I use SentinelOne Singularity Complete on our servers, specifically in our remote desktop services environment. I also use it alongside ESET for our workstations. Our environment isn't huge, with about 30 people, although we've had up to 50 users. I mostly use it as a security solution.

We have noticed a reduction in alerts since implementing SentinelOne Singularity Complete.

The security aspect is the most valuable feature for me. Although SentinelOne Singularity Complete is marketed as providing superior blocking capabilities, my experience has varied. It has helped reduce alerts compared to other security solutions, which can be a positive feature since constant alerts tend to be overwhelming. However, this also leads to uncertainty about whether the solution is doing its job effectively.

The solution could improve its notifications and communications. For example, I don't receive much information about what threats have been blocked. A weekly report logging blocked threats would be helpful. Additionally, there should be a balance between too many notifications and no notifications at all, as neither product I'm familiar with strikes a comfortable medium.

An agent of ours clicked a link in an email that initiated what appeared to be a ransomware attack. The only thing that prevented the attack from succeeding was a free version of Malwarebytes that was running on the session, which effectively protected against it. The MSP confirmed that SentinelOne failed to detect the threat, but the free Malwarebytes version ultimately prevented it from impacting or compromising our systems.

Singularity Complete's interoperability with other SentinelOne solutions works well, but it doesn't work well with other third-party tools. Initially, it conflicted with the ESET we use on our workstations and the staff computers, and then they had to set up a white list for that.

I have a year and a half of experience with SentinelOne Singularity Complete.

SentinelOne Singularity Complete sometimes conflicts with third-party solutions. Initially, it conflicted with ESET on my workstations, requiring a whitelist setup. This indicates room for improvement in stability when interacting with other solutions.

My deployment is relatively small, and SentinelOne Singularity Complete works within those constraints. However, it is more of an add-on than a tool for consolidating security solutions within my organization.

My experience with SentinelOne's customer support has been mixed. We were performing a software upgrade for our Office Suite, which required temporarily disabling SentinelOne on the server. This was necessary because we were removing and reinstalling software. However, we couldn't simply request that our MSP disable it immediately. SentinelOne's policy required the MSP to contact their company and schedule the deactivation at least 24 hours before. Although we notified the MSP 12 hours before our intended start time, we could still not proceed as planned. Consequently, we had to postpone the project by an additional 24 hours.

We previously used ESET on our servers, but our managed service provider recommended switching to SentinelOne Singularity Complete. ESET provided more frequent notifications, alerting us when it blocked something, which was helpful, although sometimes a bit excessive, similar to Norton products. While not quite as intrusive, finding a comfortable balance between ESET's transparency and Singularity Complete's lack of communication is challenging. Neither product offers the ideal middle ground; it's either an overwhelming number of notifications or none at all.

The initial setup was handled by the MSP, and I was somewhat against it from the start because I had heard rumours about it being a significant resource hog. My only concern was that I didn't want anything that would negatively impact the environment and slow it down, as the agents don't have time for that. Unfortunately, right from the start, we experienced the very impact I feared. Agent logins, which usually took around ten seconds, took six to seven minutes.

The deployment was completed in one day.

My implementation involved three people: myself, the marketing VP, and a former IT staff member. I had to reboot the servers, which caused minimal downtime.

Other than some delays initially with the agents and then during a software upgrade, there hasn't been any significant impact on ROI.

I did not notice a significant increase in cost after adding SentinelOne. It was close to the previous year's cost, which could be an annual increase unrelated to SentinelOne.

I rate SentinelOne Singularity Complete seven out of ten.

When we first deployed SentinelOne Singularity Complete with remote desktop services on our RDS server, we encountered problems. The software was running multiple instances of itself, one for each user session, in addition to the instance running on the actual server hardware. This caused the server to run extremely slowly, with users experiencing login times of six to seven minutes before reaching their desktops. To fix this issue, the MSP changed it to where it wasn't running independent sessions. It would just run on the server itself. It took the MSP half a day to make the changes.

SentinelOne Singularity Complete can be a decent solution for environments with newer hardware that can handle the overhead. It has a reputation for being secure, but its impact on performance was not suitable for my environment.

