Carbon Black EDR vs. SentinelOne Singularity

We are able to check if any phishing link was visited by the user or not. To check for the whether any file is executed on the machine or not. To check on which port connections are being made by the machine. To create custom watchlist for alert to be investigated by an analyst. To check every process executed in the machine for a specified range.

Incentivized

It works extremely well for investigating the root cause analysis of events because you can see so much detail into what was happening before, after, and around the detective incident. A weak point would be when the AI gets a little over-aggressive or doesn’t quite understand the use case for specific tools. Our RMM tool was detected as a pup.

• Process tree view of endpoint activity
• Ability to pull files from host
• Threat Intelligence integration
• Isolate a host

Incentivized

• Installs on all of our Windows machines and only requires 1 reboot for the install to finish.
• It allows you to customize the UI and filters based on your use case.
• Gives a very high level of visibility into any concerns you have or should have in your network.

Incentivized

• Number of false positive which are triggered due to threat feeds are sometimes more needs to be fine tuned by the client.
• In very rare scenarios processes are not captured properly.

Incentivized

• Possibly for compatibility with legacy Windows OS's and non Windows OS's.
• Some settings are greyed out and unable to change but I believe this is to protect you from making a bad configuration change.
• Could do better with reporting at the base level subscription.

Incentivized

Reliable for simple installation and above all efficient

Incentivized

There are some minor issues with the platform that can be mildly frustrating, but the overall performance, peace of mind, and ROI make it worth using. The management console is intuitive and easy to learn, the endpoint clients are simple but give IT professionals enough data to make management easy and simple

Incentivized

Their support is good and quick to respond. The one issue we faced was when a non-protection issue arose there was a lot of dancing around trying to figure things out. This was frustrating as it took significantly longer to figure out issues. Lots of repetitive log gathers, screen caps, uninstalls that never seemed to resolve issues. Eventually, the product would be updated and the issue seemed to be resolved, but seemed to be the only solution.

Incentivized

CB Response allows for a better view of what happened on the endpoint and provides more functionality out of the box then the FireEye Endpoint Security Product. CB Response allows you to basically have a remote connection into the CLI of an endpoint. This allows you to view the file system, run programs/scripts on the host, etc. FireEye Endpoint Security does not have this functionality.

Incentivized

SentinelOne had all of the major features that we were looking for. The other products either required too much administrative attention or were lacking key features. For example, one could be uninstalled by the end user. We required that the installation be password protected to protect against end user disabling or uninstalling. One product required manual intervention for all remediation which put to high a burden on limited staff. All products are always being revised so these may no longer be issues but they had a significant impact on our decision.

Incentivized

• It is helping to protect us from potential loss of revenue that would be caused by malware or a compromised account.
• It took some time in deploying in the environment , but that time is much worth it because of the results we are getting now.
• It helps in hunting, which help us check and protect our environment from any cyber attacks.

Incentivized

• SentinelOne has already proved its value by stopping attacks that would have gone otherwise unnoticed until much later in their infection process.
• The Vigilance team has provided quick response to threats that were not easily contained via the automated response SentinelOne's agents provide. This has given us a significant piece of mind.

Incentivized