What is our primary use case?
We use SentinelOne to secure our entire environment, including all user endpoints and servers. We are also currently testing the Deep Visibility addon. We were using a definition-based AV prior to SentinelOne, and we were getting daily/weekly infections of a variety of malware. We are a mix of PC, Mac, and Linux. We have on-premises machines and servers, as well as cloud VMs that we were wanting to protect. We wanted to purchase a Next Generation AV client that would be algorithm-based instead of definition file-based.
How has it helped my organization?
SentinelOne has provided amazing security. We were getting new cryptolocker variant infections several times per month and the month following our SentinelOne rollout, the numbers dropped to zero. We have not had a single infection since.
The new console is not only visually appealing and simple to use, but it allows you to customize and apply labels to different areas. I don't have a good gauge on how much money SentinelOne has saved us, but we only get a handful of security alerts in our console each day. It has freed up our security staff to perform other tasks.
What is most valuable?
We love the API. We use it to generate robust reporting, and we also developed tools to perform agent actions remotely without needing to provide all IT staff with console access.
The agent will now also report the location in AD. This allows you to create dynamic collections of machines in the cloud console based on their location in local AD. You can replicate your AD OU structure into the console and run deployments and reporting based on OU. It's a very powerful feature and something that was missing in our last product.
What needs improvement?
The agent update schedule is a little sporadic, and the updates are frequent. You are definitely going to want to have a good management solution in place, such as SCCM, Intune, or Jamf in order to maintain the environment properly.
There is agent data, such as last known IP address, that is not stored historically. It would be nice if the console stored data daily, so that you could look at a timeline of events on a machine over a period of time, and currently this is not possible. You can see a snapshot of the data at the moment, but once it changes whatever was there previously is not stored.
For how long have I used the solution?
I have been using SentinelOne for four years.
What do I think about the stability of the solution?
The agent is very stable, especially the later versions of the product. Agent never crashes and consumes minimal system resources. New agent versions are constantly released (which can be slightly difficult to manage if you don't have a good endpoint third party management solution like SCCM\JAMF). Release over release both stability and features have improved and been more fleshed out.
What do I think about the scalability of the solution?
It is very scalable and easy to deploy over any of the standard management solutions.
How are customer service and technical support?
Customer service and our TAM are both very good. They are responsive and have never been unable to answer a question we asked.
Which solution did I use previously and why did I switch?
We switched because or old solution flat out was not picking up infections. It was really almost rather useless.
How was the initial setup?
The initial setup is straightforward. We do not have any on-premises infrastructure. Rather, we are using sentinel one in full-cloud mode. It was really just a matter of deploying the agent to the endpoints.
What about the implementation team?
Our in-house team handled the deployment.
What was our ROI?
ROI is kind of hard to quantify but we definitely do feel like we get our money worth.
What's my experience with pricing, setup cost, and licensing?
The costs are really rather minimal for what you receive with the product. No real advisement here. The larger count you have, the deeper discount you will receive in your contract.
Which other solutions did I evaluate?
We looked at Carbon Black. SentinelOne was more economical, and the feature set was comparable so we ultimately went with it.
What other advice do I have?
Be ready to dedicate a good amount of time to learn the API. To really get the most from the product you need to tap the REST API.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?