Singularity Cloud Security by SentinelOne Reviews

We have an environment in the cloud where we have a bunch of EC2 instances and S3 buckets. We have the SentinelOne agent installed on all of our EC2 instances, to monitor our environment, so we use it quite frequently.

We needed cloud-based endpoint protection that we could install to get a single pane of glass into our security environment. Specifically, we needed to see the version usage of the applications to ensure we didn't have any outdated applications.

It has definitely helped reduce our mean time to detect. It's much quicker than with our last platform. Singularity has also helped free up our staff to work on other projects. We don't usually come into the console unless we get an alert. In that sense, we have been working on many other projects in the last year. Now that everything is set up and running smoothly, we haven't had to spend as much time in the console as before.

And when I consider the solution's impact on overall productivity, features such as the reporting have helped. When we need to run a report on how many endpoints we have in our environment for regulatory requirements, we use the reporting feature of Singularity because we know it's installed on every endpoint, giving us full visibility. From a reporting standpoint, it has certainly helped us.

We really appreciate the Slack integration. When we have an incident, we get an instant notification. We also use Joe Sandbox, which Singularity can integrate with, so we can verify if a threat is legitimate. The third feature we use most often is the VirusTotal integration. That allows us to take the hash of a threat or virus and open it up in VirusTotal.

Also, it's amazing how quickly its real-time detection and response capabilities come through. There have been multiple times where either my coworker or I will be working on something—even in our elevated environment, and even just running a script. We wouldn't expect a pop-up, but it's good to know that it's checking for those anomalies, detecting them, and notifying us of them instantly. We love that feature.

In terms of the historical data record provided by Singularity after an attack, we like to use the Storyline feature for deep dives and threat hunting if needed. It has been very useful in our operations. We can see different event types on each endpoint, which comes in handy. Using the Storyline feature, we can dig in much quicker, connect the dots, and see what caused the alert. So it has quickened remediation.

And the SentinelOne Cloud engine detection types are useful when trying to determine whether a threat could be legitimate or a false positive.

One of our use cases was setting up a firewall for our endpoints, specifically for our remote users. We have a firewall on-premises that comes into play when someone is at our main campus. But we needed something more for our remote users. We were hoping to utilize SentinelOne's firewall capabilities, but there were limitations on how many URLs we could implement. Because of those limitations on the number of URLs, we weren't able to utilize that feature in the way we had hoped to.

I have been using SentinelOne Singularity Cloud for about two years.

Singularity has been very stable. It has never lagged or crashed that I've noticed. In my experience, there has been 100 percent uptime.

The interoperability with AWS has been very straightforward and streamlined, without any major bugs or issues that I've come across.

Its scalability is one of the main reasons we chose SentinelOne. Because it's hosted in the cloud, we can install as many agents as we're licensed for. We've never gone over that limit. As new servers and endpoints come online, it's easy to deploy. It's built into the image.

We do have a unique use case regarding scalability. We use a VDI environment in Azure, and it works. We haven't had any issues. But when we need to run updates on those machines, we have to rebuild the image. We can't have the agent built into the image because of our rebuild process. That makes it a manual process for us every month when we redeploy those desktops. We have it scripted out with a PowerShell script that helps, but it's a manual step for us. That's one area we're trying to address from a scalability standpoint.

As for auto-scaling, we're more of a static environment for most of our endpoints. The VDI is our only more fluid environment, since our VDI endpoints go up and down based on usage. Once the agent has been deployed to those images, the auto-scaling works flawlessly, and we haven't had any issues there.

We used ESET, but the decision to go with Singularity was made before my time with the company.

We have a couple different deployments: our end-user endpoints and our server fleet. I was involved with the server deployment. It was very straightforward, and we didn't run into any issues during that deployment.

The only maintenance involved is when we need to whitelist an application. For example, if a new user installs an application, we might get a false-positive pop-up. That's really the only maintenance we have to do.

We did it ourselves, and there were four people involved.

