SentinelOne Overview

SentinelOne is the #2 ranked solution in our list of endpoint security software. It is most often compared to CrowdStrike Falcon: SentinelOne vs CrowdStrike Falcon

What is SentinelOne?

SentinelOne delivers autonomous endpoint protection through a single agent that successfully prevents, detects, responds, and hunts attacks across all major vectors. Designed for extreme ease of use, the S1 platform saves customers time by applying AI to automatically eliminate threats in real-time for both on-premise and cloud environments and is the only solution to provide full visibility across networks directly from the endpoint. To learn more visit www.sentinelone.com or follow us at @SentinelOne, on LinkedIn or Facebook.

SentinelOne is also known as Sentinel Labs.

SentinelOne Buyer's Guide

Download the SentinelOne Buyer's Guide including reviews and more. Updated: July 2021

SentinelOne Customers

Havas, Flex, Estee Lauder, McKesson, Norfolk Southern, JetBlue, Norwegian airlines, TGI Friday, AVX, Fim Bank

SentinelOne Video

Pricing Advice

What users are saying about SentinelOne pricing:
  • "Pricing is a bit of a pain point. That's where we have not been able to convince all of our customers to use SentinelOne. The pricing is still on the higher side. It's almost double the price, if not more, of a normal antivirus, such as NOD32, Kaspersky, or Symantec."
  • "We are on a subscription model by choice. Therefore, we are paying a premium for the flexibility. We would have huge cost savings if we committed to a three-year buy-in. So, it's more expensive than the other solutions that we were looking at, but we have the flexibility of a subscription model. I think the pricing is fair. For example, if we had a three-year tie-in SentinelOne versus Cylance or one of the others, there is not that much difference in pricing. There might be a few euro or dollars here and there, but it's negligible."
  • "The licensing is comparable to other solutions in the market. The pricing is competitive."
  • "The pricing level for this service and application was very interesting for us. I don't know exactly what the price was, but apparently it was a big surprise that the SOC was also included in our pricing model."

Filter Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
KT
Network Support at a university with 1,001-5,000 employees
Real User
Top 20
Made a tremendous difference in our ability to protect our endpoints and servers

What is our primary use case?

SentinelOne performs primary functions for our endpoint antivirus and anti-malware solutions. It's a centralized managed version of an antivirus product that gives real-time information on any kind of threat we might receive. It's very broad. It not only protects through signature defense, which is like what most common antivirus products do, but it also does behavioral which has been absolutely lifesaving here a couple of times. It has saved our bacon more than once by detecting threats. It even detects zero-day threats because it detects them through their behavior. It doesn't need a… more »

Pros and Cons

  • "The best thing SentinelOne has done for us is that it gives us insight into the endpoints. We never had insight into lateral movement threats before. Once a threat known as Qbot gets on the network, it actually spreads throughout sub-networks quickly. SentinelOne has detected that and saved our bacon. We were able to get in there and stop the threat, lock it down, and prevent it from actually spreading through. It would have been 50 or 60 computers. It had spread through in a few minutes. We have a lot of HIPAA data and FERPA data that we need to keep protected."
  • "They have tiers of support like most companies do. For the first three years, we had the top tier of their support and we would get a response from a technician quickly. We didn't have many things we had to ask of them. They would be very quick. We are now one tier down from that. The SLA for us is no longer within an hour or two. It's within half a day or something like that. As far as if I do ask a question of them, it is a little slower than what it used to be. I understand that we're at a lesser tier, but sometimes it feels like that could be a little better. I have to preface that by specifying that we're no longer paying for their top tier support."

What other advice do I have?

I could not recommend SentinelOne highly enough. The one thing about this product is something I very seldom say when it comes to almost anything in life, sadly, is that I trust it. I trust this program to be well taken care of on the backend. I trust this program to do its job on the frontend. I trust the endpoint and network security of our university to this product. I have no doubt that we're in good hands. It has proven itself with ransomware, proven itself with Qbot infections, proven itself with a multitude of end-users. We had a pen tester on campus that was actively trying to hack…
LC
Director - Global Information Security at a manufacturing company with 10,001+ employees
Real User
Does what a first-level SOC analyst would do, notifying us of, and remediating, issues at that level

What is our primary use case?

In general, we replaced our entire antivirus and anti-spyware with SentinelOne. We use it across all platforms, from servers to workstations, to Macs, to Windows, to Linux, Virtual Desktop Infrastructure, and embedded systems - on-premise and in the cloud. We also use their console and their threat-hunting. We needed a solution that was simple and intuitive, without having multiple agents. We have also started evaluating their IoT, for the discovery of all IoT devices. This is

Pros and Cons

  • "The strength of SentinelOne is that it has an automated, active EDR. It does that first level of what a SOC analyst would do, automatically, using artificial intelligence, so we can focus on other things. Active EDR not only notifies you, but it actually fixes that first level. That is unheard of. Very few, if any, companies do that."
  • "The area where it could be improved is reporting. They have some online reporting, but it would be nice to be able to pick and choose. When I'm looking at the console, I would love to be able to pull certain things into a report, the things that are specific to me."

