We performed a comparison between Elastic Security and SentinelOne Singularity Complete based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"The advantage of Microsoft Defender XDR has over other XDRs in the market is that it's easy to use. You can quickly differentiate between alerts, incidents, devices, software, etc. It's easier to investigate an incident, and you have so many options. You can automate investigations and use playbooks. There's also the live response session, which is something you can't find in any other XDR."
"I like the easy integration and advanced possibilities. We can implement it at customer sites in a few clicks, but we can also dive deep and drill down to extended features. There's a very good starting point to get into this product and all the features from Defender."
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"The most valuable feature of all is the full integration with the rest of the software in the operating system and Office 365, as well as Microsoft SCCM. It is quite easy for us to work with the whole instance of Microsoft products. This integration improves the benefits of the whole suite of products."
"The most valuable aspect is undoubtedly the exploration capability"
"The threat intelligence is excellent."
"It has been great for us. Previously, we didn't have a solution to protect us, especially from malware, whereas now, we are getting protection up front, especially from the malware attacks coming through emails or endpoints."
"Its most significant advantage lies in its affordability."
"We chose the product based on the ability to scan for malware using a malware behavioral model as opposed to just a traditional hash-based antivirus. Therefore, it's not as intensive."
"Its flexibility is most valuable. We can have a number of scenarios, and we can get logs from anything. If we know how to use Logstash, we can tweak it in many ways. This makes the logging search on Elastic very easy."
"The performance is good and it is faster than IBM QRadar."
"It is very quick to react. I can set it to check anomalies or suspicious behavior every 30 seconds. It is very fast."
"The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash."
"The most valuable feature is the machine learning capability."
"Elastic Security is very customizable, and the dashboards are very easy to build."
"The most valuable thing is that this solution is widely used for work management and research. It's easy to jump into the security use case with the same technology."
"Singularity's threat-hunting platform is user-friendly, and I like the built-in remote access feature."
"The strength of SentinelOne is that it has an automated, active EDR. It does that first level of what a SOC analyst would do, automatically, using artificial intelligence, so we can focus on other things. Active EDR not only notifies you, but it actually fixes that first level. That is unheard of. Very few, if any, companies do that."
"The protection and management provided by SentinelOne is good."
"Offers good protection against ransomware."
"SentinelOne is the next-generation EDR solution."
"The threat detection and prevention capabilities are valuable, providing development programming support that enables us to perform fair investigations."
"It has the ability to rollback a ransomware infection instantly and with minimal disruption to the user & provides robust reporting."
"I find the application inventory feature to be extremely useful."
"The solution does not offer a unified response and standard data."
"When we do investigations, it would be better if Microsoft could populate the host dashboard more. When we open any host for investigation, we want the entire timeline of what is happening on the host, including all the users logging in, their hardware, Windows version, etc."
"I'd like to see a wider solution that includes not only desktop devices but also other devices, such as servers, storage cabinets, switching equipment, et cetera."
"The price could be better. It'll also help if they can continuously update and upgrade the solution. Every day there's a new virus uploaded into the network, and we have to keep updating it to identify all these things."
"The documentation on their website is somewhat outdated and doesn't show properly. I wanted to try a query in Microsoft Defender 365. When I opened the related documentation from the security blog on the Microsoft website, the figures were not showing. It was difficult to understand the article without having the figures. The figures were there in the article, but they were not getting loaded, which made the article obsolete."
"The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"The only problem I find is that the use cases are built-in. There is no template available that you can modify according to your organization's standards. What they give is very generic, the market standard, but that might not be applicable to every organization."
"The problem with ELK is it's difficult to administer. When you have a problem, it can be very, very difficult to rebuild indexes."
"This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage."
"In terms of improvement, there could be more automation in responding to and evaluating detections."
"This solution cannot do predictive maintenance, so we have to build our own modules for doing it."
"The interface could be more user friendly because it is sometimes hard to deal with."
"The tool should improve its scalability."
"We are paying dearly for the guy who is working on the ELK Stack. That knowledge is quite rare and hard to come by. For difficulty and availability of resources, I would rate it a five out of 10."
"Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price."
"I would like to see something a little more sophisticated than simply being able to mark a false positive as safe or there's usually just one or two options in certain areas and they're a little rudimentary at this stage."
"In terms of improvement, the documentation could be better. I would also like to see SingularityOne compatibility with Huntress, and the tighter integration between them would bring more to the table."
"In automation, if we could schedule when we run the task and on which systems we want to run the task, it would improve automation."
"Improvements for SentinelOne's Singularity Complete could include adjusting pricing for specific markets, ensuring affordability, and better alignment with customer expectations in those regions."
"The application management needs improvements, but I understand that they are working on it. We talked to them a few months ago, and it is something they are trying to get up to speed and fix. This way, we will be able to disable critical apps or vulnerable apps through SentinelOne. We will be able to patch applications or disable applications through the Application Management tab."
"One way to improve and get additional benefits would be for SentinelOne to host the updated installer files for us, rather than us having to download and host them ourselves."
"Maybe they can develop some firewall aspects for it to better protect us."
"Their documentation could afford to be a little bit better communicated. A lot of times we have to look at things in the knowledge base, and much of that could be communicated better, but that would probably be the only thing that needs to be improved."
More SentinelOne Singularity Complete Pricing and Cost Advice →
Elastic Security is ranked 7th in Extended Detection and Response (XDR) with 58 reviews while SentinelOne Singularity Complete is ranked 1st in Extended Detection and Response (XDR) with 176 reviews. Elastic Security is rated 7.6, while SentinelOne Singularity Complete is rated 8.8. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of SentinelOne Singularity Complete writes "Provides peace of mind and is good at ingesting data and correlating". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, Microsoft Defender for Endpoint and syslog-ng, whereas SentinelOne Singularity Complete is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, ThreatLocker Protect and Datto Endpoint Detection and Response (EDR). See our Elastic Security vs. SentinelOne Singularity Complete report.
See our list of best Extended Detection and Response (XDR) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