It's a fair price for what you get. We are happy with the price as it stands.

My advice is that if you want an easy-to-deploy solution where you can have a single pane of glass to get visibility into all of your endpoints and applications, and run reports on those application versions, Singularity makes it a very easy-to-use, straightforward, and streamlined process that has helped us over and over again.

If someone thinks they don't need Singularity because they already have a continuous security monitoring solution in place, using SentinelOne gives us an overarching view from the single console, giving us the entire picture of the timeline of events that happened. Going through the timeline and connecting those dots really helps when threat hunting. It helps to get the full picture instead of just a specific point in time, which is the way some of the legacy antivirus programs work.

The solution has an automated remediation feature, but we don't currently use it because we are a smaller team. We like to remediate manually. For the time being, we haven't had a reason to use the automation feature yet.

One area we're trying to innovate more in is the AWS Security Hub. Singularity, in their marketplace, has a couple of apps related to that. We're trying to build more automations within AWS Security Hub to get better overall visibility, not only of our EC2 endpoints but of our applications as well.

Our company relies on Cloud Native Security to fortify the security of our cloud accounts spanning various environments, such as AWS, AZURE and Google Cloud. Cloud Native Security provides timely alerts upon identifying vulnerabilities within our cloud infrastructure services, such as security groups and data encryption, empowering us to prioritize and address them promptly.

Cloud Native Security helps us discover vulnerabilities in a cloud environment like open ports that allow people to attack our environment. If someone unintentionally opens a port, we are exposed. Cloud Native Security alerts us so we can remediate the problem. We can also automate it so that Cloud Native Security will fix it. 

Since implementing Cloud Native Security, our security team has engaged in robust discussions on enhancing compliance with key regulatory standards such as SOC, ISO, and other pertinent IT infrastructure-related guidelines. As a result of these proactive measures, our security posture has seen a remarkable improvement, reflecting our commitment to maintaining a secure and compliant environment.

Cloud Native Security plays a major role in compliance. IT companies must maintain our company's security level to achieve ISO-based certifications. We are so proud of the changes we have made using Cloud Native Security. We've implemented many of the controls Cloud Native Security recommended, helping us maintain a high security standard. Fintech companies must maintain security best practices overall in our infrastructure. 

Cloud Native Security offers suggestions about best practices for security, and we've implemented them all. It's helpful for companies hosting their applications in the cloud configuration. This tool enables us to record unauthorized actors or security failures. Everything is reported in Cloud Native Security, allowing us to rectify mistakes and misconfigurations.

When security threats occur, Cloud Native Security immediately alerts us through various communication channels. It has several modules, including cloud misconfigurations, container security, Kubernetes, vulnerability management, infrastructure code scanning, and cloud detection and response. It also tells us when unauthorized API calls are occurring. Everything is recorded in Cloud Native Security, and it alerts us about what is happening in the account. The detection time for critical alerts is almost instant. We'll see it in under two minutes. 

The solution saves the company a lot of time. Responding to alerts can take up a lot of our team's bandwidth. But there is a feature of their remediate that helps the bandwidth of our engineering team to fix the issues when we used Cloud Native Security as a team member. They helped us fix the issues and saved a lot of bandwidth for our team.

My top preferences revolve around infrastructure-as-code scanning and Kubernetes security. With infrastructure-as-code scanning, we catch errors or inadvertent inclusion of sensitive data in our code prior to deploying infrastructure via Terraform. As we continue to leverage Terraform for infrastructure deployment, alongside embracing new technologies to stay aligned with industry advancements, these features play a pivotal role in maintaining our security standards and workflow efficiency.

Cloud Native Security helps us detect vulnerabilities when deploying infrastructure.  We use Cloud Native Security to monitor all our cloud infrastructure and accounts. It continuously scans whether or not we have the agent installed. It's something like a role. You can configure an IAM role that provides access to Cloud Native Security to scan. It enables seamless connectivity with any cloud environment.

