We started doing proofs of concept for a short list of candidates in October 2020 when things calmed down a little bit. In addition to SentinelOne, we were looking at Sophos Intercept X, and CrowdStrike Falcon, which I assumed would win the bake-off. I had every expectation that Falcon was going to be our new endpoint. SentinelOne was kind of a startup. CrowdStrike Falcon was number three. Our second choice would've been Sophos Intercept X.

We left behind traditional AVs like Symantec and Norton Antivirus in 2016. It's awful stuff. We would've been good with Intercept X or Falcon, but SentinelOne has just proven to be the right choice for what we're doing. I hope they don't get bought.

We also piloted CrowdStrike. 

I wasn't involved in evaluating solutions, so I'm unsure if the company evaluated other solutions before choosing SentinelOne Singularity Complete.

We reevaluated CrowdStrike and realized that it was just not going to work for our purposes. I believe we looked at Sophos and Carbon Black. Carbon Black is a VMware product, and Sophos is a similar EDR solution.

When I started at this company, an MSP recommended a legacy type of antivirus, and I felt it was not up to par with what SentinelOne Singularity Complete provides. SentinelOne Singularity Complete is an excellent enterprise product with an excellent price point that's hard to argue with in terms of results and efficiency per dollar spent, so it's a no-brainer.

Sophos was eliminated very early on in the PoC process. Then, we looked at: 

• SentinelOne
• FireEye
• CarbonBlack
• CrowdStrike. 

Out of these solutions, we selected SentinelOne. Their ability to respond quickly in terms of feature functionality was the biggest pro as well as their fee for agents in the cloud. The other solutions' interpretation of a cloud solution did not match with our expectations. From an overall perspective, we found SentinelOne's methodology, its effectiveness, its lightweight agents and their capabilities far exceeded other solutions that we evaluated.

SentinelOne had the highest detection rates and the ability to roll back certain ransomware, where other solutions were not even close to doing that.

We evaluated CrowdStrike but we didn't have much information about how it worked, its functionality, or cost.

We looked at similar products, such as CrowdStrike and other versions of Fortinet.

We looked into Crowdstrike, Carbon Black, and Microsoft.

We looked at all the big ones, such as CrowdStrike. That is the first one that comes to mind. We even looked at Microsoft Defender and Sentinel. We looked at a few other solutions out there. We had an IBM demo there, but I do not remember what theirs was called. Bitdefender was another one that we looked at.

We went to Singularity Complete for the feature set. They did not have a robust feature set the way CrowdStrike does, but they had everything that we needed. CrowdStrike had even more advanced features, but SentinelOne's pricing was half of what CrowdStrike sells for. It was a pretty easy decision for us to go with SentinelOne. They were much better than the other players that we looked at. It came down to between SentinelOne and CrowdStrike, and the pricing made all the difference. They also seemed pretty easy to deal with, whereas with CrowdStrike, it felt like they were doing us a favor. When we talked to them, I just did not get a great sense of them, but price was one of the main things. CrowdStrike's price was double of SentinelOne's price.

We assessed McAfee, Trend Micro, and BlackBerry. We opted for SentinelOne Singularity due to its smaller footprint and more efficient software that uses fewer resources.

We evaluated other solutions through online research, but we were recommended SentinelOne Singularity Complete by a company with which we were collaborating. Since the solution performed effectively during our cleanup process, we decided to continue using it.

The organization assessed Carbon Black but found greater value in SentinelOne Singularity Complete.

They evaluated a lot, but that was before I was in the department, so I do not know exactly which ones they did.

We evaluated CrowdStrike, but the way their deployment platform worked would not work for our organization.

In addition to Rapid7, we were looking at CrowdStrike for our endpoint detection, and at Sophos as well. Clearly, SentinelOne was the best for us.

SentinelOne is definitely a leader in the marketplace because it has a lot of features to offer. There are some pretty good integrations with it as well, and there are things you can change in the settings and how it's deployed.

The quality of the solution is great. I don't have any complaints other than that small reporting issue I mentioned. In terms of maturity, Singularity is one of the top-notch eyes-on-glass solutions that you can have, especially as it relates to your endpoints and vulnerabilities. It gives you that technical deep dive into what the vulnerability is, what workstation it's on, and whether there are any other endpoints affected.

I've used several different platforms. We had a demo of the Carbon Black EDR, and I've used the FireEye EDR, Symantec, and Cisco.

We did a comparison between CrowdStrike, Carbon Black, and looked at Microsoft's EDR products.

