5 out of 5.0, Reviewed Sep 13, 2016
SentinelOne is a powerful and effective endpoint protection solution. It has already caught a zero-day threat which made it past our other security layers. It is robust enough to have agents deployed on Windows, MacOS X, Linux, and also Android coming soon as well. SentinelOne stands behind their product and offers some unique advantages such as depth of machine learning and source data by crawling through gigabytes of data per day and allows for pre-execution behavior detection and does not allow bypass mechanisms as easily as other 'machine learning' endpoint protection systems do.
Be sure to fully investigate an advanced endpoint protection vendor. Due to extreme competition and unhelpful buzzwords, it can be difficult to sift through fact and fiction. Require a POC and ideally use your own malware or partner with a third party red team to assist. Attempt bypass mechanisms like Powershell and other files malware strains. Download and try other malware samples from VirusTotal or other sources. Be sure to assess your own use case as there are strategic advantages and disadvantages to different approaches. Application whitelisting, behavior analysis and application sandboxing all have different strengths and weaknesses.
SentinelOne is extremely complex but easy to deploy. It has a depth of true algorithmic advantages to it, and new features are being added all the time. For example, SentinelOne allows for pre-execution analysis in Linux and MacOS X and Windows is forthcoming as well. SentinelOne appears to have very good bypass detection and can find fileless malware very effectively (meterpreter, Mimikatz
We would like to see more forensic information and a history of that information. We can currently see files accessed/created/modified and network call outs. We would like to see additional information and have a longer timeline of that data for review and analysis/correlation.
STIX and TAXII support for not only threat export but also for ingestion. We would like the management platform to accept STIX feeds for ingestion to protect against IoCs from our authenticated and trusted peer groups.
We should have deployed SentinelOne much earlier than we should have. There was some hesitancy to see if SentinelOne could actually perform as advertised. It passed with flying colors and has proven itself extremely useful in our environment. We had an agent report a zero-day strain of malware that was undetected by any other system in VirusTotal.
We were able to fully implement SentinelOne in 3-4 weeks. We expected it to take twice that amount of time. Some of our applications took fine tuning for SentinelOne to correctly asses them, due to their unavailability. Very satisified with the rollout.
5 out of 5.0, Reviewed Sep 7, 2016
Glad you had a good experience. Would you please share what stood out? The Vendor worked with us to make sure all our applications worked with their solution. They were engaged and provided quick help whenever we needed it. They have continued to follow-up with us after the implementation to make sure all is going well.
Test on all programs and modules within programs. We found a few helper apps that would not run correctly, reported these to SentinelOne and they were able to provide fixes quickly.
Ease of use
We would implement the same
When I call, I get through very quick and get answers quickly to my questions.
5 out of 5.0, Reviewed Aug 23, 2016
Great support and technology.