We just raised a $30M Series A: Read our story
2018-09-09T05:40:00Z

What advice do you have for others considering SentinelOne?

75

If you were talking to someone whose organization is considering SentinelOne, what would you say?

How would you rate it and why? Any other tips or advice?

ITCS user
Guest
2828 Answers

author avatar
Top 5LeaderboardReal User

Contact me on cybersec[at]global[dot]co[dot]za

2021-08-04T11:08:00Z
author avatar
Top 10Real User

It is a very good tool that is easy to deploy and manage. The administration over it is little to none. However, depending on the environment and whoever is trying to deploy the agents, they should test it with the vendor environment before they go and deploy it to production. The reason why is because SentinelOne has the ability to be tuned for optimization. So, it is better to understand what these optimizations would be before deploying them to production. That way, they will be more effective, and it will be easier to get buy-in from the DevOps team and the infrastructure team managing the servers, thus simplifying the process all around. Making the agents and configurations optimized for specific environments is key. The Storyline feature has affected our SOC productivity. Though, we have yet to fully use the Storyline feature in a SOC. We are using it on a case-by-case basis. However, as we continue to deploy agents throughout our infrastructure and train our SOC to use the tool more effectively, that is when we will start using the Storyline feature a bit more. Currently, this is on our roadmap. I am very familiar with the Ranger functionality, but we haven't implemented it yet for our environment. Ranger does not require any new agents nor hardware. That is a good feature and functionality, which is helpful. It can also create live, global asset inventories, which will be helpful for us. Unfortunately, we have not yet had an opportunity to roll that out and capture enough information from our infrastructure to be able to maximize the effectiveness of that functionality. We are still trying to get SentinelOne core services fully deployed in our environment. Now that we have SentinelOne, we cannot go without it. Compared to other solutions in the market, I would rate it as 10 out of 10.

2021-04-13T13:19:00Z
author avatar
Top 20Real User

My advice is check out SentinelOne. See how the system works in a real-time attack. Only when you see how it works in real life, in real time, will you understand the ROI of the system. Simulate an attack, simulate a file, simulate that file changing something, and see how it works. I can say to my manager, "I have McAfee installed on my system, I'm safe," and they'll check the checkbox and move on, without understanding what they are doing. I need to sleep well at home and I can do so by knowing I have a system that has my back. That is what SentinelOne is.

2021-02-10T02:06:00Z
author avatar
Top 20Real User

My advice for anybody who is implementing this product is to fully understand all of the elements that it provides and to be aware of all of the features. For myself, I think it's important to have a deeper and better understanding of all of the functionality that the product offers. At the moment, we have a lot of trust in SentinelOne. If it continues to stop future threats then I will continue to rate it highly, or even perfect. At this time, I wouldn't say it's perfect because I can't say that I haven't been compromised because of it. I would rate this solution a nine out of ten.

2020-12-31T07:26:00Z
author avatar
Top 20Real User

Give SentinelOne a chance. Traditionally, a lot of companies look at the big brand vendors and SentinelOne is making quite a good name for itself. I have actually recommended them to several other companies where I have contacts. Several of those have picked up the solution to have a look at it. You need to know your environment and make sure it is clean and controlled. If it's clean and you have control, then you will have no problems with this product. If your environment isn't hygienic, then you will run into issues. We have had some issues, but that's nothing to do with the product. We have never been really good at securing what is installed on the endpoint, so we get a lot of false positives. Give it a chance, as it's a good platform. I would give the platform and company, with the support, a strong eight or nine out of 10.

2020-12-02T06:24:00Z
author avatar
Top 10Real User

The biggest lesson I have learned is that SentinelOne is an antivirus product which gives you, on the one hand, all information you could dream of if you need to analyze software or malware, especially, on the machine. On the other hand, it's simple and fast and easy to use, and that's something I really appreciate. We have been playing around with the solution's ActiveEDR technology, to get an idea of what is possible. We have not gotten so far that we use it for building KPIs and the like. But we have noticed it and it seems it could be a big game-changer for us, but I can't really provide much information on that topic. While I really use Storyline right now, I'm the only one who does so in our company. I'm not sure if we will use it in our company on a large scale. That's the other side of this product. We don't have many people who are able to work with the information you get out of the module from SentinelOne. We don't use the rollback feature, we just use quarantine right now. We haven't had any outbreak of cryptoware encrypting files. So as of now, we haven't needed it. That might change in the future. I would rate SentinelOne a 10 out of 10, and I don't give 10s easily. I really love how simple and effective the product is. I really love the visibility it gives me into the endpoint. I really love that they open their product to the customer to enhance it with custom-made software, giving you the APIs to program it. Those are all things competitors don't have. I really feel like the software has made my life easier. As I said before, my workload for malware analysis dropped by 50 percent. That's why I'm really thankful and really appreciate the product. I would say to everyone, at least give it a try. For our company, it really fits.