Though Microsoft's solution was suggested, we only seriously considered SentinelOne. That was the one that stood out during research. Also, I heard from my peers that it was the best one, so I didn't look at other options.

We evaluated Carbon Black and CrowdStrike. With Carbon Black, money was the main difference, and with CrowdStrike, we could have only one account. We are very federated. We have 52 accounts in SentinelOne, and each account has its own IT team. We could not do that with CrowdStrike. We could only have one account. We could do groups, but we could not assign people to those groups. SentinelOne really fits the needs of our federated environment.

After evaluating CrowdStrike and other solutions, we ultimately chose SentinelOne Singularity Complete due to its user-friendly functionality, efficient logging, and rapid response times.

I looked at everything. I looked at CrowdStrike, Cylance, Carbon Black, and I had McAfee as the largest of the incumbents. I tested them all and I validated them all and I pushed every malware virus—everything in my collection—at them. I built a series of VMs to test and validate the platform. I tested against multiple operating systems. I tested against downloads, I tested against uploads. I tested visibility. I did this entire series of tests and listed out 34 or 35 different criteria. And at the end of the day, SentinelOne came out on top.

One of the huge benefits of SentinelOne is the Full Remote Shell. That has been an incredibly useful tool for me.

Cylance came in second. It has very similar functionalities, very similar builds, but not a full remote shell. It had the single pane of glass dashboard, but the visibility I get out of SentinelOne, as well as the protection and the capability to run the Full Remote Shell pushed it over the top.

Carbon Black was nice, but I had to run two different dashboards, one cloud and one local. I couldn't get single pane of glass visibility from that.

When I tested SentinelOne against all the engines, they all pretty much found everything. Mimikatz was the deciding factor. A couple of the solutions flagged it but didn't remediate it. SentinelOne just rolled everything back as it started to discover it. It actually pulled the installer out, so that was nice. 

A lot of new technologies that are out there are very similar. They are pulling from public threat feeds and other learning engines. But if you compare and contrast all the features available, SentinelOne is just going to edge everybody else out. And they're constantly evolving the product to make it more efficient and to have a smaller footprint too. When they came out with Ranger, we were still doing some network discoveries around our environment to try to figure out exactly what was still out there. That came to be a very useful tool.

It really just shines. If you compare it to everybody else there are a lot that come close, but nobody else can really quite get to the top. SentinelOne really gives you the best overall picture.

Carbon Black lacked the same level of back-end support as CrowdStrike Falcon Complete.

We evaluated CrowdStrike and Defender. We didn't find Defender to be a strong enough technology. CrowdStrike was more expensive, while SentinelOne offered a combination of good technology and affordability.

We evaluated Cisco AMP, Microsoft Defender, and McAfee. SentinelOne exceeded expectations and outperformed all of those. We did a bake-off against those solutions and found SentinelOne to be the most effective.

I try to stay abreast of different platforms. I reached out to SentinelOne, and they put me in touch with a reseller, so I went out and found it. 

The biggest thing was how well SentinelOne ranked versus the other platforms. There was also a cost-benefit of a solution like SentinelOne. We thought it would be effective for endpoint protection.

It certainly was a cost-effective solution as compared to some of the other endpoint protection solutions that were available at the time. I would not have gone with SentinelOne if it was not a good value.

We evaluated Microsoft Defender, CrowdStrike, and Cortex XDR by Palo Alto Networks.

We looked at CylancePROTECT in addition to SentinelOne. We liked the pricing better and the contract options better with SentinelOne. The deployment also seemed to be easier. In addition, SentinelOne detected things that others missed. We did a few quick trials of other solutions, but SentinelOne seemed to be the best in terms of detection. For example, we did a test with Mimikatz and SentinelOne detected it immediately, whereas some of the others bypassed or didn't see it at all.

And when we talked to the ConnectWise sales rep—because ConnectWise was integrated with Cylance at that point, and SentinelOne was not—the rep told us that they were actually dropping Cylance and moving to SentinelOne over the next year for integration, which was a big factor for us.

We did not evaluate any other options before switching to SentinelOne. 

We evaluated:

• Microsoft Defender for Endpoint
• Cisco AMP for Endpoints
• CylancePROTECT
  
• Apex One, which is Trend Micro's NextGen platform.

The main differentiator between SentinelOne has been ease of use, configuration, and performance. It outperformed every single one of the other solutions by a large margin in our testing. We had a standardized approach in tests, which was uniform across the platforms. Also, there is a lot of functionality built into SentinelOne, where other vendors offered the additional functionality as paid add-ons from their basic platforms.

