SentinelOne Pros and Cons

SentinelOne Pros

KT
reviewer1444704
Network Support at a university with 1,001-5,000 employees
The best thing SentinelOne has done for us is that it gives us insight into the endpoints. We never had insight into lateral movement threats before. Once a threat known as Qbot gets on the network, it actually spreads throughout sub-networks quickly. SentinelOne has detected that and saved our bacon. We were able to get in there and stop the threat, lock it down, and prevent it from actually spreading through. It would have been 50 or 60 computers. It had spread through in a few minutes. We have a lot of HIPAA data and FERPA data that we need to keep protected.
View full review »
LC
reviewer1275819
Director - Global Information Security at a manufacturing company with 10,001+ employees
The strength of SentinelOne is that it has an automated, active EDR. It does that first level of what a SOC analyst would do, automatically, using artificial intelligence, so we can focus on other things. Active EDR not only notifies you, but it actually fixes that first level. That is unheard of. Very few, if any, companies do that.
View full review »
DS
reviewer1056855
Enterprise Security Architect at a recruiting/HR firm with 10,001+ employees
SentinelOne also provides equal protection across Windows, Linux, and macOS. I have all of them and every flavor of them you could possibly imagine. They've done a great job because I still have a lot of legacy infrastructure to support. It can support legacy environments as well as newer environments, including all the latest OS's... There are cost savings not only on licensing but because I don't have to have different people managing different consoles.
View full review »
Learn what your peers think about SentinelOne. Get advice and tips from experienced pros sharing their opinions. Updated: April 2021.
502,499 professionals have used our research since 2012.
Thorsten Trautwein-Veit
Offensive Security Certified Professional at Schuler Group
For me, the most valuable feature is the Deep Visibility. It gives you the ability to search all actions that were taken on a specific machine, like writing register keys, executing software, opening, reading, and writing files. All that stuff is available from the SentinelOne console. I'm able to see which software is permanent on a machine, and how that happened, whether by registry keys or writing it to a special folder on the machine.
I really love how simple and effective the product is. I really love the visibility it gives me into the endpoint. I really love that they open their product to the customer to enhance it with custom-made software, giving you the APIs to program it. Those are all things competitors don't have.
View full review »
Mohammad Ali Khan
Director at Pacific Infotech UK ltd
It has a one-click button that we can use to reverse all those dodgy changes made by the virus program and bring the system quickly back to what it was. That's one of the most important features.
Another valuable feature is that if a machine is infected, one that may infect other computers within the network, we have the capability of segregating that machine in the network so that it remains connected to the internet but is cut off from the other machines in the network. That helps prevent spreading of the infection. That's a very unique feature, one I have not seen in the last 10 to 15 years from any other antivirus program. That's amazing.
View full review »
DM
reviewer1083027
Information Security & Privacy Manager at a retailer with 10,001+ employees
The Deep Visibility feature is the most useful part of the EDR platform. It gives us good insights into what is actually happening on the endpoints, e.g., when we have malicious or suspicious activity. We came from a legacy type AV previously, so we didn't have that level of visibility or understanding. For simplifying threat-hunting, it is extremely useful, where traditional techniques in threat hunting are quite laborious. We can put in indicators of compromise and it will sweep the environment for them, then they would give us a breakdown of what assets have been seen and where they have been seen, which is more of a forensics overview.
View full review »
RS Mukherjee
Senior Information Security Engineer at a retailer with 5,001-10,000 employees
The Storyline feature has significantly affected our incident response time. Originally, what would take us hours, now it takes us several minutes.
View full review »
SP
Stephen Poot
Network and Security Engineer at a energy/utilities company with 1,001-5,000 employees
It is easy to manage and install. It has a very nice graphical interface that is very intuitive when end users are using it. You don't have to follow or read a book about 600 pages to have knowledge on how to use it. When SentinelOne is up and running, you can easily find your way.
View full review »
AM
reviewer1506846
Network & Cyber Security Manager at a energy/utilities company with 51-200 employees
When there is an incident, the solution's Storyline feature gives you a timeline, the whole story, what it began with, what it opened, et cetera. You have the whole picture in one minute. You don't need someone to analyze the system, to go into the logs. You get the entire picture in the dashboard. The Storyline feature has made our response time very fast because we don't need to rely on outside help.
View full review »
AE
reviewer1431807
Sr. Information Security Manager at a computer software company with 1,001-5,000 employees
Previously, we had some processes related to incident response which required more steps. We needed to upload to VirusTotal, Sandbox, et cetera. Now, this process is shortened because all of the information we need is already in SentinelOne. We can briefly analyze and even respond from one management console. If someone has SOC, using the API, they can control everything. It's very cool. I think this is the future.
View full review »

