I use SentinelOne Singularity Endpoint for endpoint protection. I utilize it for different companies and different purposes. It is effective for endpoint detections and remediation of the detections. Additionally, I use it for new endpoint discovery within the company intranet. Overall, I use SentinelOne for incident response activities.
SentinelOne Singularity Platform
SentinelOneExternal reviews
330 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Endpoint protection has strengthened incident response and improved threat visibility
What is our primary use case?
What is most valuable?
The best features in SentinelOne Singularity Endpoint are the Sentinels and the features provided within the Sentinel module, which include machine identification and machine details. I can accomplish everything within the endpoint using these features. Endpoint Sentinel is a good detection rule, and if I can create or already have created rules, these are good working rules that protect my organization and make the endpoints more secure.
Ranger is also a cool feature that provides visibility of new endpoints that have been attached or connected within my infrastructure that do not have SentinelOne Singularity Endpoint agent installed on them.
What needs improvement?
Before using SentinelOne Singularity Endpoint, I used different products, including CrowdStrike. In the space where SentinelOne Singularity Endpoint is working, it is an awesome product. However, I believe the vulnerability management is currently in pilot. If it can mature into good production where the vulnerability management module is working well within Singularity Complete edition, that would be an awesome step. The vulnerability assessment is available, but application vulnerability assessment or other endpoint vulnerability assessment is not as good as what other products are providing.
Singularity Complete is a good product in its area and, obviously, when comparing to other organizations or companies providing endpoint detection solutions, it is an end-to-end solution for antimalware and XDR. This has been working fine for me so far. I am using it in small, medium, and enterprise organizations, and it is good. However, as I mentioned for the vulnerability assessment, along with the specification of handling core, detailed forensics, there could be more details I would add. However, if I recall correctly, there is a specific module within SentinelOne Singularity Endpoint to check all details of the functions that happened within the target machine. I am currently unable to recall the name of that module, but it exists. However, there is room for improvement where more details of the solution or from the target can be added, and this would help me more easily identify the impact or the root cause that impacts the endpoint. This would be more helpful for end users. Currently, if there is an impacted endpoint, I click on the endpoint, and it gives me insights about what happened with this endpoint. However, when I need to go into the details, there is some limitation to viewing those details for the target machine. It would be awesome if this module could be integrated into the normal Sentinels. This would be more helpful for engineers working on core identification of root causes.
For how long have I used the solution?
I have been working with SentinelOne Singularity Endpoint for more than two or three years.
What do I think about the stability of the solution?
It is working fine for me. In the majority of cases where files have been detected as malware or virus within the organization on the target machine, they are quarantined. This is good functionality from XDR, as I mentioned earlier.
What do I think about the scalability of the solution?
For me, it is good, but I believe SentinelOne Singularity Endpoint does not directly engage with customers who have fewer than one thousand nodes. I have to engage through SentinelOne's partners. This is an impact based on market or company strategy. The pricing is not too bad; it is good. If I directly engage the organization or company, the pricing is different and obviously better. Additionally, when I go directly within the company, they provide visibility or vigilance services to customers at the same price. When I go into the partner channel, my account is within the partner's umbrella, and they provide limited support for visibility and further incident investigations. This is a limitation for small and medium organizations. However, for large organizations that can directly engage SentinelOne Singularity Endpoint, this is a positive point, but there is a lag when I go into the partner channel. The partners engage with customers in their own way, and that is how it works.
How was the initial setup?
For me as an end user, the setup process was not difficult because everything was set up from the partner's side. I may not be the right person to answer for all aspects. For the end user, it is very easy. The partner set up the whole environment within a week or two. After creating the whole setup, as an end user, I would just have to install SentinelOne Singularity Endpoint agent into my end user devices or servers. It is easy to do that. Once I do this and the environment has been set up with all Sentinels collecting data from end user devices or servers, everything is there and the environment has been set up. It is easy for end users, but obviously for those creating the environment, the whole environment, creation of security rules, detection rules, and those kinds of things may be challenging, especially for beginners. That would be the challenging part, and I did not do it earlier, so I cannot comment on it fully.
What's my experience with pricing, setup cost, and licensing?
It is comparative to other products and is cost-efficient.
Which other solutions did I evaluate?
This is a competitive market with competitive solutions that have core good products and features within them. If I am looking for an endpoint protection solution, this is a good product because I always compare SentinelOne Singularity Endpoint with CrowdStrike and Microsoft Defender. Based on that comparison, if SentinelOne Singularity Endpoint had good vulnerability assessment capabilities, because currently the vulnerability assessment is based on the application, not the operating system, it would be a good point from the perspective of cost-efficiency along with the features within the product. SentinelOne Singularity Endpoint has Ranger, Sentinels, and visibility where I can go in and have detailed knowledge about every detection along with every happening on the target machine. This is good, but SentinelOne Singularity Endpoint is still lagging under the vulnerability assessment module.
What other advice do I have?
