From my IT experience, I have been working with multiple endpoints for about eight to ten years, and specifically with SentinelOne Singularity Endpoint for over four years.

I am a current administrator of SentinelOne Singularity Endpoint, and I have been involved in decision-making from vendor assessment to purchasing and deploying the product to end-users.

For SentinelOne Singularity Endpoint, our main use cases include endpoint patching and updating, whereby we roll out the agent to different operating systems. Overall, our experience with SentinelOne Singularity Endpoint has been very positive; the combination of MDR and endpoint protection significantly strengthens our security posture, especially as we grow as a small to medium business in the energy sector and battery manufacturing. I come from the US Energy sector, which manufactures zinc batteries in the United States and globally, with our headquarters in Pittsburgh, Pennsylvania.

The most valuable features of SentinelOne Singularity Endpoint include robust MDR support, autonomous EDR capabilities, real-time detection, rollback, and automatic remediation, which reduce manual workload. The lightweight agent that runs on any endpoint is crucial, and it provides clear visibility in the event of an incident, including a detailed storyline with guidelines for analysts. SentinelOne Singularity Endpoint works with all platforms—Windows, Linux, Mac, and even ARM devices—making it compatible across our devices.

The cross-platform support and ease of deployment make it a great fit for the energy sector, providing scaling from SMB to enterprise-level protection.

Regarding SentinelOne Singularity Endpoint's ability to ingest and correlate across our security solutions, we approach security as a defense-in-depth layer; if one tool misses a detection, others will pick it up. So far, we have not missed any detections, and we have a positive outlook on strengthening our overall security posture with the help of SentinelOne Singularity Endpoint, which reduces manual workload while providing enterprise-level protection, especially since we are a small to medium business with limited resources.

In terms of consolidating our security solutions, I would rate SentinelOne Singularity Endpoint a 9 out of 10 because it meets all our use cases effectively. It provides granular insights into endpoints and comes with feature roadmaps, including AI security analysis that helps us understand the usage of shadow AI in our environment, vulnerabilities, and overall system alerts. This functionality allows us to monitor how many threats were remediated and triggered, significantly enhancing our security posture.

We assessed the Ranger functionality a couple of months ago; we turned it on for a trial and subsequently turned it off. When we activated it, it scanned our network for shadow endpoints without SentinelOne Singularity Endpoint, identifying devices such as printers or scanners. It provided insight into unknown devices on our network and scanned for vulnerabilities, giving us valuable reports through the Singularity dashboard.

For reducing alerts, we need to collaborate with the MDR team to manage false positive alerts. The support from MDR is frequent; once an alert is triggered, they respond within 48 to 72 hours based on criticality. We are pleased with their support, which helps us address false positives. Although we receive more than one hundred alerts, we mark them as false positives to reduce noise. SentinelOne Singularity Endpoint interface is user-friendly, allowing us to manage daily tasks efficiently while maintaining high security without a large team.

Currently, we are managing about 10 to 20 different tasks or projects simultaneously, requiring minimum input from analysts. SentinelOne Singularity Endpoint MDR team provides guidance on handling alerts, helping us maintain a small security team while effectively minimizing the noise created by alerts.

The mean time to detect has significantly improved since implementing SentinelOne Singularity Endpoint from the previous technology we used, which lacked MDR functionality. With higher priority alerts, the response time is swift, enhancing our overall security and asset protection.

The mean time to respond has significantly decreased thanks to the features available, such as isolating compromised servers directly through the UI, which helps prevent the spread of threats on our network effectively.

We have not activated Purple AI yet, but when alerts occur, the guidance provided is helpful, summarizing what triggered the alert and offering steps for analysis. It aids our small team by providing high-level overviews of alerts.

To improve SentinelOne Singularity Endpoint, I suggest enhancing the dashboard and reporting functionalities for better customization, making it easier for management to access tailored reports. Also, deeper integration with other tools would streamline daily operations, especially as it currently does not support mobile devices—though I know this feature is on their roadmap.

