Sold by: SentinelOne
Deployed on AWS
Vendor Insights
Unlock enterprise-wide security for your AWS environment with SentinelOne Singularity Platform. This AI-powered solution provides real-time threat detection and automated response across your infrastructure, ensuring continuous protection at infinite scale. By autonomously securing endpoints, cloud workloads, and identity, SentinelOne delivers total visibility while eliminating security silos. Integrate seamlessly with AWS and leverage our unified data lake and Purple AI to accelerate investigations and gain deeper insights. Secure your AWS cloud and focus on innovation with the speed and efficiency of AI.
4.6
Overview
The SentinelOne Singularity Platform is the industry's first AI-powered security solution for the modern enterprise, offering a unified defense across your entire infrastructure from endpoints and cloud workloads to identity. As cloud adoption accelerates, traditional, siloed security tools create complexity and leave gaps in protection. Our platform consolidates multiple security capabilities into a single, intelligent solution, providing AWS customers with real-time visibility and autonomous protection to simplify security operations and reduce risk.
Core Capabilities & Benefits
Autonomous Protection: Singularity Platform is designed for customers seeking enterprise-wide protection, detection, and response capabilities, augmented by the intelligence and speed of advanced AI and automation. SentinelOne's Singularity Platform protects thousands of customer environments, including Amazon cloud workloads, across the globe.
Unified Visibility: Break down data silos and security tool sprawl. Using patented Storyline™ technology, the platform automatically correlates and contextually groups related events into a single attack story, providing a consolidated view for faster investigation and response within our unified data lake.
Extended Detection & Response (XDR): Gain a complete, correlated view of the full attack story across endpoints, identities, and cloud workloads. Our XDR solution provides the context needed to understand and respond to threats at machine speed.
Cloud Workload Protection Platform (CWPP): Secure your AWS compute resources from runtime threats. Our Singularity Cloud Workload Security delivers real-time, AI-powered threat detection and response for Amazon EC2 instances, EKS clusters, and AWS Fargate. It provides deep visibility into vulnerabilities and configuration risk while autonomously blocking malware, ransomware, and fileless attacks without disrupting production performance.
Identity Threat Detection & Response (ITDR): Proactively defend against credential theft, privilege escalation, and lateral movement attacks across hybrid environments. Our solution provides continuous monitoring and protection for Active Directory and leading cloud identity providers, including Entra ID, Okta, Ping, SecureAuth, and Duo, ensuring identity infrastructure remains secure.
Accelerated Incident Response with Generative AI: Purple AI, our generative AI security analyst, acts as a force multiplier for your security team. It automates threat hunting, provides instant summaries of complex incidents, and accelerates investigations, allowing your team to focus on strategic initiatives.
Seamless Integration with AWS Services
The SentinelOne Singularity Platform is designed for seamless integration into your existing AWS environment. We provide bidirectional integrations for AWS Security Hub and Amazon CloudWatch, ensuring your security findings are centralized and actionable. Additionally, our AI-powered malware scanning for Amazon S3 protects sensitive data while maintaining compliance, helping you maximize your AWS investment and enhance your overall security posture.
How to Get Started
Secure your AWS cloud and focus on innovation with the SentinelOne Singularity Platform. Simply click on the Request private offer button at the top of this page to begin your procurement process.
Highlights
- 338% three-year ROI for SentinelOne customers using Purple AI, included with SentinelOne Singularity Platform Complete
- 96% of Gartner Peer Insights™ EDR reviewers recommend SentinelOne Singularity
- 5-Consecutive Year Gartner® Magic Quadrant™ Leader for Endpoint Protection Platforms
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Access real-time vendor security and compliance information through their Trust Center powered by Drata. Review certifications and security standards before purchase.
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(1)
FedRAMP
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/month |
|---|---|---|
Custom Pricing and Packaging | Contact SentinelOne for custom pricing and packaging including Private Offers | $10,000.00 |
Vendor refund policy
Refunds available as required by law.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
Multiple support options available. Email support available: support@sentinelone.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By SentinelOne
By Trellix
By Vectra AI
Top
10
In Generative AI, Security Observability
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
AI-Powered Threat Detection and Response
Real-time threat detection and automated response capabilities augmented by advanced AI and automation across endpoints, cloud workloads, and identity infrastructure.
