SentinelOne's Singularity portfolio is a subscription-based, cloud-centric cyberthreat management stack that includes computer learning software and expert services to deliver comprehensive endpoint detection and response (Singularity EDR) and extended detection and response (Singularity XDR). SentinelOne's small-footprint agents can be loaded in a few minutes to guard popular endpoints against modern cyberthreats such as ransomware, familiar and brand-new malware, trojan viruses, hacking tool sets, memory exploits, malicious scripts, harmful macros, and living-off-the-land attacks. SentinelOne agents are available for Microsoft Windows, macOS, Linux distributions, and Kubernetes endpoints. Supported form factors include physical, virtual, VDI desktops, hybrid data centers, and cloud providers. Since SentinelOne software agents are autonomous, they can provide cutting-edge behavior-based protection in real time even when endpoints are not cloud connected.
Progent is a certified SentinelOne Partner and reseller and oversees thousands of endpoints secured by SentinelOne technology. SentinelOne is always the first EDR response tool activated by Progent to provide control and visibility of a client's system at the outset of a ransomware recovery. SentinelOne Singularity is in addition the key EDR software behind Progent's Active Security Monitoring (ASM) managed services. SentinelOne was ranked as a leading visionary in Gartner's 2022 Magic Quadrant for Endpoint Protection Platforms and attained the highest number of high-quality detections in real-time with zero delays during the gold-standard MITRE ATT&CK Phase 4 Evaluation. Gartner concludes, "This reaffirms its (SentinelOne's) ability to detect all attacks and provide full details of the techniques and tactics used." SentinelOne also surpassed all competition for each use case in Gartner's evaluation of Critical Capabilities for Endpoint Protection Platforms (EPPs).
Singularity Packages for SentinelOne Endpoint Detection and Response
SentinelOne's Singularity family has three tiers of endpoint security product packages provided as a global cloud-based solution that delivers high availability, centralized policy management by site and group, AI powered threat intelligence, rapid recovery, and an information-driven dashboard for cyberthreat analytics. Packages consist of Core for basic security, Control for advanced management, and Complete for smart root cause analysis. The feature sets are additive. Control and Complete each have all the features and options of the level below it. Pricing starts at $5 for each endpoint per month for small customers with appropriate discounts for larger deployments. Progent has no minimum device requirement.
Singularity Core offers basic anti-virus and next-generation anti-virus (NGAV) support and delivers rudimentary Endpoint Detection and Response (EDR). Standard capabilities of Singularity Core include:
Options for the SentinelOne Singularity Core bundle include software-defined network discovery and advanced network device fingerprinting via the Singularity RANGER package, closure of agent deployment gaps with p2p job automation via SentinelOne's RANGER PRO bundle, rogue device identification, and cloud workload security for Kubernetes and virtual machines via SentinelOne's Cloud bundle. (Note: SentinelOne Singularity Core is not currently offered by Progent. This product does not by itself provide the threat visibility options needed by Progent to co-manage the cybersecurity of the customer deployment.)
- Autonomous agent Storyline technology
- Integrated static AI and SentinelOne Cloud Intelligence file-based attack prevention
- Behavioral AI to identify fileless attacks
- Autonomous Threat Response / Kill, Isolate (Win, Mac, Linux)
- Autonomous Remediation Response / 1-Click, no scripting (Win, Mac)
- Autonomous Rollback Response / 1-Click, no scripting (Win)
- Isolate device from network
- Incident Analysis (MITRE ATT&CK, timeline, team annotations)
- Sentinel agent anti-tamper
- App inventory
Singularity Control comes with all the standard capabilities and supports all the options of the Core package and adds capabilities for improving endpoint management including secure remote shell, firewall control with location awareness (Win, Mac, Linux), device control for USB and Bluetooth/BLE peripherals (Win, Mac), and application vulnerability management.
Add-ons available for the Singularity Control package include the ability to isolate suspicious and malicious devices using SentinelOne's Singularity RANGER bundle plus automated app control for containers through the Singularity Cloud package.
Singularity Complete includes all the standard features and allows all the add-ons of the Control bundle and adds single-agent enterprise-grade prevention, detection, reaction and hunting across endpoints, cloud, and IoT. The bundle saves substantial time for security administrators, Security Operations Center analysts, cyberthreat hunters, and incident responders by correlating events and using it with the MITRE ATT&CK database to expose root causes. Complete offers an advanced EDR feature set that includes:
Options for SentinelOne's Singularity Complete bundle include Cloud Funnel for downloading endpoint telemetry from the SentinelOne cloud to your own data lake, the capability to send harmful and harmless executables to the SentinelOne cloud for automated analysis, and automated App control for Linux VMs.