From my IT experience, I have been working with multiple endpoints for about eight to ten years, and specifically with SentinelOne Singularity Endpoint for over four years.

So far, I find the stability and reliability of the service to be excellent, estimating 99.95% uptime.

The scalability of SentinelOne Singularity Endpoint has been impressive; as we have grown from 200 employees to where we are now, SentinelOne Singularity Endpoint has scaled alongside us, ensuring effective threat management and security.

My experience with SentinelOne's customer service has been positive; I would rate them four out of five. Although there were times communication was delayed by one or two days, they provided solutions reliably.

Before adopting SentinelOne Singularity Endpoint, we used McAfee.

We decided to switch from McAfee due to limited visibility on threats, manual remediation taking too long, a lack of centralized incident storylines, and difficulty managing alerts, particularly with their legacy AV missing modern threat detection.

The initial setup was straightforward, with SentinelOne Singularity Endpoint's dedicated team managing the backend script running migration for any online endpoints, ensuring a seamless onboarding process.

I participated in the initial setup of SentinelOne Singularity Endpoint as part of the migration project.

Prior to choosing SentinelOne Singularity Endpoint, we evaluated a few other vendors through POCs, and ultimately, everyone agreed to proceed with SentinelOne Singularity Endpoint.

During the POC, we tested a couple of endpoints in our environment, confirming that SentinelOne Singularity Endpoint is a good fit for our executive membership side, leading us to choose SentinelOne Singularity Endpoint.

In terms of consolidating our security solutions, I would rate SentinelOne Singularity Endpoint a 9 out of 10 because it meets all our use cases effectively. It provides granular insights into endpoints and comes with feature roadmaps, including AI security analysis that helps us understand the usage of shadow AI in our environment, vulnerabilities, and overall system alerts. This functionality allows us to monitor how many threats were remediated and triggered, significantly enhancing our security posture.

We assessed the Ranger functionality a few months ago; we activated it for a trial and subsequently turned it off. During activation, it scanned our network for shadow endpoints without SentinelOne Singularity Endpoint, identifying devices such as printers or scanners, and provided insights into unknown devices on our network, offering valuable reports through the Singularity dashboard. Although we have not yet activated Purple AI, the guidance provided when alerts occur is helpful, summarizing what triggered the alerts and offering analysis steps for our small team, providing high-level alert overviews.

I rate this review a 10 out of 10.

SentinelOne Singularity Endpoint is one of the applications that we are using in our environment. We have been hands-on with SentinelOne for more than a year now.

SentinelOne Singularity Endpoint is very good because alerts are generated on a real-time basis. The real-time detection makes it a much better option to rely on. In comparison to other tools like Wazuh, which we use as a SIEM tool in our environment, Wazuh detects alerts very late. However, EDR solutions like SentinelOne Singularity Endpoint detect alerts in real-time, so we can rely on it much more than other tools.

Purple AI was recently introduced by SentinelOne, introduced last year. Purple AI helps us while creating advisories for our clients to identify any ongoing vulnerabilities. From a data privacy perspective, it is good because Purple AI is an inbuilt feature that SentinelOne has introduced. It is comparatively much better than using any other LLM across the internet.

To make it much better, the STAR custom rule option that SentinelOne offers could be much better and easier to deploy. As of now, I have not learned it properly, but I know it is very useful for creating and deploying use cases. The STAR custom rule can be much improved in SentinelOne Singularity Endpoint.

SentinelOne Singularity Endpoint is very useful because if there is any virus or malware detected in any endpoints, it quarantines the malware or any malicious application that it deems unusual and should not be there. It works amazingly well in this regard because it quarantines and flags it as malicious through its behavioral analysis. For endpoint security, SentinelOne Singularity Endpoint is the best option.

If a user on an endpoint downloads a file from an unknown or malicious website that contains anything malicious or has an unknown presence of suspicious or malicious EXE, SentinelOne Singularity Endpoint uses behavioral analysis with static and dynamic components. Static analysis is rule-based and created by users like us, while dynamic analysis uses behavioral pattern matching. This is useful in zero-day attacks, which is why it is one of the best options when it comes to endpoint security.