SentinelOne Singularity Endpoint provides alerting into the dashboard, but I did not configure it correctly and never received alerts over emails. If such a feature exists within the product, that would be awesome, and I could incorporate and configure it. Currently, I do not have visibility on it. Once I log into SentinelOne Singularity Endpoint, it provides visibility within the dashboard showing how many endpoints have been detected as infected, how many endpoints are impacted, and how many endpoints have been identified as malware where SentinelOne Singularity Endpoint has quarantined those files, and I can do analysis and further processing. However, currently, I did not configure it if it is available, but I am unable to navigate it. I do not have visibility on whether any endpoints or target machines have been impacted so that I receive email notifications or SMS notifications alerting me that a machine has been impacted and needs to be worked on urgently. This is a critical function I need to perform right now. If this would be configurable or is available in SentinelOne Singularity Endpoint, that is awesome. If not, then the alerting mechanism needs to be improved to get alerts over emails or SMS for at minimum critical assets.
I can say that I currently did not implement it in such a way because for what I am using SentinelOne Singularity Endpoint for, it is the on-premises infrastructure for some organizations and just for endpoints in other organizations. In that case, I believe for SaaS products, I am currently not utilizing it for such things. My question is whether SentinelOne Singularity Endpoint is an agent-based solution that I can only utilize on endpoints or servers or where the operating system is Linux or different flavors where the operating system is running. However, for the serverless environment, SentinelOne Singularity Endpoint cannot work. Is that the right expectation?
Obviously, the core concern is about data protection and privacy. There is something I have to adopt with AI. If I do not adopt it, I am not running with the market and chasing new goals. The thing is I have to implement frameworks such as ISO 42001 to manage data and contain my data's confidentiality and privacy. This is core importance for me in my job role. I take care of this all the time, and obviously if I am integrating solutions that utilize AI-based features into their product, I do have vendor management or vendor risk management to perform with vendors. I currently look into AI standards or framework implementation within organizations if they are providing me with full core data security. This is the point I engage in with existing and onboarding vendors. Additionally, I am currently utilizing AI and making AI models within my organizations. I implement security standards and maintain the whole implementation and operationalization of data protections within AI models and machine learning models.
This is the function that can be adopted, and if it is in the product, obviously this is a positive point and I do encourage that utilization of AI models within products. As I mentioned, if I got email alerts or SMS alerts for critical systems and if AI has been engaged into threat modeling with well-known algorithms that identify what threats, viruses, or malicious insights have been identified in the system, and if AI can guess that certain operating systems, files, or things are critical to my organization and can do this on a real-time basis, that would be a positive point. Obviously, as I mentioned, if I want to run with the market, I have to integrate those AI threat modeling or AI remediations within my organization. I have to do that. I give this review an overall rating of eight out of ten.
Advanced endpoint protection has reduced ransomware impact and improves incident response speed
What is our primary use case?
SentinelOne Singularity Endpoint is used for endpoint security to detect, prevent, and respond to cyber threats using real-time AI-based behavior analysis, and it also helps the NJS and Purple AI.
I ingest logs from various multiple devices, such as from firewalls and clouds, so I am correlating all the rules to SentinelOne Singularity Endpoint for better endpoint security.
My organization is a partner with SentinelOne Singularity Endpoint and we provide MSSP services to our customers.
What is most valuable?
The first feature I appreciate is the rollback feature, which is very important.
I appreciate the fast connection we get from the agent to the management console; the second benefit, as I have already mentioned, is the rollback capability. The third feature is that if any ransomware or malware attack occurs, the agent takes care of it and initially performs a full disk scan. I also get the process tree with the help of the agent, which includes a process tree diagram with the star rule ID, providing me with a clear picture from start to finish of how attackers execute their attacks on the laptop.
For mean time to detect, it has improved by 50%, and mean time to respond is now reduced by 40%.
I use Purple AI mainly for my organization, not for our customers because I do not have that admin access. I have access to my NFR, which is a separate management console for our organization to protect our system, so I do use it.
The solution frees up about 30% of time.
What needs improvement?
I would suggest a lot of improvements; first, the dashboard is critical for new joiners, especially with the addition of Purple AI and EDR, which makes it complex for new SOC users. Second, the rollback feature is only available for Windows systems, not for Linux and Mac OS. Third, the dashboard is not customizable; I cannot create a dashboard as it is already inbuilt in SentinelOne Singularity Endpoint management console.
For how long have I used the solution?
I have been using the solution for six months.
What do I think about the stability of the solution?
In terms of stability, it is good; even though I have heard of CrowdStrike's blue screen issues, during my six months with SentinelOne Singularity Endpoint, I have not encountered any stability problems—it is continuously running in the background on the endpoint without any issues.
Stability-wise, I would rate it an eight.
What do I think about the scalability of the solution?
Regarding scalability, I can scale up based on my company's agreement with SentinelOne Singularity Endpoint; in my organization, I manage at least 6,000 to 7,000 endpoints for multiple clients, supported by my contract with SentinelOne Singularity Endpoint.
How are customer service and support?
Technical support is very important, and I would rate it nine out of ten.
Which solution did I use previously and why did I switch?
I do not have much knowledge about other solutions as I am a SOC analyst with understanding of SIM tools and additional EDR such as SentinelOne Singularity Endpoint, as I recently graduated last year and joined the company in December 2025.
How was the initial setup?
The solution does not require much maintenance; I just install the endpoint on the desktop or server, and I need to upgrade the solution regularly to ensure I receive support from the TAC team.
What about the implementation team?
I have a central team of both SOC and EDR members actively using SentinelOne Singularity Endpoint, totaling about 30 to 40 people, with 20 to 25 being L1 and 10 being L2, along with two managers and two team leads.
Which other solutions did I evaluate?