During our evaluation process, SentinelOne detected quite a lot of things that other solutions missed, e.g., generic malware detection. We had a test bed of 15,000 samples, and about 150 were left for SentinelOne. What was left was actually mobile device malware, so Android and iOS specific, fileless attacks, and MITRE ATT&CKs. SentinelOne performed a lot stronger than others. Cylance came second to SentinelOne, even though they were 20 percent more effective in speed and detection. The gulf was so huge compared to other solutions.

SentinelOne's EDR is a lot more comprehensive than what is offered by Cylance. They are just two different beasts. SentinelOne is a lot more user-friendly with a lot less impactful on resources. While I saw a lot of statistics from Cylance about how light it is, in reality, I don't think it is as good as the marketing. What I saw from SentinelOne is the claims that they put on paper were backed up by the product. The overall package from SentinelOne was a lot more attractive in terms of manageability, usability, and feature set; it was just a more well-rounded package.

SentinelOne Singularity Complete's longevity in the market may have created an inflated perception of its capabilities. While it was once considered a leading tool, comparisons with newer solutions like Automox, Cynet, and Fortinet reveal a lack of active use cases and functionalities offered by these competitors.

All the portals, at the end of the day, are "first cousins", such as CrowdStrike and Palo Alto, although that's not exactly an EDR. We went to a global cybersecurity congress in London, and all the solutions were there: SentinelOne and its competition. At the portal, user, and other levels, they are practically the same. Each will have something that is better and something that is worse, but they are quite similar.

I carried out a Proof of Concept with several Endpoint Detection and Response solutions, including CrowdStrike, Trend Micro, and VMware. However, none of them were able to meet my requirements in the same way that SentinelOne Singularity Complete does.

We did evaluate other options. We looked into CrowdStrike and SentinelOne and maybe one other option, however, it wasn't considered very long. We demoed CrowdStrike and went with SentinelOne as it was more user-friendly and had a better flow. CrowdStrike felt thrown together and was hard to navigate. 

We evaluated about seven other products through an evaluation score guard criteria in-house. It has been so long since I have looked at that matrix, but it came down to analysts evaluating it against our set requirements and evaluation criteria. After that, it becomes a number, and the numbers have a certain magic to themselves that makes things more objective. The numbers just came out where the score was clear and evident based on the analysts' analysis.

We looked at CrowdStrike.

Carbon Black has a competitive version of Singularity Complete, but it is not at the same level as Singularity Complete. It lacks features like threat hunting and Ranger. So, I chose Singularity.

We also looked at CrowdStrike. The decision ultimately came down to cost. SentinelOne was the cheaper option. 

I've also used Sophos with customers. If you want to have a safe environment, then you have to work with tools like SentinelOne. F-Secure and Sophos work with databases for virus knowledge and that creates a delay.

Also, SentinelOne has the rollback which works flawlessly, whereas F-Secure and Sophos don't have that.

We looked into other solutions, but not as deeply as we went into SentinelOne. Because we liked SentinelOne so much, we just stopped there. And we already had experience with the likes of Malwarebytes, Symantec, and AVG. This was a far superior product.

I haven't had a chance to take a deeper dive into Carbon Black, but that is something I have been told is comparable to SentinelOne.

One of the things which attracted me to SentinelOne was the fact that it is the only product which is tied to the SonicWall platform, and we use the SonicWall platform a lot. A lot of our customers have SonicWall firewalls. Having a combination of SonicWall and SentinelOne provides an end-to-end security arrangement with products that are integrated with each other.

We also looked at CrowdStrike before choosing this product.

We did look at other options. We looked at CrowdStrike, for example. We also looked at Palo Alto. They had something similar in terms of endpoint security, In the end, we chose SentinelOne. 

SentinelOne is easier to use than McAfee was. With the SentinelOne console, you have everything you need, like the dashboard and configuration, which makes it easier to manage than McAfee. However, I have more experience with McAfee.

We were looking for an antivirus and EDR solution. We evaluated some of the products, and finally, we decided to go for SentinelOne EDR. CrowdStrike was one of the solutions we evaluated. SentinelOne was lightweight, but CrowdStrike had a more secure door.

The solution stands out because has excellent detection and integration capabilities. In my opinion, the solution is better than Microsoft, CrowdStrike, and Palo Alto. 

Before choosing SentinelOne, we evaluated other solutions, including SmartOps. SentinelOne stood out with its advanced AI engine, especially evident in recent micro-attack evaluations.

There are organizations such as MITRE and ESET Labs that have been doing testing that is similar to what we did three years ago. We just look at those results for the same truth that we discovered in the beginning, and the product continues to improve its performance.