The Offensive Security Engine has helped us to discover some breaches.
You can see across the cloud domain in Cloud Native Security. For example, the dot com map can cover multiple servers internally. Cloud Native Security flags all URLs exposed to the public and other vulnerabilities. When we get alerts from the Offensive Security Engine, it has some internal debugging tools the developers can use. 

The Kubernetes scanning on the Oracle Cloud needs to be improved. It's on the roadmap. AWS has this capability, but it's unavailable for Oracle Cloud. 

I have used Cloud Native Security for three years.

Cloud Native Security is highly stable. 

Cloud Native Security is scalable. 

I rate Cloud Native Security support nine out of ten. They solve issues within the agreed-upon period. They're impressive. 

Positive

We previously used the native AWS tools like Inspector. Cloud Native Security is impressive compared to those. 

It's easy to integrate Cloud Native Security and onboard all our cloud accounts. Before implementing, we tried to have all the security best practices in place. If you do that, it's easier to fix the vulnerabilities when Cloud Native Security detects them. Deployment took about five or six minutes. 

We opted for Business Plan at an affordable rate, providing excellent value for your investment. While I'm not entirely certain, I believe the monthly cost is around 180,000 rupees.

We looked at Trend Micro and some other options.

I rate Cloud Native Security nine out of ten. Use this tool if you want to keep your cloud applications secure.

We have deployed SentinelOne Singularity Cloud Workload Security to our servers and clients. 

Singularity's real-time detection and response capabilities so far have been great.

I like the way we have options in how we set up the automated remediation. We can set it up to automatically take action, or we can set it up to just flag or let us know that there is something that needs to be investigated. It has been really good in that regard. There are many, many options in how we can configure it, and I have liked that quite a lot.

Compared to my previous solution, I am more comfortable with SentinelOne Singularity Cloud Workload Security. I was always concerned that the previous solution was not catching everything. There were a lot of false positives, and there were several cases where it did not catch everything. Even when it did catch something, the logging and forensic details were very limited. SentinelOne Singularity Cloud Workload Security is the opposite of that. It gives us deep visibility into what is going on and what has happened. The mediation is great, and the logging is much more detailed. It has been a huge improvement over what I was using before. Singularity Cloud Workload Security has given me peace of mind.

To date, all threats detected were false positives or test threats. No actual threats have been encountered, but test threats were detected quickly.

One thing I particularly like about Singularity Cloud Workload Security is that it supports older legacy operating systems that we have been unable to eliminate. This is a valuable feature that other clients do not offer.

The visibility is the best part of the solution. To see exactly what's going on in all the clients, and processes that are running, I have got a few false positives, but those are relatively easy to investigate and remedy, and flag them as false positives.

We use Singularity Cloud Workload Security with Citrix and a non-persistent VDI. It took us a while to configure the software to work well in this type of environment, as the support documents were not always clear. We eventually got it sorted out with the help of support, and I give credit to SentinelOne for that.

I have been using SentinelOne Singularity Cloud Workload Security for ten months.

I have not experienced any stability issues, client issues, or rogue agents causing problems. I have also not had any crashes. Overall, it has been great.

We have a relatively small environment, with fewer than a hundred endpoints deployed. So, scalability is easy for us. I don't know how it would work with thousands or even tens of thousands of clients, but I haven't had any issues so far.

The technical support is helpful.

Positive

Our previous solution, Trend Micro Worry-Free, in comparison, is quite poor. It did not give me very good visibility into what was happening with my clients, on the network, or what processes were running. If something happened, I was very limited in my ability to figure out what happened. In other words, the forensic capabilities of my previous solution were lacking.

There is no way to compare the turnaround time of obtaining telemetry data between the two solutions because Trend Micro Worry-Free did not provide any telemetry data. We would receive an email about a possible virus, but when we logged into the system to view the logs, there would be nothing there. Or, it would tell us that there was a virus, but it would not tell us which client was infected until we logged into the console. It was lacking in so many areas.