What other advice do I have?

Have a look at it. Compare it. It's a very good product to have. It gives you a lot more insight. It has combined many products into one agent and it's expanding. There are a lot of things it can do now on the cloud, like containers. It gives you insight into a lot of the threats with the hunting ability. I have learned from the tool to see how our environment is. I've learned about certain behaviors of our applications, just by observing what pops up. There is a console that is in the cloud and there are agents that are all over. You put these agents on Macs or Windows or Linux, or on…
Learn what your peers think about SentinelOne. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
523,975 professionals have used our research since 2012.
DS
Enterprise Security Architect at a recruiting/HR firm with 10,001+ employees
Real User
Top 10
Single pane of glass allows us to run a lean team while protecting tens of thousands of endpoints around the world

What is our primary use case?

We use it for endpoint protection. It's an active EDR endpoint protection tool. Think of it as an antivirus and endpoint protection solution with machine learning, like McAfee on steroids. In our company it is deployed in 83 countries and on over 40,000 workstations and servers.

Pros and Cons

  • "SentinelOne also provides equal protection across Windows, Linux, and macOS. I have all of them and every flavor of them you could possibly imagine. They've done a great job because I still have a lot of legacy infrastructure to support. It can support legacy environments as well as newer environments, including all the latest OS's... There are cost savings not only on licensing but because I don't have to have different people managing different consoles."
  • "If it had a little bit more granularity in the roles and responsibilities matrix, that would help. There are users that have different components, but I'd be much happier if I could cherry-pick what functions I want to give to which users. That would be a huge benefit."

What other advice do I have?

Do your homework. I would encourage everybody, if you have the capabilities, to do what I did and test it against everything out there. If you don't have those capabilities and you want to save yourself a lot of time, just go straight to SentinelOne. I cannot imagine any organization regretting that decision. With the news stories you read about, such as hospitals under attack from malware and crypto viruses—with all the bad actors that exist, especially since the pandemic took over—if you want to protect your environment and sleep soundly at night, and if you're in the security industry, I…
Thorsten Trautwein-Veit
Offensive Security Certified Professional at Schuler Group
Real User
Top 10
For the first time we're able to systematically search all our clients, see what they are doing and if there are intruders

What is our primary use case?

We are mainly using it to replace a product we used before for antivirus. My specific use case for SentinelOne is threat hunting. I'm a security professional in our organization, doing offensive security. I do pen tests and analysis, and I'm hunting for intruders in our network. That's the context in which I'm using SentinelOne.

Pros and Cons

  • "For me, the most valuable feature is the Deep Visibility. It gives you the ability to search all actions that were taken on a specific machine, like writing register keys, executing software, opening, reading, and writing files. All that stuff is available from the SentinelOne console. I'm able to see which software is permanent on a machine, and how that happened, whether by registry keys or writing it to a special folder on the machine."
  • "I really love how simple and effective the product is. I really love the visibility it gives me into the endpoint. I really love that they open their product to the customer to enhance it with custom-made software, giving you the APIs to program it. Those are all things competitors don't have."
  • "The solution’s distributed intelligence at the endpoint is pretty effective, but from time to time I see that the agent is not getting the full execution history or command-line parameters. I would estimate the visibility into an endpoint is around 80 percent. There is 20 percent you don't see because, for some reason, the agents don't get all of the information."

What other advice do I have?

The biggest lesson I have learned is that SentinelOne is an antivirus product which gives you, on the one hand, all information you could dream of if you need to analyze software or malware, especially, on the machine. On the other hand, it's simple and fast and easy to use, and that's something I really appreciate. We have been playing around with the solution's ActiveEDR technology, to get an idea of what is possible. We have not gotten so far that we use it for building KPIs and the like. But we have noticed it and it seems it could be a big game-changer for us, but I can't really provide…
Mohammad Ali Khan
Director at Pacific Infotech UK ltd
Real User
Top 10
Automatic remediation and rollback help us minimize the number of technicians needed to support customers

What is our primary use case?

We are a managed services provider. We are not just using it for ourselves, but we are also supporting it and deploying it for a number of our customers. The primary use case is that it's endpoint protection software and we use it to protect our end customers' endpoints, whether they are Apple or computers, laptops or servers. SentinelOne is software as a service, but it has an agent that has to be installed on a computer or a server onsite.

Pros and Cons

  • "It has a one-click button that we can use to reverse all those dodgy changes made by the virus program and bring the system quickly back to what it was. That's one of the most important features."
  • "Another valuable feature is that if a machine is infected, one that may infect other computers within the network, we have the capability of segregating that machine in the network so that it remains connected to the internet but is cut off from the other machines in the network. That helps prevent spreading of the infection. That's a very unique feature, one I have not seen in the last 10 to 15 years from any other antivirus program. That's amazing."
  • "One of the areas which would benefit from being improved is the policies. There are still software programs where we need to manually program in the policies to tell the system, "This program is legitimate." Some level of AI-based automation in creating those policies would go a long way in improving the amount of time it takes to deploy the system."