SentinelOne Singularity Complete is primarily used for endpoint protection and integrating vulnerability reports from assessments. It also provides device control, exclusion management, and block listing capabilities.

Our clientele represents a diverse range of industries, including insurance and manufacturing.

Singularity offers complete interoperability with other SentinelOne solutions and third-party tools, and our clients have reported no issues.

The Ranger functionality provides network and asset visibility, allowing identification of installed and uninstalled assets within the environment. This capability contributes to maintaining a clean and organized environment.

It can prevent unauthorized access and use of USB drives, a common source of malware. Personal USB drives can carry malicious software that infects an entire network. Therefore, SentinelOne Singularity Complete plays a crucial role in protecting organizations from these external threats.

SentinelOne Singularity Complete enables in-depth root cause analysis and the ability to add exclusions as needed, effectively minimizing alert volume.

SentinelOne Singularity Complete helps users save approximately one-third of their time, allowing them to focus on other tasks.

SentinelOne Singularity Complete helps reduce our mean time to detect and helps reduce our mean time to respond by 25 percent.

SentinelOne Singularity Complete helps reduce environmental risk by identifying vulnerabilities.

The visibility feature is crucial for effective detection analysis. The user-friendly console ensures ease of use and learning, even for beginners. Furthermore, the tool's capacity to consolidate various security solutions and perform risk correlation analysis enhances its value.

The primary issue is the console's random automatic logouts, requiring users to repeatedly re-enter their username and password. This problem needs to be addressed.

I have been using SentinelOne Singularity Complete for about six months.

The system has experienced interoperability challenges and high resource utilization, particularly with CPU and RAM.

SentinelOne Singularity Complete is highly scalable.

The response time of customer service could be improved.

The initial setup involves configuration policy setup and deploying the agent, which is straightforward if done through tools like SCCM.

Deployment can be managed by one person when using SCCM or similar tools.

The manual effort used for tasks like remediation has been reduced, contributing to ROI.

While SentinelOne Singularity Complete carries a higher price tag than some endpoint security solutions, customers find its robust features and return on investment justify the cost. However, it remains a more budget-friendly option compared to CrowdStrike.

CrowdStrike is a comparable endpoint integration solution. SentinelOne is priced higher than CrowdStrike.

SentinelOne's console offers a more user-friendly experience compared to CrowdStrike and Trend Micro One, making it particularly well-suited for beginners.

I would rate SentinelOne Singularity Complete nine out of ten.

We have many endpoints in multiple locations.

Maintenance is only required if an agent is disabled or cannot connect to the controller; otherwise, no manual intervention is needed.

As a security partner, SentinelOne is on par with CrowdStrike and has strong potential to become a leader in its field.

I recommend SentinelOne for its ease of use and management, especially for new customers. The user-friendly console and straightforward deployment process facilitate a quick learning curve. Furthermore, its cloud-based architecture minimizes the burden of updates.

We use Singularity Complete for end-to-end endpoint security protection, including EDR integrated with other platforms for XDR. The ransomware rollback feature of Singularity is a key reason for its use.

It is primarily for integration with SIEM to have a single pane of view, integration with web security for sharing insights, and automation of remediation tasks. Additionally, network discovery from the Singularity platform is used to identify rogue devices quickly.

Visibility is greatly improved with Singularity Complete as it allows visibility into endpoint devices and the processes running on them.

The most valuable feature is the ransomware recovery and rollback feature. The platform's ability to easily integrate with various other platforms is also highly valuable.

It also enables integration with other technologies, saving costs associated with having point solutions. The integrated system allows for significant automation, reducing the time and effort needed for management.

The mean time to response has reduced from hours to minutes due to integrated automation systems.

Improvement is needed in terms of product support. The compatibility with new legacy systems should be enhanced as other EDR products support these systems, which Singularity does not.

I've been working with Singularity Complete for three years.

Singularity is a very mature product that supports most assets available in any enterprise environment. It runs seamlessly without challenges.

Singularity Complete is suitable for large and mid-scale enterprises.

Technical support could be better. I would rate it around six on a scale of one to ten.

