SentinelOne

Vorteile

It has a low false positive rate and, in general, doesn't cause disruption to legit user activity.

Nachteile

It doesn't have a feature to scan offline AWS snapshots. We were wanting this feature because we have one legacy app that is very sensitive to any anti-virus scanning from any vendor and we wanted S1 to scan an AWS snapshot of the app server so we didn't have to install the agent and risk any performance issues.

Vorteile

tons of features but more importantly security. we never had any incident since we deployed sentinelone. rollback feature is awesome, threat hunting is very good and visualization of events with deep diving is something which helps to understand the overall threat landscape

Nachteile

only thing i don't like about them is their support is not locally available and they keep on introducing new features as a module with additional charges

In Betracht gezogene Alternativen

Warum SentinelOne gewählt wurde

Gründe für den Wechsel zu SentinelOne

Vorteile

Agent install - deployed to a PC - reboot and it's working. Web console filtering allows identification of incidents and configuration in a fairly simple manner.

Nachteile

Some upgrades of the product have introduced major issues. eg One release broke some OS upgrades on certain models of laptop leaving them unable to boot. Another version introduced crippling speed issues with Adobe products. To their credit they do eventually fix these issues, but not quickly enough.

Vorteile

Efficacy and low false positives, depth of detection and response, ease of admin and use and TCO.

Nachteile

Installation was a challenge when deploying through InTune.

Vorteile

Deployment and customization was easy and straight forward. Deployed across various devices and worked without much issue. Required the occasional policy update to add applications and files to the allowed list.

Nachteile

Would like to see more on the reporting side of things; OS patches, installed applications, etc.