During the deployment, we conducted a test case. One of SentinelOne's sales engineers assisted us in setting up the software, configuring everything, and setting up notifications. They walked us through the process of setting everything up to my liking and how they would recommend setting up the software. They were instrumental in helping us deploy the system, and all of their assistance was included in the price of the system. We did not have to pay any additional fees. I found their assistance to be very helpful.

Without SentinelOne's help, the initial setup would likely be very complex. There are many options for configuring the product, which can be both beneficial and detrimental. On the one hand, it is beneficial if we are familiar with the software and know how to best configure it. This flexibility is a great advantage. On the other hand, if we are coming from a different product and do not know SentinelOne's software, it would be very helpful to have their assistance in walking us through the setup process and recommending a configuration.

I was the only person from our organization involved in the deployment.

I wasn't sure what to expect from the pricing, but I was pleasantly surprised to find that it was a little less than I thought.

I also evaluated Carbon Black. I read a lot of reviews, both official and user-generated, to learn what people were saying about the product. What really drew me to SentinelOne was its legacy software support. This was a key factor for me, and it helped me eliminate some of the other options.

I would rate Singularity Cloud Workload Security eight out of ten.

The software itself is very good. Singularity Cloud Workload Security provides deep visibility and support. I have found the support team to be very responsive and helpful whenever I have engaged with them.

One of our requirements was that the solution was simple enough for me to maintain myself without spending a lot of time managing the software. There are software agent packages that become available, and I need to go in and approve them and push them out. There are occasional false positives, but overall, it's not a lot of work.

For straightforward clients on a PC or laptop, Singularity Cloud Workload Security works well. However, in edge-case scenarios like ours with Citrix and non-persistent VDI, we need to test it out to see if it works well enough in our environment. We had some initial problems getting it started, but we were able to resolve them. So, my advice is that if the scenario is straightforward, there should be no problems.

We use PingSafe to secure our IT infrastructure and fix vulnerabilities. For example, it tells us if our resources have been inappropriately made public. We provision our infrastructure on AWS and GitHub. PingSafe finds vulnerabilities across our entire network and secrets in our GitHub repositories. It also helps us manage our cloud configurations and security groups. 

PingSafe is integrated with Metabolic, Opsgenie, and Slack for notifications. It's also integrated with our security team. They are using a script to correlate the data from SysTrack. 

When I joined the organization, we didn't have this kind of security tool in our infrastructure. PingSafe helps us secure any resources that were mistakenly made public and other vulnerabilities. Initially, we were primarily focused on projects, not on the security side, but we were dealing with some system vulnerabilities that hackers could exploit, like publicly accessible resources. The detection is highly granular. It gives you small vulnerabilities and very new types. 

The PingSafe team will help you reduce false positives quickly. When we first used PingSafe, false positives were high, so we contacted the team. They did some testing and modifications, and the problem was solved in one or two days. 

The mean detection time has drastically reduced. The detection time varies depending on what we're scanning. When we're scanning GitHub, it takes 7 to 10 minutes. On the cloud platforms, it depends on resource availability. It takes 10 minutes on the high end, but the mean is about 1 or 2. Overall, it has been reduced by about 10 percent. 

The remediation time is up to us. PingSafe just detects it, but it gives us an assessment and recommendations, making it easier to resolve. When we fix a vulnerability for a particular resource, the issue will not occur again. 

PingSafe can integrate all your cloud accounts and resources you create in the AWS account, We have set it up to scan the AWS transfer services, EC2, security groups, and GitHub. Using PingSafe's evidence-based reporting, we can rank the severity of issues as critical, high, medium, etc. Having the ability to prioritize security issues is crucial for any organization. 

One good thing about PingSafe is that it gives you a consolidated view of compliance and vulnerabilities. We can follow PingSafe's guidance and comply with those use cases. When you get an alert, they explain how to resolve those issues. 

The user interface is excellent because we see everything in a single panel and can manage all the operations from one portal. It's integrated with Slack, so we can coordinate on the open tickets. We can also mute notifications. The interface is straightforward and easy to use. Anyone can use it.

