We just raised a $30M Series A: Read our story
2018-09-09T05:40:00Z

What do you like most about SentinelOne?

63

Hi Everyone,

What do you like most about SentinelOne?

Thanks for sharing your thoughts with the community!

ITCS user
Guest
3131 Answers

author avatar
Top 20Real User

The ability to:


1. Tune to the agents to prevent application performance without impacting the effectiveness of the engines and protection of the endpoints.


2. Ability to "hunt" and/or search for specific suspicious/malicious activities on an end-point or across all end-points.


3. Very low false positives.


4. Fanatic Managed SOC services (Vigilance). The team escalates 100% true positives only. 

2021-08-09T17:27:12Z
author avatar
Top 5LeaderboardReal User

Simple - It's never been breached!

2021-08-04T09:32:45Z
author avatar
Top 5LeaderboardReal User

Never had the experience of testing or working with SentinelOne but from what I've heard from others it is pretty slick on rolling back infected PCs.

2021-08-10T12:41:47Z
author avatar
Top 5LeaderboardReal User

Two things. 1. if the machine gets ransome ware it automatically gets taken off the network. 2. The ability to rollback an infected machine. Done it once and it works. Hope to never need to do it again.

2021-08-06T12:13:09Z
author avatar
Top 5LeaderboardReal User

Our clients have been able to survive a ransomware attack without even knowing that they had had files encrypted and automatically rolled back - even their Point of Sale (POS) system did not miss a beat and the business continued as normal without interruption.

2021-08-04T11:08:00Z
author avatar
Top 20Real User

The Storyline feature has significantly affected our incident response time. Originally, what would take us hours, now it takes us several minutes.

2021-04-13T13:19:00Z
author avatar
Top 20Real User

When there is an incident, the solution's Storyline feature gives you a timeline, the whole story, what it began with, what it opened, et cetera. You have the whole picture in one minute. You don't need someone to analyze the system, to go into the logs. You get the entire picture in the dashboard. The Storyline feature has made our response time very fast because we don't need to rely on outside help.

2021-02-10T02:06:00Z
author avatar
Top 20Real User

In terms of the engines that SentinelOne uses, it has stopped various scripts from running and it's highlighted lateral movement that we weren't expecting.

2020-12-31T07:26:00Z
author avatar
Top 20Real User

The Deep Visibility feature is the most useful part of the EDR platform. It gives us good insights into what is actually happening on the endpoints, e.g., when we have malicious or suspicious activity. We came from a legacy type AV previously, so we didn't have that level of visibility or understanding. For simplifying threat-hunting, it is extremely useful, where traditional techniques in threat hunting are quite laborious. We can put in indicators of compromise and it will sweep the environment for them, then they would give us a breakdown of what assets have been seen and where they have been seen, which is more of a forensics overview.

2020-12-02T06:24:00Z
author avatar
Top 20Real User

For me, the most valuable feature is the Deep Visibility. It gives you the ability to search all actions that were taken on a specific machine, like writing register keys, executing software, opening, reading, and writing files. All that stuff is available from the SentinelOne console. I'm able to see which software is permanent on a machine, and how that happened, whether by registry keys or writing it to a special folder on the machine.

2020-12-01T05:04:00Z
author avatar
Top 20Real User

It is easy to manage and install. It has a very nice graphical interface that is very intuitive when end users are using it. You don't have to follow or read a book about 600 pages to have knowledge on how to use it. When SentinelOne is up and running, you can easily find your way.

2020-11-05T06:53:00Z
author avatar
Top 20Real User

SentinelOne also provides equal protection across Windows, Linux, and macOS. I have all of them and every flavor of them you could possibly imagine. They've done a great job because I still have a lot of legacy infrastructure to support. It can support legacy environments as well as newer environments, including all the latest OS's... There are cost savings not only on licensing but because I don't have to have different people managing different consoles.

2020-11-01T09:42:00Z
author avatar
Real User

The solution is powerful because we just have to update the agent by using the console, which is simple to do. I just select the endpoints and click "Update" on the console. That is it, because it is very easy to use.

