![]() ![]() Real-time detection and face detection capabilitiesġ1. File-less monitoring and filtering for enhanced securityġ0. Integration and data sharing with other security vendorsĩ. Good graphing capabilities for visualizing attacks and alertsĨ. Autonomous platform for separating false positives and negativesħ. AI solution for detecting and managing policiesĦ. Easy navigation and usability of the platformĥ. Telemetry and information from the EDR part for securityĤ. Recovery and zero-day detection capabilitiesģ. The most valuable features of SentinelOne Singularity Complete, according to the reviews, are:ġ. Overall, users believe that SentinelOne provides a great return on investment and offers significant advantages compared to other solutions. The ability of SentinelOne to reduce the need for analysts and prevent security incidents is highlighted, saving costs associated with incidents and potential loss of business. Users also mention the value of having dashboard data on cloud usage and better control over purchasing decisions. Furthermore, the low CapEX is mentioned due to the cloud-based nature of the product. Some users have already experienced a 100% ROI within a few months. They compare it favorably to other products like Microsoft Defender ATP, stating that SentinelOne is ahead in terms of features and independent of licensing schemes. Users also highlight that the ROI is high and varies depending on the contract, with some rating it five out of five. The ROI is seen immediately after the stabilization phase and configuration according to customer needs. They mention that the ROI can be enhanced by using more licenses under a multi-cloud solution and that the product has good XDR capabilities and can integrate with various security components. The users have reported a positive return on investment (ROI) from using SentinelOne Singularity Complete. I also wish that the twenty thousand event limitation be removed. What I want to see from SentinelOne in its next release is a faster search. If the vendor has no logs, you won't get the initial alert when the incident starts. If you want to patch logs, you can directly call or reach out to the vendor who can provide you with the logs. For forensics purposes, the retention period is critical, so what would make SentinelOne better is a more extended retention period that lets you investigate logs. One month is the timeframe of the retention period, and one week is real-time, as scheduled by the vendor. SentinelOne and CrowdStrike come with a shorter retention period, which means you cannot go beyond one month when investigating the logs. The retention period of the tool is way less than what other EDR solutions provide. If a security breach occurs within the company, it could be six months to a year, so if you want to view the logs, you cannot go beyond the limit set by SentinelOne. Still, on SentinelOne, the retention period is only one week or one week up to twenty-eight days, and that period is insufficient, especially for a security breach. The retention period is a time when you can patch up the logs, even older ones. The retention period of the tool also has room for improvement. That's the limitation in the search feature of SentinelOne, which ruins the task because it isn't enough when you're doing your investigation. You can only receive up to twenty thousand if you find login-related, detection-related, or process creation-related events. For example, you can select the number of results that will be shown to you, such as two thousand events, and you can even go up to twenty thousand events for the search you've made, but you can't go beyond twenty thousand. The marketing is a little tough to follow.Īn area for improvement in SentinelOne is the search feature. The website, if you are trying to figure out what all the products are, it's kind of busy. I'd like the ability to have text alerts, for example, if something gets quarantined. ![]() If I could open up an app on my phone and get all the alerts or look at my environment and see the health real quick, that would be ideal. I really wish it could be an app on my phone. They're trying to keep it simple, yet it is a little oversimplified. The reporting needs to be beefed up a bit more. I always feel like I have to finagle them a little bit before I can present them to the executive board. They're not as useful as I'd hoped they would be. One thing I don't like is the exportable report. I'd like to see adding Vigilance to the visibility of Identity. There is another tool that I use called Purple Knight that does very similar things. I don't have Identity, however, it's a very good tool. I do want to see Vigilance reach out with that Identity. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |