-to-use, straightforward, and streamlined process that has helped us over and over again.

If someone thinks they don't need Singularity because they already have a continuous security monitoring solution in place, using SentinelOne gives us an overarching view from the single console, giving us the entire picture of the timeline of events that happened. Going through the timeline and connecting those dots really helps when threat hunting. It helps to get the full picture instead of just a specific point in time, which is the way some of the legacy antivirus programs work.

The solution has an automated remediation feature, but we don't currently use it because we are a smaller team. We like to remediate manually. For the time being, we haven't had a reason to use the automation feature yet.

One area we're trying to innovate more in is the AWS Security Hub. Singularity, in their marketplace, has a couple of apps related to that. We're trying to build more automations within AWS Security Hub to get better overall visibility, not only of our EC2 endpoints but of our applications as well.

I use it to monitor and update my clients. We have about seventy users, which we run the client on, and we pretty much just monitor the activities and update the agents when possible. We use it to make sure that there are no viruses or malware on the user end, the endpoint machines. It's an antivirus.

We were looking for a solution that wasn't hard to manage and wasn't intrusive on the client end. We needed something users couldn't make changes to or take up too much CPU. We wanted to make sure that when we loaded this on the user machine it wasn't going to tax it.

The ease of use is great.

The portal is great. It's not complicated. I can find what I need and it's straightforward. It's not over complicated.

The real time detection and response capabilities are good. I did a lot of research before signing up and doing the demo. They have a good reputation as far as catching threats early on.

They have an automated remediation feature that I have used. You can resolve issues on the portal.

The forensic visibility into the Linux kernel is very good. It helps to catch things early on. They've been able to remediate situations pretty quickly.

The historical record after the attacks is informative. It gives me the information I need. It's done really well.

The solution has helped me free up time. I go maybe once a week to see a status and if I get any alerts via email, I'll action something. My users are pretty educated and I haven't had to really worry too much. There's barely anything getting caught as the staff is all very diligent.

When it catches something, we're able to quickly get a handle on it. It's doing its job and we haven't had to worry about any attacks.

There isn't anything I don't like. It's really easy to use, for example.

Their search feature could be better. When I go in and try to search for stuff, it could be a bit easier. It can be a little cumbersome.

I've been using the solution for two years. We're going to be renewing our contract soon.

I've had no stability issues at all.

It's easy to scale. Scaling is straightforward.

We're a non-profit, so we won't grow too much. We don't really have use for the auto scaling feature. However, the feature does make scaling easy for those who need to grow.

I've barely contacted technical support. I've only spoken to sales in regard to demos. I had to call support once when an agent didn't install correctly. I had them get a cleaner to remove it from the machine. That only happened once. They were very helpful and it was easy to contact them. I was done in ten minutes.

I did previously use McAfee. When we had to renew, we were looking for something simple on the client end and pretty light. McAfee tends to tax the machine a bit. It had a clunky client as well. The reputation of Sentinel was also better than McAfee's.

I was involved with the initial deployment. The setup was straightforward. I had no issues with the setup.

Outside of occasionally upgrading the agents, there is no maintenance needed.

I handled the setup myself and my boss.

The pricing and licensing are competitive.

We were evaluating McAfee and Symantec and a few other companies. I can't recall the others. Sentinel just stood out.

To those who have a continuous monitoring solution in place, I'd advise them to have something running on their client end as well. Otherwise, you don't have full coverage.

I haven't really integrated the solution with any third-party solutions.

I'd rate the solution ten out of ten. It's straightforward and not that hard to work with. You don't have to do too much prep work before jumping in. It's an easy solution to implement.