SentinelOne Singularity Identity Reviews

Our biggest concerns were protecting our on-premise active directory environment and then our Azure AD environment. In terms of both, we wanted to understand what assets were in those environments and what security risks were associated with each and then how to most effectively remediate them.

I've been with the company only for four months. In the first two weeks of doing an assessment, I noticed a lot of very insecure and suboptimal configurations. We needed a tool that could help point out the weak spots and then remediate them as fast as possible.

The biggest value for us is getting a much better picture of what our risks are. They also have a really feature-rich way to automatically remediate a lot of those risks And if, let's say, the automatic remediation does not work correctly or maybe has internet sequences, then you can automate the rollback of that. For example, if you find ten accounts that have something wrong with them in Active Directory, you can deploy a script that'll fix the configuration of those accounts. However, if something breaks, you could roll it back to that configuration change and then do some more testing or do investigations and then redeploy the fix once you're happy with it. That's the biggest thing for us. We're not spending hours going through manually to find these configuration weaknesses and then have the manual administrator.

The Singularity console provides us with some sort of a unified view. You've got, when you first log in, a dashboard. It's got a default landing page that gives you a very good understanding of what sort of risks you have and where they're located. You can then drill down into various panels to investigate further.

The unified view is extremely important for our organization.

A lot of these things could be solved manually. However, the level of effort required to identify and resolve these things is high; this makes it much faster.

It is extremely easy to manage our environment using the console.

The product’s ability to protect identities from exploitation is good. We're very happy with it at this point. The dashboard gives me, for example, the number of detections. It's got a chart with time-based attacks and helps drill into the top five. It gives us a summary of the health of the environment in terms of high, medium, and low vulnerabilities. Then we can go through those. We can focus on the very high vulnerabilities and go from the highest down to the lowest.

A lot of those features came from an acquisition of a different company. Actual SentinelOne employees are making a lot of changes right now to fully integrate those components into one security solution portfolio. The recommendation would be to make deployment just a little bit easier. Of course, they talked about it on the road map, so it will settle out naturally. They're aware of the issue. They want to make it better; it's just not quite there yet.

I've been using the solution for a few months. We're relatively new customers, although I have used SentinelOne itself before. 

We've had no issues with stability. I'd rate the stability as excellent, ten out of ten. 

We're a small environment. We're two hundred employees, with less than 1,000 devices in our computing environment. For us, we have no scalability issues. I can't speak to how well it would run in a Fortune 500 company.

We've opened a few cases with technical support. 

It was very good. They got back to us very quickly. Usually, after one to two interactions, we had the issue resolved. If we were able to explain it well when opening the ticket, then we would have a response back that resolved it the first time. In some cases, we did provide all the information and they had to come and ask some clarifying questions. 

Positive

We did not run anything prior to using this solution. We had default tools and Microsoft, including things like Microsoft Identity Protection. However, we did not have a third-party product. 

There were only two of us involved in the deployment. 

It was relatively straightforward with the exception of just a few configurations. A lot of this technology came from an acquisition and since they're integrating it into the SentinelOne portfolio, some small things had to be adjusted that were not apparent to us as an end user. It would take a deployment engineer to really get it set up and working.

We implemented the solution with the help of a professional services team. 

We haven't calculated a hard ROI or run some sort of quantitative evaluation. That said, from a qualitative standpoint, we're significantly better off. Even conservatively, looking at my time and our information security analyst's time, we're probably saving maybe 200 hours a year, if not more, in terms of investigating, remediating, et cetera. It gives us more time back.

The pricing for us was very competitive. It was actually probably 30% cheaper than CrowdStrike.

We evaluated a lot of CrowdStrike Solutions. Those are slightly different. They do have some identity protection solutions available. However, we couldn't get all the components to even work on the CrowdStrike side as part of the POC. And then even when we did get it to work they didn't seem to have the same level to completely listen or cover. They had no auto-remediation capabilities. It was just more of a dashboard to show you areas where you had some security risk, and then they would provide some guidance in terms of how to remediate it, however, all that remediation was manual. That was it. 

For someone who's researching Singularity, yet they're running Windows Defender still may need Singularity. Defender doesn’t have the level of capabilities that this does. Based on our testing, it's a great endpoint security solution, and we're actually running it in concert with this one. We have Defender for the endpoint and installed it as well. However, as a detection response solution, Defender is kind of a backup. The information we get on the Defender console is helpful, yet it doesn't give the same level of granularity or the other automated remediation capabilities. Defender is the baseline; I wouldn't throw it out. I would keep it and still put Identity in the environment. You'll get more value out of Identity than you will out of Defender.