Regarding pricing, I would say it is medium; compared to CrowdStrike and Microsoft Defender EDR, which I am aware of, SentinelOne Singularity Endpoint is cost-efficient, fitting into a medium range—not high or low.
What other advice do I have?
I do not use the Ranger functionality because I am an L1 and I have only read-only access, but I know the functionality. The main function is network discovery and control, which identifies and manages unmanaged devices on the network and detects rogue devices on the system.
Before I joined, I can say my organization reduced alerts by 30-40% due to integrating multiple devices with SentinelOne Singularity Endpoint, impacting mostly the false positive alerts.
Data privacy and security with Purple AI are important for my organization; the co-pilot feature of Purple AI helps pull down any IOC present in my network, allowing me to identify any IOC, hash, vulnerability, or malicious activities that occur.
I am the only SOC analyst L1, and while my organization has an investigating team that uses Purple AI mainly for investigation and threat hunting purposes, I have only used it for basic commands and queries for investigation.
My clients are medium-sized, not exceeding 2,000 to 4,000 crore companies.
If you are considering implementing SentinelOne Singularity Endpoint in your organization, I have several recommendations: first, train the SOC team, especially if there are new joiners; second, start with a pilot deployment rather than deploying to all endpoints; third, integrate SentinelOne Singularity Endpoint with other products such as SIM tools or SOAR tools to realize the true value of SentinelOne Singularity Endpoint; using it alone will not provide its full potential.
I would rate this solution a nine out of ten overall.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Automated protection has reduced our cyber risk and now supports our cyber insurance coverage
What is our primary use case?
We use SentinelOne Singularity because we didn't have a strong cybersecurity platform, and I wanted to make sure that my company wasn't going to be vulnerable to cyber-attacks. I also wanted to make sure that it was user-friendly, so it didn't have to have an end user that was managing everything. I saw that AI actually manages everything for you, so it's super user-friendly.
SentinelOne Singularity's interoperability with other solutions or third-party applications seems to flow nicely.
SentinelOne Singularity handles ingesting and correlating across the security solutions without me having any problems.
What is most valuable?
The most valuable feature of SentinelOne Singularity is that it's automated. The AI is constantly working in the background, tracking and blocking cybercriminals or bad actors.
SentinelOne Singularity saves me time every day that I use it, as it is easy to manage and easy to install.
SentinelOne Singularity has improved my organization overall by allowing us to get cybersecurity insurance, which I think is very hard to get. We have coupled SentinelOne Singularity with some other cyber platform, and now we are insured as well.
SentinelOne Singularity is super easy for scalability; we are constantly adding more computers and users, and it's compatible with everything else that we're using.
What needs improvement?
When sending out new updates, you have to figure out which one is the right one, so it would be easier if they committed to that, because when you're sitting out updates, there are different names and something different, making it tricky to figure out which one is compatible with your program or company.
For how long have I used the solution?
I have been using SentinelOne Singularity for probably three years now.
What do I think about the stability of the solution?
I haven't had any issues with SentinelOne Singularity regarding stability, such as lagging, crashing, or downtime.
How are customer service and support?
Their technical support is very responsive, helpful, and knowledgeable.
On a scale of one to ten, I would give their support a ten.
Which solution did I use previously and why did I switch?
I have a very positive impression of SentinelOne Singularity as a strategic security partner, and I'm very happy with the product. I plan on keeping it because we had another product that wasn't easy or user-friendly, and we ended up not renewing that, while we plan on renewing SentinelOne Singularity every year.
How was the initial setup?
In my opinion, it was super easy and straightforward.
We did the deployment all by ourselves in-house.
What about the implementation team?
I was involved in the deployment.
What was our ROI?
The return on investment I've seen from SentinelOne Singularity is huge because we now have cyber insurance, and our workload is less. We don't have to pay the price we were paying for a whole IT company for computers and malware solutions since we are saving money ultimately.
What other advice do I have?
I have never tried using Ranger.
My mean time to detect is eighty percent.
The meantime to respond is the same story.
My organizational risk has been reduced.
I am having a really good experience with SentinelOne Singularity, so I can't say there's anything they can improve because I'm not having any problems. Even if I have an issue, they're super responsive.
I think SentinelOne Singularity's pricing or licensing is very comparable and competitive.
SentinelOne Singularity requires maintenance on my end, such as making sure to send out any new agent updates quickly.
On a scale of one to ten, I would give SentinelOne Singularity an overall score of ten.
I would advise others evaluating SentinelOne Singularity that if they're looking for something simple, user-friendly, and that stays up to date with what's happening, this is the product for you.
Automated endpoint protection has improved real-time threat detection and simplified compliance
What is our primary use case?
In my previous office, we used SentinelOne Singularity Endpoint for endpoint detection and response purposes. We deployed the SentinelOne Singularity Endpoint agent on our clients, client servers, desktops, laptops, and all other endpoints. We deployed those for monitoring and compliance purposes to secure those endpoints for security purposes.
What is most valuable?
In SentinelOne Singularity Endpoint, the fast response and detection it offers are what I appreciate the most. The biggest benefit I feel as a customer is that it is fully automated with threat detection capabilities. We just have to deploy the agents and we are good to go. There are already default use cases included with the product, so we do not have to customize the use cases every time in SentinelOne Singularity Endpoint. We just deploy the agent and as it is fully automated, we are good to go for threat detection.
