SentinelOne Review

Straightforward to install, quick and detailed technical support, and application inventory is helpful


What is our primary use case?

Our primary uses are endpoint protection and application inventory.

The management is done through the SentinelOne web interface.

We work strictly in a Windows environment, using it for both workstations and servers.

How has it helped my organization?

At the moment, using SentinelOne brings us peace of mind. It has only highlighted a few things and generally, we've been quite lucky.

In terms of the engines that SentinelOne uses, it has stopped various scripts from running and it's highlighted lateral movement that we weren't expecting. From that perspective, it's been good.

We don't have a lot of incidents but SentinelOne has reduced our response time by a couple of hours, per incident. It does a lot more than what the previous AV products did.

What is most valuable?

The most valuable features are application auditing and malware detection.

Application inventory and auditing highlight which applications are installed on the endpoints, and whether there are any known vulnerabilities. If the endpoint is not patched then it will be reported. This helps us in terms of validating our patch management methodology.

On the malware protection, it looks like it stops all malware and detects things such as suspicious activity.

The automatic monitoring of OS processes is a good thing to have. However, I'm not totally familiar with the product in-depth. It gives peace of mind in terms of our security and it doesn't seem to have any impact from an end-user perspective.

We use the threat detection feature.

The Deep Visibility feature is something that we have used once or twice. It gives us visibility of all of the activities that took place, to determine what exactly was caused. We don't use this feature very much, purely because we don't have many things to look at. We did find some things that were suspicious, and we were able to resolve them. It highlights certain things that we weren't aware of, and then we were able to go in and understand them further. At that point, we either marked an issue as a false positive, or we denied it permission to continue. In either case, SentinelOne stopped it from proceeding. 

At the moment, my confidence is quite high with respect to the effectiveness of the distributed intelligence at the endpoint. I haven't had reason to determine if it's not working and at the moment, it seems to be doing what it says it does.

What needs improvement?

With respect to product patches, it should have the ability to patch directly from SentinelOne, rather than be presented with a list and have to do it separately. As it is now, it shows you what products require patching, but you need a separate application to install the patch. If you could initiate an update to the application from SentinelOne, that would be a nice feature. 

For how long have I used the solution?

I have been using SentinelOne for approximately a year and a half.

What do I think about the stability of the solution?

Overall, the stability is very good. We have had one version where it had a high CPU usage, but the later versions were better.

What do I think about the scalability of the solution?

We have not run into problems with scalability. It can be very good.

There are three users in the company including the IT department, helpdesk, and operations manager. At the moment, we have implemented 100% of our endpoints. Probably, as we add endpoints over time, our usage will increase slightly.

How are customer service and technical support?

The technical support is excellent. We have only had to use them two or three times, and the response has been very fast, very detailed, and very explanatory.

Which solution did I use previously and why did I switch?

Prior to SentinelOne, we used Symantec Endpoint Protection. We switched because SentinelOne offered various features such as Deep Visibility, threat analysis, and application inventory. There were a lot of features that SentinelOne had that Symantec didn't, at the time.

How was the initial setup?

The initial setup is very straightforward. It was pretty much all done for us. Essentially, all we had to do was install the agent on each workstation that was upgraded.

It took about three weeks to deploy, covering all 212 of our endpoints.

We didn't have a specific implementation strategy. We somewhat phased it in, and all of the new devices would be installed with SentinelOne. As we go through the different workstations, we replace what is necessary and upgrade the agent. It was a case of going through our four different offices and because we're quite small, we did it one by one.

There is no maintenance required, post-deployment.

What about the implementation team?

SentinelOne support assisted us with deployment and it was done pretty much right away. They were very good.

Once the tenant was created, they gave us an overview of how to use it. The product is quite straightforward and easy to use and. There are probably elements we could go through further with SentinelOne, but I don't know if it's because I buy through a third party. Maybe, the third party is supposed to do more, but I'm not sure.

The reseller that we purchased SentinelOne from is O2 Mobile, and the experience was fine.

What was our ROI?

Although there isn't a tangible ROI, the product gives us a lot more detail and insight into the threats, which is valuable. There has been ROI, but it's more time value rather than a hard dollar value.

What's my experience with pricing, setup cost, and licensing?

The price is reasonable in terms of what the product offers. SentinelOne is more affordable than some competing products, and it's not overly expensive for what you're getting.

Which other solutions did I evaluate?

We looked at Trend Micro before choosing this product. SentinelOne looked easier to use and it was almost a complete product. We didn't go into too much depth, and I cannot compare the detection capabilities, but the cost was a factor.

What other advice do I have?

My advice for anybody who is implementing this product is to fully understand all of the elements that it provides and to be aware of all of the features. For myself, I think it's important to have a deeper and better understanding of all of the functionality that the product offers.

At the moment, we have a lot of trust in SentinelOne. If it continues to stop future threats then I will continue to rate it highly, or even perfect. At this time, I wouldn't say it's perfect because I can't say that I haven't been compromised because of it.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud
**Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
More SentinelOne reviews from users
...who work at a Retailer
...who compared it with CrowdStrike Falcon
Learn what your peers think about SentinelOne. Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
511,773 professionals have used our research since 2012.
Add a Comment
ITCS user
Guest