What is our primary use case?
We have the Core version for almost all our endpoints. We will be installing it completely for the US, who wants more products, and India, because we have experienced that India is more exposed to threats.
We are currently updating our agents from 4.0.5 to 4.2.
How has it helped my organization?
Every day, we check threats that come from outside.
What is most valuable?
The solution is powerful because we just have to update the agent by using the console, which is simple to do. I just select the endpoints and click "Update" on the console. That is it, because it is very easy to use.
Regarding threats, it is very powerful. It highlights them immediately on the console, then you can decide if it's a false positive or an actually real threat.
SentinelOne's distributed intelligence at the endpoint is very powerful and works well.
What needs improvement?
I would like to improve the reports because they are not so customizable and we would like more info from them.
I cannot download all the hosts that we have on our tenant, because there is limit of 10,000. I have asked our provider to work with SentinelOne to fix this. For example, my complaint is that if I want to download an Excel file or CSV, I have a limit of 10,000 rows. However, in our tenant environment, we can download more than 16,000 rows.
For how long have I used the solution?
We started deploying it in 2018.
What do I think about the stability of the solution?
It has been a stable product.
The process is completely automatic when an endpoint connects to the console. At that point, the agent will be updated. However, when we install a new machine, we have to install it manually, even the agent.
What do I think about the scalability of the solution?
We have never had an issue with scalability.
We have 15,447 endpoints in total with the Core version. 99.99 percent of the endpoint usage is Windows. We also use it with a few Macs and Linux. It is really powerful from this point of view.
How are customer service and technical support?
Our SOC has logged some tickets with the technical support. They have never complained about SentinelOne's support.
Which solution did I use previously and why did I switch?
Previously, we had the McAfee, which was complicated to managed.
We heard about this SentinelOne and its new antivirus, so we contacted our consultant who organized a PoC. After the PoC, we decided to migrate the solution.
I have been satisfied with the new antivirus.
How was the initial setup?
For deploying, it takes a long time. Our process was first to install SentinelOne with McAfee, having two antiviruses in the same host. Then, we started to uninstall McAfee. That process took about six to nine months because we had a lot of endpoints to deploy.
The antivirus migration was normal. The only thing that was tricky was the removal of the McAfee tool because sometimes it worked incorrectly and didn't uninstall the antivirus.
What about the implementation team?
The installation was done by our SOC and me. Our SOC is comprised of five to six people. The SOC personnel are the same people who currently maintain the solution.
What was our ROI?
I think the solution has reduced our incident response time and mean time to repair.
Which other solutions did I evaluate?
SentinelOne is easier to use than McAfee was. With the SentinelOne console, you have everything you need, like the dashboard and configuration, which makes it easier to manage than McAfee. However, I have more experience with McAfee.
What other advice do I have?
We have a SOC managing our environment. They are very happy with features that SentinelOne provides.
We will be upgrading to complete version next year, including Deep Visibility. This includes 2,000 endpoints for the USA and India. However, we currently haven't enabled this feature.
We have never needed the solution’s one-click, automatic remediation and rollback for restoring an endpoint, but the feature is very powerful.
Biggest lesson learnt from using SentinelOne: Never trust anyone.
I would rate this solution as a 10 out of 10.
Which deployment model are you using for this solution?
Which version of this solution are you currently using?