Although it is a disadvantage, the false positive alerts generated by SentinelOne Singularity Endpoint is substantial, but if it is handled properly and the use cases are properly mapped with MITRE techniques and tactics, then I feel that the false positive alerts can be reduced to more true positive alerts.
SentinelOne Singularity Endpoint detects alerts in real-time. It has both static and dynamic types of detection. We do not have to wait for detection. It is much more secure because it is detecting alerts in real-time scenarios and does not take any extra time so that the SLA of our client can remain valid. Because it detects in real-time, it is much more secure.
What needs improvement?
As a user, I personally feel that in SentinelOne Singularity Endpoint, the customized dashboard could be improved. We were not able to create a customized dashboard in it. The default dashboards were only present and we were not able to customize anything. I think that could be improved. The resource consumption, such as high CPU and disk usage, can also be a downward factor.
Ranger functionality was present for SentinelOne Singularity Endpoint, but in our organization, that Ranger functionality was disabled.
What do I think about the stability of the solution?
I have never seen any downtime in SentinelOne Singularity Endpoint.
What do I think about the scalability of the solution?
SentinelOne Singularity Endpoint is scalable. We can scale up and scale down the number of endpoints we need depending upon the requirement. It is very scalable-friendly.
How are customer service and support?
For SentinelOne Singularity Endpoint, we get in touch with technical support because there have been multiple scenarios when we have to stay connected when we have no clue what we need to do. As the client has multiple requests, there are times when we just raise the query to customer support and they respond to us very quickly. There have been no issues, I feel. We have always been in touch with customer support and they reply to us on the same day. I have noticed this multiple times. Whenever we feel we do not know what to do, what to respond to the client, or how to do a particular thing, then customer support does help us multiple times.
The support of SentinelOne Singularity Endpoint deserves a rating of ten out of ten.
Which solution did I use previously and why did I switch?
How was the initial setup?
I have not worked on integration, but I do know that the initial setup of SentinelOne Singularity Endpoint is very straightforward and very easy to do. All we need to do is set up the tenant, create the page file, and once we install it, it automatically connects within an hour. We just have to deploy the agent on whatever the server, desktop, laptop, or whatever the endpoint is.
What about the implementation team?
We worked as an MSSP, so we worked as a service provider. We provide services to multiple clients. Clients come and they go. The integration part happens, then we have to decommission it. There are several factors related to whether SentinelOne Singularity Endpoint was already deployed or when it was deployed.
What was our ROI?
For maintenance in SentinelOne Singularity Endpoint, we have to stay connected with the OEM in perspective of the version upgrade to stay up to date. The only thing is version updates. If there is any new update, then we have to stay updated.
What's my experience with pricing, setup cost, and licensing?
I cannot say exactly, but I can guess the pricing model for SentinelOne Singularity Endpoint. We have heard about the pricing model. While we were working on a client, our manager sent a proposed email to the client at that time. We saw how they were costing. They were costing on a per-device basis. Based on how many endpoints the client needs, they were charging per endpoint.
What other advice do I have?
Comparing SentinelOne Singularty Endpoint with other XDR solutions, the first thing is that it is easier to understand with a user-friendly interface. When we log in as a user, it is very user-friendly with sections for Threat, Incident, and Admin. The UI is very user-friendly. SentinelOne Singularity Endpoint is reliable and can be relied upon for security purposes to secure our systems. That would be a major factor comparing it with other products.
I have used the Purple AI feature in SentinelOne Singularity Endpoint for quite some time.
I feel data security is a very big factor when we talk about reliability and trust issues in terms of Purple AI. Nowadays, there are different LLMs such as Claude and ChatGPT, but reliability is the most competing factor. The Purple AI feature in SentinelOne Singularity Endpoint makes it reliable because we do not have to search for IOCs outside our environment by going to other large language models. Through Purple AI only, we can get recent IOCs and vulnerabilities circulating around. Purple AI does help us for reliability and integrity of our data.
I would rate this product nine out of ten overall.
Endpoint protection has cut alerts and detection time while streamlining ransomware response
What is our primary use case?
SentinelOne Singularity Endpoint's main use case is that it includes EDR, XDR, and NGSM. SentinelOne Singularity Complete has the ability to ingest and correlate across security solutions extensively. It functions as an EDR, XDR, and MDR mix with Purple AI and NGSM real-time monitoring tools.
Ranger functionality is a network discovery and control feature. Its primary role is to identify and manage unmanaged devices on the network. It detects devices in our network, ingests logs from network sources, and captures threat metrics, including IOCs. Ranger functionality is effective for identifying rogue devices in our network.
What is most valuable?
What I appreciate most about SentinelOne Singularity Endpoint is the fastest response of EDR and the rollback VSS capability. The rollback feature is my top preference, followed by the fastest response from the EDR side.
SentinelOne has helped reduce alerts for us by almost 50%. Before implementing SentinelOne Singularity, my colleague told me that we were using an AV, but I do not have knowledge about which AV we were using. After using SentinelOne Singularity platform, the time has reduced by 50%.
There is up to 30 to 40% mean time reduction in MTTD.
For mean time to resolve, whenever we get the alert from the console, we integrate SentinelOne Singularity with a sub-console, so it raises the alert within five minutes.
What needs improvement?
For SentinelOne Singularity Endpoint, the first issue I dislike is the high CPU utilization, and the second is a very high number of false positive alerts from the EDR.