CrowdStrike is a competitor. Singularity is better because it supports the ransomware rollback feature.

The setup process is simple and user-friendly.

Initially, anyone can deploy out of the box. When tuning aligned with the environment is required, assistance from a system integrator is recommended.

Integration helps save costs by reducing the need for point solutions.

Pricing is not pocket-friendly. It can be difficult for small-scale companies.

SentinelOne's main competitor in the market is CrowdStrike. However, Singularity Complete is preferred thanks to its ransomware rollback feature.

We have the Singularity Endpoint Detection platform along with the MDR service. We are using their Singularity Enterprise offering along with Vigilance Pro.

We are currently in the process of deploying it. We started with the deployment earlier this calendar year with a goal of reaching 30,000 endpoints this year. We have deployed to about 25,000 endpoints to date. Our end goal is 100,000, but that will be phased in over the next year.

Our deployment experience has been excellent. We have received a ton of support from their customer success team. We are using this initial deployment to tune the product to make sure it is not causing performance issues on our endpoints. We are going about it in a very methodical fashion.

It has helped us achieve business goals in a few areas. Even though we are early in our adoption, there are a few areas where I have seen benefits. One is around the technology, the solution itself. It provides our security analysts with a very succinct and usable interface that they can use to effectively and efficiently manage incidents and investigations.

The second area is around the MDR. This has been a huge benefit to us compared to our prior solution. We used to get a lot of false positives. That took up the time of our security analysts, which then took away time from addressing real problems.

The risk management at Lenovo has improved greatly over our prior toolset. We have identified risks that we would not have otherwise identified with our prior implementation.

Our analysts' efficiency has gone up tremendously. We are not chasing false positives. The tool provides timely and relevant information to our analysts so that they can address the events with confidence. They know they are working on the right activities, and then along with the managed service, they are not chasing rudimentary incidents. Those are being resolved before they can get to our team.

It has definitely helped us reduce noise. In the prior platform, which we are phasing out, the false positive rate was tremendously high. That caused a huge amount of inefficiency in the team.

It has helped us increase our incident response because we are working as a team. We not only have an improved platform for detecting and managing incidents; we are also partnering with SentinelOne on the MDR and the managed service aspect of it.

It has helped us improve our mean time to respond from a perspective of seeing what is happening. I do not have any metrics related to the percentage of that improvement.

It has highlighted the risk of insider threats, and we have found that on multiple occasions. It is hard to compare if they would have been caught in our prior solution, but we have increased visibility into what is going on across our network and the machines that are connected to it.

SentinelOne is an integral part of our AI strategy. We have recently got a chief AI officer in our organization. He happened to be our chief security officer, so we take AI very seriously. There are two things that AI can impact. We can leverage SentinelOne to help us protect the AI models that we develop and use, but we can also leverage AI for endpoint protection in the product itself. We can utilize the AI offering to improve our response rate and mean time to respond.

We are freeing up our resources and our security analysts' time to focus on the most critical threats to our landscape by not having to chase down false positives. In conjunction with the MDR, many of those incidents and events are mitigated and resolved without any intervention from our team.

SentinelOne can continue to make the presentation of relevant and timely data to the analysts as succinct and clear as possible. It will allow analysts to execute remediation or resolution with the least amount of clicks.

We started with the deployment earlier this calendar year.

The support from SentinelOne has been second to none, exceeding expectations. Maybe we are in the honeymoon period, but they have definitely exceeded expectations. I have been part of many deployments, not just of cybersecurity platforms but also of other platforms, and SentinelOne, in comparison, has been second to none.

We purchase it through CDW.

One of the primary considerations in evaluating EDR and identity security vendors was around the effectiveness of the detection and the ability to tune the solution to fit our needs. The presentation of the data to our analysts and the ability to detect events and threats that were not detected by our prior platform played a big role in that. We also were able to test out the MDR service as part of our proof of concept. That pushed it over the edge from anything we experienced with other vendors.

Earlier, we had a high false positive rate coming in, which would take up our analysts' time. In addition to that, our prior vendors or other vendors would report threats and incidents to our team but not what action to take to resolve them. The huge difference that we have seen is that we are now getting feedback from SentinelOne and the MDR team, and it is coming back completely resolved and completed. We are more on an information basis, and we do not have to spend any time on resolution or investigation.

