We just raised a $30M Series A: Read our story
CL
Security Expert at a healthcare company with 5,001-10,000 employees
Real User
Very powerful solution that highlights threats immediately

Pros and Cons

  • "The solution is powerful because we just have to update the agent by using the console, which is simple to do. I just select the endpoints and click "Update" on the console. That is it, because it is very easy to use."
  • "I would like to improve the reports because they are not so customizable and we would like more info from them."

What is our primary use case?

We have the Core version for almost all our endpoints. We will be installing it completely for the US, who wants more products, and India, because we have experienced that India is more exposed to threats.  

We are currently updating our agents from 4.0.5 to 4.2.

How has it helped my organization?

Every day, we check threats that come from outside.

What is most valuable?

The solution is powerful because we just have to update the agent by using the console, which is simple to do. I just select the endpoints and click "Update" on the console. That is it, because it is very easy to use. 

Regarding threats, it is very powerful. It highlights them immediately on the console, then you can decide if it's a false positive or an actually real threat. 

SentinelOne's distributed intelligence at the endpoint is very powerful and works well.

What needs improvement?

I would like to improve the reports because they are not so customizable and we would like more info from them.

I cannot download all the hosts that we have on our tenant, because there is limit of 10,000. I have asked our provider to work with SentinelOne to fix this. For example, my complaint is that if I want to download an Excel file or CSV, I have a limit of 10,000 rows. However, in our tenant environment, we can download more than 16,000 rows. 

For how long have I used the solution?

We started deploying it in 2018.

What do I think about the stability of the solution?

It has been a stable product.

The process is completely automatic when an endpoint connects to the console. At that point, the agent will be updated. However, when we install a new machine, we have to install it manually, even the agent.

What do I think about the scalability of the solution?

We have never had an issue with scalability.

We have 15,447 endpoints in total with the Core version. 99.99 percent of the endpoint usage is Windows. We also use it with a few Macs and Linux. It is really powerful from this point of view.

How are customer service and technical support?

Our SOC has logged some tickets with the technical support. They have never complained about SentinelOne's support.

Which solution did I use previously and why did I switch?

Previously, we had the McAfee, which was complicated to managed. 

We heard about this SentinelOne and its new antivirus, so we contacted our consultant who organized a PoC. After the PoC, we decided to migrate the solution.

I have been satisfied with the new antivirus.

How was the initial setup?

For deploying, it takes a long time. Our process was first to install SentinelOne with McAfee, having two antiviruses in the same host. Then, we started to uninstall McAfee. That process took about six to nine months because we had a lot of endpoints to deploy.

The antivirus migration was normal. The only thing that was tricky was the removal of the McAfee tool because sometimes it worked incorrectly and didn't uninstall the antivirus.

What about the implementation team?

The installation was done by our SOC and me. Our SOC is comprised of five to six people. The SOC personnel are the same people who currently maintain the solution.

What was our ROI?

I think the solution has reduced our incident response time and mean time to repair.

Which other solutions did I evaluate?

SentinelOne is easier to use than McAfee was. With the SentinelOne console, you have everything you need, like the dashboard and configuration, which makes it easier to manage than McAfee. However, I have more experience with McAfee.

What other advice do I have?

We have a SOC managing our environment. They are very happy with features that SentinelOne provides.

We will be upgrading to complete version next year, including Deep Visibility. This includes 2,000 endpoints for the USA and India. However, we currently haven't enabled this feature.

We have never needed the solution’s one-click, automatic remediation and rollback for restoring an endpoint, but the feature is very powerful.

Biggest lesson learnt from using SentinelOne: Never trust anyone.

I would rate this solution as a 10 out of 10.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
SP
Managing Member at Pender & Associates
Real User
Top 5Leaderboard
100% Reliable with fully autonomous threat mitigation and real-time ransomware file encryption roll back, without human intervention.

Pros and Cons

  • "Our clients have been able to survive a ransomware attack without even knowing that they had had files encrypted and automatically rolled back - even their Point of Sale (POS) system did not miss a beat and the business continued as normal without interruption."
  • "All is good for now, but we cannot rest, and continuous development - in particular with regard to the areas of automation, machine learning, and artificial intelligence - is required to keep ahead of the cybercriminals."

What is our primary use case?

The product is used to provide cybersecurity protection to SMBs predominantly in the financial, manufacturing, and retail industry as well as private individuals.

SentinelOne is key in achieving compliance with the General Data Protection Regulation (GDPR) in the European Union and the Protection of Personal Information (POPI) Act in South Africa.