- Storyline technology with auto correlation and contextualization of alerts for rapid forensic analysis (RCA)
- SentinelOne's Storyline Active Response (STAR) to counter emerging zero-day cyberthreats with custom, automated rules for threat detection and hunting
- Built-in ActiveEDR visibility to both benign and malicious data
- Deep visibility Storyline hunt and pivot by MITRE ATT&CK technique
- EDR Hunting Data storage options from 14 days (standard) to 365 days (add-on option)
- File integrity monitoring
- Timelines, file fetch, sandbox integrations
Vigilance Respond MDR Services
Vigilance Respond and Vigilance Respond Pro are optional MDR services for subscribers to the Singularity Complete package. These subscriptions include digital forensics and full 24x7 incident response provided by Tier-1, Tier-2, and Tier-3 cybersecurity experts. Vigilance Respond services include confirmation of threats, event prioritization, false positive management and console cleanup, accelerated threat resolution, management reporting, service level agreements, and escalation back to the client's cybersecurity organization. Pricing averages about $17 per endpoint per month and there is no minimum device count.
Vigilance Respond Pro includes a two-times faster SLA, assigned incident response case managers, root cause analysis (RCA), intel-driven threat hunting, digital forensics investigation, expert containment and eradication, security assessment including exclusions review, plus post-mortem consultation. In most cases, Vigilance Respond Pro resolves threats in minutes and only contacts subscribers for urgent issues. Because these services typically do not call for the participation of the Vigilance Respond client, customers are able to concentrate on high-value tasks instead of day-to-day security issues.
Vigilance MDR analysts classify detected threat notifications according to a hierarchy going from Benign False Positive to Malicious Urgent. This ranking determines how the analyst responds to the detected threat. There are five classes of threats and associated responses. Most alerts require no action by the customer.
Benign Alert - False Positive
Vigilance resolves the issue and annotates the SentinelOne dashboard. For single False Positive alerts, no other actions or alerts are required. For persistent False Positive alerts, Vigilance will escalate the issue to the client to submit or agree to an appropriate exclusion or agent upgrade as required.
Malicious Alert - True Positive Non-Urgent, Potentially unwanted Program (PuP)
Vigilance takes action to ensure the threat is blocklisted, resolved, and annotated. Typically, no alert will be sent to the client unless the issue requires additional work.
Malicious Alert - True Positive / No Action Needed
Vigilance performs proper actions including remediation to ensure the threat is quarantined. Once the analyst verifies the threat is eliminated, the analyst will transmit a confirmation alert to the client.
Malicious Alert - True Positive Non-Urgent / Action Necessary
Vigilance performs appropriate actions including remediation to ensure the threat is quarantined. Once the SentinelOne analyst verifies the threat is eliminated, the analyst will transmit a confirmation notice to the customer. Subsequent activity such as re-imaging may be called for in some cases.
Malicious Alert - True Positive Urgent / Action Needed
Vigilance may respond strongly in high priority breach cases including taking agent remediation actions and disconnecting affected network endpoints to isolate the attack and block additional lateral progress. The analyst will transmit an urgent notification apprising the customer of the issue and ask for immediate response.
Download Progent's Singularity Control and Complete Comparison Datasheet
To download a single-page datasheet in PDF format comparing SentinelOne's Singularity Control and Singularity Complete endpoint detection and response products, click:
Progent's Singularity Control and Singularity Complete EDR Comparison. (PDF - 340 KB)
Progent's roster of over 150 consultants includes experts in every aspect of information technology related to small and mid-size businesses. With this breadth of knowledge, Progent can be your single point of contact for integrating a cohesive cybersecurity solution that offers significant business value. In addition to the endpoint protection provided by SentinelOne products and services, Progent offers a catalog of managed services and affordably-priced IT support packages designed to assist small and mid-size businesses to design, implement, validate, and administer networks that deliver enterprise-class security and low TCO.
Progent has in-depth experience with all the endpoints, servers and VMs that can be secured by SentinelOne products. Progent offers services that include Windows 11 migration expertise, Windows 10 integration, Linux support, Mac support, iPhone and iPad support, Android configuration, Windows Server 2022 migration expertise, Windows Server 2019 integration expertise, Hyper-V virtualization support, and VMware vSphere configuration consulting.
For single-click or manual rollback capability, Progent's Windows Server consultants can help you to set up Windows Volume Shadow Copy Service (VSS). Progent also offers remote and on premises support from certified Cisco CCIE consultants to help you to design, protect or troubleshoot your infrastructure. If your network incorporates cloud resources, Progent can provide the support of Microsoft Azure consultants, Amazon AWS experts, and Google Cloud integration experts.
Contact Progent about SentinelOne Sales and Configuration Services
To find out more about how Progent can help you to buy or configure SentinelOne endpoint security products, call 1-800-993-9400 or visit Contact Progent.