2018-09-09T05:40:00Z

What needs improvement with SentinelOne?


Please share with the community what you think needs improvement with SentinelOne.

What are its weaknesses? What would you like to see changed in a future version?

Guest
1111 Answers

author avatar
Top 5Real User

The area where it could be improved is reporting. They have some online reporting, but it would be nice to be able to pick and choose. When I'm looking at the console, I would love to be able to pull certain things into a report, the things that are specific to me. They're very responsive. They regularly ask customers to provide feedback. They've been working on their reporting since the last feedback meetings. It's not only me but other customers as well who would like to see improvements in the reporting. File Integrity Monitoring is not a gap, but to do it you have to type several times. It's not the few-click intuitive situation. It would be nice to have some data leakage included. Also, when it comes to data leakage, while you can get out everything that a person does on a machine, there needs to be a proper way of doing so, like other products that are just focused on data leakage. I can't wait to see their advances in the cloud infrastructure (containers and serverless). It would be nice (and is critical) to allow administrators to notate when they make changes to the console configurations - perhaps a tag for reporting. I might, for example, whitelist an application. If I did that today and I leave the company at some point, someone might wonder why I did this. There should be a place to easily notate everything.

2020-01-29T11:22:00Z
author avatar
Top 5Real User

The agent update schedule is a little sporadic, and the updates are frequent. You are definitely going to want to have a good management solution in place, such as SCCM, Intune, or Jamf in order to maintain the environment properly. There is agent data, such as last known IP address, that is not stored historically. It would be nice if the console stored data daily, so that you could look at a timeline of events on a machine over a period of time, and currently this is not possible. You can see a snapshot of the data at the moment, but once it changes whatever was there previously is not stored.

2020-01-07T15:40:00Z
author avatar
Top 5LeaderboardReseller

Set up is very labor-intensive. You have to provide multiple codes from multiple places within the S1 dashboard in order to use the provided automation, and it's different for each client (or "sites" as they call it). It very much feels like an enterprise application that has been adapted for SMBs, but not very thoroughly. It would be better if they had a "site package" similar to the one offered by SolarWinds for the RMM. You just run the package on the client machine and done.

2019-10-01T16:36:00Z
author avatar
Top 20Real User

The price is a bit high. They should make their pricing model more affordable. The solution needs better reporting on new threats and malware. The reporting is present, but I can't find the information easily.

2019-09-26T04:11:00Z
author avatar
Real User

It corrects all of the EFC files with a virus. All the achievements, maximum EFC files. Many EFC files will be flagged as a virus. Some virus databases need to be updated. The model is good at finding many EFC files. The trouble is it needs to be updated. From the client-side, some scanning and other features can be enabled for scanning viruses better. If they want to scan for an individual reason other than viruses, such as scanning for legal files, they haven't been able to gather that from the client-side. Some features could be more user-friendly. For instance, setting restrictions in the explorer for what level one must be to use it is not user-friendly. It is difficult to find what we're searching for.

2019-09-25T05:10:00Z
author avatar
Real User

This solution would be more attractive to customers if the price were lower.

2019-09-11T10:12:00Z
author avatar
Real User

In terms of improvement, I would like to see better alerting to let us know if there is anything wrong with SentinelOne working on the endpoint of the computer.

2019-08-20T05:12:00Z
author avatar
Reseller

The automation of certain features could use improvement. For example, it seems common sense to me that if a threat was executed out of a task in your task scheduler that part of neutralizing the threat would be removing that task from the scheduler. I would like to see something a little more sophisticated than simply being able to mark a false positive as safe or there's usually just one or two options in certain areas and they're a little rudimentary at this stage.

2019-03-26T08:09:00Z
author avatar
Real User

The reporting needs improvement and I would like to see a more granular level of administrative privileges.

2019-02-26T08:25:00Z
author avatar
Top 10User

The SentinelOne is one of my daily consoles and I use it regularly to identify the root cause of some infections. However, when a file is flagged as suspicious it would be very helpful to have the system highlight precisely what event or characteristic of the file SentinelOne considers potentially dangerous. In this way it would help focus our investigations on the specific characteristics or actions of the file.

2019-02-01T14:36:00Z
author avatar
Vendor

There is not much flexibility in terms of policy fine-tuning. We can turn it off or turn it on, but there's nothing much else to do. Everything is predefined. It's good in a way, but you don't get much flexibility if you want to do something particular.

2018-09-09T05:40:00Z
Learn what your peers think about SentinelOne. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
441,850 professionals have used our research since 2012.