Cloud Workload Protection
Runtime threat protection for Amazon EC2 instances, EKS clusters, and AWS Fargate with autonomous blocking of malware, ransomware, and fileless attacks.
Extended Detection and Response
Correlated view of full attack stories across endpoints, identities, and cloud workloads using patented Storyline technology to automatically correlate and contextually group related events.
Identity Threat Detection and Response
Continuous monitoring and protection against credential theft, privilege escalation, and lateral movement attacks across Active Directory and cloud identity providers including Entra ID, Okta, Ping, SecureAuth, and Duo.
Generative AI Security Analysis
Generative AI security analyst that automates threat hunting, provides incident summaries, and accelerates investigations through machine-speed analysis.
Multi-Source Threat Data Integration
Correlates security events from Trellix Security Platform and over 500 third-party tools including 13 AWS integrations to create unified threat visibility across the security stack.
AI-Driven Alert Triage and Prioritization
Applies artificial intelligence-driven analytics to perform 100% alert triage, prioritize threats, and provide GenAI-powered insights for threat investigation and remediation guidance.
No-Code Automation for Investigation and Response
Provides UI-driven, point-and-click automation capabilities to offload repetitive security operations tasks and accelerate investigation and response workflows.
Pre-Built Analytics and Correlation Rules
Ingests data from multiple sources and correlates events using pre-built analytics and rules to reconstruct complete attack narratives and reduce manual investigation pivots.
Multi-Deployment Architecture Support
Supports cloud, hybrid, and air-gapped deployment models with an open integration ecosystem for flexible security infrastructure configurations.
Multi-Domain Attack Detection
AI-powered detections that expose attacker activity across network, identity, and cloud environments including data centers, campuses, remote work, IoT/OT, AWS, Microsoft Active Directory, Microsoft Entra ID, Microsoft Azure, and Microsoft 365.
Automated Alert Triage and Correlation
AI agents that automatically triage, stitch, and prioritize attacks in real time, removing up to 99% of alert noise and reducing manual task time by up to 50%.
Unified Investigation and Response Interface
Centralized response user experience that enables discovery, hunting, detection, investigation, and automated response capabilities with aggregated and contextualized views of attack progression across network, identity, and cloud.
Network Detection and Response
Dedicated network detection and response (NDR) module for monitoring and detecting malicious activity across network infrastructure.
Multi-Cloud and Identity Platform Coverage
Modular architecture supporting AWS, Microsoft Azure, Microsoft 365, Microsoft Active Directory, and Microsoft Entra ID with configurable metadata retention periods ranging from 14 to 90 days.
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
-
-
-
-
-
No security profile
No security profile
Standard contract
No
No
No
Customer reviews
Sandesh Khatal
Advanced endpoint protection has reduced ransomware impact and improves incident response speed
Reviewed on May 14, 2026
Review from a verified AWS customer
What is our primary use case?
SentinelOne Singularity Endpoint is used for endpoint security to detect, prevent, and respond to cyber threats using real-time AI-based behavior analysis, and it also helps the NJS and Purple AI .
I ingest logs from various multiple devices, such as from firewalls and clouds, so I am correlating all the rules to SentinelOne Singularity Endpoint for better endpoint security.
My organization is a partner with SentinelOne Singularity Endpoint and we provide MSSP services to our customers.
What is most valuable?
The first feature I appreciate is the rollback feature, which is very important.
I appreciate the fast connection we get from the agent to the management console; the second benefit, as I have already mentioned, is the rollback capability. The third feature is that if any ransomware or malware attack occurs, the agent takes care of it and initially performs a full disk scan. I also get the process tree with the help of the agent, which includes a process tree diagram with the star rule ID, providing me with a clear picture from start to finish of how attackers execute their attacks on the laptop.
For mean time to detect, it has improved by 50%, and mean time to respond is now reduced by 40%.
