We changed our name from IT Central Station: Here's why
CIO at a manufacturing company with 1,001-5,000 employees
Real User
For the first time we have global knowledge of what's happening in all of our subsidiaries
Pros and Cons
  • "One of the features that convinced us to adopt SentinelOne was that the solution can recognize and respond to attacks with or without a network connection. That is very important."
  • "Generally, the stability is good, but I would like to see better stability from the solution. The stability issue is partially a con of a behavioral-based product, but being behavioral-based, it also has a lot of pros."

What is our primary use case?

We were looking for an EDR solution to get the best protection available, especially against ransomware. For us, any EDR solution needed to be supported by a 24/7 SOC.

We deploy it on-premise, in all of our factories and branch offices, worldwide.

How has it helped my organization?

Security operations have been improved as SentinelOne is easier to manage and update compared to most traditional anti-malware products. It enables us, for the first time, to have global knowledge of what's happening in all of our subsidiaries. Previously, each of them had a local antivirus solution.

What is most valuable?

  • Easy to install and update
  • Management Console in the cloud
  • Ability to partition it in "sites" (our subsidiaries) with local site admin
  • Overall good quality protection

Also, in terms of impact on the endpoint, we carefully manage endpoints for specific purposes (such as for connection to industrial machines) to avoid the false positives that are quite typical in a behavioral engine like SentinelOne. But generally, the impact is quite low, and the Management Console and SOC support allow us to check if everything is working properly or not.

In addition, one of the features that convinced us to adopt SentinelOne was that the solution can recognize and respond to attacks with or without a network connection. That is very important.

For how long have I used the solution?

We started to install SentinelOne on the first endpoints in August of 2019.

What do I think about the stability of the solution?

Generally, the stability is good, but I would like to see better stability from the solution. The stability issue is partially a con of a behavioral-based product, but being behavioral-based, it also has a lot of pros.

What do I think about the scalability of the solution?

The scalability is good. At present, I can't see scalability limits.

We have SentinelOne installed on almost 1,700 endpoints and have one main admin for deployment and maintenance and about 20 local site admins.

We have some factories and branch offices where the solution is not yet installed. We hope to complete most of them by the end of this year and, by then, have it installed on about 2,300 endpoints.

How are customer service and technical support?

Support is quite fast to solve problems. The SOC is very good and really operates 24/7. When necessary, they contact SentinelOne support directly and their replies, generally, are quite fast.

Which solution did I use previously and why did I switch?

We used traditional antivirus solutions. None of them could stop ransomware attacks and that's the main reason we choose SentinelOne.

In terms of the time it takes for SentinelOne to catch malware compared to our previous platform, the results are similar, with an advantage of SentinelOne being its discovering of Zero-day threats and ransomware.

A SOC provider showed us the product, and we worked out a global agreement for EDR and SOC with them.

How was the initial setup?

The initial complexity was mainly related to finding the right exclusions to avoid false positives, especially with endpoints running technical and industrial software.

The rollout in our main company, with about 600 endpoints, was completed in about three months, including the initial fine-tuning for the AI engine.

In terms of our deployment strategy, in the first company where we installed SentinelOne, we chose to maintain our traditional antivirus product, and run SentinelOne together with it. The decision came about because we were not initially confident with SentinelOne. When we deployed it later to all of our subsidiaries, SentinelOne replaced the local antivirus solution.

What about the implementation team?

Main support was provided by the SOC company, working together with our IT Staff.

What was our ROI?

We have seen a good ROI about the SOC service and the product.

What's my experience with pricing, setup cost, and licensing?

The solution's price/performance ratio is reasonable.

In addition to the standard licensing fees there is, of course, the SOC service fee.

Which other solutions did I evaluate?

We evaluated main SOC companies and the solutions they provide. Most of them required a SIEM platform but not specifically an EDR solution. In the end, we chose the best and most affordable combination of SOC and EDR.

What other advice do I have?

My advice is to start with a few endpoints and become comfortable with SentinelOne, and test the exclusion rules for endpoints running specific software.

At present, it looks like the most advanced EDR solution on the market, but I think we have to stay tuned to the market and to what's happening in cybercrime, as 100 percent security doesn't exist.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Security Expert at a healthcare company with 5,001-10,000 employees
Real User
Very powerful solution that highlights threats immediately
Pros and Cons
  • "The solution is powerful because we just have to update the agent by using the console, which is simple to do. I just select the endpoints and click "Update" on the console. That is it, because it is very easy to use."
  • "I would like to improve the reports because they are not so customizable and we would like more info from them."