Data security is very important in today's organizations when using Purple AI with endpoints in the SentinelOne Singularity network and applications everywhere. However, SentinelOne Singularity does not have strong features for data security. Purple AI is used to find IOCs, hashes, zero-day vulnerabilities, or CVEs found in the network. We use it for that purpose only. From a data security perspective, SentinelOne Singularity does not have a major role. With Purple AI, we ask questions about an IOC or provide a query and receive answers from Purple AI, but that is the extent of its functionality.
For how long have I used the solution?
I have been working with this solution for eight months.
What do I think about the stability of the solution?
SentinelOne Singularity Endpoint protection runs continuously. I heard news about one or two years ago that CrowdStrike had a blue screen issue, but I have not heard any news about SentinelOne lagging or crashing. I have been using it for the last eight months with no issues from the Singularity application.
What do I think about the scalability of the solution?
Scalability with SentinelOne depends on your organization and how many licenses you have. I am a co-worker of Softcell, and we have a license for 7,000 to 8,000 endpoints. Currently, we have only 6,000 endpoints implemented for our customers and for our use only. Scalability-wise, it is very scalable and depends on how many licenses your organization has purchased from SentinelOne.
How are customer service and support?
Support is very important for SentinelOne Singularity Endpoint. Because it is a SaaS product, whenever we get stuck, we require a TAC team or support team. For instance, two days ago, one of our customers was hit by a ransomware attack. We required the support team to help us with root cause analysis to find out why the ransomware entered our client's organization. The support team helped us all night, standing with our customer while providing support to us. Support is very important for SentinelOne, and the TAC team is essential.
If I were to rate the support on a scale from one to ten, I would give it a nine. Support is important for us.
Which solution did I use previously and why did I switch?
Before SentinelOne Singularity Endpoint, I used an AV, but I do not have knowledge about which AV it was.
How was the initial setup?
SentinelOne Singularity Endpoint's initial deployment is very easy. I have eight months of experience with it and take on some admin responsibilities. We have to set up the tenant, though I do not have access to do so. I am downloading the packages during our initial deployment. Downloading the packages and installing them is very easy. We just require the site token from the management console. For our organization's pilot deployment, I downloaded some SentinelOne Singularity Endpoint packages on laptops. With eight months of experience as a fresher, I can install the endpoints on laptops. The initial setup is very straightforward.
Which other solutions did I evaluate?
I have not used any alternatives to SentinelOne Singularity Endpoint. I have knowledge of other solutions, but I am using SentinelOne for the first time. Before this company, I was a college student, so this is my first company and my first tool.
What other advice do I have?
SentinelOne Singularity Endpoint has helped reduce alerts for us by almost 50%. Before implementing it, my colleague told me that we were using an AV, but I do not have knowledge about which AV it was. After using SentinelOne Singularity platform, the time has reduced by 50%.
There is up to 30 to 40% mean time reduction in MTTD.
For mean time to resolve, whenever we get the alert from the console, we integrate SentinelOne Singularity with a sub-console, so it raises the alert within five minutes.
I would rate this solution a 9 out of 10 overall.
Automated defenses have reduced alert noise and enable rapid rollback from ransomware attacks
What is our primary use case?
My use case for SentinelOne Singularity Endpoint is endpoint security to detect, prevent, and respond to cyber threats in real time using AI, which includes Purple AI, behavior analysis, and additionally, NG-SIEM, EDR, and XDR, which is a combination of EDR and XDR.
What is most valuable?
The best feature of SentinelOne Singularity Endpoint that I appreciate the most is the rollback feature, because just yesterday, we had a ransomware incident for one customer, and we were able to protect our customer through the rollback feature.
Another aspect of SentinelOne Singularity Endpoint that I appreciate is the automation; they have added Purple AI and created a new dashboard for XDR that works very well with Purple AI and NG-SIEM. SentinelOne Singularity Endpoint consolidates security features effectively through the rollback feature.
SentinelOne Singularity Endpoint helps reduce alerts by approximately 40%, as it streamlines the analysis process for alerts we receive. It helps free up about 70 to 80% of our time when managing alerts.
The mean time to respond with SentinelOne Singularity Endpoint is reduced by about 30%. When we receive alerts, we can raise them within 10 minutes, and the SLA from our side is one hour.
Purple AI helps with data privacy and security by efficiently retrieving IOCs in our organization and network, allowing us to quickly query and identify vulnerabilities. Regarding threat investigations, Purple AI significantly aids in our forensic processes; for instance, it recently helped us track down a ransomware attack to its source in a customer's network.
What needs improvement?
In terms of improvements for SentinelOne Singularity Endpoint, the dashboard is complex for new users, and there are a lot of false positive alerts, particularly from genuine EXE files.
For how long have I used the solution?
I have been using SentinelOne Singularity Endpoint for 2.6 years.
What do I think about the stability of the solution?
The stability of SentinelOne Singularity Endpoint is very high; I would rate it 9 to 10 for EDR.
What do I think about the scalability of the solution?
The scalability of SentinelOne Singularity Endpoint can be substantial, allowing for up to 15,000 to 20,000 endpoints for one management console, depending on the organization's relationship with customers. I rate the scalability of SentinelOne Singularity Endpoint as 9 out of 10.
How are customer service and support?
I rate the technical support for SentinelOne Singularity Endpoint as 8 out of 10.
Which solution did I use previously and why did I switch?