2020-12-01T05:04:00Z
author avatar
Top 20Real User

We have a partially view of the Storyline technology because we don't have the full license of SentinelOne. The Storyline technology's ability to auto-correlate attack events and map them to MITRE ATT&CK tactics and techniques is very clear and nicely presented. They make it very clear on what phase it is in the attack. If it's a lateral movement, they make it very easy. I'm very happy with that. I would rate this solution as a 10 out of 10.

2020-11-05T06:53:00Z
author avatar
Top 10Real User

Do your homework. I would encourage everybody, if you have the capabilities, to do what I did and test it against everything out there. If you don't have those capabilities and you want to save yourself a lot of time, just go straight to SentinelOne. I cannot imagine any organization regretting that decision. With the news stories you read about, such as hospitals under attack from malware and crypto viruses—with all the bad actors that exist, especially since the pandemic took over—if you want to protect your environment and sleep soundly at night, and if you're in the security industry, I highly encourage you to deploy SentinelOne and just watch what it's capable of. I don't use the Storyline technology that much simply because I'm really turning this into a more automated process for my organization. An example of where we may use Storyline is when we download an encrypted malicious file. Let's say that email was sent to 500 people. If it gets through our email gateway, which is unlikely, I can not only identify those users quickly, but I can also use the Storyline to determine where it came from, how it got there, and what it was doing along the way. And while it killed it, it will tell me what processes were there. It helps us create and identify things like the hash, which we then summarily blacklist. Overall, Storyline is better for identifying what had happened along the way, but after the fact. For me, the fact that it has actually taken care of it without me having to go hunt it down all the time is the real benefit. The only thing we don't take advantage of is their management service. We do have a TAM, but we don't have Vigilance. For top-down administration, there's only about six of us who work with the solution. For country level administration, we have one or two in every country in those 83 countries. We run a myriad of different front office and back office environments. SentinelOne had to learn different environments in different countries. It had to understand the business processes that are surrounding those. We did a substantial amount of tuning along the way, during the deployment. And then, of course, there are agent updates and there are considerations when you get a new EA version and are creating test groups. But, as an organization, we have reduced our total cost of ownership for our EPP platform, we have improved our visibility a hundred-fold, and we have maintained our data integrity. It really is the one end-all and be-all solution that we needed. It's a home run. I've been doing this a long time and I've done this in over 48 countries around the world. Given what we do with this product and the visibility it has given us and the protection it has given us, I feel very comfortable with my security right now.

2020-11-01T09:42:00Z
author avatar
Top 20Real User

We have a SOC managing our environment. They are very happy with features that SentinelOne provides. We will be upgrading to complete version next year, including Deep Visibility. This includes 2,000 endpoints for the USA and India. However, we currently haven't enabled this feature. We have never needed the solution’s one-click, automatic remediation and rollback for restoring an endpoint, but the feature is very powerful. Biggest lesson learnt from using SentinelOne: Never trust anyone. I would rate this solution as a 10 out of 10.

2020-11-01T09:42:00Z
author avatar
Top 20Real User

I could not recommend SentinelOne highly enough. The one thing about this product is something I very seldom say when it comes to almost anything in life, sadly, is that I trust it. I trust this program to be well taken care of on the backend. I trust this program to do its job on the frontend. I trust the endpoint and network security of our university to this product. I have no doubt that we're in good hands. It has proven itself with ransomware, proven itself with Qbot infections, proven itself with a multitude of end-users. We had a pen tester on campus that was actively trying to hack things, doing penetration testing, and SentinelOne stops him every time. Every time he got to the machine with SentinelOne on, it stopped him dead in his tracks. The pen tester said, "Your endpoint solution here is fantastic". This is a trained white-hat hacker trying to break through and he couldn't do it. We gave him a foothold, an account, and all kinds of stuff. We opened the door for him to see how far he could get. He was able to get in on machines that did not have this level of protection. He was able to get to devices, create administrative users, elevate privileges. You name it, he can do it. Once he got to a machine with SentinelOne on it, it stopped him. They didn't tell me we were pen-testing. Suddenly I was seeing lateral movement and all kinds of things on the network and I ran this guy down just to find out we hired him to go do this. I thought we had a hacker on-premises. I would recommend that anybody who uses this product also interacts with other people who have it. Another university was the first university that had it near us and then we got it. They were a big help to us, as far as answering questions about the deployment. They told us about a couple of little headaches to watch out for. It had nothing to do with SentinelOne, but how Microsoft servers operate. So we were able to save ourselves a lot of time by interfacing with the network of users of this particular program. What I've learned with a product of this caliber is how efficient one person can be. I don't think you're going to find many places where you have primarily one person safeguarding the endpoint solution of an entire university. The good news is that because everything is the way it's set up, the way it's configured, and the machine intelligence that I've added over the last three years, if I'm not here and someone else steps in front of it, it can run itself in many ways. I've learned that if you find the right product, you can become incredibly efficient. I'd give SentinelOne a ten out of ten. I'd give it higher than that if I could. I've actually done calls where they've called me and had me speak to the salesman, we had a really good working relationship. He had me call and speak to people who he's actually trying to sell the product to. I think I've sold half a dozen of these things for him, but I can't recommend it enough. I believe in SentinelOne wholeheartedly.