SentinelOne Singularity Endpoint is very easy to understand because the incident options and threat options are easy to understand, and the UI is very user-friendly for understanding what use cases we can create. In comparison to CrowdStrike, which took a long time for us to understand regarding what use cases we could create, SentinelOne Singularity Endpoint was much easier for us to understand. SentinelOne Singularity Endpoint provides the same functionality as CrowdStrike and is also easier to understand. For this reason, I feel SentinelOne Singularity Endpoint is much easier and much more preferable compared to other solutions.

I would rate it eight out of ten.

Ranger functionality is something I am not familiar with, and I do not have any hands-on experience with that function.

It depends on the client's perspective. If we have to whitelist any specific thing, we can easily negate the rules that we have deployed in SentinelOne Singularity Endpoint. By doing that, the detection becomes much clearer.

To make it much better, the STAR custom rule option that SentinelOne offers could be much better and easier to deploy. As of now, I have not learned it properly, but I know it is very useful for creating and deploying use cases. The STAR custom rule can be much improved in SentinelOne Singularity Endpoint.

I have been using SentinelOne Singularity Endpoint for more than one year.

Scalability is ten out of ten because we can scale it.

SentinelOne's customer service is outstanding and rates ten out of ten. We have used SentinelOne support multiple times because clients have different questions that we cannot understand initially. When this happens, we raise those questions to SentinelOne's support team, and we get faster responses from them.

We have not deployed SentinelOne Singularity Endpoint in any cloud solutions as of now. We have deployed it on a server and agent basis on-premises only. We have not deployed it in any cloud solutions.

We have a team of fourteen to fifteen people who are currently working on SentinelOne Singularity Endpoint. Across our team, we have seven to eight clients, and every person has their own job. Some have the job to trigger alerts, some have jobs to raise those alerts that have been triggered, and some have admin tasks. Every task is distributed accordingly in our team. My overall review rating for SentinelOne Singularity Endpoint is nine out of ten.

SentinelOne Singularity Endpoint is used for endpoint security to detect, prevent, and respond to cyber threats in real time. Using AI-based behavior analysis, it helps the SOC team to investigate incidents, automate responses and actions, and protect systems from malware and ransomware. SentinelOne Singularity Endpoint includes EDR, XDR, and NGAV.

A favorite feature of mine about SentinelOne Singularity Endpoint is the VSS rollback feature, which is most valuable. If a laptop is infected with any malware, there is an option to rollback files and recover them from before the attack happened.

Using SentinelOne Singularity Endpoint has helped me reduce alerts because it is integrated with FortiSIEM, one of the leading SIEM tools, and with SOAR technology. Whenever alerts come on SentinelOne Singularity Endpoint, they are directly raised to SOAR technology automatically. This is an automatic tool, so manual interaction is not required. All work is done by SentinelOne Singularity Endpoint, and I only have to take action on the analyst's verdict to determine if it is a true positive or false positive and investigate accordingly.

Dislikes include high false-positive alerts and resource consumption issues with CPU and disk usage.

Ranger functionality is for network discovery and control features. Its primary role is to identify and manage unmanaged devices on the network by detecting rogue devices in detections. It ingests logs from network sources and captures threat metrics, including IOCs. However, I cannot confirm if SentinelOne Singularity Endpoint releases the alert through Ranger, as I have not worked heavily on this feature because the Ranger functionality license is not available. SentinelOne Singularity Endpoint captures different telemetry from network devices.

I have been using SentinelOne Singularity Endpoint for 2.3 years in my career.

Everything is perfect with SentinelOne Singularity Endpoint. There are no stability problems, and the system is very reliable and hands-on.

SentinelOne Singularity Endpoint is very good in scalability. Scalability is extremely easy to achieve as new endpoints and new detection points come on board. The system can scale any number of times, and only the license for each endpoint is needed.

Whenever I get stuck on any alert with SentinelOne Singularity Endpoint and do not understand it, or when I face any admin task challenges, I manually open a ticket with the customer team. Every time they help regarding the case. Each day, if I get stuck anywhere in SentinelOne Singularity Endpoint, whether with any admin task or threat hunting, the tech team or support team will surely help.

