Comparing our most feature-rich packages
The Singularity SaaS platform is built with elastic cloud compute components designed to dynamically and massively scale to 500,000+ agents per cluster.
Pick the hosting theatre of your choice to meet compliance and data storage requirements. SentinelOne supports hosting in North America, Europe, and Asia as well as on-premises.
Your organization is uniquely structured. SentinelOne’s unparalleled multi-tenant / multi-site / multi-group customization gives you the tools to craft a customized and flexible management hierarchy.
Singularity’s ISO certified platform offers multiple authentication mechanisms including SSO and MFA as well as role-based access control for proper authorization depending on the user’s role.
Centralized policy administration is as simple or specific as needed to reflect environment requirements. Policy inheritance, exclusion catalog, and centralized JSON agent controls are just a few of the tools at your disposal.
Stay in complete control. Unlike other EPP/EDR vendors, SentinelOne doesn’t push agent updates without your knowledge. Instead we offer controlled agent upgrade tools and maintenance window support.
Singularity is designed to automatically correlate data to reduce the amount of time you deal with alerts. Customers enjoy Storyline™ driven incident forensics, data-driven dashboard analytics, reports, and PowerBI and Tableau integrations.
The App Store is an ecosystem of applications for Intelligence, Automation, and Data Integrations extending SentinelOne across the Security and IT stack. No massive time investment, custom business logic, code, or complex configuration necessary.*
SentinelOne offers support for 17 years of Windows releases from everything modern back through to legacy EOL versions, macOS including the new Apple kextless OS security model, and 10 distributions of Linux. Cloud-native containerized workloads are also supported.
The SentinelOne Singularity Platform empowers SOC & IT Operations teams with a more efficient way to protect information assets against today’s sophisticated threats. Visit this page for more information.
SentinelOne offers support for 17 years of Windows releases from everything modern back through to legacy EOL versions, macOS including the new Apple kextless OS security model, and 10 distributions of Linux. Cloud-native containerized workloads are also supported.
Singularity Cloud Workload Security offers visibility and runtime security for apps running on VMs or containers, no matter their location. Visit this page for more information.
Ranger controls the network attack surface by extending the Sentinel agent function. Ranger reports what it sees on networks and enables blocking of unauthorized devices. Ranger fulfills asset inventory requirements. Visit this page for more information.
Yes, the Singularity Platform protects against ransomware, fileless threats, “Living off the Land” (aka LOLbin) attacks… just to name a few. Our tech uses on-agent static AI to prevent, block, and quarantine malware in real-time. Similarly, on-agent behavioral AI engines detect malicious behavior by tracking and contextualizing everything on a device. Malicious acts are identified and halted in real-time. All unauthorized changes are remediated with a single click. All critical data is contextualized and available within the EDR platform for digital forensics, incident response, and threat hunting activities.
SentinelOne commissioned Forrester Research to independently assess the ROI that a prototypical customer, built upon real customer interviews, might reasonably expect to achieve. The 2020 Forrester Total Economic Impact reports 353% ROI. More information is available here.
Sentinel agents are designed to do much more locally than competing solutions, resulting in far faster protective responses since they don’t rely on the cloud or humans to do everything. However, these agents are deeply integrated to the overall SaaS solution to work in tandem with intelligent cloud-delivered components like Deep Visibility ActiveEDR®, Storyline Active Response–STAR™, and Ranger for a well-rounded stable of features enabling effective security consolidation and the elimination of legacy agents.
Storyline constantly monitors all OS processes, malicious and benign, and automatically builds a process tree and maps events to MITRE ATT&CK® TTPs. In Protect Mode, ActiveEDR will automatically thwart the attack at machine speed. Never build another process tree. We do it for you.
We offer several international options for cloud hosting location to meet data localization requirements. Most of the information that SentinelOne collects through the Solutions is not Personal Information and relates to the computing processes of devices protected against malware infection by the SentinelOne Services, or device standard identifiers. More information is available here.
SentinelOne invests significant effort into securing its platform to multiple standards that in turn help customers secure their own. Visit this page for links to relevant information.
Benign data artifacts used for threat hunting purposes are retained for 14 days by default. Customers may opt for longer retention periods. For example: 30, 60, 90 days and up to one year. Data that contains indicators of malicious content is retained for 365 days. Data regarding configuration and audit logs are kept for traceability and audit purposes and retained through the lifetime of your subscription.
Yes, with optional Cloud Funnel you can securely stream a copy of the EDR telemetry data from SentinelOne’s Deep Visibility Cloud to your enterprise data lake, whether on-prem or hosted in the public cloud, via a Kafka subscription.
Fewest misses
Most correlations
Best data enrichment coverage
“Strong Performer”
353% ROI
Featured EPDR Innovator
