SentinelOne Review

For the first time we have global knowledge of what's happening in all of our subsidiaries

What is our primary use case?

We were looking for an EDR solution to get the best protection available, especially against ransomware. For us, any EDR solution needed to be supported by a 24/7 SOC.

We deploy it on-premise, in all of our factories and branch offices, worldwide.

How has it helped my organization?

Security operations have been improved as SentinelOne is easier to manage and update compared to most traditional anti-malware products. It enables us, for the first time, to have global knowledge of what's happening in all of our subsidiaries. Previously, each of them had a local antivirus solution.

What is most valuable?

  • Easy to install and update
  • Management Console in the cloud
  • Ability to partition it in "sites" (our subsidiaries) with local site admin
  • Overall good quality protection

Also, in terms of impact on the endpoint, we carefully manage endpoints for specific purposes (such as for connection to industrial machines) to avoid the false positives that are quite typical in a behavioral engine like SentinelOne. But generally, the impact is quite low, and the Management Console and SOC support allow us to check if everything is working properly or not.

In addition, one of the features that convinced us to adopt SentinelOne was that the solution can recognize and respond to attacks with or without a network connection. That is very important.

For how long have I used the solution?

We started to install SentinelOne on the first endpoints in August of 2019.

What do I think about the stability of the solution?

Generally, the stability is good, but I would like to see better stability from the solution. The stability issue is partially a con of a behavioral-based product, but being behavioral-based, it also has a lot of pros.

What do I think about the scalability of the solution?

The scalability is good. At present, I can't see scalability limits.

We have SentinelOne installed on almost 1,700 endpoints and have one main admin for deployment and maintenance and about 20 local site admins.

We have some factories and branch offices where the solution is not yet installed. We hope to complete most of them by the end of this year and, by then, have it installed on about 2,300 endpoints.

How are customer service and technical support?

Support is quite fast to solve problems. The SOC is very good and really operates 24/7. When necessary, they contact SentinelOne support directly and their replies, generally, are quite fast.

Which solution did I use previously and why did I switch?

We used traditional antivirus solutions. None of them could stop ransomware attacks and that's the main reason we choose SentinelOne.

In terms of the time it takes for SentinelOne to catch malware compared to our previous platform, the results are similar, with an advantage of SentinelOne being its discovering of Zero-day threats and ransomware.

A SOC provider showed us the product, and we worked out a global agreement for EDR and SOC with them.

How was the initial setup?

The initial complexity was mainly related to finding the right exclusions to avoid false positives, especially with endpoints running technical and industrial software.

The rollout in our main company, with about 600 endpoints, was completed in about three months, including the initial fine-tuning for the AI engine.

In terms of our deployment strategy, in the first company where we installed SentinelOne, we chose to maintain our traditional antivirus product, and run SentinelOne together with it. The decision came about because we were not initially confident with SentinelOne. When we deployed it later to all of our subsidiaries, SentinelOne replaced the local antivirus solution.

What about the implementation team?

Main support was provided by the SOC company, working together with our IT Staff.

What was our ROI?

We have seen a good ROI about the SOC service and the product.

What's my experience with pricing, setup cost, and licensing?

The solution's price/performance ratio is reasonable.

In addition to the standard licensing fees there is, of course, the SOC service fee.

Which other solutions did I evaluate?

We evaluated main SOC companies and the solutions they provide. Most of them required a SIEM platform but not specifically an EDR solution. In the end, we chose the best and most affordable combination of SOC and EDR.

What other advice do I have?

My advice is to start with a few endpoints and become comfortable with SentinelOne, and test the exclusion rules for endpoints running specific software.

At present, it looks like the most advanced EDR solution on the market, but I think we have to stay tuned to the market and to what's happening in cybercrime, as 100 percent security doesn't exist.

**Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
More SentinelOne reviews from users
...who work at a Healthcare Company
...who compared it with CrowdStrike Falcon
Add a Comment