We work with SentinelOne and PingPlotter.
How was the initial setup?
The deployment of SentinelOne Singularity Endpoint is very easy, as we only need to create a tenant in our management console and can deploy endpoints to numerous devices within two to three days.
What about the implementation team?
We have about 30 to 40 people working with SentinelOne Singularity Endpoint in our SOC and MDR teams.
What was our ROI?
SentinelOne Singularity Endpoint helps reduce alerts by approximately 40%, as it streamlines the analysis process for alerts we receive. It helps free up about 70 to 80% of our time when managing alerts.
What's my experience with pricing, setup cost, and licensing?
Regarding pricing, I find SentinelOne Singularity Endpoint to be very affordable, at around $12 to $15, as indicated by my manager.
Which other solutions did I evaluate?
SentinelOne Singularity Endpoint seamlessly ingests logs from various other technologies besides SentinelOne EDR platform, integrating with server firewalls. As a SOAR analyst, I have integrated SentinelOne with Shuffle SOAR technology and Wazuh into Level 40's NG-SIEM.
What other advice do I have?
I do not have access to the Ranger functionality because our organization did not purchase it from SentinelOne, but we are planning to buy it next financial year.
I work with Purple AI for our internal use, not for customer use, as we have an NFR set up.
I do not have much knowledge about comparing SentinelOne Singularity Endpoint with other products or vendors since we have primarily used SentinelOne along with PingPlotter.
SentinelOne Singularity Endpoint does not require much maintenance; we just need to upgrade the agent to ensure we receive support from the TAC team.
I will definitely recommend SentinelOne Singularity Endpoint to other organizations, emphasizing the importance of training the SOC team and potential integrations for maximum effectiveness. Our clients using SentinelOne Singularity Endpoint are medium and enterprise businesses. I rate this review overall as a 9.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Autonomous Protection, Robust Security for Energy-Critical Systems
What do you like best about the product?
I really appreciate how autonomous and intuitive SentinelOne Singularity Endpoint is. It excels at detecting and responding to threats in real-time without the need for constant tuning or manual intervention. The storyline feature is fantastic, making investigations clear by showing exactly how events unfolded across an endpoint. The combination with MDR services feels like having an always-on extension of our security team that catches issues early, provides high-quality analysis, and gives us confidence that our critical energy sector systems are protected without adding unnecessary operational overhead. I also love how lightweight and stable the agent is across our environment. Even with a large number of endpoints, SentinelOne runs quietly in the background without causing performance issues.
What do you dislike about the product?
One area that could be improved with SentinelOne Singularity Endpoint is the overall usability and responsiveness of the management console, which can feel slow or occasionally unintuitive when navigating large data sets or drilling into detailed event timelines. Reporting is another place where there's room for enhancement. None of these are deal-breakers, but smoothing them out would make an already strong platform even more efficient for day to day operations.
What problems is the product solving and how is that benefiting you?
I depend on SentinelOne Singularity Endpoint for real-time, autonomous protection against threats. It streamlines investigations and reduces manual workload, helping secure systems without slowing day-to-day operations.
Unified security platform has improved threat visibility and supports swift incident response
What is our primary use case?
My main use case for SentinelOne Singularity Endpoint is the implementation inside of IT Brazil for around 100 users.
I use SentinelOne Singularity Endpoint day-to-day by having a team look at its platform to monitor our equipment and environment, and we also use it to block USB ports, which are the main uses here in Brazil.
Our team relies on SentinelOne Singularity Endpoint for both threat detection and response, though it does not happen very frequently. We keep our eyes on the application within the platform, and when it occurs, we connect SentinelOne Singularity Endpoint with our ITSM in the cloud.
SentinelOne Singularity Endpoint supports our operations as we are using the platform for control.
What is most valuable?
The best features that SentinelOne Singularity Endpoint offers include the ability to see the path of how malware contaminates equipment, allowing me to follow the entire path to mitigate problems.
This visibility helps my team by being very useful when we talk about threats; we can see the complete path from the start of a malware attempt, and we can run a remote search tool, making it very useful.
The API integration is very helpful for our platforms, including the ITSM I mentioned earlier, and I believe the API connection between platforms is very useful.
SentinelOne Singularity Endpoint has positively impacted my organization through the ease of use of the tool and the protection that it provides.
When I mention the protection that comes with using SentinelOne Singularity Endpoint, I find that the ease of detection is very fast in our platform, especially in our ITSM. We enter the SentinelOne Singularity Endpoint platform and search for anything related to malware directly on the computers, ensuring that nothing passes through SentinelOne Singularity Endpoint EDR.
What needs improvement?
Currently, I have nothing to suggest for improvements to SentinelOne Singularity Endpoint; we are very happy with the tool.
If I had to imagine one thing that could enhance my experience with SSentinelOne Singularity Endpoint, I would pick an easier way to view or follow the XDR platform, as I had some difficulties with it in the past.
I think that training would be beneficial for using the XDR, as we have a lot of information available there.
For how long have I used the solution?
I have been using SentinelOne Singularity Endpoint for two years.
What do I think about the stability of the solution?
SentinelOne Singularity Endpoint is stable.
What do I think about the scalability of the solution?
Scaling within SentinelOne Singularity Endpoint is very easy; if we acquire more licenses, the platform automatically distributes them to our equipment.
How are customer service and support?