For the support team of SentinelOne Singularity Endpoint, I would rate them nine out of ten because there is a human voice there, so they are listening and responsive.

For the first two years in my organization, I used Symantec AV. After that, I changed my domain to SentinelOne Singularity Endpoint.

The initial deployment of SentinelOne Singularity Endpoint is easy and very straightforward. All that is needed is to set up a tenant and create a package file. Once installed, it automatically connects to the management console, and the entire system can be set up in one or two hours.

For one customer of SentinelOne Singularity Endpoint, one to two people are enough for deployment. Because we are a partner with SentinelOne and have many customers, one to two members are sufficient for each customer deployment.

I do not have knowledge about the pricing of SentinelOne Singularity Endpoint, as the sales team handles that. However, based on my knowledge, SentinelOne Singularity Endpoint is very flexible in its pricing range at approximately $9 to $10 per endpoint. We have 5,000+ endpoints because we are an MSSP provider, making it cost-effective.

I would choose SentinelOne Singularity Endpoint. In Symantec AV, there is only signature-based and behavior-based threat detection, whereas SentinelOne Singularity Endpoint has advanced behavior AI and pre-static AI. In Symantec AV, alerts must be manually raised and actions taken on the endpoint, but SentinelOne Singularity Endpoint has fully automated AI. The use cases are moderate in Symantec AV, but SentinelOne Singularity Endpoint is very easy with a modern UI. I prefer SentinelOne Singularity Endpoint because I have worked with both.

The mean time to detect with SentinelOne Singularity Endpoint is very low. The mean time to respond for SentinelOne Singularity Endpoint is approximately two to three minutes since it is integrated with SOAR, and alerts are raised within that timeframe. From endpoint to console, alerts are received in real time with no lagging. SentinelOne Singularity Endpoint requires no maintenance. Since we have a partnership with the SentinelOne Singularity Endpoint team and are an MSSP provider, no maintenance is required. My overall rating for this review is eight out of ten.

My main use case for SentinelOne Singularity Endpoint is endpoint protection, threat detection, incident response, and visibility across user systems and servers. I primarily use it for malware and ransomware detection, suspicious process monitoring, automated remediations, endpoint isolations, threat hunting, and root cause analysis using Storyline. SentinelOne Singularity Endpoint has AI-powered EPP and EDR with autonomous responses, making these the best use cases that I have used day-to-day for the past two years.

The endpoint isolation and threat hunting capabilities of SentinelOne Singularity Endpoint stand out as the most valuable for my team because we rely on them the most on a daily basis.

SentinelOne Singularity Endpoint has positively impacted my organization by helping us achieve faster containment of endpoint threats, better visibility during investigations, and reducing reliance on traditional antivirus tools. It has improved the MTTR for endpoint cases, reducing it by around 30 to 40 percent. Alert fatigue has decreased by around 25 to 30 percent, and manual remediation efforts have reduced significantly.

Reducing MTTR by 30 to 40 percent has helped my team significantly. Earlier, analysts had to manually collect logs from multiple tools and verify affected endpoints, which took considerable coordination and time. The coordinated isolation with SentinelOne Singularity Endpoint's process tree, file activity, network connections, and threat details already available in the alert saves a lot of investigation and containment time. Alert triage has become faster by around 25 to 30 percent due to clear alert prioritization with severity, Storyline context, and behavior integration, helping analysts quickly identify true positives and focus on higher-risk incidents.

SentinelOne Singularity Endpoint offers Storyline, which provides process visibility that is one of its strongest features. It helps me understand what happened before and after detection.

The detailed process visibility and Storyline in SentinelOne Singularity Endpoint are very strong features that help in understanding what happened before and after detection, making process visibility the best feature I have noticed.

I appreciate the autonomous response time in SentinelOne Singularity Endpoint. It can kill malicious processes, quarantine files, and isolate the system quickly. Additionally, behavior layer detection is not only signature-based, which is useful for known threats. The lightweight agent performs well on endpoints, resulting in better performance on endpoint systems.