Anyone considering changing their endpoint detection or SIEM solution should consider SentinelOne. It offers benefits in the product and technology aspect, service aspect, and partnership, allowing us to influence the roadmap and plan our cyber defenses.

Even though we are early on in our adoption, we have had a direct line of contact with the product team. We have been able to provide feature requests. We are not simply a customer of SentinelOne. We view it as a partnership. We can influence the roadmap. Likewise, SentinelOne is providing us a vision of their roadmap, and we can plan accordingly how to steer our cyber defenses.

As it stands today, I would rate SentinelOne Singularity Complete a nine out of ten simply because we are so early in our adoption that we are not taking full advantage of all the aspects of the solution. We will continue to grow and mature alongside the product.

We use SentinelOne's EDR platform. We use Ranger for network discovery. It helps to find out any endpoints that do not have an agent or rogue devices that may come up on the network that are not protected. It allows us to isolate them until we have the proper protections in place.

We are starting to delve into Identity.

The EDR platform has helped us achieve our business goals by providing the best security against ransomware, which is the number one threat to our business.

We have seen a lot of benefits since we deployed SentinelOne many years ago. We were able to consolidate around eight different antiviruses globally. It saved us licensing costs, human capital, and the amount of time it takes to keep up with some of the legacy technologies.

Other than that, the product gives us so much visibility to things. We did not have that visibility before. It also gave us access to every endpoint globally from a single platform. My engineers and my SOC operators are able to touch every endpoint globally in a matter of seconds. We are able to consolidate all the data that we are getting from the platform. We then build rule sets and protections and automate playbooks to be able to help save time so that we can focus on some of the bigger threats that we have.

SentinelOne has had a huge impact on our risk management posture. In my viewpoint, any threats, especially with ransomware being the biggest threat to our business, can lead to downtime for operations. If manufacturers are not making the product, we are not making money.

SentinelOne has helped us improve our analyst efficiency because of the simple fact that it is a single singular platform where they have access to every endpoint data that is out there in the world in our scope of devices. It gives them the ability at their fingertips to dive deep into the telemetry data that they need to make a justification or make a decision about a threat.

SentinelOne helps us reduce noise. We also leverage SentinelOne Vigilance as a managed service provider, which takes away the load from my analysts. It enables us to develop playbooks to cut down the noise and helps us to prioritize what matters the most, which makes us way more efficient. It makes us speedier when it comes to the time to react to a threat.

SentinelOne, especially the Vigilance team, helps us to reduce false positives. It is not only because the technology itself is so good at what it does; it is also because of the information that we get related to a threat or an alert. The information is enough for us to have some sort of disposition on what that is. We can then write a rule or mute that through a click of a button so that it is not constantly coming to the surface.

SentinelOne helps us with our incident response process tenfold. We have so many options, from automation to using Purple AI, to give my analysts more confidence in their abilities. It is an amplifier. It is not a replacement. It is a way for them to build their confidence and skill set, but it also increases our efficiency and our time to respond to threats. The storylines with SentinelOne were probably one of the first things that caught my attention back when EDR was new to the market. They help the analyst develop a storyline or improve the storyline that they have already developed.

SentinelOne helps us with our mean time to detect by the fact that we have every endpoint consolidated into one platform. We have the prioritization based on the rule sets, the type of devices, the classification of the data it holds, or the classification of the department or the sensitivity of a manufacturing process in that environment. These methods help to cut the detection time for my analysts.

The platform provides multiple ways to communicate. With the addition of Vigilance and their main services, there is a very drastic reduction in the mean time to respond based on the information they give us. The information that we receive from those methods helps us to make a lot quicker decisions with the threats.

From an organizational perspective, SentinelOne helps me and empowers my team to be able to communicate to the business about some of the adversarial threats that we have in our environment. A lot of times when an endpoint or a production or line unit is impacted, the teams come to us with reports of a false positive, but in fact, it is not. SentinelOne helps us to educate, inform, and reinforce to the organization why we are here. We are here to help. We are here to help the business grow.