What other advice do I have?

Go for it. It's an absolutely brilliant product. But understand what it is before starting to deploy. Unless you understand the product, you will not know how to use it to the best of its best capabilities. The solution's Behavioral AI works with and without a network connection, providing the internal protection. But having that network connection is important because it will then be able to report it to the central dashboard. While it will do what it has to do locally, it's helpful when the agent reports back to the central dashboard so that the IT Admin can take action. It is important that…
DM
Information Security & Privacy Manager at a retailer with 10,001+ employees
Real User
Top 20
By using the Deep Visibility feature, we found some previously unknown persistent threats

What is our primary use case?

Our use cases are for client and server visibility in our enterprise and operational technology environments, as EPP and EDR solutions.

Pros and Cons

  • "The Deep Visibility feature is the most useful part of the EDR platform. It gives us good insights into what is actually happening on the endpoints, e.g., when we have malicious or suspicious activity. We came from a legacy type AV previously, so we didn't have that level of visibility or understanding. For simplifying threat-hunting, it is extremely useful, where traditional techniques in threat hunting are quite laborious. We can put in indicators of compromise and it will sweep the environment for them, then they would give us a breakdown of what assets have been seen and where they have been seen, which is more of a forensics overview."
  • "The role-based access is in dire need of improvement. We actually discussed this on a roadmap call and were informed that it was coming, but then it was delayed. It limits the roles that you can have in the platform, and we require several custom roles. We work with a lot of third-parties whom we rely on for some of our IT services. Part of those are an external SOC function where they are over-provisioned in the solution because there isn't anything relevant for the level of work that they do."

What other advice do I have?

Give SentinelOne a chance. Traditionally, a lot of companies look at the big brand vendors and SentinelOne is making quite a good name for itself. I have actually recommended them to several other companies where I have contacts. Several of those have picked up the solution to have a look at it. You need to know your environment and make sure it is clean and controlled. If it's clean and you have control, then you will have no problems with this product. If your environment isn't hygienic, then you will run into issues. We have had some issues, but that's nothing to do with the product. We…
RS Mukherjee
Senior Information Security Engineer at a retailer with 5,001-10,000 employees
Real User
Top 10
The Storyline feature significantly simplifies the investigation and research related to threats

What is our primary use case?

There are four use cases: * Endpoint visibility. * Endpoint protection, which includes detection, protection, and error response. We use this for protection endpoints as well. * Provides historical loss of any events or changes in files that may have happened in the last 90 days. * Threat hunting, which we use to troubleshoot applications. There are different versions. The SaaS portal has a different version. The agents for each operating system have a different version. For the SaaS platform, we are on the current release. For the agents, we are one behind the current GA release.

Pros and Cons

  • "The Storyline feature has significantly affected our incident response time. Originally, what would take us hours, now it takes us several minutes."
  • "There is an area of improvement is agent health monitoring, which would give us the ability to cap and manage resources used by the SentinelOne agent. We had issues with this in our environment. We reached out to SentinelOne about it, and they were very prompt in adding it into their roadmap."

What other advice do I have?

It is a very good tool that is easy to deploy and manage. The administration over it is little to none. However, depending on the environment and whoever is trying to deploy the agents, they should test it with the vendor environment before they go and deploy it to production. The reason why is because SentinelOne has the ability to be tuned for optimization. So, it is better to understand what these optimizations would be before deploying them to production. That way, they will be more effective, and it will be easier to get buy-in from the DevOps team and the infrastructure team managing the…
SP
Network and Security Engineer at a energy/utilities company with 1,001-5,000 employees
Real User
Top 20
Easy to manage and install; gives time back to our team

What is our primary use case?

SentinelOne monitors our infrastructure 24/7.

Pros and Cons

  • "It is easy to manage and install. It has a very nice graphical interface that is very intuitive when end users are using it. You don't have to follow or read a book about 600 pages to have knowledge on how to use it. When SentinelOne is up and running, you can easily find your way."
  • "We are now using an external monitoring tool to monitor the services of SentinelOne, because apparently they don't have any solution for that. When the SentinelOne agent is down, you can go to the interface and see a mark on SentinelOne that something is not correct or the server needs to be rebooted, but you will not get an alert. You will not be warned that there is an issue with the SentinelOne agent. I have found that a little bit disturbing, because then we need to use a third-party monitoring tool to make sure that all services of SentinelOne are up and running."

What other advice do I have?

We have a partially view of the Storyline technology because we don't have the full license of SentinelOne. The Storyline technology's ability to auto-correlate attack events and map them to MITRE ATT&CK tactics and techniques is very clear and nicely presented. They make it very clear on what phase it is in the attack. If it's a lateral movement, they make it very easy. I'm very happy with that. I would rate this solution as a 10 out of 10.
See 15 more SentinelOne Reviews
Buyer's Guide
Download our free SentinelOne Report and get advice and tips from experienced pros sharing their opinions.