I'd rate the solution ten out of ten. 

I'd advise others to not just sit through a demo; run a proof of concept and get it in your environment if you can. That will give you more information and a much better feel for how it is and how it can help you improve your security posture. 

We use SentinelOne Singularity Identity as our Extended Detection and Response solution. I engage with it daily since it's essentially one of my routine tasks. I access the platform to monitor our environment, check for any incidents, and address any related matters.

We began utilizing the solution primarily to manage response to detections, mainly for threat detection.

SentinelOne Singularity Identity has assisted our organization in reducing manual workload and providing alerts when issues arise in our environment.

It Identity provides a unified view.

Managing our environment using SentinelOne Singularity Identity console is easy. It is extremely easy to push agent updates using the console.

It does a great job protecting identities from exploitation.

Singularity Identity does a good job of providing us with visibility into our attack surface risk and where we should be looking.

SentinelOne does a good job of detecting and preventing threats.

SentinelOne Singularity Identity has helped reduce our MTTD by hours because we have moved from manual identification to automated.

All the features within the XDR are valuable as a whole for our organization.

The first-level support has room for improvement. We are consistently having to request escalations, particularly when we need to add exclusions for false positive readings. Their typical response is that we can create exclusions, but we disagree. For instance, if a manufacturer installs rpc.net or a similar locating device on our external laptop, that should be an exclusion handled on the SentinelOne side. It shouldn't be our responsibility. This is just one example. Additionally, SentinelOne often claims that their first-level support provides a dedicated exclusion, but we usually disagree with this assessment and push back.

I have been using SentinelOne Singularity Identity for three and a half years.

I give the stability of SentinelOne Singularity Identity a ten out of ten.

I give the scalability of SentinelOne Singularity Identity a ten out of ten.

The first-level support needs improvement but the other levels are great.

Positive

We have seen a return on investment.

The cost of SentinelOne Singularity Identity is better than CrowdStrike.

We also evaluated CrowdStrike but  SentinelOne Singularity Identity was a better fit for our environment.

I would rate SentinelOne Singularity Identity a nine out of ten. I recommend using SentinelOne Singularity Identity as an additional layer of security, which also aids in reducing manual workload.

I also recommend that those who are evaluating the solution ensure they complete their work on the front end so that the rest of the deployment proceeds smoothly.

We have deployed SentinelOne Singularity Identity across 3,000 endpoints spanning multiple clouds, departments, and users. 

We use SentinelOne Singularity Identity to end AD credential misuse when working from home. We wanted to make sure that our environment was secure and place any defection-based endpoints on lockdown. The solution ensured that we were able to detect AD attacks and steer attackers away. We also wanted to make sure we were hiding our local data.

We're a lot more secure with SentinelOne Singularity Identity. We're more confident that we're going to be on top of any threats, and we'll get alerted right away. Anytime a password expires, my coworker sets up a report. We're really on top of all our user AD accounts.

I was recently able to customize the UI, including the filters, based on my use case. Having high visibility into all of our network concerns and a customizable UI are the most valuable features. The solution only requires one reboot to finish the installation. The solution's real-time protection is also really beneficial for us.

The last time I called to receive support, it wasn't as fast as I wanted. The resolution turnaround from SentinelOne Singularity Identity's support should be improved.

I have been working with SentinelOne Singularity Identity since February 2022.

I found SentinelOne Singularity Identity a lot more friendly in terms of performance. The solution shows no lagging, and it works very well.

SentinelOne Singularity Identity has the ability to work with different operating systems devices.

I rate SentinelOne Singularity Identity's scalability an eight out of ten.

We raised a support case with the solution's technical support team. We called the support team and tried to get help to run a report to see which devices were actually utilizing SentinelOne. We also had another report question about how we could take a look at AD accounts with expired passwords.

The support agent on the other line didn't seem very familiar with the product, and that was pretty much it. When they told us they would get back to us with more information, it took a while. They got back to us three weeks later when we had already figured it out on our own.

Neutral

The solution's initial setup was very straightforward.

I was involved in the solution's deployment in our organization. The rest of our tier two team and I worked with the trainers, implementation coordinators, and agents at SentinelOne. They walked us through the setup, which took around three to four weeks. Since we deployed on the cloud, we didn't need to set up VMs for any SentinelOne servers. We just provided access to our AD and the information they needed, like our server names. We set them up with accounts with which they could get into our AD servers, and that was it.

