What is our primary use case?
My primary use case for this solution to protect my clients and sites that I support from malware and ransom ware. It is installed on the end point clients and servers as a client and then it clean and protects after a reboot. As a managed service provider we found it instrumental at preventing viruses and especially preventing ransom ware. We went from 30% ransom ware infections to zero. The software stops the infection before it executes.
How has it helped my organization?
It has saved hundreds of hours fixing destroy and encrypted computers. In the old days even if you restored the files Windows was still damaged. This stops the software from executing.
What is most valuable?
The valuable feature of this solution is the ability for it to stop a virus or ransom ware. It uses a SOC for active monitoring and AI software that watches where you go and what gets executed. If it sees danger I get alerted and the machine is frozen. If the SOC believes it to be a virus the machines network card is frozen or the machine is automatically returned to the state before the file was executed and the file is erased. If it's safe the machine is auto unfrozen. I can go in look at the logs, verify if it's a false positive and unfreeze the machine. If I believe it is a virus I can return the machine to before the file got executed. Erasing any damage. If I believe it's a false positive I can mark it benign and re execute the file. So far it's stopped four ransomware cases from getting through, so it's doing a good job.
What needs improvement?
I think communication and documentation could be improved in the solution. When you get a virus alert, there's not a lot of upfront training to let you know how to resolve a situation when it occurs. The first couple of times you're flailing a little bit until you get it sorted. I would probably also suggest that the interface could use a little bit of help. It's a little hunt and peck.
For additional features, I'd like to see the ability to control it on a cell phone. It would be great if I could have it in the palm of my hand so that if I get a false positive, I can just look at the dashboard on my phone.
For how long have I used the solution?
I've been using this solution for seven months.
What do I think about the stability of the solution?
The solution seems super stable, although you do get some false positives, especially when it encounters a new piece of software. But the SOC is able to quickly whitelist and adopt to the new software fairly quickly.
What do I think about the scalability of the solution?
The solution is scalable. I'm able to put it both in a script and I can see it being able to be deployed in a large environment as well as a small one. I have 285 end points and the roles are anywhere from financial traders to insurance agents. All employees have access to the solution, it's actually turned into my main route for antivirus end protection and the product doesn't require any maintenance except for when it finds a virus.
How are customer service and technical support?
I've used technical support a few times and it's very good. They're very responsive and they alert you very quickly when there's an issue. They lean heavier on protection, which can sometimes be a problem. A lot of times, by the time I'm logged in to look at it, they've already figured out that it's a false positive and they mark it and whitelist it and put the machine back online. All that can take less than a couple of seconds.
Which solution did I use previously and why did I switch?
I've previously used several antivirus programs and then I got to the point where I wanted to use an artificial intelligence program. Originally I used CrowdStrike, which I also liked, but the main reason I switched to SentinelOne is because it's incorporated as part of my MSP solution suite.
How was the initial setup?
The initial setup is very straightforward. When you implement, it goes through and does the initial scan and it makes the configuration changes that it needs. I haven't had a problem with any deployment at all and it's a very quick process.
What about the implementation team?
What's my experience with pricing, setup cost, and licensing?
The cost of the solution varies and depends on your relationship with the supplier. My cost is USD $6 per end point. I don't have additional costs on top of that.
Which other solutions did I evaluate?
I evaluated, Norton 360, Windows antivirus, Webroot, Crowdstrike, and ESET
What other advice do I have?
With solutions like these it's important to keep in mind that any automated system can give false positives, especially when they first encounter your software. Be patient, work with the SOC and the technical support team. If your work is implementation, then do whole sites at one time. It's best to do it in sections, let it sit for a couple of weeks and then do the rest.
I would rate this solution a ten out of 10.
Which deployment model are you using for this solution?