Resolving ransomware encrypted servers or personal computers is costly to the customer, both in repair costs and loss of business due to downtime. In addition, the customer may suffer reputational damage if any of its customer data is compromised. 

How has it helped my organization?

Our clients trust us to protect their IT systems and data. 

We use SentinelOne because it has proven itself and has never been breached. It offers us a 100% protection record and our company reputation stays intact.

Resolving ransomware encrypted servers or personal computers is both costly and time consuming to both the customer as well as the service provider - protecting against these attacks is a win-win for all.

The SentinelOne portal dashboard provides a good overview of all the sentinels deployed and offers quick access to review and resolve affected sites and endpoints

What is most valuable?

The most valuable feature is that it works and is reliable. 

Other solutions I have researched have all been breached, and as far as I can see, SentinelOne is the only one that has never been breached. It provides fully autonomous threat mitigation and ransomware file encryption roll back in real-time without human intervention.  

Our clients have been able to survive a ransomware attack without even knowing that they had had files encrypted and automatically rolled back - even their Point of Sale (POS) system did not miss a beat and the business continued as normal without interruption.

What needs improvement?

SentinelOne's ongoing updates and rate of technology improvments are adequate for now, and have kept SentinelOne ahead of the cyber criminals, but we cannot rest, and continuous development - in particular with regard to the areas of automation, machine learning, and artificial intelligence - is required to stay ahead of the cyber criminal techniques and exploits.  The "false positive" detection rate could be improved, if possible, but this should not increase the risk of the endpoint being breached.

For how long have I used the solution?

I've used the solution for over 2 years.

What do I think about the stability of the solution?

The stability is excellent.

What do I think about the scalability of the solution?

The scalability is excellent.

How are customer service and technical support?

The customer support has been okay.

Which solution did I use previously and why did I switch?

I did not use a different solution previously.

How was the initial setup?

The initial setup is straightforward. 

What about the implementation team?

We are able to handle implementations in-house.

What's my experience with pricing, setup cost, and licensing?

If you are an end-user you should procure the service through a Managed Cyber Security Systems Provider.

Which other solutions did I evaluate?

Yes, I have looked into ESET, Crowdstrike, Cylance, Webroot, and many others.

What other advice do I have?

Contact me on cybersec[at]global[dot]co[dot]za

Disclosure: My company has a business relationship with this vendor other than being a customer: We are a managed IT and cyber security services provider and deploy SentinelOne to our customers to as part of the cyber security protection service.
Flag as inappropriate
Learn what your peers think about SentinelOne. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,823 professionals have used our research since 2012.
HP
VP at a tech services company with 11-50 employees
Reseller
Top 5
Easy to set up and transparently offers effective protection

Pros and Cons

  • "The most valuable feature is that it just unintrusively works in the background to carry out the protection."
  • "Periodically we have an application that does not work correctly when SentinelOne is installed, yet performs as expected when SentinelOne is removed."

What is our primary use case?

We have SentinelOne installed on all of our workstations and servers. It is set up with the maximum protection except that Active is in Alert Mode, and everything else is blocked.

What is most valuable?

The most valuable feature is that it just unintrusively works in the background to carry out the protection. You don't have to babysit it. Instead, it will alert if it sees something, you deal with it and carry on from there.

What needs improvement?

Periodically we have an application that does not work correctly when SentinelOne is installed, yet performs as expected when SentinelOne is removed. SentinelOne gives no clue as to the problem, so to diagnose what is happening can be difficult. To make it worse, the behavior is inconsistent. Two people in the office might have the application working correctly, but a third person using the same program will have a problem.

Nothing is displayed by the agent that is running on the workstations, but it would be helpful to have a mode available where we can see feedback as to what it is doing. We wouldn't want it running all the time because there would be more overhead, but it could be helpful for debugging or diagnosing problems.

For how long have I used the solution?

I have been using SentinelOne for between six months and a year.

What do I think about the stability of the solution?

In terms of stability, it has been good so far.

What do I think about the scalability of the solution?

It appears to be scalable.

How was the initial setup?

The initial setup is very easy.

What's my experience with pricing, setup cost, and licensing?

Our licensing fees are about $5 USD per endpoint, per month.

What other advice do I have?

Overall, this is a good product and I recommend it. That said, there are always ways to make things better.

I would rate this solution a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Download our free SentinelOne Report and get advice and tips from experienced pros sharing their opinions.