I use Purple AI mainly for my organization, not for our customers because I do not have that admin access. I have access to my NFR, which is a separate management console for our organization to protect our system, so I do use it.
The solution frees up about 30% of time.
What needs improvement?
I would suggest a lot of improvements; first, the dashboard is critical for new joiners, especially with the addition of Purple AI and EDR, which makes it complex for new SOC users. Second, the rollback feature is only available for Windows systems, not for Linux and Mac OS. Third, the dashboard is not customizable; I cannot create a dashboard as it is already inbuilt in SentinelOne Singularity Endpoint management console.
For how long have I used the solution?
I have been using the solution for six months.
What do I think about the stability of the solution?
In terms of stability, it is good; even though I have heard of CrowdStrike's blue screen issues, during my six months with SentinelOne Singularity Endpoint, I have not encountered any stability problems—it is continuously running in the background on the endpoint without any issues.
Stability-wise, I would rate it an eight.
What do I think about the scalability of the solution?
Regarding scalability, I can scale up based on my company's agreement with SentinelOne Singularity Endpoint; in my organization, I manage at least 6,000 to 7,000 endpoints for multiple clients, supported by my contract with SentinelOne Singularity Endpoint.
How are customer service and support?
Technical support is very important, and I would rate it nine out of ten.
Which solution did I use previously and why did I switch?
I do not have much knowledge about other solutions as I am a SOC analyst with understanding of SIM tools and additional EDR such as SentinelOne Singularity Endpoint, as I recently graduated last year and joined the company in December 2025.
How was the initial setup?
The solution does not require much maintenance; I just install the endpoint on the desktop or server, and I need to upgrade the solution regularly to ensure I receive support from the TAC team.
What about the implementation team?
I have a central team of both SOC and EDR members actively using SentinelOne Singularity Endpoint, totaling about 30 to 40 people, with 20 to 25 being L1 and 10 being L2, along with two managers and two team leads.
Which other solutions did I evaluate?
Regarding pricing, I would say it is medium; compared to CrowdStrike and Microsoft Defender EDR, which I am aware of, SentinelOne Singularity Endpoint is cost-efficient, fitting into a medium range—not high or low.
What other advice do I have?
I do not use the Ranger functionality because I am an L1 and I have only read-only access, but I know the functionality. The main function is network discovery and control, which identifies and manages unmanaged devices on the network and detects rogue devices on the system.
Before I joined, I can say my organization reduced alerts by 30-40% due to integrating multiple devices with SentinelOne Singularity Endpoint, impacting mostly the false positive alerts.
Data privacy and security with Purple AI are important for my organization; the co-pilot feature of Purple AI helps pull down any IOC present in my network, allowing me to identify any IOC, hash, vulnerability, or malicious activities that occur.
I am the only SOC analyst L1, and while my organization has an investigating team that uses Purple AI mainly for investigation and threat hunting purposes, I have only used it for basic commands and queries for investigation.
My clients are medium-sized, not exceeding 2,000 to 4,000 crore companies.
If you are considering implementing SentinelOne Singularity Endpoint in your organization, I have several recommendations: first, train the SOC team, especially if there are new joiners; second, start with a pilot deployment rather than deploying to all endpoints; third, integrate SentinelOne Singularity Endpoint with other products such as SIM tools or SOAR tools to realize the true value of SentinelOne Singularity Endpoint; using it alone will not provide its full potential.
I would rate this solution a nine out of ten overall.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Kristina Davis
Automated protection has reduced our cyber risk and now supports our cyber insurance coverage
Reviewed on May 10, 2026
Review provided by PeerSpot
What is our primary use case?
We use SentinelOne Singularity because we didn't have a strong cybersecurity platform, and I wanted to make sure that my company wasn't going to be vulnerable to cyber-attacks. I also wanted to make sure that it was user-friendly, so it didn't have to have an end user that was managing everything. I saw that AI actually manages everything for you, so it's super user-friendly.
SentinelOne Singularity's interoperability with other solutions or third-party applications seems to flow nicely.
SentinelOne Singularity handles ingesting and correlating across the security solutions without me having any problems.