2020-10-29T10:12:00Z
author avatar
Top 20Real User

At the moment, we are very pleased with the solution. We saw the Storyline technology briefly. However, the Storyline is only when you have actual attacks, and they are not caught in the beginning. Most of our attacks were caught just by static recognition of the files, so there was no story because the file was not allowed to activate. In the beginning, we did some fake file checks in an enclosed surrounding and in a CM setup, which is how I saw the Storyline facilities, but we don't use it. I would rate this solution as a nine (out of 10).

2020-10-27T06:41:00Z
author avatar
Top 10Real User

My advice is start working with it. You're going to love it. The biggest lesson I've learned from using SentinelOne is that security tools can be different. SentinelOne has taught me that you can do security in different ways. If it sounds expensive, I would not always say that it is expensive. We are a very small business. We don't have somebody who specializes in security. Our IT is just three people who do everything. That makes it difficult to say we are going to focus on SentinelOne and try to use it completely. We put it into use for malware security and that's it. We only have a WatchGuard firewall on the front-end and that's it in terms of security on SentinelOne. They are improving the management tools. They are getting better. The portal is functioning with more logic. Those are good improvements. It's user-friendly enough. People with low IT knowledge can work with it. It's a very good program. It does what it says it does, and I'm very glad that I have it.

2020-10-20T04:19:00Z
author avatar
Top 10Real User

Go for it. It's an absolutely brilliant product. But understand what it is before starting to deploy. Unless you understand the product, you will not know how to use it to the best of its best capabilities. The solution's Behavioral AI works with and without a network connection, providing the internal protection. But having that network connection is important because it will then be able to report it to the central dashboard. While it will do what it has to do locally, it's helpful when the agent reports back to the central dashboard so that the IT Admin can take action. It is important that the systems remain connected to the internet. But overall, the Behavioral AI is amazing. It's something very new in the market. The way SentinelOne works and the way it is set up, I haven't been more impressed by any other product. It is a step forward in security. We have 400 to 500 endpoints using SentinelOne at the moment, and all those customers are happy. We are happy that they're using it, because it helps us secure their network better than what they had before. We have it on laptops which have been given to home users, on computers in offices, on servers in computer rooms. They all have SentinelOne and we are happy with the level of protection that it offers. Moving forward, with every customer whose antivirus is coming up for renewal in our portfolio, we are recommending getting rid of Symantec and other products and taking on SentinelOne. It's very effective and it's improving by the day. In the last two-and-a half years I have seen that the way it detects and the way it mitigates threats are constantly improving. It's a very effective solution.

2020-10-07T07:04:00Z
author avatar
Top 20Real User

My advice is to start with a few endpoints and become comfortable with SentinelOne, and test the exclusion rules for endpoints running specific software. At present, it looks like the most advanced EDR solution on the market, but I think we have to stay tuned to the market and to what's happening in cybercrime, as 100 percent security doesn't exist.

2020-10-07T07:04:00Z
author avatar
Top 20Real User

We can see the difference between traditional antivirus and what we can do with SentinelOne. Even if the price is a little bit more, we can see what we can do with it. We can use EDR, stop network activity, do whatever we need on the endpoint, from the security engineer side. We can see that it's at a completely different level. We have a traditional antivirus but we're going to rid of them at the end of the licensing period. My advice would be to go with the Cloud version, not on-prem. I would rate SentinelOne a ten out of ten. It's a ten out of ten in terms of the EDR. It's also a 10 of 10 for the product and company. The solution does a lot.

2020-10-06T06:57:00Z
author avatar
Top 5LeaderboardReal User

With solutions like these it's important to keep in mind that any automated system can give false positives, especially when they first encounter your software. Be patient, work with the SOC and the technical support team. If your work is implementation, then do whole sites at one time. It's best to do it in sections, let it sit for a couple of weeks and then do the rest. I would rate this solution a ten out of 10.

2020-07-05T09:38:06Z
author avatar
Top 5Reseller

Overall, this is a good product and I recommend it. That said, there are always ways to make things better. I would rate this solution a nine out of ten.

