SentinelOne Valuable Features

reviewer1275819
Director - Global Information Security at a manufacturing company with 10,001+ employees
The strength of SentinelOne is that it has an automated, active EDR. It does that first level of what a SOC analyst would do, automatically, using artificial intelligence, so we can focus on other things. Active EDR not only notifies you, but it actually fixes that first level. That is unheard of. Very few, if any, companies do that. The reason we went into this whole selection process and selected SentinelOne is that their strategy is "defense-in-depth." They do not only do what the traditional AV endpoint security solutions used to do, but they go further by looking at behaviors and patterns. Additionally, their big differentiators are in the dept of behavior analysis. There are other companies that claim this - albeit in a lighter flavor. The whole behavioral analysis helps us get to the root causes. We can understand and pictorially see the "patient zero" of any threat. It shows the first one who got whatever that threat is. When you look at their console and you see a threat, you can not only pick up the raw data to do forensics on it, but it can actually tell you a storyline: who patient zero was and how this whole threat has spread through your environment or on that machine itself; how it happened. Then, you can check on these things yourself. That's crazy good. In addition, there is no dependency on the cloud to fully protect. Many products you see today, especially those called next-generation, depend on getting some information from the cloud. With this solution, you don't need to connect. It has the intelligence on the endpoint itself. That's useful because you're not always connected to the cloud. You could be in a lab. We've got laboratories where they aren't necessarily connected to the internet, but you want to have the latest intelligence of machine learning to see that you're doing the right thing. SentinelOne doesn't have to be connected. It's already got that behavioral stuff built-in. They have a rollback and remediation facility as well. If you've got a virus or some malware on a machine, it's going to detect it and it can actually just clean up that part of that malware. You don't have to do anything else. And if you have ransomware, for example, it will pick it up before it causes a problem. And if it didn't, you can actually roll back and get it to the previous good version. It integrates well with other products. We've got other cloud services that we use for security, and the intelligence is shared between SentinelOne and the CASB that we have. And with the threat-hunting, you can validate what it's telling you: Is it a real threat or is it just something that is suspicious? It can tell you everything that's running on an endpoint: What applications are running there and which of those applications are weak and that you have to watch out for. That's one of their free add-ons. You can do queries, you analyze, you can see who touched what and when. You can check the activities, settings, and policies. Another advantage is that you can break up consoles. You can have them all in the cloud, or you can have some available physically. You may want to keep certain logs local and not share them because of GDPR. You can do those kinds of things. It's very adaptable and malleable. If you have an agent on your machine, it will find out what things are neighbors to your machine. You can control machines at different levels. You can even control a device on your machine. If there is, for example, a USB device on your machine, I can control it and not let you use that USB device. I can actually get into your console and do stuff. The other strength of SentinelOne is that you get almost all these features out-of-the-box. They add many features as a default, you don't pay extra, unlike many other companies. There are services you do pay extra for. I mentioned that SentinelOne handles that first level SOC security analyst-type work. But if you need a deeper understanding, with research, they've got a service for that and it's one that we're using. I was convinced that our current team wasn't good enough, so we had to get that service. It's actually very cost-effective, even cheaper than other ways of getting that level of understanding. They are already reporting on application vulnerabilities in the landscape and working on providing remediation - another big win. Regarding the IoT feature, it's on the fence whether they're going to charge for it but that's an add-on module. However, it's not like you have to do anything to install it. You just have to click something in the solution. View full review »
Tony Tuite
Consultant at a tech services company with 51-200 employees
The fact that this runs using AI instead of heuristics provides the best protection I've seen. It has the ability to rollback a ransomware infection instantly and with minimal disruption to the user & provides robust reporting. I tested this by deliberately infecting an unpatched test machine with WanaCry. First of all, SentinalOne blocked the initial infection attempt. I had to put S1 into "notify only" mode on that system to actually infect the machine. Once infected, WanaCry did what it does... encrypted all the documents I had copied to the test machine and put up the background. We immediately got a notification on our dashboard that a system was infected. At the same time, we got a popup on the client machine notifying us of the infection, with the option to auto-repair the damage. It took less than a minute (granted, we only had about 200 MB of files on the test system) for S1 to repair the damage and put the machine back to normal with no evidence of the infection. You also can't remove the client from the local machine without approving it within the dashboard. This is a nice feature to prevent tampering by either hapless users or even skilled threat actors. View full review »
reviewer1261773
Engineer II, Enterprise Client Support at a media company with 10,001+ employees
We love the API. We use it to generate robust reporting, and we also developed tools to perform agent actions remotely without needing to provide all IT staff with console access. The agent will now also report the location in AD. This allows you to create dynamic collections of machines in the cloud console based on their location in local AD. You can replicate your AD OU structure into the console and run deployments and reporting based on OU. It's a very powerful feature and something that was missing in our last product. View full review »
Find out what your peers are saying about SentinelOne, Cylance, Carbon Black and others in Endpoint Protection (EPP) for Business. Updated: February 2020.
398,567 professionals have used our research since 2012.
Zed Burnett
Field Technician at Sonrise Technology Solutions
I have found the activity timeline and threat analysis to be particularly useful. View full review »
Lindsay Mieth
CISO with 1-10 employees
The forensics analysis feature provides substantial help in determining the extent of the problem and how it affects the machines. View full review »
Mgingpart67
Managing Partner at a tech services company with 11-50 employees
The most valuable feature of this solution is the user-friendly interface. Our customers ask for something that is easy to use, easy to manipulate and doesn't require too much intervention. This is where SentinelOne scored big against CrowdStrike and Carbon Black. This solution is easy to install. View full review »
Reviewer327
Security Analyst at a tech services company with 1,001-5,000 employees
It has good visibility features and it's straightforward. It's not so complex. View full review »
ITopsmngr67
IT Operations Manager at a retailer with 1,001-5,000 employees
All of the features are valuable. The way that it integrates into management with fault correction capabilities over is especially valuable. Any of the full gamut of the features that it provides are useful to us. View full review »
Zaul Hug
IT Manager at apex
We have a preference for their receptor. It's good at finding many EFC files. Normally, EFC files could have a virus, but we need to exclude some of them. View full review »
Massimiliano De Cò
Socio Fondatore e Proprietario at 2DC srl
The solution offers very rich details surrounding threats or attacks. View full review »
ITgov9887
IT Security Manager at a tech company with 1,001-5,000 employees
The machine learning module is the most valuable feature. View full review »
Find out what your peers are saying about SentinelOne, Cylance, Carbon Black and others in Endpoint Protection (EPP) for Business. Updated: February 2020.
398,567 professionals have used our research since 2012.