The offensive security engine is a helpful feature in cases like when a developer leaves some API element exposed, and we can view the potential exploit path. It's helpful when we are deploying any AWS account or service because all our systems depend on AWS.  When the service is initially deployed, we can see what happens and get all the details about anything that depends on it. 

When you find a vulnerability and resolve it, the same issue will not occur again. I want PingSafe to block the same vulnerability from appearing again. I want something like a playbook where the steps that we take to resolve an issue are repeated when that issue happens again. 

We have used PingSafe for more than 2 years.

I rate PingSafe 9 out of 10 for stability. We've never had any glitches. 

We've had no issues with scalability. We've onboarded about 6 or 7. There is no digital investment. You can integrate multiple accounts from various providers. 

The support team was valuable during the initial stages. PingSafe contacted us every three weeks. They checked our infrastructure and reviewed all the issues that we were incorporating into the system. They took direct responsibility for the system and could solve queries quickly.

Previously, we were using the native tools of each cloud provider. For example, we used GuardDuty on the AWS.

Deploying PingSafe is straightforward. You can onboard new AWS accounts in five to 10 minutes, and it will start scanning very quickly. They give you a script to run on AWS. You can enroll your accounts based on the template, and it starts collecting data. We onboarded six or seven accounts. It hardly took any time. It's a SaaS solution so we don't need to maintain it. We only need to do the onboarding. 

I rate PingSafe 7 out of 10. PingSafe isn't a unique solution. Other solutions have the same features, but I like PingSafe because it's simpler to use. It doesn't require any maintenance and the scalability is good. However, I think other solutions can give the same level of detail and insight. 

We use it in different ways. The number one use case is related to vulnerabilities, which includes cloud misconfiguration, the Offensive Security Engine, and the management screen itself. That is our primary use case. Then comes the graphical representation of interfaces, and the third use case is the inventory that it allows, which is very nice.

By implementing this solution, we wanted to watch the security vulnerabilities in our organization. We wanted to watch them in the code that gets checked in. We wanted the latest and refreshed list of vulnerabilities in, for example, Log4j or any other software to be highlighted. PingSafe keeps updating its database and highlighting any issues.

We use agentless vulnerability scanning. It is cool. It operates on our cloud. All we need to do is authenticate and authorize our agents to read from our cloud infrastructure, which is cool.

PingSafe includes proof of exploitability in its evidence-based reporting. This is very important because it gives the entry point to the entire process.

We use PingSafe's Infrastructure as Code (IaC) scanning. All of our Terraform code and Git repositories are checked in, identified, and scanned. It helps us identify any issues way before production.

PingSafe has not reduced the number of false positives. We have very few false positives in our organization. We have a very specific structure.

PingSafe has reduced our mean time to detect. It has helped us a lot. It is quite quick, and that is why we put it in our sprint at every agile site. In terms of its effect on the mean time to remediate, we have not crossed the remediation phase. Remediation is okay. I would want it to go a little bit more specific on remediation, but I understand that it is just an engine that can scan.

We were able to realize the benefits of PingSafe in about a month.

PingSafe has not affected the collaboration among our cloud security, application developers, and app sec teams. The access to PingSafe is less. The number of roles that PingSafe provides is very low. I cannot segregate a particular account or a particular user. It is difficult for a lot of people to get. It is just the development, operations, and infrastructure teams that are currently working with it.

It is pretty simple. It is very straightforward. It is not complicated. For the information that it provides, it does a pretty good job.

Its reporting is bad. I export CSV. I cannot export graphs. Restricting it to the CSV format has its own disadvantages. These are all machine IP addresses and information. I cannot change it to the JSON format. The export functionality can be improved.

The graphical representation of different resources is super cool, but the problem is that you cannot do anything with it. For example, if you just take the subnets and VPN and put them in a diagram, it becomes so big. I pretty much cannot use it. There is no point. If I am drawing a graph or bringing up a graph, but I am not able to show it to a person, what is the use of that? It is pointless.