We have seen a return on investment with SentinelOne Singularity Identity. The comfort level, the reports we get, and our confidence in the security of our AD accounts are definitely worth the investment in the solution.

The solution barely met the budget for this project. SentinelOne could find ways to help healthcare institutes by lowering the solution's cost for hospital implementations. The pricing is a bit high.

We didn't use a different solution before SentinelOne Singularity Identity, we just had an AD. One of the reasons why we chose to go with Singularity Identity is that we moved over our Outlook Mailbox 365 accounts to the cloud. Previously, we had on-site exchange servers with the mailboxes, and we moved all those mailboxes to the cloud.

Since they're all linked with the AD credentials, we needed something a lot more secure. We moved 800 mailboxes to the cloud, and Singularity Identity helped us with that transition. We never had a product like Singularity Identity just to monitor AD.

I would tell users to book a demo first. Then, if they do decide to implement SentinelOne Singularity Identity, they should work with support or even their vendor support for the network firewall.

We had to set up a lot of exclusions on our firewall and even Windows firewalls on our AD server to ensure we weren't blocking any network traffic when a rule was added or deleted. My advice to users would be to ensure they are careful with the network firewalls when deciding to move forward with implementation.

Singularity's console provides a unified view, which works very well. We're able to monitor all of the different areas in our infrastructure. We even have the ability to run reports where we're in touch with support and our trainers from SentinelOne. They ensure that we know how to use the product and show us how to make our infrastructure more visible.

This unified view is very important for our organization. We widened the net for compromised devices to include managed and unmanaged devices. Even if our server runs a different OS, we can get a lot of actionable information related to that asset. If I have a couple of MacBooks, it doesn't really matter what the OS is. I can store that information in Sentinel. The solution really allows us to have more functionality with an active directory.

SentinelOne Singularity Identity is doing a good job of protecting identities from exploitation. Identity-based threats are one of the biggest weaknesses of malicious attacks. We get a lot of spam emails, and at the end of the day, they're just trying to get AD credentials.

SentinelOne Singularity Identity really helps improve our identity security posture. We're able to provide the team and even the managers and IT director here with real-time alerting and deception capabilities. We really trust SentinelOne Singularity Identity.

We're really happy with Singularity Identity's ability to provide visibility into our attack surface risk. The amount of information the solution allows us to get and the real-time alerts are really helpful.

Singularity Identity helped reduce our mean time to detect identity-based attacks. We have reduced the time we take to jump into servers and then run reports on our own because we've got the dashboard on a monitor in our office. We have real-time alerts right on the monitor. Anytime we see a red alert, we're on top of it. It makes monitoring a lot easier.

I would tell someone researching SentinelOne Singularity Identity that they need to do a demo with SentinelOne. There, they will be able to see the solution's pros and cons. They can see for themselves how it's a much more effective tool than Windows Defender.

If they book a demo, they will be convinced to get hold of a SentinelOne agent to look at some cost agreements and implementation. The bottom line is that SentinelOne Singularity Identity is the best anti-malware. It is a lot better than Microsoft Defender, and they would be convinced after a demo.

Overall, I rate SentinelOne Singularity Identity an eight out of ten.

I primarily use the solution for endpoints. I can monitor if any situations develop.

It's really more of an assurance. We don't need it to solve any issues. We can look at various threats or agents and items of that nature. It helps increase our security posture. 

The product saves us a lot of time so that we can focus on other things.

It gives us a lot of flexibility in terms of agent usage for EDR. I can decommission agents and put them somewhere else. It also gives us deep visibility. 

The incident and threat logs are great. I might have to restart an agent. I might have to decommission an agent. To be able to do that very quickly saves me a lot of time. The product gives me a lot of deep visibility.

The solution provides a good unified view. I do know exactly where I need to go. The layout is good. 

It's extremely easy to handle the management console. I can see what is up and cross-correlate easily.

The product's ability to protect identities from exploitation is good. It does a fair job. I'm not saying it's the best, however, it does a fair job. Vulnerabilities are detected every day.

We do get visibility into our attack surface risk. It is decent. There are other solutions out there that do a little better job. However, it's okay.

Its ability to detect and prevent threats is pretty good. Sometimes we do get a lot of false positives. We'll have to go through it and see things on a deeper level. It's fairly good.