One potential improvement for SentinelOne Singularity Endpoint could be enhancing the user interface during investigations, especially for SOC employees.

I have been using SentinelOne Singularity Endpoint for more than two years, and it is part of my daily SOC operations.

I have not used a different solution prior to SentinelOne Singularity Endpoint.

I have seen a return on investment with SentinelOne Singularity Endpoint, as it reduces incident impact, leads to faster responses and detections, reduces less manual remediation, and improves analyst productivity.

SentinelOne Singularity Endpoint Complete has helped me consolidate my security solutions.

SentinelOne Singularity Endpoint Complete has helped free up my staff for other projects and tasks, saving around 25 to 40 percent of their time.

It has also helped reduce my organization's Mean Time to Respond by about 25 to 30 percent.

SentinelOne Singularity Endpoint Complete has helped reduce alerts by around 20 to 25 percent.

One real case I handled involved a suspicious PowerShell execution on a user endpoint. SentinelOne Singularity Endpoint generated a behavior alert because the script tried to download content and spawn an additional response. I checked the process tree, parent-child relationship, command line activity, and network behavior using the console. I isolated the machine immediately after removing the threat, and what I appreciated was how quickly the investigation proceeded because the most required details were already available in one place.

Based on my experience, SentinelOne Singularity Endpoint Complete easily reduces alert fatigue by reducing alerts by around 20 to 25 percent. I would rate this product at 8.5 out of 10.

My main use case for SentinelOne Singularity Endpoint is to work in our environment mainly for endpoint protection, threat detection, response, monitoring and suspicious process, and investigating the alerts.

SentinelOne Singularity Endpoint offers behavior AI detection, which is not just a normal signature thing, real-time threat blocking, automatic endpoint isolation, detailed process visibility, and easy-to-use dashboards.

Using SentinelOne Singularity Endpoint has positively impacted my organization by significantly reducing malware infections, providing faster incident responses, and enhancing the state of our endpoints.

SentinelOne Singularity Endpoint has helped reduce my organization's mean time to detect (MTTD) by 30 to 40%.

SentinelOne Singularity Endpoint has improved my organization's mean time to respond (MTTR) by 30 to 40% due to its automated detection and response capabilities.

SentinelOne Singularity Endpoint sometimes generates false positives, which they can work on. Additionally, the user interface can be improved, and more detailed reports could help us further.

I have been using SentinelOne Singularity Endpoint for around three years.

SentinelOne Singularity Endpoint is very stable.

SentinelOne Singularity Endpoint performs very well in terms of scalability and is very good at scaling.

The customer support for SentinelOne Singularity Endpoint is good, and the support team is very responsive.

Before choosing SentinelOne Singularity Endpoint, I evaluated other options like Microsoft Defender for Endpoint and CrowdStrike Falcon. However, I selected SentinelOne mainly because of its strong behavioral AI-based detection and automated response.

SentinelOne Singularity Endpoint reduces the time of SOC employees, providing a return on investment.

SentinelOne Singularity Endpoint has freed up my staff for other projects and tasks, reducing their workload by about 40 to 60% due to its main detection and investigation capabilities.

Regarding pricing, setup cost, and licensing for SentinelOne Singularity Endpoint, I find the pricing to be dependent on the licensing and how many endpoints we have, so I don't have exact details on how it is handled by them.

I rate the customer support for SentinelOne Singularity Endpoint a perfect 10 out of 10.

If any organization is battling with strong endpoint security and seeking faster detection and response, SentinelOne is a very good choice.

SentinelOne Singularity Endpoint sometimes generates false positives, which they can work on. Additionally, the user interface can be improved, and more detailed reports could help further.

My overall review rating for SentinelOne Singularity Endpoint is 8.5 out of 10.