Its scalability can be improved.

In this organization, I have been using PingSafe for 6  months. Overall, I have about 4.5 years of experience.

I have not had any issues. I have been lucky enough to not notice any issues.

We have a parent organization, and then we have child accounts, but they have to be configured separately in PingSafe, which makes it difficult to add accounts. You have different pages, so a comparative study about account usage is not possible. I am not a fan of its scalability. Its scalability can be better. 

I have interacted with them a couple of times. They have been very helpful. Their speed is pretty good. They are faster than AWS support. They are quick. The support quality is good. I did not see any lack of quality. I do not have anything bad to say about them.

Positive

We have CloudFront, which is a security measure by AWS for a very specific purpose. I have used SonarQube. It is pretty decent. It is code-specific, whereas PingSafe falls under code and IaC. I have used the Trivy scanning mechanism. Semgrep is an open-source tool. GitLab has its own set of static code analysis and static infrastructure analysis tools. These are some of the tools that I have used before.

PingSafe is very specific to the cloud-native environment. It lets you plug in more than one cloud. My organization has a multi-cloud strategy. With PingSafe, we can have Google Cloud and AWS under the same umbrella, which is cool. It has its own unique place, and I like it.

It was very easy. The only problem was getting the RBAC roles. After we had the roles, it was straightforward. It was very simple.

We have a 47-cluster environment. It took about 1.5 hours. It is quick enough. It is as good as CloudFormation.

It does not require any maintenance from our side. Because it is fully managed on the cloud SA, we do not have to do anything.

It was implemented in-house. We have a development and operations team with 5 people.

Its pricing is constant. It has been constant over the previous year, so I am happy with it. However, price distribution can be better explained. That is the only area I am worried about. Otherwise, the pricing is very reasonable. As the cloud vendors change their pricing, PingSafe also has to change its pricing. I understand that. I am happy with it, but the split up can be better explained.

To those evaluating PingSafe, I would advise understanding PingSafe's licensing metrics. You should understand how PingSafe calculates. That is very important because it is not straightforward. You should understand that, and you can talk to the support people. They are very good. They clearly explain it. The person who is dealing with it should have a technical background. He cannot be a business analyst.

Make sure that you put in all the configurations on day one. You will find it difficult to compare if you keep building on top of it.

Overall, I would rate PingSafe a 7 out of 10.

We did a PoC, but we did not go ahead with PingSafe. It is currently on a test cluster. It is not in production.

We were looking for a CSPM tool to monitor all of our AWS resources. We also wanted it to give us an alert in the case of a vulnerability. If, for example, a zero-day vulnerability is there, it should scan all of our tools.

We used agentless vulnerability scanning. It helped us to see all the vulnerabilities without deploying any third-party component in our system.

We used PingSafe's Offensive Security Engine. It helped us to identify all the CVEs. We could see what kind of CVEs were there and what severity level they had, such as normal or critical. It helped visualize all the severities.

PingSafe changed our security posture a lot. In one dashboard, we were able to see all the information. We could see which resources are vulnerable and which ones have critical bugs. It helped us with that.

PingSafe did not reduce our mean time to detect and mean time to remediate.

PingSafe helped with collaboration, but in my organization, developers are not directly involved with PingSafe. There was mainly the infrastructure component where we deployed agents and based on our particular role or access, they were able to send all the data to the PingSafe server. We were able to see all the reports and all the details in the UI.

We liked the search bar in PingSafe. It is a global search. We were able to get some insights from there.

The reporting feature is good. It is able to generate reports.

Its UI is very good, and it is easy to adapt. Any new person will be able to navigate, and within a week, he or she will be able to understand PingSafe.

We wanted it to provide us with something like Claroty Hub in AWS for lateral movement. For example, if an EC2 instance or a virtual machine is compromised in a public subnet based on a particular vulnerability, such as Log4j, we want it to not be able to reach some of our databases. This kind of feature is not supported in PingSafe.