When we first looked at SentinelOne, we had a very distributed legacy antivirus environment. Through SentinelOne's platform, we were able to consolidate about eight different antiviruses globally, thus saving money and time. There were savings in terms of human capital or the amount of time it takes to keep up with some of those legacy technologies.

Like any vendor, SentinelOne had its challenges, but throughout our history as a partner and as a customer, they followed through with every commitment they made. That is huge. I do not look for a vendor, I look for a partner—a long-term partner. CISOs need partners to be successful. We have to lean on each other. There are things that they can do to improve the console or improve the product, and they are making strides in it. One value that I can bring to them is the fact that I am on the advisory board. As a customer, we bring problems or challenges or even opportunities to them that they take back to their product teams and marketing teams to come up with a solution. Being able to ride side by side with some of the developments they are making now, in the near future, or in the far future is pivotal to the success of a security organization.

We have been using SentinelOne's EDR platform since 2018.

The support teams speak various languages worldwide, which is beneficial for a multinational corporation like ours. We have teams across the world, and having support in native languages saves us time and increases efficiency.

We had a very distributed legacy antivirus environment before and selected SentinelOne for its consolidated platform.

We are also using a different SIEM solution currently but are considering migrating to full XDR in the future. We rely very heavily on managed services and Vigilance. We have a small security team, but over time, we will be able to build some hybrid models or hybrid approaches and start to go towards XDR.

When we looked at the EDR, having a single agent was a big deal. We have come a long way since then, but one of the primary reasons why we chose SentinelOne was their ability to package everything from a single agent.

The ROI is significant with SentinelOne, as it saves us money, time, and human resources by consolidating eight different antiviruses into one unified platform globally.

SentinelOne makes licensing easy by reducing the number of modules or packages that they have to offer. A lot of other vendors make licensing very complicated with separate modules or separate costs. By bundling necessary features, SentinelOne ensures that security leaders are not left confused by options. This bundling of necessities has served our needs well.

As they bring on more technologies and more offerings, they are either bundled with the premium packages or other packages they have or they are bundled separately as another SKU.

We compared SentinelOne against its competitors while evaluating EDR solutions. SentinelOne stands out to me from the competition because they stand by every commitment they make. They are extremely transparent and extremely collaborative with the customer base. They take back everything that the customers bring to the table and make the product better. It is a two-way street. We also have to give. We are giving that money for a product, so we are investing in them. At the same time, we want to have a voice. They allow us to have a voice. The fact that they are a true partner sets them apart from the competition.

Their transparency, their willingness to work with customers and receive feedback, and the humility to admit their faults but figure out a way forward with their trusted partners or customers set them apart from the competition. They have done a good job of getting the endpoints correct. They have done a good job at saturating the market with such a good endpoint product. The endpoint data is the most critical telemetry data that we have. If you think about network and email, those are all delivery methods, but a crime is only committed at the target location, which is the endpoint. With that being the most valuable information we have, they have done such a good job with that. They are already there at the endpoint. There are a lot of other things they can do to improve the data that they have with things like identity and network discovery. There are opportunities where you take Purple AI out and put it on top and extend the width or breadth of your security team. You can extend the breadth of reach across multiple facets or multiple layers of defense from one single platform.

AI is huge. It is a topic that comes with a lot of different variables. Some are good, and some are not so good. AI as a whole is not something to fear. It is no different than what mobile computing or cloud computing was. We have to embrace it. Embracing it empowers security organizations, security leaders, and security teams. It empowers them to make more and better decisions, and it also saves some time because a lot of the things that they are doing can be automated through the use of AI. It empowers the defenders, and by empowering them, it saves them time and allows them to focus on more important projects, more important topics, or more important threats. AI can help us cut down our mean time to detect and mean time to respond.

I have had several colleagues looking at SentinelOne and comparing them against some of the competitors, which is what you are supposed to do. To those who are considering purchasing SentinelOne, I would advise moving beyond the product. Do not just consider the product when evaluating SentinelOne. Focus on the leadership, product development teams, and their commitment to working closely with customers for long-term success.