We compared five products. We had a matrix with weights and the requirements we needed from a new antivirus solution. We did three proofs of concept and SentinelOne won it easily.

It was difficult to compare them because we had one other product that worked with artificial intelligence as well, but with a completely different mechanism. We also had three traditional antivirus products based on patterns, and it was really difficult to compare the features of SentinelOne with the competitors. That was the reason we decided to do a POC.

Initially, I was just researching solutions using independent reports and industry reviews. I don't necessarily agree with everything in industry reviews, but I used them to narrow down the field and to figure out which solutions I needed to look at. I also looked into whether there were any legal issues the companies were fighting. In that first phase, I got it down to about four or five that I would take to the next level and actually touch them with live malware. The reason the other ones fell off is either they were too focused on one thing or there were some legal things. The industry is small. You hear things, not necessarily officially, but unofficially you hear things.

I looked at McAfee, CrowdStrike, Carbon Black, Palo Alto Traps, Cylance, Endgame, Tanium.

In my evaluation, back in 2017, I wanted to see the features of each and match them up with our requirements. What were our influences? What was important to us? I tried to map that into what features were available at the time, or look at whether a product could consolidate another product that we had so that we would no longer need that other product. I also looked at operational efficiencies, security efficiency, and whether it meets all our compliance goals.

Then I went to the lab where I had real malware. There was a whole method to that madness of testing. 

McAfee failed miserably, even with their later product. It would have been easier for us to stick with the incumbent, but it couldn't pick up on malware. There was something it never detected. With that type of next-generation, machine-learning algorithm, it's not so much the algorithm as it is the intelligence, the data that they collect over time.

At the time, Palo Alto Traps was not ready for prime time - immature console, limited support across all our platforms and focus on exploits.

I broke Cylance, surprisingly. I didn't expect that. I'm not even a researcher, per se. I have other jobs in our company. When I managed to break them I was looking at how they responded. I'm not expecting everyone to be perfect, but I found them very defensive. They would say, "Oh, it's only one in 100 or 200 or 300 pieces of malware". But it was the way they responded to things. It took a while for them to get back to me, and they were more concerned about whether I was doing the same thing with the others.

The other weakness of Cylance was that, for anything else, like remediation and response to something, you had to buy another piece. It wasn't part of the product, whereas, with SentinelOne, it was part of the product, without paying anything more.

Some of our folks were convinced that CrowdStrike was the way to go but our tests proved otherwise. CrowdStrike has some good features, but it requires going to the cloud. And secondly, whenever you get events, you almost have to use their service, so you're paying them to help resolve something. It gets expensive.

Separately, I did a compatibility test where I checked our environment: I deployed it in a sampling of some of our machines to see if it run without creating another mess.

When you do a thorough proof of concept, you already have all the details, so nobody's going to mess with you. I compared everything. At the end of the day, I gave my boss a report and said, "This is it. You decide."

We looked at a couple of other solutions but, again, I can't disclose more about those.

We evaluated other options as well. We looked at Norton, McAfee, and Avast, which were built-in. We went with this product based on the support we would get and the fact that they were personable and easy to work with. We have a dedicated customer service rep that we can talk with about any issues.

The solution's XDR is superior to CrowdStrike. 

We selected SentinelOne because it was less expensive than the competitors. We also saw the speed of evolution with Microsoft, so it can be involved theoretically when compared to Splunk.

We also chose SentinelOne because of the balance between features. It is stable and has enough choices. Being with Microsoft, we felt confident that the solution would evolve.

We believe the traditional antivirus protection that is using signature-based validation is outdated. We had a look at different solutions, like CrowdStrike and SentinelOne. These solutions are more AI-based that go on behavior. When we spoke to SentinelOne, they also offered a SOC as service. This means that SentinelOne is monitoring all our endpoints with us, and we don't have to do anything, because they do all the hard work. They validate the detections. So, if SentinelOne detects something on the endpoint, the SOC of SentinelOne will validate and see if it is a false positive or true positive. In case of a true positive, it will then see if there are extra steps needed. If that is the case, then SentinelOne contacts us through email asking us to do some final steps or provide them with the info.

SentinelOne was lucky because we first looked at CrowdStrike. However, they were pushing us all the time to get the deal. My manager got furious, and said, "Okay, let's stop everything. We told you we cannot decide before the end of October. That's our company rule." The pressure was too high from CrowdStrike. Therefore, we decided to have another look at SentinelOne. The first time when we saw SentinelOne, it was never mentioned in any Magic Quadrant, so it was hard for us to have a view on what the public experience was with SentinelOne. We were a little bit scared in just believing the vendor and their marketing people that it was a great, innovative product which uses smart technology and behavioral-based analysis. 