If there is any virtual machine running on your public subnet, it is accessible outside your network. It is accessible via the Internet. If it has any Log4j or remote accessibility vulnerability, the attacker would be able to access the machine. From the private machine, the attacker can do NS Lookup and reach our DBs. It creates a channel for vulnerabilities. Such a feature is not present in PingSafe.

It is stable. We have not had any issues.

It is scalable.

They were helpful. They helped us with the configuration. They were available through the Zoom call. Initially, they also provided us with a demo of all the features. They showed us all the features that we could use.

The speed of their support was good. I would rate their support a 9 out of 10.

Positive

We are using Orca. We did a PoC with PingSafe, and there were some cost benefits. 

PingSafe is a SaaS solution. I was involved in its initial deployment. It took around three months.

We used their support. Its implementation requires at least two people.

Its pricing was a little less than other providers.

I would advise doing a PoC with all the similar tools and then making a decision based on the capabilities, features, and price. 

Overall, I would rate PingSafe a 9 out of 10.

We use the product across all of our entities for EDR, threat detection, and response methods.

We wanted a solution for protection. We had a number of entities with various EDR solutions. We wanted to centralize under one EDR solution, and we wanted one that was efficient and easy to manage with a small team.

The biggest thing for us was getting to a single platform. A single pane of glass has been nice. The ability to segment various sites out. The R-Back involved is super helpful for us as we are a multi-company organization. In general, the time has been greatly reduced for incidents.

The ease of use of the platform is very nice. The console provides excellent visibility into events that occur and, in general, the wide range of tools that are built into the agent itself.

My impression of the product's real-time detection and response capabilities is good. It definitely is a little bit different. It takes a little bit more time to learn than some of the other solutions that we have worked with in the past. Once you do understand it and once you're capable of running through the GUI and you understand what the logs and various windows they're trying to tell you, it's fairly straightforward.

The solution's automated remediation is good. I like that you can segment it into four options. You can choose to kill it at any time in the kill chain, so you can choose to quarantine it, you can choose to remediate, you can choose to roll back, you can choose to let it run. Being able to choose how far along you want those events to get is pretty nice.

The historical data record provided by the solution after an attack is decent. It gives you a flowchart of the attack. All along the processes you get good visibility and see all that were detected. Definitely, from a post-incident analysis perspective, it's very strong.

The solution has helped reduce our organization's mean time to detect by 20% to 30%. Given that extra 20% to 30%, it frees us up to focus on other items. 

The solution's impact on our organization's productivity is good. It provides robust whitelisting capabilities and improves our productivity. 

Agent releases need to be more stable before being pushed out. 

Bugs need to be disclosed quickly.

The reporting, and the logging visibility, are not there. It's very, very crude and simple. It needs to be drastically expanded. 

They need to expand their third-party integrations with SIM tools, and sites need to be given the option to expire at the end of the contract as well.

They could expand their integration with Kubernetes. They are trying to build out their third-party integrations. It does work well on Windows and Mac. 

I've used the product for three and a half years. 

Agent stability and communication with the console and agents going offline can be an issue. It can be time-consuming to coordinate and fix. However, the cloud console is very resilient. It's mostly the agent releases where we might have issues. CrowdStrike agents seem a little more stable. 

We have about 3,000 users using the solution.

Scaling is no issue. 

Technical support is hit or miss. We have worked with some good agents and some less knowledgeable. 

Positive

We have used different solutions, including the fact that we still CrowdStrike at a couple of companies. We are now moving more fully towards SentinelOne.

The simplicity and ease of use were big and where SentinelOne stands out. It's a set-and-forget policy. Based on what we saw in testing, it was the best option. 

In terms of telemetry data, we were all over the board.

The initial setup was a little more complex when we first started. However, they've smoothed a lot of their implementation out and so it's gotten easier over time. It took us a couple of weeks to a month to deploy. About 20 were involved in the deployment. We have 30 to 40 companies around the world and it's across every company and every department. 