SentinelOne is a true partner. We have had our issues. We have had our incidents. There were some times when I was desperate and needed help. They have been there. They are not there at the meat of it. They have traveled that road all the way to the end with me. That speaks volumes. To colleagues and people who are not yet using SentinelOne, I would recommend taking a look. Go beyond the curtain, the actual product, and the marketing. Look into the teams. Look into the leadership. Look into the success of other customers out there like myself. Call them. Talk to them. Challenge the product and challenge the teams, but do not let the first responses ever be the answer you go with. Continue to develop that relationship. That is what you should look for as a partner.

On a scale of one to ten, SentinelOne is definitely a ten. That is not just product-specific, customer support-specific, or road map-specific. A lot of different areas combined give it that score. Having a true partnership means that you are bringing everything to the table. You are helping each other grow.

We use SentinelOne Singularity Complete for all of our endpoints, including virtual machines, physical servers, and laptops.

The solution gives us a good sense that the systems are secured against malware, drive-by fileless attacks, and advanced behavioral attacks. This is our primary reason for having the product, and it does a good job in that regard.

It does not require a lot of management. It is hard to quantify the time savings but it does not require a lot of our time. If I spend an hour a week on it, that is a lot.

It is hard to quantify the reduction in the mean time to detect unless you are a pretty big organization and you are tracking that. However, it has been able to detect things and alert about them pretty much instantly in the console. We also get emails right after that. In terms of the Vigilance MDR service, one Saturday morning, I tripped an alert for something I was doing. I thought of waiting and seeing how long it would take on a Saturday morning at 10 AM for them to jump in and figure it out. They took about 20 minutes.

Any good endpoint security product should reduce your organizational risks, and SentinelOne Singularity Complete has done that. It is almost impossible to quantify the reduction.

We were able to easily realize its benefits within 30 days.

The console is light years better than the CrowdStrike console, which had just a bunch of different screens cobbled together. It is much more unified and much easier to work with. It is very nicely designed. It is one of the better user interfaces I have ever seen for web application management.

The product is pretty easy to manage and pretty easy to deploy. It also has a pretty low resource footprint.

The false alerts can be annoying, especially during administrative tasks. We have had a number of occasions where the software impacted a third-party application, so the application would either not run or exhibit other technical issues. We were also not getting any alerts in the console to indicate that SentinelOne was having a negative interaction with the product. Finally, after hours of troubleshooting, we turned off the endpoint security for the product, and the application just started working fine. We have probably had a good half dozen of those. It is quite annoying.

I have had experience with SentinelOne Singularity Complete for two years.

Their support is top-notch. I have been in the business for thirty years, and I have dealt with just about every support company out there. I am used to mediocre enterprise support, but SentinelOne's support is very good, deserving a ten out of ten.

We were running CrowdStrike prior to SentinelOne. We were using CrowdStrike Complete, but it was simply way too expensive to sustain for our budget. We were looking for something that was equally capable and did not have a huge price tag with it, so we ended up going with SentinelOne and their Vigilance MDR service.

SentinelOne Singularity Complete has not helped us consolidate other solutions. It was a one-for-one replacement for CrowdStrike. It has not helped us to get rid of anything at this point.

I have used Bitdefender in the past. We had their GravityZone Ultra, which had XDR Complete, but there were so many alerts. We would literally spend hours. We would pick a day a week or a day every couple of weeks and try to trace down alerts and clear out the console. From that perspective, SentinelOne does give off fewer false positives. However, when we are dealing with administrator or network administrator or developer tools, for obvious reasons, they tend to trip the alerts on the product. For normal end-user work, there are seldom any false positives or alerts that are not valid. It is almost never. I am the IT director, and it is always tripping on things I am doing. When I install some encryption software or disk wipe software, I get many alerts in SentinelOne, but for the actual end-users, typically, we do not get any false positives.

We use their public cloud. We deploy the agents ourselves. We do the updates through their public cloud, but we do the initial deployment ourselves.

The initial setup was pretty straightforward. There are some nuances to the product, naturally. It is an enterprise-class endpoint security product, so there are things that you need to learn and understand about how it works. The same is true of CrowdStrike, Palo Alto Cortex, or any other product in the same category.

