SentinelOne Review

The threat timeline feature gives a breakdown of the files and network connections


What is our primary use case?

We're a managed service provider, so it's MSP for our clients.

What is most valuable?

I have found the activity timeline and threat analysis to be particularly useful.

What needs improvement?

The automation of certain features could use improvement. For example, it seems common sense to me that if a threat was executed out of a task in your task scheduler that part of neutralizing the threat would be removing that task from the scheduler.

I would like to see something a little more sophisticated than simply being able to mark a false positive as safe or there's usually just one or two options in certain areas and they're a little rudimentary at this stage.

What do I think about the stability of the solution?

In terms of stability, I've seen some issues with the deployment or decommissioning not working the way it's entirely supposed to. I've seen the same thing with other managed antivirus so it's nothing I consider unusual. Occasionally I have to go and clean up an installation or an installation that didn't go off cleanly.

What do I think about the scalability of the solution?

The scale we operate at is pretty small. We've got less than 100 endpoints on this at the moment. Currently, I only have about 80 users. 

If you previously used a different solution, which one did you use and why did you switch?

We still use our traditional antivirus packages, Vipre and Bitdefender, depending on the customer and their use case.

How was the initial setup?

The initial setup took a little bit of orientation but nothing I would consider unusual for learning a new product like this. The deployment did not take very long at all. From the time when we were introduced, got registered for all the different related sites and services it only took a couple of weeks before we could deploy without really needing to think about it. It was pretty simple.

What other advice do I have?

I would advise someone considering this solution to make sure that you leverage the features. It's particularly very useful in sites such as the threat timeline where it gives you a breakdown of the files and network connections.

Call the SOC, the Security Operations Center, with questions. They're always proactive and very helpful but do not rely on the automation to do everything for you. I had an instance where just glancing at the activity timeline, it was very obvious to me there was something traversing the customer's network. There was an infection that was at least partially taking hold and it was worming its way through their network and I would think that the Security Operations Center should see. If they're seeing multiple infections at the same site they should have the same inference happen and call us and notify us and do something about it.  That required manual intervention and it would've been nice to get an earlier notice on it without manual review of activity by myself.

I would rate SentinelOne an eight out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Add a Comment
Guest

Sign Up with Email