My main use case for SentinelOne Singularity Complete is for endpoint protection, threat detection, and automated response across all our corporate devices. Day-to-day, it is used to monitor endpoints in real time for malware, ransomware, and other threats. Automatically remediating detected threats and performing rollbacks when necessary allows us to maintain visibility into security events through the management console. Additionally, it supports our IT team with alerts and actionable reports for faster incident response.

A recent incident illustrates how we use it in our environment. Recently, one of our endpoints was targeted by a ransomware variant. SentinelOne Singularity Complete immediately detected the suspicious behavior, quarantined the affected files, and automatically rolled back the changes to restore the system to its previous state. This prevented any data loss and allowed the user to continue working without downtime. The alert also provided our IT team with detailed insights, helping us quickly understand the scope of the incident and ensure no other devices were affected.

We rely on SentinelOne Singularity Complete not only for malware and ransomware protection, but also for behavior-based threat detection, which can catch unusual activity that traditional antivirus might miss. It helps us maintain compliance by generating audit-ready security reports for management.

The best feature of SentinelOne Singularity Complete is that the console allows us to manage endpoints across multiple locations, which is critical for our distributed environment.

What stands out most about managing endpoints across multiple locations with SentinelOne Singularity Complete is the centralized dashboard, which gives us real-time visibility into all endpoints across every location from a single console. We can see threat alerts, device status, and policy compliance, which saves a lot of time compared to managing each location separately. Additionally, the reporting capabilities are very valuable. They allow us to generate detailed audit and compliance reports quickly, track trends, and identify recurring issues. This combination of centralized monitoring and actionable reporting makes it much easier to maintain a consistent security posture across our entire environment.

One feature I particularly appreciate about SentinelOne Singularity Complete is the AI-powered behavior detection. It can identify suspicious activity even before it is classified as malware, which adds an extra layer of proactive protection. I also appreciate how the platform automatically prioritizes threats based on the risk level, so our IT team can focus on the most critical issues first without being overwhelmed by alerts.

SentinelOne Singularity Complete has positively impacted my organization in several ways. Improved security regarding threats such as malware, ransomware, and suspicious behavior are detected and remediated automatically, reducing the risk of breaches. Better visibility across locations is another advantage. The centralized access console and reporting give us consistent oversight of all endpoints, helping us maintain compliance and quickly respond to alerts. Increased efficiency is evident as well; automated responses and rollback capabilities save our IT team significant time that would otherwise be spent manually investigating and resolving incidents.

Since implementing SentinelOne Singularity Complete, our IT team has been able to respond to endpoint threats up to seventy percent faster compared to our previous manual process. Incidents that used to take hours to investigate and remediate now often get resolved within minutes, thanks to automated detection, containment, and rollback. Additionally, we have reduced endpoint downtime by approximately sixty percent, minimizing disruption for our users.

In terms of improvement areas for SentinelOne Singularity Complete, while it is a very strong platform, there are a few areas where it could be better. Custom reporting flexibility is an aspect to consider; while the existing reports are useful, having more customizable report templates or an easier drag-and-drop option would help tailor insights to different teams. Granular policy control is another aspect to improve, as some security policies could benefit from more fine-grained control, especially for organizations with highly diverse endpoint and specialization workflows. Lastly, integration with other IT tools could be expanded, as additional out-of-the-box integrations with other IT management or SIEM platforms could further streamline operations. Overall, these are relatively minor improvements and do not take away from the core strengths of the platform. Addressing them could make SentinelOne Singularity Complete even more powerful and flexible for larger, complex environments.

A needed improvement for SentinelOne Singularity Complete is faster console load time. On very large deployments, the management console can sometimes be slightly slow to load dashboards or filter large endpoint lists. Faster performance here would improve efficiency. Additionally, enhanced threat insights in alerts would be beneficial. While alerts are clear, having contextual information and suggested remediation steps directly in the alert could help junior IT staff act even faster.

I have been using SentinelOne Singularity Complete for the last two years.

SentinelOne Singularity Complete is stable.