The solution does require maintenance. You need to have agents up to date and cases closed properly. It does require you to be invested. 

We have witnessed ROI. It's comprehensive in its detection capabilities and has saved us from multiple attacks. We've likely saved 30% based on prevented attacks. 

The solution is relatively cheaper and is willing to work with companies on pricing. 

We are customers.

For those who believe they already have a continuous monitoring solution in place, I'd advise that SentinelOne knows its own product. They can provide that extra confidence that nothing gets missed. And if you see a high number of alerts, they're able to really help you discern those and get down to the ones that matter most.

The solution doesn't affect our ability to innovate one way or another. It doesn't hold us back.

I'd recommend the solution and advise running a POC in your environment. It's good to run against CRowdStrike. They are seriously contending against CrowdStrike.

I'd rate the solution eight out of ten. 

PingSafe was being used for cybersecurity and governance. The company where I used to work wanted to secure sensitive information or prevent any data leaks. It provided good protection.

I used it on a daily basis. If any alert came up, or any best practice needed to be followed, I used to look into the alerts and work on the issue so that it did not affect our systems.

PingSafe includes proof of exploitability in its evidence-based reporting. It helps to secure sensitive information saved in the cloud. It provides alerts in the case of any vulnerability. I felt secure when I was using PingSafe.

The alerts had severity levels, such as low, medium, and high. I used to give priority to the ones with a high severity level and then I used to handle the ones with medium or low severity.

Before PingSafe, it was a bit difficult to know all the vulnerabilities. There were some services in AWS, but we had to configure them and check them on a daily basis for any alerts. PingSafe was more reliable. Our InfoSec team used to inform us about any vulnerabilities and then we used to resolve them. PingSafe was more beneficial for our organization for security purposes.

PingSafe improved our security posture. I would rate it a nine out of ten for that.

PingSafe improved our mean time to detect. Its dashboards were helpful, and there was continuous improvement.

It used to guide me about an alert. There is something called an alert guide. I used to click on the alert guide, and I could read everything. I could read about the alert and how to resolve it. I used to love that feature.

Its interface was pretty good. It was very easy to use.

It was also good for compliance, but I was not handling that part. I only used to view the alerts and solve the issues. The other aspects were handled by my seniors.

I used to work on AWS. At times, I would generate a normal bug in my system, and then I would check PingSafe. The alert used to come after about three and a half hours. It used to take that long to generate the alert about the vulnerability in my system. If a hacker attacks a system and PingSafe takes three to four hours to generate an alert, it will not be beneficial for the company. It would be helpful if we get the alert in five to ten minutes.

Another issue was that when there was a new alert, I did not get an email or notification on my personal email. I had to log in and refresh the screen to check if any new alerts came. It would be beneficial if an email or a notification could be sent to a personal email or mobile number.

We had a few false positives. For example, for Amazon EBS volumes, PingSafe sometimes used to give an alert saying that an EBS volume was created in the East US region, whereas no EBS volume was created. It was a false alert. We discussed these false alerts with the PingSafe team and gave them feedback. We muted those alerts, but such a thing should not happen. However, the number of false positives reduced over time. Initially, if we had 10 false positives, then later on, we had only one or two.

They can enhance the dashboard and make it more user-friendly. They can also provide more information in the alerts about remediation.

I used PingSafe for almost 1.5 years.

It is stable. I would rate it a 9 out of 10 for stability.

It is scalable. I would rate it a 9 out of 10 for scalability.

We had approximately 15 to 20 users in our organization. We had multiple departments, but all the applications were deployed only on AWS.

I never used their support in 1.5 years. A different team interacted with them.

I have only used PingSafe.

It was deployed on the cloud and on-premises. Its initial setup was not complex. It was easy to understand.

Its deployment took a few days.

2-3 people were involved in its deployment.

It saved resources. There were 20% to 30% savings.

It is cheap.

I would recommend PingSafe to others. Overall, I would rate PingSafe a 9 out of 10.