SentinelOne will not scan my hard disk. SentinelOne does not care about the hard disk. It only reacts when you execute something. So, I know when I connect my hard disk to my desktop with my tools on it, I don't have to be scared. SentinelOne will not respond, as long as I don't use the tools. A lot of other antivirus vendors, they will immediately start scanning the USB drive or external drive, and they quarantine all the tools. I don't like that. I know it seems a bit strange that it doesn't scan the USB drive. However, I don't care, as long as it protects the USB drive as soon as someone is executing or installing something. This is more convenient for me than something that scans all the time.

We evaluated other options. We were trying to have one solution for everything. We heard that SentinelOne purchased another company. Other products like Rapid7 provide multiple solutions and products for our needs. We saw that SentinelOne provided us with one product and one support system. However, even while using SentinelOne, I have to contact different teams.

I use all security tools from SIMS to DAMs, to DLP solutions, firewalls, etc.

We looked at Trend Micro before choosing this product. SentinelOne looked easier to use and it was almost a complete product. We didn't go into too much depth, and I cannot compare the detection capabilities, but the cost was a factor.

We have an IT department that may look at other options, depending on the use case. They've looked at, for example, Sophos, however, they found SentinelOne to be more suitable for us. 

We compared a few endpoint security solutions, including CrowdStrike before introducing SentinelOne to our organization

I did compare it to other solutions and found this product to be more compatible with more operating systems.

We really hadn't seen EDR solutions in action before. Our decision was based primarily on the fact that it has SolarWinds integration. 

We looked at Carbon Black. SentinelOne was more economical, and the feature set was comparable so we ultimately went with it.

We evaluated Sophos, Carbon Black, and CloudStrike before choosing SentinelOne Singularity Complete.

We simply want to compare in real-life conditions CrowdStrike, SentinelOne, Microsoft, and other legacy antiviruses such as McAfee, Micro, and so on.

I don't remember the names of the other solutions we tested because it was more than two years ago. At that time, SentinelOne was a very young, small, Israeli company with a new product. We were using another startup on our OT network and I asked them if they knew of a good EDR company and they told me there's a little company like ours, our friends, check them out. We also checked two other companies.

We did a penetration test on some solutions. A company that we work with on pen testing planted malware in Excel files, in a macro. We tested how each of the solutions alerted us on the macro and about what it was doing. SentinelOne alerted us at the moment I clicked on the mouse. When I got the popup alert from SentinelOne, I said, "That's it."

In the other software that we checked, there was a little delay because the software got the file, transferred it to the cloud, waited for the cloud to handle the file, and then got the answer back. It took about half a minute or a minute. But in half a minute or a minute, an attack can destroy half of the network. In fact, one of the others didn't detect it at all.

SentinelOne Singularity Complete was selected from a range of different providers, evaluated against other companies, and then analyzed to be the chosen product for our managed service. The capacity for innovation, ease of deployment, and streamlined management set it apart from other solutions. Additionally, its leading capability to correlate incidents into a cohesive storyline is a noteworthy aspect.

I evaluated, Norton 360, Windows antivirus, Webroot, Crowdstrike, and ESET

We evaluated main SOC companies and the solutions they provide. Most of them required a SIEM platform but not specifically an EDR solution. In the end, we chose the best and most affordable combination of SOC and EDR.

I was actually evaluating Windows Defender. I just want to check to see the selling points and the advantages of having Defender over Symantec products.

We have the option to choose different vendors. We briefly looked at other vendors. We looked at Carbon Black, Kaspersky, and ESET EDR.

We evaluated them one year ago. These vendors are comparable to traditional antivirus while SentinelOne is and all in one solution. It has everything you need. SOC analysts is straightforward and they gave us a straightforward proposal. 

It takes the same amount of time for SentinelOne to catch malware as it does other solutions. There's not much of a difference. In our case, we don't see a lot of viruses because we have a lot of levels of security that prevent them. 

We didn't evaluate other options before choosing this solution. 

Yes, I have looked into ESET, Crowdstrike, Cylance, Webroot, and many others.

We evaluated several other options, including Bromium, Carbon Black, CrowdStrike, Cylance, Forcepoint, Invincea, and some others.

No, since we already had experience with other products. As of today, we have tested one of its competitor using AI, but their overall protection still cannot be compared to how SentinelOne protects your endpoint. 

Sophos, AVG, Avast, McAfee, Kaspersky, and ESET.

Sophos Intercept X, Cylance, Traps and a few more.