SentinelOne Singularity Complete scales very well across both small and large environments. The platform is designed to handle thousands of endpoints without significant performance degradation, and I have found it easy to expand the coverage as our organization grows. The aspects for scalability include centralized management, minimal performance impact, flexible architecture, and efficient resource use. Overall, SentinelOne Singularity Complete's architecture and automation features make it easy to grow with our environment, accommodating hundreds of thousands of endpoints without needing to restructure security operations.

Customer support for SentinelOne Singularity Complete is good.

I have seen a return on investment with SentinelOne Singularity Complete. Automatically detecting, remediating, and rolling back threats has reduced manual investigation by approximately sixty to seventy percent, allowing IT teams to reduce mean time to respond and mean time to detect, with mean time to detect improved by sixty to seventy percent. Resource efficiency is also enhanced; the platform's automation has enabled a smaller team to manage a larger number of endpoints without compromising security. Downtime is reduced by sixty percent. Overall, the solution delivers seamless operation, improved threat management, and cost-effective security, making a strong investment in our organization.

My experience with pricing, setup cost, and licensing for SentinelOne Singularity Complete has been positive. SentinelOne Singularity Complete does not require any maintenance from our end. There is a maintenance schedule once a month from SentinelOne itself. We receive prior notification if there are any maintenance schedules, but it does not take much time. The system will be offline for no more than five minutes. The security is still maintained during that time. If any alerts come, they are automatically recorded.

Before choosing SentinelOne Singularity Complete, we evaluated multiple options such as CrowdStrike Falcon, Microsoft Defender for Endpoint, and other EDR solutions. We conducted a proof of concept phase to see which aligned best with our security requirements and operational workflow before committing to SentinelOne Singularity Complete.

In our environment, we do use Purple AI as part of SentinelOne Singularity Complete to help with threat analysis, investigation workflows, and speeding up the incident triage. Purple AI acts as an AI-powered security analyst, helping translate complex data into actionable insights and enabling faster threat hunting and investigation across our endpoint security data.

Purple AI plays a critical role in amplifying our team knowledge by helping us interpret alerts, investigate threats, and identify patterns across endpoints quickly. It essentially amplifies our team's knowledge by providing contextual insights, suggesting remediation steps, and correlating between security events that might otherwise be missed.

SentinelOne Singularity Complete has significantly reduced the number of alerts our IT team has to handle manually. By leveraging AI-driven behavior analysis and automated threat automation, low-risk or duplicate alerts are filtered out, allowing the team to focus on the most critical incidents. In our experience, the platform has reduced actionable alerts by fifty to sixty percent.

SentinelOne Singularity Complete has significantly reduced our organization's mean time to detect. With real-time AI-driven detection, automatic alerts, and behavioral analysis, threats are identified almost immediately upon occurrence. In our environment, we have observed that mean time to detect has improved by approximately sixty to seventy percent, meaning our IT team can detect and respond to incidents much faster than before. The rapid detection has been critical in preventing escalation and minimizing potential impact on end-user systems.

SentinelOne Singularity Complete has significantly reduced our organization's mean time to respond, thanks to automated remediation, rollback capabilities, and prioritized alerts. Our IT team can respond to incidents almost immediately. Mean time to respond has been reduced by approximately sixty-two percent, allowing threats to be contained and resolved in minutes rather than hours.

For others looking into using SentinelOne Singularity Complete, I advise utilizing the Purple AI summarization. The alert without much manual investigation allows us to determine if it is a true positive or not by seeing the Purple AI alert summarization, what happened, what process, activity, and what the underlying behavior is. Overall, SentinelOne Singularity Complete is highly effective, but organizations get the most value when they combine automation, AI, incident, and proactive management. Regularly reviewing the report with audit features is valuable for complete tracking of trends. Utilize the AI-driven insight to amplify your team knowledge and reduce alert fatigue. Planning for deployment across sites if you have multiple locations is essential, as is planning your policy and endpoint coverage for centralized management. I rate this solution a nine out of ten.

I use Singularity Platform as a SIEM across many infrastructures, including cloud and on-premises environments, to detect attacks on endpoints, cloud workloads, identities such as Active Directory, and network signals.