What is our primary use case?

We have the Core version for almost all our endpoints. We will be installing it completely for the US, who wants more products, and India, because we have experienced that India is more exposed to threats.  

We are currently updating our agents from 4.0.5 to 4.2.

How has it helped my organization?

Every day, we check threats that come from outside.

What is most valuable?

The solution is powerful because we just have to update the agent by using the console, which is simple to do. I just select the endpoints and click "Update" on the console. That is it, because it is very easy to use. 

Regarding threats, it is very powerful. It highlights them immediately on the console, then you can decide if it's a false positive or an actually real threat. 

SentinelOne's distributed intelligence at the endpoint is very powerful and works well.

What needs improvement?

I would like to improve the reports because they are not so customizable and we would like more info from them.

I cannot download all the hosts that we have on our tenant, because there is limit of 10,000. I have asked our provider to work with SentinelOne to fix this. For example, my complaint is that if I want to download an Excel file or CSV, I have a limit of 10,000 rows. However, in our tenant environment, we can download more than 16,000 rows. 

For how long have I used the solution?

We started deploying it in 2018.

What do I think about the stability of the solution?

It has been a stable product.

The process is completely automatic when an endpoint connects to the console. At that point, the agent will be updated. However, when we install a new machine, we have to install it manually, even the agent.

What do I think about the scalability of the solution?

We have never had an issue with scalability.

We have 15,447 endpoints in total with the Core version. 99.99 percent of the endpoint usage is Windows. We also use it with a few Macs and Linux. It is really powerful from this point of view.

How are customer service and technical support?

Our SOC has logged some tickets with the technical support. They have never complained about SentinelOne's support.

Which solution did I use previously and why did I switch?

Previously, we had the McAfee, which was complicated to managed. 

We heard about this SentinelOne and its new antivirus, so we contacted our consultant who organized a PoC. After the PoC, we decided to migrate the solution.

I have been satisfied with the new antivirus.

How was the initial setup?

For deploying, it takes a long time. Our process was first to install SentinelOne with McAfee, having two antiviruses in the same host. Then, we started to uninstall McAfee. That process took about six to nine months because we had a lot of endpoints to deploy.

The antivirus migration was normal. The only thing that was tricky was the removal of the McAfee tool because sometimes it worked incorrectly and didn't uninstall the antivirus.

What about the implementation team?

The installation was done by our SOC and me. Our SOC is comprised of five to six people. The SOC personnel are the same people who currently maintain the solution.

What was our ROI?

I think the solution has reduced our incident response time and mean time to repair.

Which other solutions did I evaluate?

SentinelOne is easier to use than McAfee was. With the SentinelOne console, you have everything you need, like the dashboard and configuration, which makes it easier to manage than McAfee. However, I have more experience with McAfee.

What other advice do I have?

We have a SOC managing our environment. They are very happy with features that SentinelOne provides.

We will be upgrading to complete version next year, including Deep Visibility. This includes 2,000 endpoints for the USA and India. However, we currently haven't enabled this feature.

We have never needed the solution’s one-click, automatic remediation and rollback for restoring an endpoint, but the feature is very powerful.

Biggest lesson learnt from using SentinelOne: Never trust anyone.

I would rate this solution as a 10 out of 10.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Learn what your peers think about SentinelOne. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,643 professionals have used our research since 2012.
Managing Member at Pender & Associates
Real User
Top 5Leaderboard
100% Reliable with fully autonomous threat mitigation and real-time ransomware file encryption roll back, without human intervention.
Pros and Cons
  • "Our clients have been able to survive a ransomware attack without even knowing that they had had files encrypted and automatically rolled back - even their Point of Sale (POS) system did not miss a beat and the business continued as normal without interruption."
  • "All is good for now, but we cannot rest, and continuous development - in particular with regard to the areas of automation, machine learning, and artificial intelligence - is required to keep ahead of the cybercriminals."

What is our primary use case?

The product is used to provide cybersecurity protection to SMBs predominantly in the financial, manufacturing, and retail industry as well as private individuals.

SentinelOne is key in achieving compliance with the General Data Protection Regulation (GDPR) in the European Union and the Protection of Personal Information (POPI) Act in South Africa.