What is most valuable?
The most valuable feature of SentinelOne Singularity is that it's automated. The AI is constantly working in the background, tracking and blocking cybercriminals or bad actors.
SentinelOne Singularity saves me time every day that I use it, as it is easy to manage and easy to install.
SentinelOne Singularity has improved my organization overall by allowing us to get cybersecurity insurance, which I think is very hard to get. We have coupled SentinelOne Singularity with some other cyber platform, and now we are insured as well.
SentinelOne Singularity is super easy for scalability; we are constantly adding more computers and users, and it's compatible with everything else that we're using.
What needs improvement?
When sending out new updates, you have to figure out which one is the right one, so it would be easier if they committed to that, because when you're sitting out updates, there are different names and something different, making it tricky to figure out which one is compatible with your program or company.
For how long have I used the solution?
I have been using SentinelOne Singularity for probably three years now.
What do I think about the stability of the solution?
I haven't had any issues with SentinelOne Singularity regarding stability, such as lagging, crashing, or downtime.
How are customer service and support?
Their technical support is very responsive, helpful, and knowledgeable.
On a scale of one to ten, I would give their support a ten.
Which solution did I use previously and why did I switch?
I have a very positive impression of SentinelOne Singularity as a strategic security partner, and I'm very happy with the product. I plan on keeping it because we had another product that wasn't easy or user-friendly, and we ended up not renewing that, while we plan on renewing SentinelOne Singularity every year.
How was the initial setup?
In my opinion, it was super easy and straightforward.
We did the deployment all by ourselves in-house.
What about the implementation team?
I was involved in the deployment.
What was our ROI?
The return on investment I've seen from SentinelOne Singularity is huge because we now have cyber insurance, and our workload is less. We don't have to pay the price we were paying for a whole IT company for computers and malware solutions since we are saving money ultimately.
What other advice do I have?
I have never tried using Ranger.
My mean time to detect is eighty percent.
The meantime to respond is the same story.
My organizational risk has been reduced.
I am having a really good experience with SentinelOne Singularity, so I can't say there's anything they can improve because I'm not having any problems. Even if I have an issue, they're super responsive.
I think SentinelOne Singularity's pricing or licensing is very comparable and competitive.
SentinelOne Singularity requires maintenance on my end, such as making sure to send out any new agent updates quickly.
On a scale of one to ten, I would give SentinelOne Singularity an overall score of ten.
I would advise others evaluating SentinelOne Singularity that if they're looking for something simple, user-friendly, and that stays up to date with what's happening, this is the product for you.
Vedant Shetty
Automated endpoint protection has improved real-time threat detection and simplified compliance
Reviewed on May 05, 2026
Review provided by PeerSpot
What is our primary use case?
In my previous office, we used SentinelOne Singularity Endpoint for endpoint detection and response purposes. We deployed the SentinelOne Singularity Endpoint agent on our clients, client servers, desktops, laptops, and all other endpoints. We deployed those for monitoring and compliance purposes to secure those endpoints for security purposes.
What is most valuable?
In SentinelOne Singularity Endpoint, the fast response and detection it offers are what I appreciate the most. The biggest benefit I feel as a customer is that it is fully automated with threat detection capabilities. We just have to deploy the agents and we are good to go. There are already default use cases included with the product, so we do not have to customize the use cases every time in SentinelOne Singularity Endpoint. We just deploy the agent and as it is fully automated, we are good to go for threat detection.
Although it is a disadvantage, the false positive alerts generated by SentinelOne Singularity Endpoint is substantial, but if it is handled properly and the use cases are properly mapped with MITRE techniques and tactics, then I feel that the false positive alerts can be reduced to more true positive alerts.
SentinelOne Singularity Endpoint detects alerts in real-time. It has both static and dynamic types of detection. We do not have to wait for detection. It is much more secure because it is detecting alerts in real-time scenarios and does not take any extra time so that the SLA of our client can remain valid. Because it detects in real-time, it is much more secure.
What needs improvement?