2020-06-28T08:51:00Z
author avatar
Top 20Real User

Have a look at it. Compare it. It's a very good product to have. It gives you a lot more insight. It has combined many products into one agent and it's expanding. There are a lot of things it can do now on the cloud, like containers. It gives you insight into a lot of the threats with the hunting ability. I have learned from the tool to see how our environment is. I've learned about certain behaviors of our applications, just by observing what pops up. There is a console that is in the cloud and there are agents that are all over. You put these agents on Macs or Windows or Linux, or on whatever the cloud versions are of all these virtual devices. We are spread out across the globe. We've got nearly 50,000 endpoints in different parts of the world. We generally stay as close to the latest version of the agent as possible, but we go through change-control and it is very strict. We don't just put things on endpoints. We validate and test in our environment because we have nearly every type of operating system and variations of them in our environment. Therefore, sometimes we are something like .1 or .2 of a version behind. In terms of the console, we are at the latest version. As a company, we use all variations of clouds, from Ali Cloud, which is China to Azure; we're predominantly Azure. We have AWS and GCP. SentinelOne manages that console and we have access to it. We own that part, our console. It's on AWS, I believe. Overall, is there room for improvement? Absolutely. There are gaps in the reporting because we need to give reports to different levels. Ideally, we want to just drag and drop things to create reports. They have very nice reports but they're canned. We want to be able to choose what goes into a report. Otherwise, it's right up there and I would give it a nine out of 10.

2020-01-29T11:22:00Z
author avatar
Top 20Real User

Be ready to dedicate a good amount of time to learn the API. To really get the most from the product you need to tap the REST API.

2020-01-07T15:40:00Z
author avatar
Top 5LeaderboardReseller

Definitely worth the money compared to heuristic solutions, especially for clients who tend to "stretch" their hardware as long as possible. The low impact and robust reporting go a long way to make this an easy sell, and the cost is excellent for the price point.

2019-10-01T16:36:00Z
author avatar
Real User

We are using the public cloud deployment model. I would rate the solution nine out of ten.

2019-09-26T04:11:00Z
author avatar
Real User

It's okay. It's a better solution than other competitors. I would rate this solution as nine out of ten.

2019-09-25T05:10:00Z
author avatar
Real User

I have done POCs with this solution for two customers and there has been no negative feedback. My advice for anybody considering this product is to do a POC and check to ensure it fits their environment. In some areas, this may be the best product to use, but in another environment, another product or another solution would be a better fit. It's always a matter of doing the POC and trying to get the most out of the product, depending on the environment. I would rate this solution an eight out of ten.

2019-09-11T10:12:00Z
author avatar
Real User

I strongly recommend this solution. I would recommend that you get onto a next-generation endpoint security device like this one. It's much better protection for corporate environments particularly with a lot of cloud integration and platforms like Office 365. If you're going to start using those sort of services, then you really need a next-generation endpoint protection device like SentinelOne. I would rate it an eight out of ten.

2019-08-20T05:12:00Z
author avatar
Reseller

I would advise someone considering this solution to make sure that you leverage the features. It's particularly very useful in sites such as the threat timeline where it gives you a breakdown of the files and network connections. Call the SOC, the Security Operations Center, with questions. They're always proactive and very helpful but do not rely on the automation to do everything for you. I had an instance where just glancing at the activity timeline, it was very obvious to me there was something traversing the customer's network. There was an infection that was at least partially taking hold and it was worming its way through their network and I would think that the Security Operations Center should see. If they're seeing multiple infections at the same site they should have the same inference happen and call us and notify us and do something about it. That required manual intervention and it would've been nice to get an earlier notice on it without manual review of activity by myself. I would rate SentinelOne an eight out of ten.

2019-03-26T08:09:00Z
author avatar
Real User

I would rate this solution a seven out of ten. We don't have a plan to increase the usage, it is purely based on our business requirements. This product is nothing but different from a traditional anti-virus. We were very apprehensive to try it. Once we tried it, it gave us a good impression.

2019-02-26T08:25:00Z
author avatar
Top 5Real User

If you have the budget, this is a top-notch solution. We have used the solution for over a year now, and we plan to continue using the solution for our most critical users (those with access to sensitive or confidential data). Truly an excellent solution.

2019-02-01T14:36:00Z
author avatar
Vendor

I just had a conversation with a colleague who has bought McAfee ePO. He was saying that he was able to do much more in that tool than in SentinelOne. For example, he mentioned that he was able to see traffic on a particular port on a particular system, using ePO. We cannot do that using SentinelOne. In this tool, everything is already in place and there's not much that we can do.

2018-09-09T05:40:00Z
Learn what your peers think about SentinelOne. Get advice and tips from experienced pros sharing their opinions. Updated: September 2021.
542,608 professionals have used our research since 2012.