Singularity Platform is used to detect, investigate, and respond to threats all in one platform, which is why it is called Singularity Platform, because it has EDR, XDR, and cloud security all unified in one system.

I use fraud detection while working with financial companies and many fintech companies. Although SentinelOne is not known for fraud detection, it does detect stolen credentials, accounts that have been misused, or privilege abuse. I use it to a certain extent, but I cannot provide a deep-dive analysis on it today as I am fatigued from working through the night.

In my organization, I have around ten clients, of which six use SentinelOne as a SIEM, mainly financial companies, with one being a shopping-based company. I cannot provide all client details, but that is the general overview.

The best feature of Singularity Platform is that everything is unified in one platform, which would be a main unique selling point for them. The unique feature is Next-Gen AV plus EDR, which detects and blocks threats in real-time.

There is a rollback feature that rolls back to the previous state if anything goes wrong after a new feature is installed or a ransomware attack occurs. Singularity XDR extends visibility beyond the endpoints and correlates how the endpoint, cloud, identity, and network help me to see a full attack chain.

The real-time personalization feature allows for customizing the detection rules and adapting security decisions based on who is doing what and where. It tracks users with behavior-based personalization, detecting abnormalities such as a non-admin gaining admin access. It also detects credential theft by correlating identity plus endpoint data for better context.

For policy personalization in my SOC, I group devices based on alert names, agent versions, or OS types, which helps significantly. I can personalize based on alert severity and true positives or false positives, leading to automated responses. A unique feature in Singularity Platform is StoryLine technology, which connects incidents into a full storyline attack.

It explains the attack pattern in a way that follows commands executed after an incident, and I can write workflows using AI, working even offline, mainly with agent-based decisions without constant cloud dependency.

I have customized dashboards for my companies, including an overview dashboard showing alerts from endpoints. I created a unified dashboard with a network and an endpoint dashboard, consolidating SOC-related unassigned alerts and daily solved alerts. I customized that dashboard myself, and it is very easy to do, being a UI-based feature.

Real-time monitoring is very helpful, helping me stay one step ahead in cybersecurity. It allows me to see exactly what is happening at this moment, and knowing about an attack immediately is better than knowing an hour or two later. The sooner I know, the better it is for me. Real-time monitoring helps me significantly as a SOC analyst, making it one of the best features. After an alert, analyzing what happens next is just two to three clicks away, needing only to input the timeline, the query, and the affected user or endpoint.

For improvement, I would say the infrastructure is very slow; the application I use is sluggish, potentially due to workload or problems on my company's side.

Although they have fantastic features, if it is not working properly, it hinders performance. Recently, during maintenance, it was still operational but sluggish, with features not working as efficiently.

Grouping alerts previously worked fine but now requires multiple clicks to achieve the same result, which is problematic. They could improve the UI and focus more on creating new rules from their MDR team.

Although they are working on automation, they could advance automatic remediation capabilities further than they are currently.

I have been using Singularity Platform for the last six months.

I would give stability a seven, as it usually crashes, requiring me to log in repeatedly.

Singularity Platform is very scalable but requires planning; it is not as easy as Orca Security or agentless platforms because it has agents. I would still give scalability a seven.

I would rate technical support as an eight.

Comparing Singularity Platform with other vendors, I find others also have fantastic features, but SentinelOne has unique offerings like the StoryLine feature, Purple AI, and a unified platform where endpoints, cloud security, and assets come together. This gives them a great advantage. Although there are better security tools in the market, considering the money I spend, SentinelOne is much more cost-efficient than other products. For example, Microsoft Sentinel is much too costly for my company, and although CrowdStrike provides top-notch service, SentinelOne is still doing well to keep up with market needs, though there is room for improvement.

Singularity Platform requires maintenance, which is typically done on weekends. Although there was a maintenance window recently, it is almost acceptable, but technical issues can cause lag or latency, which is common in upgrades. They can improve by utilizing a backup or other measures.

I recommend Singularity Platform because of features such as the StoryLine model, Purple AI, and automating workflows with hyper-automation capabilities. I would hesitate to recommend it solely due to reliability issues.