As a user, I personally feel that in SentinelOne Singularity Endpoint, the customized dashboard could be improved. We were not able to create a customized dashboard in it. The default dashboards were only present and we were not able to customize anything. I think that could be improved. The resource consumption, such as high CPU and disk usage, can also be a downward factor.
Ranger functionality was present for SentinelOne Singularity Endpoint, but in our organization, that Ranger functionality was disabled.
What do I think about the stability of the solution?
I have never seen any downtime in SentinelOne Singularity Endpoint.
What do I think about the scalability of the solution?
SentinelOne Singularity Endpoint is scalable. We can scale up and scale down the number of endpoints we need depending upon the requirement. It is very scalable-friendly.
How are customer service and support?
For SentinelOne Singularity Endpoint, we get in touch with technical support because there have been multiple scenarios when we have to stay connected when we have no clue what we need to do. As the client has multiple requests, there are times when we just raise the query to customer support and they respond to us very quickly. There have been no issues, I feel. We have always been in touch with customer support and they reply to us on the same day. I have noticed this multiple times. Whenever we feel we do not know what to do, what to respond to the client, or how to do a particular thing, then customer support does help us multiple times.
The support of SentinelOne Singularity Endpoint deserves a rating of ten out of ten.
Which solution did I use previously and why did I switch?
How was the initial setup?
I have not worked on integration, but I do know that the initial setup of SentinelOne Singularity Endpoint is very straightforward and very easy to do. All we need to do is set up the tenant, create the page file, and once we install it, it automatically connects within an hour. We just have to deploy the agent on whatever the server, desktop, laptop, or whatever the endpoint is.
What about the implementation team?
We worked as an MSSP , so we worked as a service provider. We provide services to multiple clients. Clients come and they go. The integration part happens, then we have to decommission it. There are several factors related to whether SentinelOne Singularity Endpoint was already deployed or when it was deployed.
What was our ROI?
For maintenance in SentinelOne Singularity Endpoint, we have to stay connected with the OEM in perspective of the version upgrade to stay up to date. The only thing is version updates. If there is any new update, then we have to stay updated.
What's my experience with pricing, setup cost, and licensing?
I cannot say exactly, but I can guess the pricing model for SentinelOne Singularity Endpoint. We have heard about the pricing model. While we were working on a client, our manager sent a proposed email to the client at that time. We saw how they were costing. They were costing on a per-device basis. Based on how many endpoints the client needs, they were charging per endpoint.
What other advice do I have?
Comparing SentinelOne Singularty Endpoint with other XDR solutions, the first thing is that it is easier to understand with a user-friendly interface. When we log in as a user, it is very user-friendly with sections for Threat, Incident, and Admin. The UI is very user-friendly. SentinelOne Singularity Endpoint is reliable and can be relied upon for security purposes to secure our systems. That would be a major factor comparing it with other products.
I have used the Purple AI feature in SentinelOne Singularity Endpoint for quite some time.
I feel data security is a very big factor when we talk about reliability and trust issues in terms of Purple AI . Nowadays, there are different LLMs such as Claude and ChatGPT, but reliability is the most competing factor. The Purple AI feature in SentinelOne Singularity Endpoint makes it reliable because we do not have to search for IOCs outside our environment by going to other large language models. Through Purple AI only, we can get recent IOCs and vulnerabilities circulating around. Purple AI does help us for reliability and integrity of our data.
I would rate this product nine out of ten overall.
Chetan Gaonkar
Endpoint protection has cut alerts and detection time while streamlining ransomware response
Reviewed on Apr 30, 2026
Review provided by PeerSpot
What is our primary use case?
SentinelOne Singularity Endpoint 's main use case is that it includes EDR, XDR , and NGSM. SentinelOne Singularity Complete has the ability to ingest and correlate across security solutions extensively. It functions as an EDR, XDR , and MDR mix with Purple AI and NGSM real-time monitoring tools.
Ranger functionality is a network discovery and control feature. Its primary role is to identify and manage unmanaged devices on the network. It detects devices in our network, ingests logs from network sources, and captures threat metrics, including IOCs. Ranger functionality is effective for identifying rogue devices in our network.