The product has helped reduce our mean time to detect. It has definitely saved us a good couple of hours for a week for sure.

Dealing with customer support, if we do have an issue can take time. In one case, a couple of agents weren't working and we didn't know why. We needed more response customer service. 

Sometimes I get kicked out of the console. I don't know why.

Other than that, the solution is good and there are no missing features. 

I've used the solution for one year and eight months.

The stability is very good.

The solution has good scalability.

Given how fast our industry works, if we could get a response within 24 hours, that would be great. Often, support will refer us to an article. That's great, yet not helpful. We've had situations where we submitted three or four tickets and had to get someone on the phone. We had to go through three levels and in the meantime, we still had the issue with some of our agents. They need to offer a quicker response.

Neutral

I was not involved in deployment.

The solution saves us time and money and therefore we have witnessed a positive ROI.

The pricing is a bit higher than what we expected. However, we were recommended this solution.

We did evaluate other options. 

I'm an end-user.

Windows Defender is great, however, if a company is looking for deeper visibility, this is a good solution. 

I'd rate the solution seven out of ten. 

The product will be different for everybody. People need to go in with their eyes wide open.

We were using the solution more as an endpoint security. It protects against cyber threats and offers improved protection against particular cyber threats. It has SIM capabilities and XDR. We use the security based-incident management and the capabilities of XDR in terms of threat hunting and threat intelligence.

The XDR capabilities are very good. 

If you get attacks and need to cross-correlate across attacks, it's very helpful.

It offers quality threat intelligence. You can look into it very fast. 

If a threat has happened many times, we can automate remediation for that specific threat.

When it comes to security operations, we can show a complete integrated dashboard that shows risk, score, value, and threat status.

It provides us with a unified view. The cross-sectional correlation is good. That's technically what it is. It shows when attacks are happening or when attacks are happening. We can do comparisons and find resolutions or figure out a time to resolution. You can centralize it or use it from an endpoint. 

Managing the environment is okay. You can't manage it with one singularity console. It doesn't have observability capability or event correlation. As part of a bigger solution, it does its job. However, you need to use multiple solutions for a holistic approach. It will improve the visibility of threats, however, to eliminate blind spots and help you understand threats better.

The threat detection, investigation, response, and hunting are good. It helps provide visibility across the stack. 

Whenever a threat is detected, it can quickly find a resolution with respect to MTTR. It looks into the entire history of the logs and coordinates with the source system. There will be a resolution to resolve the root cause. Then, you can automate it, so that, in the future, if there are any similar attacks, the solution will get triggered. This helps with our overall mean time to resolve. When you have an SLA< you'll need to have a resolution within the SLA. It helps us to ensure there's a workaround so we can get a resolution within 30 minutes. You can achieve 99% of issues if it's already a part of the attack vectors. 

The root cause of automation could be better. If you have a complex ecosystem, you need an automated threat response mechanism. We'd like an automated correlation of threats.

The SOC efficiency could be better. It would help improve the MTTR.

I've been using the solution for the last three or four years.

They still need to work on a fully integrated solution, which they are planning to build over time. 

The solution has been scalable for me. However, it depends on how it is interacting with security-based orchestration. If an organization keeps expanding, there needs to be scalability between vendors in the case of third-party integration. 

Technical support knows the product and its functionality. The problem is during practical scenarios when the product is integrated with third-party products. It's very easy for Microsoft to say it's not their particular problem or that they can't pinpoint the problem due to the third party.

Neutral

There are a lot of good solutions, such as Elastic, which is open-source. With the same agent, you'd get search, security, et cetera, so you won't need multiple licenses. 

Sumo is another good tool that's good for both SMBs and enterprises. It has correlation and search capabilities. The events are correlated, and alerts are separated and that's given to you out of the box.

There are Microsoft solutions that don't have as many tools out of the box. 

Doing a business case analysis, retooling is required for an end-to-end scenario if you use Microsoft. 

I validated the design and configuration. I wasn't hands-on with the implementation. 

If it is a Microsoft shop, it's a straightforward setup.

Integrations make the setup more complex. If the customer has a hybrid scenario, you need to have certain configurations. When you get into SOAR, you may run into issues. Out-of-box integrations will not be clear. 

When you write workflows, these workflows have a breakage, or you have siloed data streams. You don't have a mechanism for monitoring these. There has to be a mechanism for monitoring, otherwise, you won't know something is not working until it has broken down. Microsoft does not offer something like this out of the box. 