We have multiple locations with about 35 remote users.

We used their onboarding service, which was very helpful because we would have meetings every week or two with the actual SentinelOne employee engineer to talk about our deployment and ask questions about particular features and best practices. It was worth the extra expense.

I had one other network administrator working on it with me, and I just assigned him the task of deploying software and working with me on some of the policy configurations.

I do most of the maintenance on it. The maintenance typically requires adding an exclusion here or there, troubleshooting an issue, or uploading logs for support to look at an issue or a question that we have. I do not spend 50 hours a year on it.

SentinelOne is significantly less expensive than CrowdStrike. I recently did a price comparison between CrowdStrike and SentinelOne to determine where we are going for the next three years. CrowdStrike is 200% to 300% the cost.

For their complete service, we were paying CrowdStrike 45K for 85 endpoints for a year. We have stepped down, and we are doing MDR and not having SentinelOne manage our policies and things. We have 200 endpoints, and our yearly cost is 17K, so we have gone from 45K to 17K. From a detection standpoint, depending upon which MITRE framework tests you look at, both vendors jockey up and down in the top ten. They are pretty comparable from a performance and efficacy standpoint, so there is not a 200% to 300% gap there.

I always do a round-robin. My final three ended up being Palo Alto Network's Cortex product and CrowdStrike's Falcon product, the lesser version of their MDR Overwatch product.

The thing that I did not like about Overwatch was that they would tell you that something was going on and here is what you should do, but they would not help you with it. SentinelOne was a little bit more helpful in terms of hopping in. Ultimately, Palo Alto is not support-friendly. I use Palo Alto Firewalls, and their support is not that great. It has not been for a while, so I hesitate to go into their endpoint security as well. It is also expensive. It requires a lot more infrastructure and cost to deploy. It is probably more akin to CrowdStrike from a cost perspective.

I briefly considered Bitdefender's MDR solution using GravityZone where they did the MDR piece of it. It was probably half or a third of what we would have spent for SentinelOne, but I did not have the sense that it was quite the next-gen product that I was looking for, even though it scored pretty well.

All these are very similar because they base their activity on what a piece of software is trying to do on the system. It is a real-time behavioral analysis. They do not use predefined signatures from the last 25 years. They are trying to do things in real time. In terms of how long it takes to have visibility into what an application is doing and how quickly they can lock it down once they have the visibility, each vendor scores differently, but each of these three would generally be considered in anybody's top five.

SentinelOne is fairly innovative. I like what they are doing with the integration of their Purple AI for being able to do real-language queries of their telemetry data. You do not need to know all the correct syntax, which helps us non-SecOps folks who have to dabble in it periodically. We can do real-world queries. I have not asked for pricing on that. It is probably more than I want to pay for it, given that we do not get too much use out of this kind of feature, but they are continuing to innovate in that regard. From that perspective, it is a good product.

SentinelOne Singularity Complete is very mature at this point.

We have not yet had an occasion to integrate it, although, in a couple of weeks, we are going to be integrating their Cloud Funnel service with another MDR provider, Red Canary. We have not done that yet, and we have not made use of their other interoperability pieces.

They have two Ranger products. One is the Ranger Identity Protection product, which is kind of an add-on product, and the other one is more of a rogue detection product. We did subscribe to the Ranger Identity Protection product, but it was so difficult to work with that we finally stopped using it. It was a subscription.

Our correlation is whatever is going on in the endpoints. We are not pulling in Palo Alto firewall telemetry, or Okta or O365 data at this point, but we are moving in that direction. We are simply using it for endpoint security and for their Vigilance MDR service.

SentinelOne is good as a strategic partner. We are in the third year of our three-year contract and plan to continue with them. We are not going to go directly to them. We are going to go through one of their partners, Red Canary, but we will be using the SentinelOne Complete product and then using Red Canary to do the MDR along with active remediation and SIEM ingestion of our Okta data, our Palo Alto firewall data, and our O365 data. They can then begin to cross-correlate events and attacks across different attack surfaces of ours.

I would rate SentinelOne Singularity Complete a nine out of ten.