What is most valuable?
What I appreciate most about SentinelOne Singularity Endpoint is the fastest response of EDR and the rollback VSS capability. The rollback feature is my top preference, followed by the fastest response from the EDR side.
SentinelOne has helped reduce alerts for us by almost 50%. Before implementing SentinelOne Singularity, my colleague told me that we were using an AV, but I do not have knowledge about which AV we were using. After using SentinelOne Singularity platform, the time has reduced by 50%.
There is up to 30 to 40% mean time reduction in MTTD.
For mean time to resolve, whenever we get the alert from the console, we integrate SentinelOne Singularity with a sub-console, so it raises the alert within five minutes.
What needs improvement?
For SentinelOne Singularity Endpoint, the first issue I dislike is the high CPU utilization, and the second is a very high number of false positive alerts from the EDR.
Data security is very important in today's organizations when using Purple AI with endpoints in the SentinelOne Singularity network and applications everywhere. However, SentinelOne Singularity does not have strong features for data security. Purple AI is used to find IOCs, hashes, zero-day vulnerabilities, or CVEs found in the network. We use it for that purpose only. From a data security perspective, SentinelOne Singularity does not have a major role. With Purple AI, we ask questions about an IOC or provide a query and receive answers from Purple AI, but that is the extent of its functionality.
For how long have I used the solution?
I have been working with this solution for eight months.
What do I think about the stability of the solution?
SentinelOne Singularity Endpoint protection runs continuously. I heard news about one or two years ago that CrowdStrike had a blue screen issue, but I have not heard any news about SentinelOne lagging or crashing. I have been using it for the last eight months with no issues from the Singularity application.
What do I think about the scalability of the solution?
Scalability with SentinelOne depends on your organization and how many licenses you have. I am a co-worker of Softcell, and we have a license for 7,000 to 8,000 endpoints. Currently, we have only 6,000 endpoints implemented for our customers and for our use only. Scalability-wise, it is very scalable and depends on how many licenses your organization has purchased from SentinelOne.
How are customer service and support?
Support is very important for SentinelOne Singularity Endpoint. Because it is a SaaS product, whenever we get stuck, we require a TAC team or support team. For instance, two days ago, one of our customers was hit by a ransomware attack. We required the support team to help us with root cause analysis to find out why the ransomware entered our client's organization. The support team helped us all night, standing with our customer while providing support to us. Support is very important for SentinelOne, and the TAC team is essential.
If I were to rate the support on a scale from one to ten, I would give it a nine. Support is important for us.
Which solution did I use previously and why did I switch?
Before SentinelOne Singularity Endpoint, I used an AV, but I do not have knowledge about which AV it was.
How was the initial setup?
SentinelOne Singularity Endpoint's initial deployment is very easy. I have eight months of experience with it and take on some admin responsibilities. We have to set up the tenant, though I do not have access to do so. I am downloading the packages during our initial deployment. Downloading the packages and installing them is very easy. We just require the site token from the management console. For our organization's pilot deployment, I downloaded some SentinelOne Singularity Endpoint packages on laptops. With eight months of experience as a fresher, I can install the endpoints on laptops. The initial setup is very straightforward.
Which other solutions did I evaluate?
I have not used any alternatives to SentinelOne Singularity Endpoint. I have knowledge of other solutions, but I am using SentinelOne for the first time. Before this company, I was a college student, so this is my first company and my first tool.
What other advice do I have?
SentinelOne Singularity Endpoint has helped reduce alerts for us by almost 50%. Before implementing it, my colleague told me that we were using an AV, but I do not have knowledge about which AV it was. After using SentinelOne Singularity platform, the time has reduced by 50%.
There is up to 30 to 40% mean time reduction in MTTD.
For mean time to resolve, whenever we get the alert from the console, we integrate SentinelOne Singularity with a sub-console, so it raises the alert within five minutes.
I would rate this solution a 9 out of 10 overall.
SameerJadhav
Automated defenses have reduced alert noise and enable rapid rollback from ransomware attacks
Reviewed on Apr 30, 2026
Review from a verified AWS customer
What is our primary use case?