Customer support is very good; we opened a few tickets in the last month and received everything we needed from the support team.
Which solution did I use previously and why did I switch?
We previously used Microsoft Defender and switched because it is not an advanced EDR, leading us to change to SentinelOne Singularity Endpoint.
Before selecting SentinelOne Singularity Endpoint, we evaluated other options such as Sophos and CrowdStrike, finding CrowdStrike to be very expensive and Sophos not meeting our requirements.
What was our ROI?
I believe we have seen a return on investment, particularly in terms of money saved compared to another tool.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing is good; the setup is very easy, and the license is per equipment, so it feels fair.
One noticeable benefit is that SentinelOne Singularity Endpoint is cheaper than other tools available in the market.
What other advice do I have?
I do not have anything else to add about my main use case or how SentinelOne Singularity Endpoint fits into my workflow.
The unified platform experience certainly helps streamline our security operations, making things easier for my team.
In terms of adaptability to new and unknown threats, I believe SentinelOne Singularity Endpoint is the tool I have used the most, and while I cannot compare right now since I have only used CrowdStrike once, I find SentinelOne Singularity Endpoint easier to use than CrowdStrike.
I was not aware of the possibility to use an Offensive Security Engine, but I will seek more information on it.
Having built-in integrations that unify various aspects of cloud security is very significant for my team, as it makes everything easier to manage.
I advise others looking into SentinelOne Singularity Endpoint to check the ease of usage of the tool, as the platform is very helpful and the protection it provides is truly exceptional. I have given this review a rating of 10.
Automation has cut alert fatigue and response time while AI-driven analysis finds threats faster
What is our primary use case?
The main use case for SentinelOne Singularity Endpoint includes EDR, XDR, and ingest SIM, which means SentinelOne Singularity Endpoint has the ability to ingest and correlate across security solutions extensively. It is a real-time, AI-based behavior analysis tool.
How has it helped my organization?
SentinelOne Singularity Endpoint has been reducing the alerts from our side, basically reducing our time to raise the alert to the client because we are an MSSP provider. We are Softcell technology, an MSSP provider. We have integrated SentinelOne Singularity Endpoint with SOAR technology, and whenever an alert comes, the alert is raised directly through SOAR technology within five seconds. The SLA is within five minutes for raising the alerts.
The time saved is around 30%. For the mean time to detect, it is around 20%. For the mean time to respond, it is around 50%.
What is most valuable?
The first best feature is the fast response and automated response, and the second one is the rollback capability that VSS in Windows. Those are the two best features I can say I like.
SentinelOne Singularity Endpoint seamlessly ingests the logs from various other technologies besides the SentinelOne Singularity Endpoint EDR platform. We have integrated various firewalls, and we also integrate with AWS and GCP, which is seamless. There are other solutions we can integrate with SentinelOne Singularity Endpoint, including Shuffle SOAR technology, Wazir Sentinel and FortiSIEM.
I cannot confirm because I do not have that access as I am an L1 analyst with only read-only access. However, Ranger in SentinelOne Singularity Endpoint is the network discovery and control feature, and its primary role is to identify and manage unmanaged devices, such as identifying the rogue devices in our network. It ingests the logs from network sources and captures any threat metrics, including IOC.
What needs improvement?
The first improvement is the dashboard because it is very complex. As a beginner-friendly SOC analyst or MDR analyst, the dashboard is a bit complex, so the dashboard needs to be more user-friendly. The second improvement is the VSS rollback feature, which is useful only for Windows laptops and servers, not for macOS and Linux. The third improvement is the policy management complexity; the policy is very complex in SentinelOne Singularity Endpoint, and we have to apply each and every policy for each endpoint. We have to create different groups for different policies, such as USB-based and Bluetooth-based.
For how long have I used the solution?
I have been using SentinelOne Singularity Endpoint for one year.
What do I think about the stability of the solution?
SentinelOne Singularity Endpoint is continuously running whenever our laptop is on or the server is on. It is continuously working, and I do not find any disturbance while using SentinelOne Singularity Endpoint. Unlike in CrowdStrike, we see blue screen issues, but I do not see any such issues in SentinelOne Singularity Endpoint. Stability-wise, it is good for us. I would give it 10 out of 10 for stability.
What do I think about the scalability of the solution?
SentinelOne Singularity Endpoint can be scalable up to 10,000 or 15,000 endpoints, depending on your organization. We have already scaled to over 6,000 endpoints in one management console, so it depends on your organization how much you want to scale.
How are customer service and support?
My rating for technical support is 9 out of 10.
Which solution did I use previously and why did I switch?
We have been using CrowdStrike for the last month. Compared to CrowdStrike, Charter AI, and the Purple AI, SentinelOne Singularity Endpoint is very easy. I just have to put the question in SentinelOne Singularity Endpoint; I want that IOC or that event ID. I can input the event ID and search for any Windows issue or find any malicious file using Purple AI compared to CrowdStrike. For someone who is a beginner, I would recommend SentinelOne Singularity Endpoint over CrowdStrike.
Compared to other vendors, SentinelOne Singularity Endpoint is not very expensive and it is good. I do not have extensive knowledge about other vendors, but just a month ago we were using CrowdStrike also. After comparing both CrowdStrike and SentinelOne Singularity Endpoint, SentinelOne Singularity Endpoint is better because the UI and dashboard in CrowdStrike are very complex. For a beginner, SentinelOne Singularity Endpoint is very beneficial.