We have various people qualified to handle implementations. We have our own integrators. 

It's hard to break down the ROI on an individual product with fewer capabilities. 

If a company is a Microsoft shop, it makes sense to stick with Microsoft tools. It doesn't have mature SIEM capabilities or root cause analysis. It does not have a seamless integrated log management solution within various environments. Large enterprises might have Linux and Unix-based solutions. Then it makes sense to look for solutions that offer more end-to-end security options. Microsoft may look like a cheaper solution; however, when you break it down, it won't be less expensive. You'll need more tools. 

Windows Defender comes by default with Windows. When you are using Sentinel One on top, it depends on the firewall solution you are using in between. From an endpoint perspective, if these are going to your endpoints, you may have a choice of having separate antivirus solutions, and Defender may be disabled. Singularity still works as it's a centralized solution. 

I'd rate the solution six out of ten. 

We use SentinelOne Singularity Identity for the security of our whole network environment. We use the solution to protect the identity of our company. Before using SentinelOne, we had an incident where we were compromised. We went with SentinelOne to overcome such compromise issues and the safety of our environment because it had some good reviews.

We have not been compromised because of the solution. We have not faced any issues of hacking or malicious incidents. With SentinelOne Singularity Identity, malicious files get directly detected, and the system gets quarantined. The solution keeps our work very smooth. We're not having trouble with it or because of it at all. On the contrary, the solution makes our work easier.

SentinelOne Singularity Identity is very lightweight as an agent or software. It's very lightweight and doesn't consume resources from any computer. It's not a burden on a system, which makes it a very good agent or product to use. It's an efficient solution.

The solution's support is available 24/7. I'm in touch with the solution's support team since we recently got their mobile application protection. SentinelOne's support, APIs, marketplace, and response time are amazing so far.

A query raised with the solution's support team takes a day or two to get resolved. The solution's query resolution time could be reduced further, and a faster resolution could be provided.

We've been using SentinelOne Singularity Identity for one year and two months.

So far, we haven't faced any bugs or stability issues with SentinelOne Singularity Identity. We've been really happy with the solution.

SentinelOne Singularity Identity is a scalable solution.

Before SentinelOne Singularity Identity, we were using CrowdStrike. We switched to SentinelOne Singularity Identity because of functionalities since we were compromised while using CrowdStrike.

SentinelOne Singularity Identity's implementation was simple.

The deployment was done with the assistance of SentinelOne's professional team, and it was not complex. The solution's deployment was done within a few hours, and only I was involved from our company in the deployment process.

It's only been a year since we started using SentinelOne Singularity Identity. Considering the services and peace of mind we are getting against the amount we paid for the solution, the return on investment has been good.

SentinelOne Singularity Identity's pricing is cheaper than CrowdStrike and is really good.

SentinelOne Singularity Identity console provides a unified view. It makes your work faster and easier to get an overview of your whole organization. It helps us to see where the problems are, what needs to be fixed, or if everything's fine. It does help us save time.

It's very easy to manage our environment using the Singularity console.

SentinelOne Singularity Identity’s ability to protect identities from exploitation is very good. We had a few incidents where it blocked even ransomware attacks for us. It did a really great job of protecting us and keeping us safe.

SentinelOne Singularity Identity provides deep visibility into our attack surface risk.

SentinelOne Singularity Identity's ability to detect and prevent threats is really good. It blocks and notifies the IT team if it finds anything malicious or suspicious running in the processes. Then, we can assess whether it's malicious or not. If we analyze something as a false alarm, the solution keeps that thing in mind and does not bother us again for the same issues in the future.

Singularity Identity has helped reduce more than 50% of our mean time to detect identity-based attacks. It gives deep visibility on where and how something initiates so we can directly go to the root cause instead of finding out how or where it started. So, it does give us a boost in our time.

I have not used Windows Defender, so I cannot comment much on it. SentinelOne Singularity Identity has been much easier to use, understand, and contact support than the other third-party protection software we used. I would recommend others to try it at least for a week or a month to see the difference. They can observe how its AI learns, behaves, improves your work environment, protects it, and keeps it safe.

Based on my experience, I have been really enjoying this solution. I recommend that people try SentinelOne Singularity Identity for at least a week and then compare and evaluate it with other competitors. There will definitely be a huge change in their perspective.

Overall, I rate SentinelOne Singularity Identity ten out of ten.