OpenText EnCase Endpoint Security vs. SentinelOne Singularity

It is more suited to environments that have a large internal user base since there will be more incidents that require forensic analysis. It will be less suited for environments that have a small internal user base due to the fact that there would be fewer incidents that require forensic analysis, but it really depends on the industry that a small internal user base is a part of.

Incentivized

It works extremely well for investigating the root cause analysis of events because you can see so much detail into what was happening before, after, and around the detective incident. A weak point would be when the AI gets a little over-aggressive or doesn’t quite understand the use case for specific tools. Our RMM tool was detected as a pup.

• Functionality meets minimal requirements, since it performs forensic investigations as advertised.

Incentivized

• Installs on all of our Windows machines and only requires 1 reboot for the install to finish.
• It allows you to customize the UI and filters based on your use case.
• Gives a very high level of visibility into any concerns you have or should have in your network.

Incentivized

• Their UI definitely needs to be more user-friendly, right now it is very cumbersome to run and view investigations.
• Authentication mechanism should be a simple username/password, not certificate-based which is difficult to manage.
• Needs better support documentation for the product, it is difficult to find solutions to issues that we run into.

Incentivized

• Possibly for compatibility with legacy Windows OS's and non Windows OS's.
• Some settings are greyed out and unable to change but I believe this is to protect you from making a bad configuration change.
• Could do better with reporting at the base level subscription.

Incentivized

Reliable for simple installation and above all efficient

Incentivized

There are some minor issues with the platform that can be mildly frustrating, but the overall performance, peace of mind, and ROI make it worth using. The management console is intuitive and easy to learn, the endpoint clients are simple but give IT professionals enough data to make management easy and simple

Incentivized

Because support is non-existent whenever you have a functionality issue using the product. Also since the UI is so cumbersome to use we could use as much support as possible. Whenever we ask for support we are told to take the training which costs us more money. I believe that support should be easily accessible and affordable for the client

Incentivized

Their support is good and quick to respond. The one issue we faced was when a non-protection issue arose there was a lot of dancing around trying to figure things out. This was frustrating as it took significantly longer to figure out issues. Lots of repetitive log gathers, screen caps, uninstalls that never seemed to resolve issues. Eventually, the product would be updated and the issue seemed to be resolved, but seemed to be the only solution.

Incentivized

The other forensic tool that is a direct competitor to EnCase and wasn't listed above is the Forensic Toolkit or FTK. I believe that FTK is a better tool overall simply because it is easier to manage and use when it comes to investigations. Unfortunately, I wasn't part of the decision process and EnCase was the tool selected, otherwise, I would have recommended FTK.

Incentivized

SentinelOne had all of the major features that we were looking for. The other products either required too much administrative attention or were lacking key features. For example, one could be uninstalled by the end user. We required that the installation be password protected to protect against end user disabling or uninstalling. One product required manual intervention for all remediation which put to high a burden on limited staff. All products are always being revised so these may no longer be issues but they had a significant impact on our decision.

Incentivized

• One negative impact would be that since the UI is cumbersome to use we would need to spend more money on training which is not always feasible.
• Another negative impact would be that since there is not much support available this slows down investigations due to finding out how to troubleshoot and fix functionality issues.
• One positive impact would be that since it meets minimal requirements when it comes to forensic analysis it gives us visibility on any malicious activity occurring on a user's endpoint.

Incentivized

• SentinelOne has already proved its value by stopping attacks that would have gone otherwise unnoticed until much later in their infection process.
• The Vigilance team has provided quick response to threats that were not easily contained via the automated response SentinelOne's agents provide. This has given us a significant piece of mind.

Incentivized