2020-11-01T09:42:00Z
author avatar
Top 20Real User

The best thing SentinelOne has done for us is that it gives us insight into the endpoints. We never had insight into lateral movement threats before. Once a threat known as Qbot gets on the network, it actually spreads throughout sub-networks quickly. SentinelOne has detected that and saved our bacon. We were able to get in there and stop the threat, lock it down, and prevent it from actually spreading through. It would have been 50 or 60 computers. It had spread through in a few minutes. We have a lot of HIPAA data and FERPA data that we need to keep protected.

2020-10-29T10:12:00Z
author avatar
Top 20Real User

It delivers the type of security which we were hoping for, since we have a lot of different endpoint users utilizing different types of software. We have people who only use Office software, like email, Word, and PDFs. Then, we have people who use some applications that other people wrote. We also write applications in-house using people who develop software. Therefore, we have some machines using very high-end developer software for mechanical development, electronic development, and software development. Those users are used to managing their PC on their own. The centralize platform allows us to differentiate between those three groups of people. We have overall control and can oversee the security levels at all the endpoints. They have not yet been blocked in any way when performing the functions

2020-10-27T06:41:00Z
author avatar
Top 20Real User

The best part of the agent is that users can't remove or disable it, so endpoints will be safe. I can control it from the portal. I can see when it's updated and I can push updates from the portal. The greatness of SentinelOne is that our end-users don't see anything to do with the agents. Some of them don't even know it's on their laptops. And that's a good thing.

2020-10-20T04:19:00Z
author avatar
Real User

One of the features that convinced us to adopt SentinelOne was that the solution can recognize and respond to attacks with or without a network connection. That is very important.

2020-10-07T07:04:00Z
author avatar
Top 20Real User

It has a one-click button that we can use to reverse all those dodgy changes made by the virus program and bring the system quickly back to what it was. That's one of the most important features.

2020-10-07T07:04:00Z
author avatar
Top 20Real User

Previously, we had some processes related to incident response which required more steps. We needed to upload to VirusTotal, Sandbox, et cetera. Now, this process is shortened because all of the information we need is already in SentinelOne. We can briefly analyze and even respond from one management console. If someone has SOC, using the API, they can control everything. It's very cool. I think this is the future.

2020-10-06T06:57:00Z
author avatar
Top 5LeaderboardReal User

Prevents ransomware getting through.

2020-07-05T09:38:06Z
author avatar
Top 5Reseller

The most valuable feature is that it just unintrusively works in the background to carry out the protection.

2020-06-28T08:51:00Z
author avatar
Top 20Real User

The strength of SentinelOne is that it has an automated, active EDR. It does that first level of what a SOC analyst would do, automatically, using artificial intelligence, so we can focus on other things. Active EDR not only notifies you, but it actually fixes that first level. That is unheard of. Very few, if any, companies do that.

2020-01-29T11:22:00Z
author avatar
Top 20Real User

We love the API. We use it to generate robust reporting, and we also developed tools to perform agent actions remotely without needing to provide all IT staff with console access.

2020-01-07T15:40:00Z
author avatar
Top 5LeaderboardReseller

It has the ability to rollback a ransomware infection instantly and with minimal disruption to the user & provides robust reporting.

2019-10-01T16:36:00Z
author avatar
Real User

The solution offers very rich details surrounding threats or attacks.

2019-09-26T04:11:00Z
author avatar
Real User

We have a preference for their receptor. It's good at finding many EFC files. EFC files could have a virus.

2019-09-25T05:10:00Z
author avatar
Real User

The most valuable feature of this solution is the user-friendly interface.

2019-09-11T10:12:00Z
author avatar
Real User

All of the features are valuable. The way that it integrates into management with fault correction capabilities over is especially valuable. Any of the full gamut of the features that it provides are useful to us.

2019-08-20T05:12:00Z
author avatar
Reseller

I have found the activity timeline and threat analysis to be particularly useful.

2019-03-26T08:09:00Z
author avatar
Real User

In the past, we were not able to identify a few viruses, but now we are able to identify them because of the machine learning feature.

2019-02-26T08:25:00Z
author avatar
Vendor

It has good visibility features and it's straightforward.

2018-09-09T05:40:00Z
Learn what your peers think about SentinelOne. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,823 professionals have used our research since 2012.