What is our primary use case?
We are an MSP supporting various business verticals (including medical and pharmaceutical). Our core monitoring/deployment solution is SolarWinds RMM, through which we were recently introduced to SentinalOne. We use the bundled automation to install, patch, and monitor antimalware protection to endpoints. We are in the process of replacing Bitdefender with SentinalOne for several clients.
How has it helped my organization?
Deployment is automatable through the RMM, though a little clunky to do. The provided automation was a little challenging, but once you get it configured it's quite effective. Once we got it deployed to our users, it operates seamlessly and with minimal impact on system resources. Even our clients with lower-end workstations report improved performance since switching from Bitdefender.
After migrating, this also picked up some latent malware that was not previously detected & cleaned it immediately with almost no interaction required. I was impressed with how little this bogged down the affected system. This was in our pilot run, so I was on-site.
What is most valuable?
The fact that this runs using AI instead of heuristics provides the best protection I've seen. It has the ability to rollback a ransomware infection instantly and with minimal disruption to the user & provides robust reporting.
I tested this by deliberately infecting an unpatched test machine with WanaCry. First of all, SentinalOne blocked the initial infection attempt. I had to put S1 into "notify only" mode on that system to actually infect the machine. Once infected, WanaCry did what it does... encrypted all the documents I had copied to the test machine and put up the background.
We immediately got a notification on our dashboard that a system was infected. At the same time, we got a popup on the client machine notifying us of the infection, with the option to auto-repair the damage. It took less than a minute (granted, we only had about 200 MB of files on the test system) for S1 to repair the damage and put the machine back to normal with no evidence of the infection.
You also can't remove the client from the local machine without approving it within the dashboard. This is a nice feature to prevent tampering by either hapless users or even skilled threat actors.
What needs improvement?
Set up is very labor-intensive. You have to provide multiple codes from multiple places within the S1 dashboard in order to use the provided automation, and it's different for each client (or "sites" as they call it). It very much feels like an enterprise application that has been adapted for SMBs, but not very thoroughly. It would be better if they had a "site package" similar to the one offered by SolarWinds for the RMM. You just run the package on the client machine and done.
For how long have I used the solution?
We have been using this solution for approximately three months.
What do I think about the stability of the solution?
The stability is excellent so far. Once installed, it's "set it and forget it."
What do I think about the scalability of the solution?
Scalability is great if you're scaling up, but scaling down may prove to be challenging.
How are customer service and technical support?
Technical support is provided for us through SolarWinds, and they're very knowledgable.
Which solution did I use previously and why did I switch?
We used Bitdefender (also through SolarWinds) previously. SentinalOne was pitched by SolarWinds a few months ago as an alternative with robust ransomware protection. Being a small MSP, a single ransomware infection at a client could spell disaster for our business. We are always looking for the latest technology, but not marginal improvements.
How was the initial setup?
The setup script provided by SolarWinds (proprietary to their RMM) was a little challenging to get going, but once it worked, it worked perfectly. Except it didn't run on Win7 systems because it uses Powershell commands from a later version than what's available on Win7.
What about the implementation team?
The vendor team provided support, but we did the deployment.
What was our ROI?
We're making about seventy-five percent over the per-seat cost, and it's easy to sell at that price point.
What's my experience with pricing, setup cost, and licensing?
The per-seat cost is low, but you have to commit to a certain number of licenses for a year.
Which other solutions did I evaluate?
We really hadn't seen EDR solutions in action before. Our decision was based primarily on the fact that it has SolarWinds integration.
What other advice do I have?
Definitely worth the money compared to heuristic solutions, especially for clients who tend to "stretch" their hardware as long as possible. The low impact and robust reporting go a long way to make this an easy sell, and the cost is excellent for the price point.