Resolving ransomware encrypted servers or personal computers is costly to the customer, both in repair costs and loss of business due to downtime. In addition, the customer may suffer reputational damage if any of its customer data is compromised. 

How has it helped my organization?

Our clients trust us to protect their IT systems and data. 

We use SentinelOne because it has proven itself and has never been breached. It offers us a 100% protection record and our company reputation stays intact.

Resolving ransomware encrypted servers or personal computers is both costly and time consuming to both the customer as well as the service provider - protecting against these attacks is a win-win for all.

The SentinelOne portal dashboard provides a good overview of all the sentinels deployed and offers quick access to review and resolve affected sites and endpoints

What is most valuable?

The most valuable feature is that it works and is reliable. 

Other solutions I have researched have all been breached, and as far as I can see, SentinelOne is the only one that has never been breached. It provides fully autonomous threat mitigation and ransomware file encryption roll back in real-time without human intervention.  

Our clients have been able to survive a ransomware attack without even knowing that they had had files encrypted and automatically rolled back - even their Point of Sale (POS) system did not miss a beat and the business continued as normal without interruption.

What needs improvement?

SentinelOne's ongoing updates and rate of technology improvments are adequate for now, and have kept SentinelOne ahead of the cyber criminals, but we cannot rest, and continuous development - in particular with regard to the areas of automation, machine learning, and artificial intelligence - is required to stay ahead of the cyber criminal techniques and exploits.  The "false positive" detection rate could be improved, if possible, but this should not increase the risk of the endpoint being breached.

For how long have I used the solution?

I've used the solution for over 2 years.

What do I think about the stability of the solution?

The stability is excellent.

What do I think about the scalability of the solution?

The scalability is excellent.

How are customer service and technical support?

The customer support has been okay.

Which solution did I use previously and why did I switch?

I did not use a different solution previously.

How was the initial setup?

The initial setup is straightforward. 

What about the implementation team?

We are able to handle implementations in-house.

What's my experience with pricing, setup cost, and licensing?

If you are an end-user you should procure the service through a Managed Cyber Security Systems Provider.

Which other solutions did I evaluate?

Yes, I have looked into ESET, Crowdstrike, Cylance, Webroot, and many others.

What other advice do I have?

Contact me on cybersec[at]global[dot]co[dot]za

Disclosure: My company has a business relationship with this vendor other than being a customer: We are a managed IT and cyber security services provider and deploy SentinelOne to our customers to as part of the cyber security protection service.
Flag as inappropriate
VP at a tech services company with 11-50 employees
Reseller
Top 5
Easy to set up and transparently offers effective protection
Pros and Cons
  • "The most valuable feature is that it just unintrusively works in the background to carry out the protection."
  • "Periodically we have an application that does not work correctly when SentinelOne is installed, yet performs as expected when SentinelOne is removed."

What is our primary use case?

We have SentinelOne installed on all of our workstations and servers. It is set up with the maximum protection except that Active is in Alert Mode, and everything else is blocked.

What is most valuable?

The most valuable feature is that it just unintrusively works in the background to carry out the protection. You don't have to babysit it. Instead, it will alert if it sees something, you deal with it and carry on from there.

What needs improvement?

Periodically we have an application that does not work correctly when SentinelOne is installed, yet performs as expected when SentinelOne is removed. SentinelOne gives no clue as to the problem, so to diagnose what is happening can be difficult. To make it worse, the behavior is inconsistent. Two people in the office might have the application working correctly, but a third person using the same program will have a problem.

Nothing is displayed by the agent that is running on the workstations, but it would be helpful to have a mode available where we can see feedback as to what it is doing. We wouldn't want it running all the time because there would be more overhead, but it could be helpful for debugging or diagnosing problems.

For how long have I used the solution?

I have been using SentinelOne for between six months and a year.

What do I think about the stability of the solution?

In terms of stability, it has been good so far.

What do I think about the scalability of the solution?

It appears to be scalable.

How was the initial setup?

The initial setup is very easy.

What's my experience with pricing, setup cost, and licensing?

Our licensing fees are about $5 USD per endpoint, per month.

What other advice do I have?

Overall, this is a good product and I recommend it. That said, there are always ways to make things better.

I would rate this solution a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Download our free SentinelOne Report and get advice and tips from experienced pros sharing their opinions.