SentinelOne Cons

KT
reviewer1444704
Network Support at a university with 1,001-5,000 employees
They have tiers of support like most companies do. For the first three years, we had the top tier of their support and we would get a response from a technician quickly. We didn't have many things we had to ask of them. They would be very quick. We are now one tier down from that. The SLA for us is no longer within an hour or two. It's within half a day or something like that. As far as if I do ask a question of them, it is a little slower than what it used to be. I understand that we're at a lesser tier, but sometimes it feels like that could be a little better. I have to preface that by specifying that we're no longer paying for their top tier support.
View full review »
LC
reviewer1275819
Director - Global Information Security at a manufacturing company with 10,001+ employees
The area where it could be improved is reporting. They have some online reporting, but it would be nice to be able to pick and choose. When I'm looking at the console, I would love to be able to pull certain things into a report, the things that are specific to me.
View full review »
DS
reviewer1056855
Enterprise Security Architect at a recruiting/HR firm with 10,001+ employees
If it had a little bit more granularity in the roles and responsibilities matrix, that would help. There are users that have different components, but I'd be much happier if I could cherry-pick what functions I want to give to which users. That would be a huge benefit.
View full review »
Learn what your peers think about SentinelOne. Get advice and tips from experienced pros sharing their opinions. Updated: April 2021.
502,499 professionals have used our research since 2012.
Thorsten Trautwein-Veit
Offensive Security Certified Professional at Schuler Group
The solution’s distributed intelligence at the endpoint is pretty effective, but from time to time I see that the agent is not getting the full execution history or command-line parameters. I would estimate the visibility into an endpoint is around 80 percent. There is 20 percent you don't see because, for some reason, the agents don't get all of the information.
View full review »
Mohammad Ali Khan
Director at Pacific Infotech UK ltd
One of the areas which would benefit from being improved is the policies. There are still software programs where we need to manually program in the policies to tell the system, "This program is legitimate." Some level of AI-based automation in creating those policies would go a long way in improving the amount of time it takes to deploy the system.
View full review »
DM
reviewer1083027
Information Security & Privacy Manager at a retailer with 10,001+ employees
The role-based access is in dire need of improvement. We actually discussed this on a roadmap call and were informed that it was coming, but then it was delayed. It limits the roles that you can have in the platform, and we require several custom roles. We work with a lot of third-parties whom we rely on for some of our IT services. Part of those are an external SOC function where they are over-provisioned in the solution because there isn't anything relevant for the level of work that they do.
View full review »
RS Mukherjee
Senior Information Security Engineer at a retailer with 5,001-10,000 employees
There is an area of improvement is agent health monitoring, which would give us the ability to cap and manage resources used by the SentinelOne agent. We had issues with this in our environment. We reached out to SentinelOne about it, and they were very prompt in adding it into their roadmap.
View full review »
SP
Stephen Poot
Network and Security Engineer at a energy/utilities company with 1,001-5,000 employees
We are now using an external monitoring tool to monitor the services of SentinelOne, because apparently they don't have any solution for that. When the SentinelOne agent is down, you can go to the interface and see a mark on SentinelOne that something is not correct or the server needs to be rebooted, but you will not get an alert. You will not be warned that there is an issue with the SentinelOne agent. I have found that a little bit disturbing, because then we need to use a third-party monitoring tool to make sure that all services of SentinelOne are up and running.
View full review »
AM
reviewer1506846
Network & Cyber Security Manager at a energy/utilities company with 51-200 employees
All they need to do to improve it is for it to grow further. The hackers don't sleep. If the hackers don't sleep, the solution continually needs to be updated. They need to keep ahead of the hackers.
View full review »
AE
reviewer1431807
Sr. Information Security Manager at a computer software company with 1,001-5,000 employees
In terms of improvement, they should work on agents' updates because that is not a strong part. It's not their strong point. It's not straightforward to upgrade agents. I send them questions about it. They already worked on this and they promised that in the next release that they will show me their solution for it. But this year I have had complaints about agents' updates, that they aren't clear.
View full review »
Learn what your peers think about SentinelOne. Get advice and tips from experienced pros sharing their opinions. Updated: April 2021.
502,499 professionals have used our research since 2012.