How was the initial setup?
We actually deploy it on the cloud; we deploy on public cloud because we have a partnership with Amazon Web Service, AWS, so we have implemented it on the public cloud. The deployment is very easy. We just have to create a tenant, create, and download the package file. The setup is straightforward, and I can also do that setup because I can handle admin tasks.
What about the implementation team?
Two weeks is enough for deployment because we have over 6,000 endpoints as an MSSP provider. Two weeks is sufficient for deploying to every customer. It is very easy.
What was our ROI?
We do not have to calculate the investment because the major factor is to save our organization and our customer organization. I can say just go for SentinelOne Singularity Endpoint, it is the best investment, so do not look at the price and go for it.
What's my experience with pricing, setup cost, and licensing?
It will be moderate, compared to CrowdStrike. Based on my knowledge about our organization, it is costing around 11 to 12 dollars per endpoint for our customers, so compared to CrowdStrike, it is moderate or cheap for us.
What other advice do I have?
Purple AI is a tool I have used because we have the analyst access. I had limited access to Purple AI, but I have used it for finding the IOC in our networks and our customers' networks. It is a co-pilot feature where I can use a pull-down menu to identify based on the present IOC. The retrieve time is very fast, and we get the answer within five to ten seconds. We have IOC, zero-day vulnerability, or any other hashes present in our network.
Because I am an L1 analyst, we have a forensic analyst team also, and they are using Purple AI. This tool is very helpful for our forensic team.
SentinelOne Singularity Endpoint is reducing our time because we do not have that access to Purple AI. SentinelOne Singularity Endpoint is reducing our time to find the IOC in the organization. I gave this review an overall rating of 10 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Deep visibility and AI-driven rules have strengthened endpoint threat detection and response
What is our primary use case?
My use case is for EDR purposes.
What is most valuable?
According to me, the best feature of SentinelOne Singularity Endpoint is the Deep Visibility. I think it is easy to check what a user is doing and what command is run. You can track this with the help of Deep Visibility.
SentinelOne Singularity Endpoint's ability to ingest and correlate across my security solutions is interesting. First is the Deep Visibility. The second one is a real-time threat you can detect in SentinelOne Singularity Endpoint. Then you can raise the alert to the client within a short period. Another one is Purple AI, which is the best, according to me.
Purple AI helps with my data privacy and security by providing a feature called Star Custom Rules. You can create a Star Custom Rule, and Purple AI is similar to ChatGPT, but it only gives answers specific to SentinelOne Singularity Endpoint. For example, you can create any rule and ask Purple AI, 'Please give me this type of alert query.' Then Purple AI will create a query according to your needs. There are many types of use cases already stored in Purple AI that you can use for your monitoring, and it is better for both your client's environment and our environment as well.
Purple AI plays a crucial role in my team's knowledge by allowing us to create rules that are not created in SentinelOne Singularity Endpoint by default, and it helps to create many types of alerts. For example, you can block any RDP tool such as Anydesk, and you can create such types of rules with the help of Purple AI.
Regarding how much SentinelOne Singularity Endpoint has reduced my alerts, we can say that on a daily basis, we have 8,000 to 9,000 endpoints from multiple clients, and we have triggered 10 to 15 alerts. When you start a full disk scan, the Sentinel scan runs on your machine, and during that time, alerts that are usually not triggered in SentinelOne Singularity Endpoint can be triggered.
The time to detect in SentinelOne Singularity Endpoint is around 15 to 20 minutes, which is when we raise an alert to the client and get confirmation. These alerts involve various EXE types, and we inform the client about these alerts triggered in their machines, allowing them to confirm if it is genuine or not.
What needs improvement?
One area that has room for improvement in SentinelOne Singularity Endpoint is the inability to create a custom dashboard. You cannot create any dashboard according to your needs, which limits alert triggers across different countries. If they improve this feature to allow for custom dashboards, it would greatly benefit our customers.
For how long have I used the solution?
I have been using SentinelOne Singularity Endpoint for the last two years and one month.
What do I think about the stability of the solution?
I rate the stability of SentinelOne Singularity Endpoint as 10 out of 10.
What do I think about the scalability of the solution?
I rate the scalability of SentinelOne Singularity Endpoint as 10 out of 10.
How are customer service and support?
I give SentinelOne technical support a 10 out of 10 because it is the best EDR tool.
Which solution did I use previously and why did I switch?
I have not used any other EDR, but according to me, SentinelOne Singularity Endpoint is the best. We have used CrowdStrike, but only for one and a half months. While CrowdStrike has more functions, it cannot provide visibility the way SentinelOne Singularity Endpoint does. SentinelOne Singularity Endpoint offers many options in a compact format, and its use is better than other EDR tools.
What other advice do I have?
I would recommend SentinelOne Singularity Endpoint to other users because its threat detection and alerting are very quick. We have used CrowdStrike for one and a half months, but SentinelOne Singularity Endpoint triggers alerts much faster. Its compact features allow us to check seven to eight features effectively, and its pricing is lower than other EDR products.
SentinelOne Singularity Endpoint has better pricing compared to other endpoints. CrowdStrike has a high value, but SentinelOne Singularity Endpoint's pricing is easier for any organization to handle.
Regarding maintenance, there is no need for maintenance according to me.
I give this product an overall rating of 10 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
showing 1 - 10