My use case for SentinelOne Singularity Endpoint is endpoint security to detect, prevent, and respond to cyber threats in real time using AI, which includes Purple AI , behavior analysis, and additionally, NG-SIEM, EDR, and XDR , which is a combination of EDR and XDR .
What is most valuable?
The best feature of SentinelOne Singularity Endpoint that I appreciate the most is the rollback feature, because just yesterday, we had a ransomware incident for one customer, and we were able to protect our customer through the rollback feature.
Another aspect of SentinelOne Singularity Endpoint that I appreciate is the automation; they have added Purple AI and created a new dashboard for XDR that works very well with Purple AI and NG-SIEM. SentinelOne Singularity Endpoint consolidates security features effectively through the rollback feature.
SentinelOne Singularity Endpoint helps reduce alerts by approximately 40%, as it streamlines the analysis process for alerts we receive. It helps free up about 70 to 80% of our time when managing alerts.
The mean time to respond with SentinelOne Singularity Endpoint is reduced by about 30%. When we receive alerts, we can raise them within 10 minutes, and the SLA from our side is one hour.
Purple AI helps with data privacy and security by efficiently retrieving IOCs in our organization and network, allowing us to quickly query and identify vulnerabilities. Regarding threat investigations, Purple AI significantly aids in our forensic processes; for instance, it recently helped us track down a ransomware attack to its source in a customer's network.
What needs improvement?
In terms of improvements for SentinelOne Singularity Endpoint, the dashboard is complex for new users, and there are a lot of false positive alerts, particularly from genuine EXE files.
For how long have I used the solution?
I have been using SentinelOne Singularity Endpoint for 2.6 years.
What do I think about the stability of the solution?
The stability of SentinelOne Singularity Endpoint is very high; I would rate it 9 to 10 for EDR.
What do I think about the scalability of the solution?
The scalability of SentinelOne Singularity Endpoint can be substantial, allowing for up to 15,000 to 20,000 endpoints for one management console, depending on the organization's relationship with customers. I rate the scalability of SentinelOne Singularity Endpoint as 9 out of 10.
How are customer service and support?
I rate the technical support for SentinelOne Singularity Endpoint as 8 out of 10.
Which solution did I use previously and why did I switch?
We work with SentinelOne and PingPlotter .
How was the initial setup?
The deployment of SentinelOne Singularity Endpoint is very easy, as we only need to create a tenant in our management console and can deploy endpoints to numerous devices within two to three days.
What about the implementation team?
We have about 30 to 40 people working with SentinelOne Singularity Endpoint in our SOC and MDR teams.
What was our ROI?
SentinelOne Singularity Endpoint helps reduce alerts by approximately 40%, as it streamlines the analysis process for alerts we receive. It helps free up about 70 to 80% of our time when managing alerts.
What's my experience with pricing, setup cost, and licensing?
Regarding pricing, I find SentinelOne Singularity Endpoint to be very affordable, at around $12 to $15, as indicated by my manager.
Which other solutions did I evaluate?
SentinelOne Singularity Endpoint seamlessly ingests logs from various other technologies besides SentinelOne EDR platform, integrating with server firewalls. As a SOAR analyst, I have integrated SentinelOne with Shuffle SOAR technology and Wazuh into Level 40's NG-SIEM.
What other advice do I have?
I do not have access to the Ranger functionality because our organization did not purchase it from SentinelOne, but we are planning to buy it next financial year.
I work with Purple AI for our internal use, not for customer use, as we have an NFR set up.
I do not have much knowledge about comparing SentinelOne Singularity Endpoint with other products or vendors since we have primarily used SentinelOne along with PingPlotter .
SentinelOne Singularity Endpoint does not require much maintenance; we just need to upgrade the agent to ensure we receive support from the TAC team.
I will definitely recommend SentinelOne Singularity Endpoint to other organizations, emphasizing the importance of training the SOC team and potential integrations for maximum effectiveness. Our clients using SentinelOne Singularity Endpoint are medium and enterprise businesses. I rate this review overall as a 9.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)